Privacy Policy

Last Updated: Aug 1, 2018

Download PDF

Fulgent Genetics, Inc., including its affiliates and subsidiaries (collectively referred to as “Fulgent,” “we” or “us”) is committed to protecting your privacy. This Privacy Policy (this “Policy”) describes how collect, use, store, secure, and disclose your personal information when you access or use our websites, including without limitation www.fulgentgenetics.com, our Provider Portal, and our Patient Portal (the “Websites”), and when you transmit information to us electronically or in hard copy in relation to our genetic testing and related services (our “Services”).

This Privacy Policy is in addition to and does not replace our Notice of Privacy Practices, which explains how we handle personally-identifiable health information under U.S. law. If you are located in the European Economic Area or Switzerland, please see the “NOTICE TO INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA OR SWITZERLAND” below.

We may revise this Policy from time to time. All updates will be posted on this web page. If we make any material changes in the way your personal information is handled, we will notify you by email (sent to the email address specified in your account) or by means of a notice on our Websites prior to the change becoming effective.

ACCEPTANCE OF THIS PRIVACY POLICY

Before you use our Services (whether you are a provider or a patient), please read the Fulgent Terms of Service, and the Patient Portal Addendum, if applicable. By accepting the applicable Terms of Use, you agree with our privacy practices as described in this Policy. If you do not agree with the terms of this Policy, please do not access the Websites or use our Services.

TYPES OF PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT

Depending on which of our Services are being used, or which individual (provider or patient) is involved, Fulgent processes and stores different combinations of personal information as set forth in this Policy.

PERSONAL INFORMATION COLLECTED FROM PATIENTS

Through our test order forms and based on and by virtue of the respective consent provided by the patient through his or her provider, we may collect and process personal information of a patient, including the following categories:

  • Personal details (including first and middle name, last name, birth date and/or age)
  • Family relationships (if applicable)
  • Address
  • Gender
  • Ethnicity
  • Nationality
  • Disease
  • Symptoms and other medical information
  • The sample material involving genetic data
  • Information on patient’s insurance (where provided)
  • Payment information for services (where provided)
  • Identifiable genetic information; and
  • Genetic test results and findings

Such collected personal information is used to provide the Services and test results to the provider and to perform the billing. All the collected personal information of a patient will be stored for as long as stated in the applicable patient informed consent form. The personal information will be processed by Fulgent for the performance of the specific genetic analysis requested by the patient’s provider on the applicable Test Requisition Form, and for informing the patient’s provider of the results of such analysis, all on the basis of the consent provided by the patient. Fulgent will de-identify (pseudonymize) the personal information to the extent possible.

In the event a patient has consented to research, his or her personal information and remaining sample will also be stored and processed for up to 20 years for the further purposes specified in the applicable Informed Consent Form and/or Test Requisition Form, and may be retained in an anonymized form to support further research, development, and improvement of diagnostic methods and potential therapeutic developments. Research and development also helps Fulgent to improve its Services and build new Services and customized features or Services.

PERSONAL INFORMATION COLLECTED FROM PROVIDERS

In order to provide the Services requested (including billing, etc.), we will mainly collect and process the following personal information from providers:

  • Personal details (including name, address)
  • Phone and fax number
  • Business address and department
  • Email address
  • NPI
  • Payment information (where provided)

All the provider personal information will be stored as long as Fulgent is providing Services to any of provider’s patients. Such provider personal information will be processed to inform the provider of the patient’s test results, any other requests from the provider, and for invoicing. All of such processing is for the purpose of performing a contract as between Fulgent and the provider to provide the Services.

We may also use the personal information to share marketing information about our Services, and to do so, we may process your contact information or information about your interaction with our Services to send you marketing communications, provide you with information about events, webinars, or other materials, deliver targeted marketing to you, and, keep you updated about our Services. You can opt-out of our marketing activities at any time by using the “unsubscribe” link in any email communications or by contacting privacy@fulgentgenetics.com.

