Last Updated: January 23, 2024
This Privacy Notice describes how Myriad Genetics, Inc., and certain of its subsidiaries collect, use, and disclose your personal information when you visit our Myriad.com and GeneSight.com websites, or any other of our websites, applications, products, services, social media accounts, and interactive features (which are collectively referred to here as “Services”) that link to this Privacy Notice. This Privacy Notice applies to our Services in the United States. Information about our privacy practices in the European Union and European Economic Area can be found here.
This Privacy Notice does not apply to any Services that link to a different privacy notice, such as sneakpeektest.com or Gatewaygenomics.org, which are maintained by our subsidiary Gateway Genomics, LLC. This Privacy Notice also does not apply to your Protected Health Information (“PHI”) that is governed by HIPAA, regardless of where it is collected. For information about how we use and disclose your PHI, our legal duties with respect to your PHI and your rights with respect to your PHI and how to exercise them, please refer to our HIPAA Notice of Privacy Practices. In connection with HIPAA covered services, in the event of a conflict between this Notice and our HIPAA Notice of Privacy Practices, our HIPAA Notice of Privacy Practices will prevail.
Navigate to sections within this Privacy Notice using the below links:
The personal information we collect depends on how you interact with us, the Services you use, the choices you make, and the methods we use for information collection, which include collecting information directly from you, collecting information automatically, and collecting information from third parties.
Information you provide directly. We collect personal information you provide to us, which can include:
Information we collect automatically. When you use our Services, we may collect some information automatically. For example:
Information we obtain from third-party sources.We also obtain the types of information described above from third parties. These third-party sources include, for example:
Information we create or generate.We may generate new information or make inferences from other data we collect, including about your likely preferences, demographic categories, or other characteristics. For example, we infer your general geographic location (such as city, state, and country) based on your IP address.
When you are asked to provide personal information, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services may not work as intended. Please see our Cookie Notice for more information.
We use the following categories of personal information for the purposes described below:
Contact information, demographic data, professional information, employment-related information, content and files, content of Myriad communications, identifiers and device information, geolocation data, usage data, financial information, inferences
Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data Product and service delivery. To provide and deliver our Services, including troubleshooting, improving, and personalizing those Services.
Contact information, demographic data, professional information, employment-related information, content and files, content of business communications, identifiers and device information, geolocation data, usage data, financial information, inferences
Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data Business operations. To operate our business, such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.
Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data Product improvement, development, and research. To develop new services or features, and conduct research (which may include recording and analyzing your interaction with certain pages of our website to help us improve your user experience).
Product improvement, development, and research.To develop new services or features, and conduct research (which may include recording and analyzing your interaction with certain pages of our website to help us improve your user experience).
Sensitive Information: account access information, precise geolocation data, sensitive demographic data, contents of communications, health data
Personalization. To understand you and your preferences to enhance your experience and enjoyment using our Services.
Customer support. To provide customer support and respond to your questions (which may include our recording and storing telephone, video, email, or online chat communications).
Communications. To send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
Contact information, demographic data, professional information, employment-related information, content and files, content of business communications, identifiers and device information, geolocation data, usage data, inferences
Marketing. To communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and those of our selected partners (see the “Choice and Control of Personal Information” section of this Privacy Notice for information about how to change your preferences for promotional communications).
Contact information, demographic data, professional information, employment-related information, content and files, content of business communications, identifiers and device information geolocation data, usage data, inferences
Advertising.. To display advertising to you (see our Cookie Notice for information on Your Privacy Choices including targeted advertising).
We combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.
We disclose personal information with your consent or as we determine necessary to complete your transactions or provide the services you have requested or authorized. In addition, we disclose each of the categories of personal information described above, to these types of third parties, for the following business purposes:
Please note that some of our Services also include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide personal information to any of those third parties, or allow us to share personal information with them, that data is governed by their privacy notices.
Finally, we may use and disclose de-identified information in accordance with applicable law. Where we do so, we will take reasonable measures to maintain and use the information in deidentified form and not reidentify the information except as permitted by applicable law.
We provide a variety of ways for you to control the personal information we hold about you, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law.
Access, portability, correction, and deletion. If you wish to access, download, correct, or delete personal information about you that we hold, send us a request by using the contact methods described at the bottom of this Privacy Notice.
Communications preferences. You can choose whether to receive promotional communications from us by email, SMS, and telephone. If you receive promotional email or SMS messages from us and would like to stop, you can do so by following the directions in the messages you receive. These choices do not apply to certain transactional or informational communications including surveys and mandatory service communications.
