SKYGENIC INC. PRIVACY POLICY

Last modified: January 20, 2024

Introduction  

Skygenic Inc. (“Company,” “Skygenic,” or “we,” “us,” “our”) respects your privacy and is committed to protecting it through its compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you visit the website www.skygenic.com, the Skygenic Platform and any Company software, applications, web-based product portals (collectively, our “Services”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

• On the website.
• On the Skygenic Platform and through the Services
• In email, text, and other electronic messages between you and the Services.
• Through mobile and desktop applications or software you download from the Services, which may provide non-browser-based interaction between you and the Services or browser-based interactions between you and the web-based product portal.
• When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.

It does not apply to information collected by:

• us offline or through any other means, including on any other website operated by any third-party; or
• any third-party, including through any application or content (including advertising) that may link to or be accessible from or on the Services.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Services. By accessing or using this Services, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Children under the Age of 13  

Our Services is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Services. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on the Services or on or through any of its features/register on the Services, make any purchases through the Services, use any of the interactive or public comment features of the Services or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at dpo@skygenic.com.

Information We Collect About You and How We Collect It  

We collect several types of information from and about users of our Services, including information:

• by which you may be personally identified, such as name, postal address, e-mail address, telephone number, or any other identifier by which you may be contacted online or offline (“personal information”);
• That is about you but individually does not identify you;
• About your employment and employer  and/or
• About your internet connection, the equipment you use to access our Services and usage details.    

We collect this information: 

• Directly from you when you provide it to us;
• From existing users who may provide names and email addresses of non-users for the purpose of sharing data files or inviting non-users to use our Services.
• Automatically as you navigate through the site, information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies; and/or
• From third parties, for example, our business partners, including Google Analytics.

Information You Provide to Us. 

The information we collect on or through our Services may include: 

• Records and copies of your correspondence (including email addresses), if you contact us.
• Information that you provide by filling in forms on our Services. This includes information provided at the time of registering to use our Services, subscribing to our service or requesting further services. We may also ask you for information when you report a problem with our Services.
• Your search queries on the Services.
• Genome data derived from a human or other organism (“Submitted Data“). When you provide us Submitted Data, that Submitted Data will usually be accompanied by associated metadata describing the Submitted Data, which may include information about the subject(s) of the sequencing data, for instance phenotype or population statistics.

Payment Information: Depending on the Services you use, we may also collect your billing information, including credit or debit card account information, or other forms of payment (“Payment Card Information”). By submitting your Payment Card Information, you expressly consent to the sharing of your information with third-party payment processers and other third-party services (including but not limited to vendors who provide fraud detection services to us and other third parties). These third parties may store your Payment Card Information for future use in our Services. We do not store your Payment Card Information, nor do we have direct control or responsibility for your Payment Card Information. The third-party services that we utilize are contractually obligated to keep your Payment Card Information secure and confidential.    

You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Services, or transmitted to other users of the Services or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Services with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies. 

As you navigate through and interact with our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Details of your visits to our Services, including location data, logs and other communication data and the resources that you access and use on the Services.
• Information about your computer and internet connection, including your IP address, operating system, and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

The information we collect automatically is statistical data and may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Services and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our Services according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our Services.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Services.
• Flash Cookies. Certain features of our Services may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Services. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices about How We Use and Disclose Your Information.
• Web Beacons. Pages of our the Services and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

We do not collect personal information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us.

Third-Party Use of Cookies.

Some content or applications, including advertisements, on the Services are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. 

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.

How We Use Your Information  

We use information that we collect about you or that you provide to us, including any personal information: 

• To present our Services and its contents to you.
• To provide you with information, products, or services that you request from us.
• To fulfill any other purpose for which you provide it.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To notify you about changes to our Services or any products or services we offer or provide though it.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.

For more information, see Choices About How We Use and Disclose Your Information.

Disclosure of Your Information  

We may disclose aggregated information about our users without restriction.  We may disclose personal information that we collect or you provide as described in this privacy policy:

• To our subsidiaries and affiliates.
• To contractors, service providers, and other third parties we use to support our business.  For example, credit card payment information will be sent to Stripe Inc., their privacy policy and security protections can be found at https://stripe.com/us/privacy and https://stripe.com/help/security.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Company about our Services users is among the assets transferred.
• To fulfill the purpose for which you provide it. 
• For any other purpose disclosed by us when you provide the information.
• With your consent.

We may also disclose your personal information: 

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To enforce or apply our terms of use https://skygenic.com/terms/ and other agreements, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers, or others.

Our Services stores and processes Submitted Data and related metadata. Upon you providing consent, we may access and process your Submitted Data and related metadata in order to provide support to you with regard to the Services. Your data is processed on Google Cloud Platform (GCP), a service provided by Google LLC, and stored on their servers in encrypted form. You can find more information about Google Cloud Platform’s security on their website.

Choices About How We Use and Disclose Your Information  

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

• Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.
• We do not control third parties’ collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
• Upon your written consent, we may share your Submitted Data and some elements of your account information with other users to whom you have granted permission to use or invited to participate in your project. Your name and institutional affiliation may also be shared automatically with users who have granted you data usage or project permissions.

Removal Of Your Information From Our Services  

Upon written request we will remove user account information provided to us during account setup (name, email address, phone number, employer…)

• It is outside of our control to remove information gathered by third parties while using our services and it is your responsibility to contact any such third party to request any removal of your information.
• It is your responsibility to remove any data files from our services at any point of the term. Upon termination of the Services, data files that are not removed by your will be deleted.
• To comply with HIPAA requirements, all data file activity is recorded into audit logs that cannot be altered once created. Such activity logs are stored for a minimum of 6 years.  These audit logs record file access information such as who accessed the files, made changes, has ownership, and the respective user’s IP address used during any activity.
• To request removal of account information from our services please email us at dpo@skygenic.com

Your California Privacy Rights  

California Civil Code Section § 1798.83 permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to dpo@skygenic.com.

Protected Health Information

Use of our Services may provide us with access to protected health information about individuals. Our collection of such health data from you is covered by the HIPAA Business Associate Agreement (“BAA”), which is posted on our website.  Please refer to our BAA for our privacy practices and security relating to your patient’s personal health information. You agree to not use any protected health information within the name of a file. 

Personal Data of Individuals in Europe and Switzerland

Skygenic complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and Switzerland to the United States.  We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. The Federal Trade Commission has jurisdiction over our compliance with the Privacy Shield.  To review our certification or learn more about Privacy Shield please visit https://www.privacyshield.gov/list.

Any transfer of EU citizen’s personal data to a 3^rd party country will only be performed if a legal bases arises as outlined under Articles 46, 47, and 49 of the General Data Protection Regulation.

If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Skygenic is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission. 

Pursuant to the Privacy Shield Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to dpo@skygenic.com. If requested to remove data, we will respond within a reasonable timeframe. 

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to dpo@skygenic.com

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. 

Skygenic’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Skygenic remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Skygenic proves that it is not responsible for the event giving rise to the damage. 

In compliance with the Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, United Kingdom, and Swiss individuals with Privacy Shield inquiries or complaints should first contact Skygenic Inc. at: 

dpo@skygenic.com

Skygenic has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you. 

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at  https://www.privacyshield.gov/article?id=ANNEX-I-introduction 

Data Security  

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. 

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Changes to Our Privacy Policy  

It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Services and this privacy policy to check for any changes.

Contact Information  

To ask questions or comment about this privacy policy and our privacy practices, contact us at info@skygenic.com.