PERSONAL INFORMATION COLLECTED FROM VISITORS TO FULGENT WEBSITES

Generally, individuals are able to visit www.fulgentgenetics.com (“Main Website”) without disclosing personal information, except as may be necessary to provider a product or service at his or her request. Data are collected from the Main Website only to the extent technically necessary. For example, in some cases we may recognize personal data like the IP address as well as non-personal data like the name of the visitor’s Internet service provider, the website from which the visitor came to our Main Website, the pages that the visitor views on the Main Website, and what the visitor clicks on any given page. This data could possibly identify an individual, but Fulgent does not use it to do so.

Cookies: We use cookies and similar tracking technologies to personalize your experience on our Websites. Please see our Cookie Policy for more information. Without processing your personal information for such purposes, you may not be able to access part or all of our Services. Our servers automatically record information created by your use of our Websites and we use visitor logs to compile anonymous statistics. The aggregate information is collected sitewide and contains anonymous website statistics and is not considered personal information.

“Do Not Track”: Some browsers incorporate a "Do Not Track" (DNT) or similar feature that signals to digital services that a visitor doesn’t want to have their online activity tracked. Because there is not yet an accepted standard for how to respond to DNT signals, we and our service providers (like many digital service operators) do not respond to DNT signals.

Please see other sections of this Policy for descriptions of what is collected upon registration for our Patient Portal or our Provider Portal.

PERSONAL INFORMATION COLLECTED FROM JOB APPLICANTS

If you apply for a position with Fulgent through our Careers Page, we will collect your resume, contact information, employment and education history, and other related information. We may also receive information from references you identify and other third parties (for instance, background checks where permitted by applicable law).

PERSONAL INFORMATION PROVIDED VOLUNTARILY

We collect any personal information that you voluntarily provide to use, such as inquiries through our Main Website, information you provide about your business, etc., and is used only for the purpose of addressing the request received. In cases where social media services may be used, we do not have any influence on the storage and processing of providing personal information via the respective social media service. You are encouraged to review those privacy policies before sending Fulgent personal information via a social media service.

INFORMATION WE SHARE

Fulgent may disclose your personal information as follows:

  • Our service providers, vendors, and other processors. We may share your personal information with our service providers, business partners, or other vendors that help us provide our Services to you. Such entities will be given access as is reasonably necessary to provide our Services, and only under contractual obligations that are at least as restrictive as this Policy and in compliance with applicable privacy laws. Agents, vendors, and service providers who may have access to protected health information and other special categories of personal data are contractually obligated to protect the privacy and security of such information. We share your payment information with our third party payment processor. We do not store any credit card information on Fulgent servers.
  • Affiliated businesses. We may share your personal information with group companies and affiliates. Affiliated businesses may use your information to help provide, understand, and improve our Services and the affiliates’ own services.
  • Change of control. We may share your personal information as part of a purchase, transfer, or sale of the Services or the company (for example, a corporate restructuring, merger or consolidation with, or sale of substantially all of our assets to a third party).
  • Safety and legal compliance. We may share your personal information if we believe that such disclosure is necessary to comply with any applicable laws, regulations, legal processes, or requests by public authorities (e.g., law enforcement, tax authorities, etc.); protect you, us, or other users’ rights or property, or to protect our Services, comply with or enforce our terms, agreements or policies. Such disclosure may be to parties outside your country of residence.
  • Your consent or express actions. We will share personal information when we have your consent to do so. Also, any information or content that you voluntarily disclose for posting in public areas of our Websites, such as blog comments or social media posts on our social media profiles, become available to the public.
  • Anonymous or aggregate data. We may share anonymized or aggregated information with any third parties. Such information no longer reasonably identifies you and is not considered personal information.

HOW WE USE AND DISCLOSE DE-IDENTIFIED, ANONYMIZED OR PSEUDONYMIZED INFORMATION

“De-identified” or “pseudonymized” information is data we have stripped of your personally identifiable information, such as your name, address, or birthdate. We retain the ability to re-identify such information. “Anonymized” information is when personal information is stripped of all identifiers and cannot reasonably be linked back to you.

