CRI Genetics Privacy Statement

1. Overview

This document (this "Privacy Statement") describes what information CRI Genetics, LLC (“Omni PGX” or “us,” “we,” or “our”) collects from you while using OmniPGX.com (the “Website”) and when a customer’s physician registers a DNA sample kit through their account on the Website.

We understand and respect the sensitive nature of your data and strive to ensure the collection of your data is done in a secure, dependable, transparent and legal manner. The security of your data is of great importance to us. We have security measures in place to protect against the loss, misuse or alteration of data. We periodically review and update our security and privacy policies and only allow authorized personnel to have access to your data.

We use secure server software to encrypt financial information and we only work with third parties who have agreed and complied with our strict security standards. We cannot fully guarantee that loss, misuse or alteration of data will not occur, however we use commercially reasonable efforts to prevent this.

2. Web Data

Definitions. Omni PGX operates a website located at crigenetics.com/OmniPGX/ (the "Website"). Through the Website, we use cookies and other similar tracking technologies (“Web Data”) such as tags, scripts and device identifiers to help us recognize you, customize and improve your experience, provide security, analyze usage of the PGX Services, gather demographic information, offer new products and services, monitor marketing program progress, and serve targeted advertising.

Use of Web Data. You may control our use of cookies through your internet browser. You may still use the Website if you reject cookies, but your ability to use some features or areas of our site may be limited. Similar to most websites, we gather certain information automatically and store it in log files. This may include internet protocol (IP) addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp, and/or clickstream data.

When accessing the Website through a mobile device, we may collect and store a unique identification numbers associated with your device (including, for example, a UDID, Unique ID for Advertisers, Google Ad ID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, IP address, phone number, and, depending on your mobile device settings, your geographical location data, including GPS coordinates or similar information regarding the location of your mobile device.

Non-Personal Information.  Use of the Website may result in the storage or collection of information that does not personally identify you (“Non-Personal Information”), such as demographic data, year (not date) of birth or age groups, geographic areas, gender, your computer type, screen resolution, operating system, mobile device details (if applicable), internet browser, and the website from which you came to the Website.  We have to use your IP address, your device type, your website interactions, and other Non-Personal Information to deliver the Website to you and to help diagnose problems with our server.

This technology helps us to, for example, compile aggregated statistics about our visitors and their use of the Website. We use these statistics to improve the design and content of the Website and to prepare and deliver our marketing programs. Because Non-Personal Information does not personally identify you, we may use such Non-Personal Information for any purpose. In addition, we reserve the right to share such Non-Personal Information.

3. PGX Service User Data

The pharmacogenomics service (the “PGX Service”) involves physicians disclosing their patients Personal Health Information (“PHI”) to us according to HIPAA laws (Health Insurance Portability & Accountability Act), including but not limited to name, birthdate, medications, and contact information.  It also involves our laboratory analyzing our customer’s DNA sample (the “Genetic Data”) which Omni PGX uses to report results (the “PGX Results”) directly to their physician.  Omni PGX also collects payment information (“Payment Information”) from our customer’s physician to process their payment through our trusted third-party processor.

Omni PGX recognizes the data it collects is very sensitive so we take privacy very seriously.  We never share PHI with any third parties.  Payment Information is only shared with a secure third-party payment processor we have vetted and trust.  We even hide PHI from our laboratory.  They never see any of our customers’ PHI when it processes a DNA sample – all PHI and other identifiable information is redacted from Genetic Data.  Only our customer, their physician, and Omni PGX have access to PGX Results.

The PGX Service is intended solely for persons over the age of eighteen (18) (“Adults”). Any offers to use or purchase the PGX Service is solely meant for Adults. Persons under the age of eighteen (“Minors”) must consult with their parent(s) or legal guardian to determine if the PGX Service is appropriate for use. When a Minor uses the PGX Service, Omni PGX will hold the parent or legal guardian responsible for the Minor’s actions and shall have consented to the use of the Minor’s data by Omni PGX. We do not knowingly collect or intend to collect personal information from children under the age of thirteen (13). If Omni PGX becomes aware that we have unknowingly collected personal information from a child under the age of 13, we will delete all such personal information from our databases by reasonable commercial means.

