<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1400074&amp;fmt=gif">

GDPR Notice

Data Protection Notice For EU/EEA Patients and Other Individuals 

-Effective: November 10, 2019 – Last Modified: November 10, 2019-

 

Biodesix, Inc. (“Biodesix”) is providing this notice for individuals residing in the European Union/European Economic Area from whom we acquire biological (i.e., blood or urine) specimens, as well as other individuals involved in the healthcare process. It explains how we collect and process your personal data in connection with our clinical laboratory services. 

Who We Are

Biodesix is a clinical laboratory company headquartered and principally operating in the United States. We collect biological samples (blood or urine) from patients for the following purposes:

  • Clinical laboratory services. If ordered through your health care provider, we provide certain testing services for particular types of cancer. We may also receive biological samples for testing through collaborative agreements with other healthcare organizations. 

Data Collection

We only collect personal data in relation to the services we provide, and limit our data collection to data which is appropriate and proportionate to the reasons for our collection.  Generally, we will collect the following information in connection with our provision of testing services:

  • Patient Name
  • Patient mailing address
  • Patient gender and age
  • Patient email
  • Patient phone number
  • Patient Account Numbers for purposes of payment/insurance
  • Contact information for the Patient’s healthcare provider(s) associated with the purpose of our testing
  • Tests ordered
  • We also obtain, in the course of our testing, medical information about the patient which is derived from the tests themselves.

If you are a healthcare provider or other individual involved in the treatment, payment, or operation of health care, we may, in connection with our provision of testing services, collect the following information about you:

  • Name
  • Mailing address
  • Email
  • Phone Number(s)

Data Processing

We use the personal data of patients and other individuals only for the intended health care purposes associated with:

  • obtaining biological samples
  • performing required testing
  • reporting results, and
  • obtaining payment.

If the patient’s healthcare professional contacts us directly, we will, after appropriate authentication, discuss our testing and results with them.

We may also use the data we collect to fulfill our regulatory and legal obligations, such as in relation to audits and checking to ensure that our testing equipment is working properly, and to comply with oversight agency inspections. We may use information in de-identified or anonymized format for public health purposes, such as to report outbreaks or similar irregularities to health officials to help keep communities and the people who live in them safe and healthy. In accordance with applicable laws, various de-identified or anonymized data may also be used to aid in tracking health trends and needed areas of research.

Access Limitations and Sharing Your Data

We strictly limit access to patient personal data to authorized members of Biodesix’s workforce and contractors who assist in the testing and test reporting process. We train these individuals in advance, with annual refresher training, on appropriate privacy and security requirements. Before allowing any contractor access to the data, we enter into appropriate contractual provisions requiring contractor compliance with privacy law and our instructions on data processing. 

We may also share certain personal data received in relation to the services described in this notice with third parties working with Biodesix, such as third-party laboratories with whom we have collaborations for performing certain specialized laboratory testing, as well as those that assist us with public health and safety aspects of our business. We never sell or share personal data pertaining to patients or other individuals with third parties for their own separate use. Should we share your data with a third party, the third party must provide written assurances that they will only process the data on behalf of Biodesix and subject to Biodesix’s instructions and that they will also ensure appropriate security measures to keep the personal data strictly confidential, consistent with applicable laws and regulations.

To the extent that we are required to provide access to any personal data to third parties who are not our business partners, such as in connection with regulatory audits, to fulfill regulatory reporting obligations to health oversight agencies, or in the event of any legal situations, we take steps to limit the data to that which is required for the specific purpose and take steps to ensure that the data are adequately safeguarded. For legal situations, where feasible, we take steps to inform the individual before any data is provided to the third-party, and if not feasible, will take reasonable steps to inform him/her as soon as practical thereafter.