We may use “de-identified” or “pseudonymized” information for various purposes, including:

  • For quality control and validation:
    • In accordance with regulatory requirements, we may de-identify, store and use patients’ samples and information for internal quality control, validation, research and development. This is an important use for Fulgent to maintain our high quality Services and to develop new Services.
    • In accordance with regulatory requirements, we may also share de-identified patients’ samples and information for quality assurance and validation purposes. Such sharing is essential to maintaining the quality of genetic testing in testing laboratories.
  • For research purposes:
    • We may contribute de-identified genetic variants that we have observed in the course of providing our Services to publicly available databases.
    • We may use or disclose de-identified patient information for general research purposes. This may include research collaborations with third parties, such as universities, hospitals, or other laboratories, in which we utilize de-identified clinical cases at the individual or in the aggregate, and we may present or publish such information. This may also include commercial collaborations with private companies for research purposes.

To the extent we have relied on your consent to process such de-identified personal information in relation to the above, you may withdraw your consent to participate at any time by contacting us at privacy@fulgentgenetics.com. Fulgent will not include any such de-identified personal information in new research commencing within 30 days from the receipt of your request. Any research involving your data that has already been performed or published prior to the receipt of your request will not be reversed, undone, or withdrawn.

CHILDREN’S INFORMATION

Our Websites are directed towards adults and are not designed for, intended to attract, or directed towards children under the age of 16. If you are under the age of 16, you must obtain the authorization of a responsible adult (parent or legal guardian) before accessing or using our Websites. If we become aware that we have collected any personal information from children under 16 without appropriate authorization, we will promptly remove such information from our databases.

THIRD-PARTY INFORMATION

You agree that you have provided notice to, and obtained consent from, any third party individuals whose personal information you supply to us, including with regard to (a) the purposes for which such third party’s personal information has been collected; (b) the intended recipients or categories of recipients of the third party’s personal information; (c) which of the third party’s information is obligatory and which information, if any, is voluntary; and (d) how the third party can access and, if necessary, rectify the information held about them.

LINKED WEBSITES

Our Websites may contain links to external websites. Fulgent does not maintain these sites and is not responsible for the privacy practices of sites that it does not operate. Please refer to the specific privacy policies posted on these sites.

INFORMATION ACCESS, UPDATES, AND CHOICE

You can update, amend or delete your account information and preferences at any time by logging into your Provider Portal or Patient Portal Account or by contacting us at privacy@fulgentgenetics.com.

All Fulgent email correspondence will include instructions on how to update certain personal information and how to unsubscribe from our emails and postal mail correspondence. Please follow the instructions in the emails to notify Fulgent of changes to your name, email address, and preference information.

Fulgent will take reasonable steps, such as confirmation emails, to verify your identity before granting access to your personal information.

For individuals residing in the European Economic Area (EEA), Switzerland or the United Kingdom (collectively, the “Designated Countries”) at the time of data collection, please refer to the section below captioned, “NOTICE TO INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA OR SWITZERLAND”.”

RETENTION

We store your personal information for as long as we need it to provide you our Services, to serve the purpose(s) for which your personal information was processed, or as necessary to comply with our legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law. While retention requirements can vary by country, we generally apply the retention periods noted below.

We store information used for marketing purposes indefinitely until you unsubscribe. Once you unsubscribe from marketing communications, we add your contact information to our suppression list to ensure we respect your unsubscribe request. Also, we retain any information collected via cookies, clear gifs, flash cookies, webpage counters and other technical or analytics tools up to one year from expiry of the cookie or the date of collection. If you have any questions about our retention periods, please feel free to contact us at privacy@fulgentgenetics.com.