All data will be stored and processed in the United States. You expressly consent to the transfer, storage, and processing of data in the United States.

6. How Omni PGX Uses Customer Data

Contact Information.  Omni PGX may use “Contact Information” such as customer name, e-mail address, physician’s name, and physician’s contact information, for any reasonable purpose related to the PGX Services. This communicating with a customer’s physician, to provide the physician information about other Omni PGX products and services, to request feedback regarding the PGX Services, to improve the PGX Services, and to prepare and perform demographic, benchmarking, advertising, marketing, and promotional studies.

Our preferred choice of communication is via email, but we may contact a customer or their physician via telephone, direct mail, or any other appropriate form of communication as warranted under the circumstances. Our customers and their physicians may also receive promotional offers from us. If you do not want to continue to receive such emails from us, you may opt out at any time by using the unsubscribe link listed in the email or by changing your email preferences.

Payment Information.  Omni PGX only uses Payment Information to process payment.

Genetic Data & PGX Results.  Genetic Data is created and stored in our lab when analyzing a customer’s DNA sample.  DNA samples are stored at our lab for one year. Omni PGX only uses Genetic Data, in combination with PHI, to provide a customer’s PGX Results to their physician.  All PHI is redacted from our laboratory’s view.  Our lab only has access to the raw DNA Sample and Genetic Data.  It may use its database of Genetic Data to improve its analysis and conduct further genetic research.  Omni PGX only uses our customer’s PGX Results for delivery to their physician.

7. Sharing Data With Third Parties

Omni PGX will not share data with third parties, except as necessary to process payment, to protect the rights or property of Omni PGX or other users, to enforce our Terms and Conditions, to prevent fraud or cybercrime, to permit us to pursue available remedies or limit the damages that we may sustain, to investigate rare cases involving reported abuse of this Privacy Policy, or as otherwise required by law.

In the instance that Omni PGX is, or substantially all of its assets or stock are, acquired, transferred, disposed of (in whole or part and including in connection with any bankruptcy or similar proceedings), data will as a matter of course be one of the transferred assets.

8. Changes to Privacy Policy

Each time we change this Privacy Policy in a material way, we will issue an updated version with an updated date legend and use your Contact Information to notify you via email, via the Website or by other reasonable means prior to the change taking effect.

Please use the contact information at the bottom of this Privacy Policy if you do not consent to this Privacy Policy or to any changes thereto and would no longer like us to use or hold your data in accordance with the revised terms. We will promptly delete your information and/or account upon receiving such request.

Please review this Privacy Policy regularly to ensure you are familiar with any changes to it. Use of the Website or the PGX Services following any changes constitutes your acceptance of the revised Privacy Policy then in effect. If you do not agree to our Privacy Policy then you cannot use the PGX Services.

9. Managing Your Data

Omni PGX strongly discourages sharing PGX Results with anyone aside from your health care provider because third parties may not adhere to privacy standards including those described in this policy.  Please choose carefully.  In general, once your data is disclosed, it can be difficult to contain or retrieve.   Omni PGX will have no responsibility or liability for any consequences that because you have disclosed data with others. Likewise, if you are a physician with access to PGX Results, you must protect the privacy of your patients.

10. Data Security Safeguards

Omni PGX takes your trust and confidence in us seriously. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of information, Omni PGX uses a range of physical, technical, and administrative measures to safeguard data. In particular, all connections to and from our website are encrypted using Secure Socket Layer (SSL) technology.

Protecting data is also your responsibility.  Physicians must act responsibly and safeguard their passwords, secret questions and answers, and other authentication information necessary to access the PGX Services. Physicians should not disclose authentication information to any third-party and should immediately notify Omni PGX of any unauthorized use of their password.

11. Contacting Us

If you have questions about this Privacy Statement, the Website, or the PGX Services, or wish to request access to, modify, delete, or receive information about the data we collect, please email Omni PGX at legal@crigenetics.com.