Last Updated: August 2022
We at Nest Health Inc. (“Nest,” “we,” “our,” or “us”) respect your privacy.
This policy, therefore, describes how we collect, process and hold your personal information if and when you visit or use our website (located at www.nestegenomics.com) ("Website"), the "Nest Genomics" mobile application ("App"), or our services made available through our web-platform (at https://nestgenomics.com) (“Web-Platform”) (the Website, App and Web-Platform shall be referred collectively herein as the "Services"), or if you otherwise provide us with personal information.
We are located at 251 Little Falls Drive, Wilmington, Delaware 19808, USA.
Our Web-Platform and App serve as a decision support tool in connection with diagnosing your health condition and/or creating tailor made care plans for you, in both cases based on your genetic testing data. You can use our Web-Platform and App to manage your genetic testing data and all information you choose to associate with it. Please note that while parts of the processes of our Services may be automated, our analysis alone is not used for automatic decision making, only to augment our customers’ human decision-making processes.
Our customers usually are health care providers, physicians, genetic counselors, healthcare research institutions and health insurance companies (collectively, "Providers") which made our Services available to you, and which use our Web-Platform or App to process your genetic testing data and related personal health information ("PHI").
This policy affects your legal rights and obligations so please read it carefully.
If you have any questions, please contact us at firstname.lastname@example.org
Personal information that We Collect
When you browse through our website, subscribe to our newsletter, log-in to our Web-Platform or App (with or without a username and password), or otherwise use any of our Services, we may collect, process or store your personal information including, without limitation and where applicable, your name, phone number, mobile number, physical address, email address, company name, IP address, device info, and your browsing history.
While you may be requested to provide your demographic information too, please note that providing such information will always be voluntary and your refusal to provide such information, shall not negatively impact your Services in any way.
Personal information, however, does not include information that has been irreversibly anonymized or aggregated so that it can no longer enable anyone, whether in combination with other information or otherwise, to identify you.
All personal information that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this.
Please keep in mind that you do not need to provide us with any personal information to browse through our Service. However, we may still automatically collect certain information as described below.
When you contact us by email, we may keep a record of the correspondence and we may also record any telephone call we have with you.
Data that We Automatically Collect or Collect Through Service Providers
When you visit our Website, Web-Platform or App, we, or third parties on our behalf ("Service Providers"), automatically collect and store information about your device and your activities. This information could include (a) your computer or other device’s unique ID number; (b) technical information about your device such as type of device, web browser or operating system; (c) your preferences and settings such as time zone and language; and (d) statistical data about your browsing actions and patterns.
We may also use Service Providers to monitor and analyze the use of our Service, such as:
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en
We also encourage you to review the Google's policy for safeguarding your data: https://support.google.com/analytics/answer/6004245.
Mixpanel is provided by Mixpanel Inc.
You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of Mixpanel service, please visit this page: https://mixpanel.com/optout/
We may use Service Providers to automate the development process of our Service.
GitHub is provided by GitHub, Inc.
GitHub is a development platform to host and review code, manage projects, and build software.
We may use a self hosted version of the open source session replay suite.
It is necessary for our legitimate interests to use your personal information to send you marketing communications, which may include newsletters, blog posts, surveys and information about new products and services.
You can choose to no longer receive marketing communications by contacting us at email@example.com or clicking unsubscribe or “opt-out” from a marketing email.
If you do unsubscribe to marketing communications, it may take up to five (5) business days for your new preferences to take effect. We shall therefore retain your personal information in our records for marketing purposes until you notify us that you no longer wish to receive marketing emails from us.
Why We Process Personal information
We will use your personal information in order to comply with our contractual obligations, to supply to you the services that you had purchased, where applicable, including to contact you with any information relating to the delivery of the services in accordance with any requests you make and that we agree to, and to deal with any requests, questions, comments or complaints you have with respect to the same, if any.
If you were directed to our Web-platform or App by our customers to open an account or receive a service, then we process your personal information to provide decision support information in connection with your genetic data and recommended care plan. Our computerized Service may use algorithms and other analytical tools to process your personal information and rate or predict the risk in connection with certain health situations and the best way to diagnose and prevent those.
We may also use your personal information for our legitimate interests, including dealing with any customer services you or our customers require, enforcing the terms of any other agreement between us, for regulatory and legal purposes, for audit purposes and to contact you about changes to this policy, if necessary.
Sharing Personal information
We may share your personal information with our customers, the data controllers, if we collected such information on their behalf.
We may also share personal information with our employees, service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including marketing services providers (e.g., Google Analytics), email communication providers, IT service providers, accountants, auditors and lawyers.
Under certain circumstances we may have to disclose your personal information under applicable laws and/or regulations, for example, as part of anti-money laundering processes or to protect a third party’s rights, property or safety.
We may also share your personal information in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
Cross-Border Transfer of Personal Information
We may share personal information with our employees, consultants and third party service providers outside your country but only for purposes of performing the services for which you provided your personal information, even to countries that might not offer a level of protection for your personal information that is equivalent to the one offered in your country of residence or in similar countries found to provide adequate safeguards to your personal information. We will obtain your consent, however, before using your personal information for any purposes other than performing the services for which you provided the personal information.
