Online Privacy Policy
Effective Date: March 25, 2024
Below is information about how Adaptive Biotechnologies Corporation collects, uses and discloses personal information.
This Online Privacy Policy (our “Privacy Policy”) sets out how Adaptive Biotechnologies Corporation and our subsidiaries and affiliates (“Adaptive,” “we,” “our” or “us”) collects, uses and discloses the personal information we collect, as described in the Section 2 below. This Privacy Policy does not apply to any personal information we collect that is subject to the U.S. Health Insurance Portability and Accountability Act and associated regulations (“HIPAA”), which is subject to our HIPAA Notice of Privacy Practices, any personal information that we collect and process on behalf of our clients as processor or services provider (such personal information is subject to the privacy policies of our clients), or other personal information that is out of scope as described in Section 2 below. California residents can find supplemental information about how we might use and disclose their personal information in our Notice at Collection and in Section 17.B below.
Contents:
- Personal Health Information
- Who does this Privacy Policy apply to?
- What personal information do we collect about you?
- For which purposes and on what legal basis do we use your personal information?
- Will we share your personal information with third parties?
- How do we use cookies (and other tracking technologies)?
- How do we use third-party cookies from third-party companies or third-party ad networks?
- Will we transfer your personal information internationally?
- Which rights do you have with respect to the processing of your personal information?
- Do we include links to other websites and third-party programs?
- What data security measures do we apply to protect your personal information?
- How long do we retain your personal information?
- What is the minimum age for individuals whose personal information we process?
- How can you access our Website Terms of Use?
- Revisions
- Contact Us
- Additional information for individuals in certain jurisdictions
1. Personal Health Information
Adaptive collects, shares and processes personal health information. In many cases, this information is collected in our capacity as a regulated entity under the Health Insurance Portability and Accountability Act (HIPAA). You can obtain more information about how we may process your personal health information and comply with our obligations as a HIPAA-covered entity and the rights you may have under HIPAA at our Notice of Privacy Practices. We may also collect, share, and process personal health information in the context of research (e.g., human subject research, scientific research, etc.). If you are a participant in research sponsored by Adaptive, or otherwise supported by Adaptive, you can find more information about the processing of your personal health information collected for research in the informed consent form provided to you as a research participant.
2. Who does this Privacy Policy apply to?
Except as noted otherwise, this Privacy Policy applies to the personal information that we collect related to:
- Individuals who access or use our websites and online services (together, the “Services”) or whose personal information we otherwise receive in providing the Services;
- Individuals that register for our Services, for example to create a Diagnostics Portal account;
- Our current, former, and prospective clients and business partners;
- Attendees and participants at events or conferences that we host or sponsor;
- Individuals who subscribe to receive news, information, and marketing communications from us; and
- Other individuals that otherwise use our Services, communicate or interact with us.
Not Covered by this Privacy Policy.
This Privacy Policy does not apply to:
- The samples and associated personal information that we receive from our institutional clients, as a data processor, or any information generated from such samples;
- The samples and associated personal information that we receive from US study participants from any clinical or research study which Adaptive is sponsoring, or any information generated from such samples;
- Samples and information that we receive related to our clonoSEQ and T-Detect laboratory and testing services or any other information that is subject to HIPAA, such as samples we receive for testing purposes associated with our laboratory services; this information is subject to our HIPAA Notice of Privacy Practices, as well as our Privacy Notice Addendum for patients outside of the United States; or
- Job applicants and candidates who apply for employment with us, or to employees and non-employee workers, whose personal information is subject to different privacy notices which are provided to such individuals in the context of their employment or working relationship with Adaptive. You can read more about our privacy practices as an employer in our California HR Privacy Notices.
3. What personal information do we collect about you?
Generally, we collect your personal information on a voluntary basis. However, if you decline to provide certain personal information that is marked mandatory, you may not be able to access certain of the Services and/or we may be unable to fully respond to your inquiry.
Information We Collect Directly.
We collect information directly from individuals that use our Services, register for or attend our events or otherwise communicate or interact with us.
For example, we may collect the following information from you:
- Registration and account information: When you register a user account or update your profile information in a service user account, we collect your name and job title, your employer name or other affiliation, and other contact information and, when provided, certain health information.
- Purchases and payment information: If you make a purchase, we collect your name and job title, your employer’s name or other affiliation, contact and shipping information including your email address, credit card or other payment card information, your purchase history (which we sometimes aggregate with similar information from other customers).