Data sales or sharing. Some privacy laws define “sale” or “sharing” broadly to include some of the disclosures described in the “Our Disclosure of Personal Information” section above. To opt-out from such data “sales” or “sharing” please utilize the controls described in Your Privacy Choices. You can also send us a request by using the contact methods described at the bottom of this Privacy Notice, and we can walk you through the use of our Cookie Manager and Consent Tools, as described in Your Privacy Choices.
Targeted advertising. To opt-out from or otherwise control targeted advertising, you have several options. Please review our Cookie Notice or Your Privacy Choices to learn more about your targeted advertising choices.
If you send us a request to exercise your rights or these choices, to the extent permitted by applicable law, we may decline requests in certain cases. For example, we may decline requests where granting the request would be prohibited by law, could adversely affect the privacy or other rights of another person, would reveal a trade secret or other confidential information, or would interfere with a legal or business obligation that requires retention or use of the data. Further, we may decline a request where we are unable to authenticate you as the person to whom the data relates, the request is unreasonable or excessive, or where otherwise permitted by applicable law. If you receive a response from us informing you that we have declined your request, in whole or in part, you may appeal that decision by submitting your appeal to our privacy office using the contact methods described at the bottom of this Privacy Notice.
If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (CCPA), you have certain additional rights with respect to that information.
Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this Privacy Notice by clicking on the above links.
Right to Know. You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, sharing, or sale of such personal information. Note that we have provided much of this information in this Privacy Notice. You may make such a “request to know” by sending us a request using the contact methods described at the bottom of this Privacy Notice.
Rights to Request Correction or Deletion. You also have a right to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to correct or delete, send us a request by using the contact methods described at the bottom of this Privacy Notice.
Right to Opt-Out / “Do Not Sell or Share My Personal Information”. You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA.
Note that the CCPA defines “sell,” “share,” and “personal information” very broadly, and some of our data sharing described in this Privacy Notice may be considered a “sale” or “sharing” under those definitions. In particular, we let advertising and analytics providers collect identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, app usage), device data, and geolocation data through our Services, but do not “sell” or “share” any other types of personal information. Please see the table below for more details about disclosures of categories of personal information in the last year.
Categories of Personal Information
Categories of personal information about California residents “sold” or “shared” in the preceding 12 months
Contact information, demographic data, professional information, identifiers and device information, geolocation data, usage data, inferences
Sensitive Information: precise geolocation data, sensitive demographic data, health data
Categories of personal information disclosed for a business purpose in the preceding 12 months
Contact information, demographic data, professional information, identifiers and device information, geolocation data, usage data, Myriad communications, content and files, financial information, inferences
If you do not wish for us or our partners to “sell” or “share” personal information relating to your interactions with our Services for targeted advertising purposes, you can make your request by using the controls described in Your Privacy Choices and our Cookie Notice, which describe how to use our Cookie Manger and Consent Tools. You may also email us for assistance using the contact methods described at the bottom of this Privacy Notice. If you opt-out using these choices, we will not share or make available such personal information in ways that are considered a “sale” or “sharing” under the CCPA. However, we will continue to make available to our partners (acting as our service providers) some personal information to help us perform advertising-related functions. Further, using these choices will not opt you out of the use of previously “sold” or “shared” personal information or stop all interest-based advertising.
Right to Limit Use and Disclosure of Sensitive Personal Information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law. To do so, send us a request by using the contact methods described at the bottom of this Privacy Notice.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
Further, to provide, correct, or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your identity.
Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.
Additionally, under California Civil Code Section 1798.83, also known as the “Shine the Light” law, California residents with whom we have an established business relationship are entitled to request and receive, free of charge, once per calendar year, information about the Personal Information we shared, if any, with other businesses for their own direct marketing uses during the prior year. California residents may request further information about our compliance with this law by using the contact methods at the bottom of this Privacy Notice.
We retain personal information for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.
Our Services are not directed at or intended for use by minors.
We take reasonable and appropriate steps to help protect personal information collected in connection with our Services from unauthorized access, use, disclosure, alteration, and destruction. Please be aware that despite our efforts, no security system is foolproof; we cannot guarantee the security of information.
To help us protect personal information, we request that you use a strong password and never share your password with anyone or use the same password with other sites or accounts.
We will update this Privacy Notice on an ongoing basis for a variety of purposes, including when necessary to reflect changes in our Services, how we use personal information, or the applicable law. When we post changes to the Privacy Notice, we will revise the “Last Updated” date at the top of the Notice. If we make material changes to the notice, we will provide notice or obtain consent regarding such changes as may be required by law.
If you have a privacy concern, complaint, or a question for the Myriad Privacy Office, please contact us at [email protected] or (866) 485-1599. You may also write to us at:
Attn: Privacy Office Myriad Genetics, Inc. 322 North 2200 West Salt Lake City, UT 84116