Guardant Health, Inc. (“Guardant Health”, “We” or “Us”) is committed to protecting your privacy.

This Privacy Policy describes the specific practices and guidelines that we follow to help ensure the confidentiality and security of your personal information when you use our websites located at www.guardanthealth.com, the Guardant Health portal, mobile applications, and any websites or services that reference this Privacy Policy, (collectively the “Websites” or “Services”).

Information We Collect

Guardant Health may collect, store, and use personal information (such as your name, address, telephone number, and email address) when it is voluntarily submitted to us.

We may automatically collect information about you and your computing device when you use, browse, and interact with our Services. Our Websites and Services collect this information in a variety of ways, including when you view a webpage, click on a link, access our mobile application, or enter data in an online form.

How We Use Your Personal Information

Guardant Health will only use your personal information for the purpose for which it was collected. We may use your personal information to contact you, to provide the information to your healthcare provider, to obtain payment for our services, and to respond to your inquires and requests.

We may also use your personal information to provide you with customer support and to maintain and improve our services. We may combine your information with other information about you that is available to us, including information from other sources.

Sharing Your Personal Information

Guardant Health may share your information with your healthcare provider, individuals, or services only when you have authorized us to do so and as described in this Privacy Policy. Guardant Health will not sell or rent your personal information to any other company or organization.

We may occasionally hire third-party service providers to provide limited services on our behalf.  Guardant Health will give the providers only the personal information they require to perform the services and requires such providers to agree to contractual terms to maintain the confidentiality of the information they receive.

We may need to access or disclose your personal information to comply with the law or legal process and to exercise our legal rights or defend against legal claims. We may share personal information and any additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or as otherwise required by law.

Security of Your Personal Information

Guardant Health will take reasonable and appropriate precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. It is important to remember, however, that no system can provide 100% security at all times. Accordingly, we cannot guarantee the privacy and security of information stored on or transmitted using our Services.

Protected Health Information

When generating laboratory results, receiving health information, or transmitting information to a healthcare provider, Guardant Health is subject to laws and regulations governing the use and disclosure of health information including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)  Protected Health Information available on our Websites may only be used or disclosed for treatment and other authorized purposes as stated in our Notice of Privacy Practices

Guardant Health applies reasonable and appropriate physical, administrative, and technical measures to safeguard the confidentiality, integrity, and availability of Protected Health Information residing on, processed by, or transmitted by our servers.

Cookies

Certain elements of our Services and/or html email correspondence may use session cookies, persistent cookies or web beacons to anonymously track unique visitors, save website preferences, and to allow us to recognize visits from the same computer and browser. You have the option to reject some or all Website cookies and still use the Services. If you choose to reject all cookies, your access to the Website may be limited.

Aggregate Data Collection

Guardant Health tracks visits to our Services using visitor logs and tracking-codes to compile anonymous aggregate statistics. This aggregate information is collected service-wide, and includes anonymous website, application, and device statistics. When you browse our websites and access our applications our system automatically collects information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, domain names, referring and exit pages, Uniform Resource Locator (URL), platform type, location, unique device identifier, pages viewed and the order of these page views, the amount of time spent on particular pages, the date and time of your request and one or more cookies that may uniquely identify your browser.

When you access our Services through a mobile device, we may receive or collect and store a unique identification numbers associated with your device or our mobile application (including, for example a Unique ID for Advertisers (“IDFA”), Google Ad ID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and, depending on your mobile device settings, your geographical location data or similar information regarding the location of your mobile device.

Third-Party Services

Guardant Health uses certain third-party services and analytics providers to send you customized notifications, analyze trends, administer the Services, improve the design of our Services, and otherwise enhance, monitor, and troubleshoot the Services we provide.

Guardant Health does not transmit individually identifiable information to its third-party service providers and does not directly display advertisements in our applications or services.

Linked Sites

Guardant Health may provide links to websites operated by third parties that are not covered by this policy. Guardant Health does not maintain these sites and is not responsible for the privacy practices of sites it does not operate. We encourage you to review the privacy policies posted on those websites.

Information Access, Updates and Choice

You may choose to provide information to Guardant Health by completing the contact form, sending us an email, or otherwise contacting us. If you are a Guardant Health Portal user, you may have an opportunity to elect to receive certain communications from us. Guardant Health email correspondence will include instructions on how to update certain personal information and how to unsubscribe from our emails, newsletters, and postal mail correspondence.