SECURITY MEASURES

We use reasonable technical, administrative and physical measures to protect information contained in our system against misuse, loss or alteration. Information that you provide through our Websites is encrypted using industry-standard Secure Sockets Layer (SSL) technology, with the exception of information you send via email. Your information is processed and stored on controlled servers with restricted access, and in compliance with the Security Rule of the Health Insurance Portability and Accountability Act of 1966 (HIPAA). Unfortunately, no method of electronic transmission is 100% secure, so we cannot ensure or warrant the security of any information you transmit to our Websites, and you do so at your own risk. Please do not submit any personal health information or credit card information via email.

Please recognize that protecting your personal information is also your responsibility. You should keep your username, password, ID numbers, or other access credentials secure as Fulgent cannot secure personal information that you release on your own or that you request us to release. If we receive instructions using your log-in information we will consider that you have authorized the instructions.

CONTACT US

If you have any questions regarding this Policy or our privacy practices, you may contact us at:
Fulgent Genetics
4978 Santa Ana Ave., Suite 205
Temple City, CA 91780
privacy@fulgentgenetics.com

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

We may store, process and transmit personal information in locations around the world, including locations outside of the country or jurisdiction where you are located. Such countries or jurisdictions may have data protection laws that are less protective than the laws of the jurisdiction in which you reside. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use our Services.

We transfer your personal information subject to appropriate safeguards as permitted under the applicable data protection laws. Specifically, when your personal information is transferred out of the Designated Countries, we have the required contractual provisions for transferring personal information in place with the third parties to which your information is transferred. For such transfers, we rely on legal transfer mechanisms such as Standard Contractual Clauses, or we work with US-based third parties that are certified under the EU-US and Swiss-US Privacy Shield Framework.

NOTICE TO INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA OR SWITZERLAND

THIS SECTION ONLY APPLIES TO USERS OF OUR SERVICES THAT ARE LOCATED IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM OR SWITZERLAND (COLLECTIVELY, THE “DESIGNATED COUNTRIES”) AT THE TIME OF DATA COLLECTION. WE MAY ASK YOU TO IDENTIFY WHICH COUNTRY YOU ARE LOCATED IN WHEN YOU USE SOME OF OUR SERVICES, OR WE MAY RELY ON YOUR IP ADDRESS TO IDENTIFY WHICH COUNTRY YOU ARE LOCATED IN.

Where we rely only on your IP address, we cannot apply the terms of this Section to any User or Customer that masks or otherwise obfuscates their location information so as not to appear located in the Designated Countries. If any terms in this Section conflict with other terms contained in this Policy, the terms in this Section shall apply to users in the Designated Countries.