Notifications and Updates
Our Website and/or Web-Platform and/or App may send new registered users a welcoming email to verify password and username. After you register with our Website and/or Web-Platform and/or App and have provided consent to receiving marketing emails, we may send you on a regular basis via emails information on other services or products that we believe may be of interest to you. We give you the option at all times to unsubscribe or to opt-out from receiving these types of communications.
We may also send you notifications regarding updates to our Website and/or Web-Platform and/or App and our services only if you have provided consent to receiving updates about our opportunities, services and products. We may also communicate with you to provide requested services and with respect to issues relating to your account via email or phone.
We shall process your personal information in a manner that ensures appropriate security of the personal information, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
All information you provide to us is stored on our secure servers. Where applicable, any payment transactions are encrypted using SSL technology. Where we have given, or you have chosen a password, you are responsible for keeping this password confidential.
You acknowledge, however, that no system can be completely secure. Therefore, although we take these steps to secure your personal information seriously, we do not and cannot promise that your personal information will always remain completely secure.
For additional security related information, please review our Security Policy.
If you register with us, we shall retain your personal information until you close your account or until we no longer need it for the purposes it was provided to us. If you receive marketing communications from us, we shall retain your personal information until you opt-out of receiving such communications.
If you have otherwise used our services or contacted us with a question or comment, we shall retain your personal information for at least six (6) months following completion of such service or contact in order to respond to any further queries you might have, unless we are legally required to retain such information for a longer period in which case, we will retain such information as required by applicable law. Please keep in mind that you can always request that we suspend or remove your personal information at any time.
The Services are intended to be used by individuals over the age of eighteen (18). If we become aware that we have collected the personal information of an individual under sixteen (16), we will take steps to delete the information as soon as possible, unless the parent or legal guardian requests otherwise. Please immediately contact us by sending an email to firstname.lastname@example.org if you become aware that an individual under sixteen (16) has provided us with personal information.
A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer.
The cookie identifies your browser but will not let a website know any personal information about you, such as your name and/or address. These files are then used by websites to identify when users revisit that website.
Session Cookies are temporary cookies that remain in the cookie file of your browser until you leave our Website. Persistent Cookies, on the other hand, commonly remain in the cookie file of your browser for longer periods depending on the lifetime of the specific cookie. When we use session cookies to track the total number of visitors to our Website, for example, this is done on an anonymous aggregate basis.
We also use Google Analytics to monitor how the Website and/or Web-Platform and/or App is used. Google Analytics collects information anonymously and generates reports detailing information such as the number of visits, where visitors generally came from, how long they stayed, and which pages they visited. Google Analytics places several persistent cookies on your computer’s hard drive. These do not collect any personal information. If you do not agree to this use you can disable persistent cookies in your browser. This will prevent Google Analytics from logging your visits.
Legal Basis for Processing of Personal information of EEA Residents & GDPR
If you reside within the European Economic Area (EEA), our processing of your personal information is subject to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), notwithstanding anything to the contrary herein, and therefore will be legitimized as follows:
Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the GDPR.
If the processing of your personal information is necessary for the performance of a contract between you and us or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b).
Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), and where the processing is necessary for the purposes of our legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f).
Your rights Under GDPR
You have the right to obtain from us a copy of the personal information that we hold, and to require us to correct errors in the personal information if it is inaccurate or incomplete or to limit or object to its processing, partially or entirely. You also have the right at any time to require that we delete your personal information or transfer it to a third-party. To exercise these rights, or any other rights you may have under applicable laws, please contact us at email@example.com.
Please note, however, that we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.
Additionally, such rights of rectification, objection, restriction, access, portability and deletion are subject to certain limitations, as provided for by applicable laws. Individual requests will be completed as soon as possible following their receipt and in any event within thirty (30) days from our confirmation of such receipt.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
For more information on the GDPR, please refer to:
Cross-border Transfer of Personal information
We may share personal information with our employees, consultants and third party service providers outside your country but only for purposes of performing the services for which you provided your personal information, even to countries that might not offer a level of protection for your personal information that is equivalent to the one offered in your country of residence or in similar countries found to provide adequate safeguards to your personal information. We will obtain your express consent, however, before using your personal information for any purposes other than performing the services for which you provided the personal information.
For EU and Swiss users only – Transferring your information outside the European Economic Area.
As part of the services offered to you through this Website, Web-Platform or App, as applicable, the information which you provide to us may be collected from the EEA and transferred to countries outside the European Economic Area (“EEA”) and Switzerland. This may happen if any of our servers are from time to time located in a country outside of the EEA or Switzerland. These countries may not have similar data protection laws to the EEA or Switzerland
In such circumstances, we will enter into model contractual clauses as adopted by the European Commission, or rely on binding corporate rules where our affiliates, consultants or service providers have adopted such internal policies approved by European data protection authorities. If you use our services while you are outside the EEA or Switzerland, your information may be transferred outside the EEA or Switzerland in order to provide you with those services.
Your Data Protection Rights under the California Privacy Protection Act (CalOPPA) and the California Consumer Privacy Act (CCPA)
To the extent applicable to you, according to CalOPPA we agree to the following:
Our Policy on “Do Not Track” Signals:
We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.