Types of Cookies Used

Cookie Description Duration Type
__cfduid The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. 1 month Necessary
__cfruid null   Other
__cfduid The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. 1 month Necessary
_gcl_au This cookie is used by Google Analytics to understand user interaction with the website. 2 months Analytics
__cfduid The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. 1 month Necessary
uid This cookie is used to measure the number and behavior of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisments. 1 year Advertisement
__cfduid The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information. 1 month Necessary
_fbp This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website. 2 months Advertisement
fr The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin. 2 months Advertisement
UserMatchHistory Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences. 1 month Other
lang This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.   Functional
lidc This cookie is set by LinkedIn and used for routing. 1 day Functional
uid_syncd null 3 days Other
_hjid This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. 11 months Other
_hjIncludedInSample This cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate Heatmaps, Funnels, Recordings, etc.   Analytics
lang This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.   Functional
bcookie This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page. 2 years Functional
bscookie This cookie is a browser ID cookie set by Linked share Buttons and ad tags. 2 years Advertisement
ab null 1 year Other
_pk_id.1343.3d15 null 1 year Other
_pk_ses.1343.3d15 null 30 minutes Other
IDE Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile. 1 year Advertisement
NID This cookie is used to a profile based on user's interest and display personalized ads to the users. 6 months Advertisement
anHistory null 1 month Other
EE This cookie is set by exelator.com. The cookies is used to store information about users' visit to the website. The data includes the number of visits, average time spent on the website, and the pages that have been loaded. This information is used to provide the users customized and targeted ads. 3 months Advertisement
cke109099 null 5 years Other
ud This cookie is set by exelator.com. The cookies is used to store information about users' visit to the website. The data includes the number of visits, average time spent on the website, and the pages that have been loaded. This information is used to provide the users customized and targeted ads. 3 months Advertisement
auid null 68 years Other
anProfile null 5 months Other
IQver This cookie is set IntentIQ. The purpose is not known as of yet. 2 years Other
ljt_reader This is a Lijit Advertising Platform cookie. The cookie is used for recognizing the browser or device when users return to their site or one of their partner's site. 11 months Advertisement
_ljtrtb_2 null 11 months Advertisement
_cc_dc The cookie is set by crwdcntrl.net. The purpose of the cookie is to collect statistical information in an anonymous form about the visitors of the website. The data collected include number of visits, average time spent on the website, and the what pages have been loaded. These data are then used to segment audiences based on the geographical location, demographic, and user interest provide relevant content and for advertisers for targeted advertising. 8 months Advertisement
_cc_id The cookie is set by crwdcntrl.net. The purpose of the cookie is to collect statistical information in an anonymous form about the visitors of the website. The data collected include number of visits, average time spent on the website, and the what pages have been loaded. These data are then used to segment audiences based on the geographical location, demographic, and user interest provide relevant content and for advertisers for targeted advertising. 8 months Advertisement
_cc_cc The cookie is set by crwdcntrl.net. The purpose of the cookie is to collect statistical information in an anonymous form about the visitors of the website. The data collected include number of visits, average time spent on the website, and the what pages have been loaded. These data are then used to segment audiences based on the geographical location, demographic, and user interest provide relevant content and for advertisers for targeted advertising. 8 months Advertisement
_cc_aud The cookie is set by crwdcntrl.net. The purpose of the cookie is to collect statistical information in an anonymous form about the visitors of the website. The data collected include number of visits, average time spent on the website, and the what pages have been loaded. These data are then used to segment audiences based on the geographical location, demographic, and user interest provide relevant content and for advertisers for targeted advertising. 8 months Advertisement
__141_cid null 11 months Other
__io_cid null 11 months Other
i The purpose of the cookie is not known yet. 11 months Other
_dbefe This cookie is set by ContextWeb for the purpose of tracking user preference in order to provide targeted advertising   Advertisement


Data Transfers

Because Biodesix is headquartered in the United States, the personal data that we collect in relation to the services described in this notice are always processed in the U.S. The data will be stored on secure servers located in the U.S. As such, your data is only accessible to authorized, limited persons who require access to perform their job responsibilities and those persons may be located in countries other than your country of residence. Although there are variations in the data protection laws and level of protection of personal data from country to country, we take steps to ensure that your data is appropriately safeguarded and transferred in a manner consistent with the applicable data protection laws of your country, irrespective of its location.

Data Security

Biodesix uses appropriate technical and organizational security measures to prevent unauthorized or unlawful disclosure or access to, or accidental or unlawful loss, destruction, alteration or damage to the personal data that it collects about individuals for the services described in this notice. Irrespective of whether the data are stored in paper or electronic form, these measures are intended to ensure an appropriate level of security in relation to the risks inherent to the processing and the nature of the data to be protected, and are also applied in a manner consistent with applicable laws and regulations.

Data Accuracy

Biodesix takes reasonable steps to keep its personal data accurate, complete, and up-to-date in accordance with the purposes for which it was collected. Biodesix also relies on the healthcare professionals, insurers and other individuals who entrust us with personal data for purposes of providing the services described in this notice, to provide accurate information to us, and to amend or update that information if they later determine that it is incomplete or inaccurate.

Individual Rights

Individuals whose personal data is collected and processed by Biodesix can contact Biodesix at the address below, in relation to any questions about their data or to exercise their individual rights of access, amendment, objection or erasure. To protect privacy, we require individuals to authenticate themselves and will provide them with a form to obtain a copy of their data. In accordance with applicable laws, these rights, and particularly the right to amendment, objection or erasure, are limited.

For additional information about Biodesix’s privacy and security practices or to exercise your rights of access or rectification, kindly contact our Data Privacy Officer at Privacy@Biodesix.com.

Right to Withdraw Consent (Opt-Out)

In accordance with applicable data protection laws and requirements, Biodesix provides individuals with the right to withdraw consent (opt-out) in relation to personal data entrusted to us. To do so, you may contact us regarding privacy at Privacy@Biodesix.com. The right to withdraw consent is not absolute in all contexts, and may be limited by legal and regulatory obligations.

Retention Period

Biodesix retains the personal data of individuals referenced in this notice consistent with legal and business requirements, including any US Federal or State law requirements regarding retention of health care data, and then securely disposes of the information.

Questions, Claims or Contacts

Should you have any questions or concerns about your personal data, or if you wish to contact us for any other reason relating to your data, you may email us at Privacy@Biodesix.com. Please put “Privacy Request” in the subject line of your email.

If you believe that your data has been improperly collected, mismanaged, or if you are not satisfied with the resolution of any claim by Biodesix, you also have the right to contact the privacy (data protection) regulatory authorities.

Effective: November 10, 2019

Get in touch

Contact us

Data library

Discover more