  • Fulgent’s relationship to you. A “data controller” is an entity that determines the purposes for which and the manner in which any personal information is processed. Any third parties that act as our service providers are “data processors” that handle your personal information in accordance with our instructions. In relation to our Provider Portal and Patient Portal (or any similar portal hosted by a Fulgent-owned company), Fulgent is a controller in relation to the information that a provider enters directly into the website about him or herself or about his or her patients. To the extent a user or patient enters personal information on our Websites to pay for, use or obtain further information about our Services, Fulgent is a controller. To the extent that Fulgent receives personal information as part of any Informed Consent or Test Requisition Form, and to the extent that Fulgent receives identifiable samples and/or identifiable genetic information necessary to perform the Services, Fulgent is a controller.
  • Lawful basis for processing your personal information. We describe our processing activities in detail in this Policy. Below is a chart indicating the legal bases we rely in processing personal information.
    Section Purposes of processing Legal basis for processing
    5(1)
    5(4)
    5(5)
    5(6)
    5(7)
    6(1)
    6(2)
    • to provide our Services and receive payment
    • to send communications related to the Services
    • to provide customer support
    • to enforce our terms, agreements, or policies
    • to ensure the security of our Services
    • our service providers, business partners and others
    • disclosure to affiliated businesses
    Processing is based on our contractual obligations under the Terms of Service, or to take steps at the request of the individual prior to entering into a contract.
    5(2)
    5(9)
    5(10)
    6(3)
    • to inform you about research opportunities
    • to personalize your experience on our Websites
    • to conduct research and product development
    • change of control
    Processing is based on our legitimate interest to better understand you, to maintain and improve the accuracy of the information we store about you, and to better promote or optimize our Services.
    5(6)
    5(7)
    5(6)
    6(4)
    • to ensure the security of our Services
    • to maintain legal or regulatory compliance
    • responding to legal requests and preventing harm
    • safety and legal compliance
    Processing is necessary for compliance with our legal obligations, the public interest, or in your vital interests.
    5(3)
    7(1)
    7(2)
    • to allow you to share personal information for research purposes
    • for quality control & validation
    • for research purposes
    Processing is based on your consent,as required under applicable law. In relation to 7(i) and 7(ii), to the extent the de-identified data is anonymized, it is not considered personal data and falls outside the General Data Protection Regulations (GDPR).
  • Marketing activities. Direct marketing includes any communications we send to you that are only based on advertising or promoting products and services. Transactional communications about your account or our Services are not considered “direct marketing” communications. We will only contact patients or providers by electronic means (including email or SMS) based on our legitimate interest or their consent. If you do not want us to use your personal information in this way, please click an unsubscribe link in your emails, or contact us at privacy@fulgentgenetics.com.
  • Individual data subject rights. We provide you with the rights described below when you use our Services. When we receive an individual rights request from you, please make sure you are ready to verify your identity. Please be advised that there are limitations to your individual rights. We may limit your individual rights in the following ways: (i) where denial of access is required or authorized by law; (ii) when granting access would have a negative impact on other's privacy; (iii) to protect our rights and properties; and (iv) where the request is frivolous or burdensome. If you have questions, if you would like to exercise your rights under the applicable law please contact us at privacy@fulgentgenetics.com .
    • Right to withdraw consent. If we rely on consent to process your personal information, you have the right to withdraw your consent at any time. A withdrawal of consent will not affect the lawfulness of our processing or the processing of any third parties based on consent before your withdrawal.
    • Right of access and rectification. If you request a copy of your personal information that we hold, we will provide you with a copy without undue delay and free of charge, except where we are permitted by law to charge a fee. We may limit your access if such access would adversely affect the rights and freedoms of other individuals. You may request to correct or update any of your personal information held by us, unless you can already do so directly via the Services.
    • Right to erasure (the “right to be forgotten”). You may request us to erase any of your personal information held by us that: is no longer necessary in relation to the purposes for which it was collected or otherwise processed; was collected in relation to processing that you previously consented to, but later withdrew such consent; or was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing.
    • Right to object to processing. You may object to our processing at any time and as permitted by applicable law if we process your personal information on the legal basis of consent, contract or legitimate interests. We can continue to process your personal information if it is necessary for
    • the defense of legal claims, or for any other exceptions permitted by applicable law.
    • Right to restriction. You have the right to restrict our processing your personal information where one of the following applies:
      • You contest the accuracy of your personal information that we processed. We will restrict the processing of your personal information, which may result in an interruption of some or all of the Services, during the period necessary for us to verify the accuracy of your personal information.
      • The processing is unlawful and you oppose the erasure of your personal information and request the restriction of its use instead.
      • We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise or defense of legal claims.
      • You have objected to processing, pending the verification whether the legitimate grounds of our processing override your rights. We will only process your restricted personal information with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if or when the restriction is lifted.
    • Right to data portability. If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller”, where technically feasible, unless exercise of this right adversely affects the rights and freedoms of others.
    • Notification to third-parties. If we share your personal information with third parties, we will notify them of any requests for rectification, erasure or restriction of your personal information, unless this proves impossible or involves disproportionate effort.
    • Right to lodge a complaint. If you believe we have infringed or violated your privacy rights, please contact us at privacy@fulgentgenetics.com so that we can work to resolve your concerns. You also have a right to lodge a complaint with a competent supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement. A listing of data protection authorities can be found at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
    • For information regarding how to contact our EU Representative, please contact privacy@fulgentgenetics.com