Effective Date: 2018-10-01
European Data Privacy Statement
Myriad Genetics, Inc., 320 Wakara Way, Salt Lake City UT 84108, U.S.A., and its affiliated companies in the United States and Europe, including Myriad International GmbH and Myriad Genetics GmbH, (collectively referred to herein as "Myriad"), are committed to adhering to applicable data protection laws. Myriad recognizes and respects the privacy rights of individuals with regard to their personal data. If you are from the European Economic Area (EEA), this Data Privacy Statement will explain Myriads legal basis for collecting and using your Personal Data and the specific context in which we collect it.
Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)
Myriad applies the General Data Protection Regulation (GDPR) EU 2016/679 to all Personal Data we control or process on behalf of others. Myriad may process your Personal Data because:
- We need to perform a contract with you.
- To provide information or services you requested.
- You have given us your consent to process your Personal Data for the respective purposes.
- To comply with our legal obligations.
In addition, we may process your Personal Data on the basis of the legitimate interest of Myriad so long as it does not override your individual interests, rights or freedoms.
Personal Data of Patients
Myriad may collect Personal Data of patients in the course of providing our clinical laboratory testing and related services, including but not limited to, patient name, address, other contact information, medical history and records, and health insurance information. Myriad may process this Personal Data for the following purposes: providing clinical laboratory services, including molecular diagnostic test services; creating anonymized analyses of biomarker and cancer type data for publication and internal use; and providing customer service.
Personal Data of Employees
Myriad collects Personal Data of our employees in the course of their employment with us, including but not limited to, the employees name, address, other contact information, and job title and salary information. Myriad may process this Personal Data for general HR administrative functions, including hiring, performance assessment, promotion, and salary and benefits determinations.
Personal Data of Third Party Service Providers and Consultants
Myriad may collect Personal Data of individuals who provide services on our behalf, including but not limited to, name, biographical information, address, and other contact information. Myriad may process this Personal Data for purposes of carrying out the service agreements it has with these individuals or their employers.
GDPR Transfer of Data
Myriads European affiliates, with offices in the EEA, store and transfer data, including Personal Data, to the United States and process it there.
The level of data protection in the United States is considered not to be the same as in the EEA according to the absence of a respective adequacy decision of the EU Commission. Myriad ensures that such transfers are carried out in compliance with the applicable data protection laws and regulations. Any transfers to third countries outside the EEA are secured through appropriate contractual guarantees such as the EU Commissions Standard Contractual Clauses for transfers to the United States where applicable. You may request and receive a copy of such documents from us.
Your Data Protection Rights under the General Data Protection Regulation (GDPR)
If you are a resident of the EEA, you have certain data protection rights. Myriad aims to take reasonable steps to allow you to correct, amend, delete or limit the Processing of your Personal Data.
If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
Under the GDPR, you have the following data protection rights:
- Right of access
You have the right to obtain information as to whether we process your Personal Data and to receive a copy of your Personal Data retained by us as a Controller. In addition, you have the right to obtain certain information how and why we process your Personal Data.
- Right to rectification
You have the right to have your Personal Data amended or rectified where it is inaccurate and to have incomplete Personal Data about you completed.
- Right to erasure
You have the right to erasure of your Personal Data, inter alia, in the following cases:
- Your Personal data are no longer necessary in relation to the purpose for which they were collected and processed;
- Our legal grounds for the Processing of your Personal Data is consent, you withdraw your consent and we have no other legal ground for the Processing of your Personal Data;
- Our legal grounds for the Processing of your Personal Data is that the Processing is necessary for legitimate interests pursued by us or a third party, you object to our Processing and we do not have any overriding legitimate grounds;
- Your Personal Data have been unlawfully processed
- Your Personal Data must be erased to comply with a legal obligation to which we are subject.
- Right to restrict the Processing of your Personal Data
You have the right to restrict our Processing of your Personal Data in the following cases:
- For a period enabling us to verify the accuracy of your Personal Data where you have contested the accuracy of such Personal Data;
- Your Personal Data have been unlawfully processed and you request restriction of the Processing of your Personal Data instead of their erasure;
- Your Personal Data are no longer necessary in relation to the purpose for which they were collected and processed but the Personal Data are required by you to establish, exercise or defend legal claims; or
- For a period enabling us to verify whether our legitimate grounds override your interests where you have objected to the Processing of your Personal Data.
- Right to object to the Processing
You have the right to object to our Processing of your Personal Data, inter alia, in the following cases:
- Our legal grounds for the Processing is that the Processing is necessary for a legitimate interest pursued by us or a third party; or
- Our Processing is for direct marketing purposes.
- Right to data portability
You have the right to receive your Personal Data which you have provided to us and you have the right that we send your Personal Data to another organization (or ask us to do so if technically feasible) where our lawful basis for the Processing is your consent, or where the Processing is necessary for the performance of our contract with you and the Processing is carried out by automated means.
- The right to withdraw consent.
You also have the right to withdraw your consent at any time where Myriad relied on your consent to process your Personal Data.
Please note that we may ask you to verify your identity before responding to such requests.
If you are not satisfied with our use of your Personal Data or our response to any exercise of these rights, we kindly ask you to first contact our Data Protection Officer using the contact details set forth below or write to us at email@example.com.
You have the right to complain to a Data Protection Authority about our collection and Processing of your Personal Data. For more information, please contact your local data protection authority in the EEA.
Please note that we do no automated decision-making, including profiling concerning your Personal Data.
Data Protection Officer:
The data protection officer in accordance with the General Data Protection Regulation is:
Attn: Ms. Alef Voelkner
Fox-On Datenschutz GmbH
51789 Lindlar/Köln, GERMANY
Phone: +492266 9015922
If you have any questions, please email us at firstname.lastname@example.org. You may also write to us or call us at:
Attn: Privacy Officer
Myriad Genetics, Inc.
320 Wakara Way
Salt Lake City, UT 84108, USA