You may “opt out” of receiving communications from us related to our products and services and/or to request the removal of your contact information from our database by writing to us at the email address set forth below. However, Guardant Health cannot withdraw any previous disclosures made with your authorization, and we reserve the right to retain and disclose your information as permitted or required by law or regulation. You may also request access to your personal data by writing to us using the contact information below.

Do Not Track

We do not currently employ a mechanism to act upon “Do Not Track” instructions but are in the process of investigating such mechanisms.­­­

Children’s Privacy

Guardant Health Services are directed toward adults. We do not knowingly collect any personal information from children under the age of 13. If you are under 13, you must have permission from your parent, legal guardian, or teacher before accessing or using our Services. If we become aware that we have collected any personal information from children under 13, we will promptly remove such information from our Services.

International Users

Our Services are located in the United States. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your information outside of those regions to the United States for storage and processing. By providing your information, you consent to any transfer and processing in accordance with this Policy.

EU-U.S. and Swiss-U.S. Privacy Shield Compliance

Guardant Health complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Guardant Health has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability, which are the basis for the principles of this policy. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Notice

Guardant Health’s participation in the Privacy Shield applies to all personal data that is subject to this Privacy Policy and is received from the European Union, European Economic Area (EEA), and Switzerland. For more information about the EU-U.S. Privacy Shield Framework, Swiss-U.S. Privacy Shield Framework, and to view our certification page, visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov.

Personal information received under the Privacy Shield may include information such as name and email address, health information, contact details, and billing information. Guardant Health uses this information to deliver its services and receive payment for such services.

Guardant Health will treat all personal information received from the EU/EEA and Switzerland in accordance with the Privacy Shield Principles.

Choice

Guardant Health will not use sensitive information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless Guardant Health has received the individual’s affirmative and explicit consent (opt-in). Guardant Health will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

Accountablity for Onward Transfer

Guardant Health contracts with third parties who perform functions on our behalf, including data processing services. These entities may have access to personal information for limited, specific purposes needed to perform these functions. Guardant Health requires these third party agents to safeguard personal information by contract, obligating the agent to provide at least the same level of protection as is required by this Policy.

Guardant Health may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Guardant Health may potentially be liable for transfers of personal data where its agent processes personal data inconsistent with the Privacy Shield Principles.

Data Integrity and Purpose Limitation

Guardant Health will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Guardant Health will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.

Audit and Enforcement

We conduct periodic internal and third-party compliance audits of our relevant privacy practices, procedures, and our information and data processing systems, to verify adherence to this Policy. Any employee that we determine is in violation of this Policy will be subject to retraining, disciplinary action up to and including termination of employment and potential reporting to authorities.

The Guardant Health privacy and security program is subject to inspection by the Secretary of Health and Human Services (HHS) with respect to personal health information and the investigatory and enforcement powers of the Federal Trade Commission (FTC) with respect to Privacy Shield. Guardant Health commits to cooperate in investigations by and to comply with the advice of competent EU authorities.

Complaints, Questions

We strive to resolve all complaints about privacy and the collection or use of personal information. If you have questions about our privacy program, our participation in the Privacy Shield, or have a privacy complaint, please send an e-mail to privacy@guardanthealth.com.

In compliance with the Privacy Shield, Guardant Health has also chosen to cooperate with EU data protection authorities (DPAs) to address unresolved complaints.  You may raise such unresolved privacy concerns with their national Data Protection Authority, the contact details of which can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. You may be able to invoke binding arbitration regarding a privacy issue before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.

Governing Law

Our Services are controlled and operated by Guardant Health. By choosing to visit our Websites or otherwise provide information to Guardant Health, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by our Terms of Use and the laws of the State of California.

Changes to Our Privacy Policy

If we change our privacy policies and procedures, we will post those changes on our Website to keep you aware of what information we collect, how we use it, and under what circumstances we may disclose it. Changes to this Privacy Policy are effective when they are posted on this page.

How to Contact Us

You can contact Guardant Health using our Website contact page or sending an email to the address below. Please include your contact information and a detailed description of your request or privacy concern.

 

Guardant Health Inc.

privacy@guardanthealth.com

 

Effective Date: June 30, 2017