- Communications: Including any personal information you enter on our websites, such as when completing a “contact us” form. Additionally, when you email us, call us, or otherwise send us communications, we collect and maintain a record of your contact details, communications and our responses. Also, if you post or submit reviews and comments to us, we may maintain a record of this content, including the location, date, and time of submission.
- Marketing, contests and promotions: Including any personal information you enter on our websites, such as when completing a “contact us” form. Additionally, when you email us, call us, or otherwise send us communications, we collect and maintain a record of your contact details, communications and our responses. Also, if you post or submit reviews and comments to us, we may maintain a record of this content, including the location, date, and time of submission.
Information Related to Your Usage and Activities Within Our Services.
We collect information or derive information about you via automated means (e.g., using cookies and pixel tags) when you use our website or Services or otherwise interact with us and others.
For example:
- Device and browsing information: Depending on which of our websites you visit, we and our third-party providers may use cookies, pixels, tags, log-files, and other technologies to collect information about you regarding your browser or device, including: IP address (and associated location information); MAC address; login credentials; browser type, version, and time zone setting; browser plug-in types and versions; screen resolution; operating system name and version; operating platform; device model; the URL from which you navigated to our website.
- Activity and usage data: We also collect information regarding the pages you visited, links you clicked, searches and activities performed on our website, and date and time stamps associated with your activities on our websites. We may also collect other technical information to help us identify your device for fraud prevention, diagnostic and similar purposes. Please see Section 6 for more information about how we may track information related to your interactions with our website.
- Location information: We may collect or derive general location information about you, such as through your IP address.
- Other: We may use CCTV and similar tools to monitor and secure our premises, which may lead to the collection of recordings about visitors to our premises. Further, if you contact our customer support services or participate in public events or webinars, we may record these interactions.
Information We Collect from Third Parties.
We may collect personal information about you from third parties we work with such as third-party providers of services to us (e.g., fraud detection, identity verification and security), social networks, advertising networks, analytics providers, event sponsors, joint marketing partners, public records, and our affiliated companies.
For example:
- Information from third-party platforms related to your posts about or interactions with us on social media services. For information about how these third-party platforms may use and disclose your information, including any information you make public, please consult their respective privacy policies.
- Information from advertising networks or analytics providers related to your viewing of interactions with our ads, marketing or other content.
- Demographic information, updated professional or contact details and similar lead and prospect information from data brokers, public records, and affiliated companies.
4. For which purposes and on what legal bases do we use and process your personal information?
We may collect, use, disclose, and otherwise process your personal information for the purposes described in this section.
A. Legal Bases for Processing Personal Information (where applicable)
Certain laws, including the General Data Protection Regulation (GDPR), require that we inform you of the legal bases for our processing of your personal information. Pursuant to the GDPR (and other similar relevant laws, such as the UK Data Protection Act), we may process personal information for the following legal bases:
- Performance of contract: Processing of your personal information which is required for us to perform obligations or exercise rights under contracts that you may have with us (for example, if you use our Services).
- Compliance with laws: To comply with our legal obligations (for example, maintaining information in accordance with tax, audit, or company law requirements and responding to legal process).
- Our legitimate business interests: In furtherance of our legitimate business interests including: to facilitate your participation in interactive features you may choose to use on our websites and Services and to personalize your experience with the Services by presenting content tailored to you.
- to correspond with you, notify you of events or changes to our Services, or otherwise respond to your queries and requests for information, which may include marketing to you.
- to send you advertising material via email, such as surveys and promotions (except where consent is required under applicable laws).
- to provide and personalize the Services.
- for data analysis, audits, fraud monitoring and prevention, and developing new products, enhancing, improving or modifying our websites, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
- to protect and defend our legal rights and interests and those of third parties.
- With your consent: where applicable laws require that we obtain your consent to collect and process your personal information, we will obtain your consent accordingly. When we obtain your consent, the GDPR (where it applies) and other applicable laws give you the right to withdraw your consent without penalty (e.g., you have agreed to receive marketing emails. By signing up or ticking “yes,” you are agreeing to allow Adaptive to use your data for outreach and marketing purposes. By unsubscribing, you revoke that consent.). You can do this at any time by contacting us using the details at the end of this Privacy Policy. In some jurisdictions (not including where the GDPR applies), your use of the websites may be taken as implied consent to the collection and processing of personal information as outlined in this Privacy Policy.
B. Use and Processing of Personal Information
We collect, use, and otherwise process your personal information for the below commercial or business purposes. While the purposes for which we may process personal information will vary depending upon the circumstances, in general we use personal information for the purposes set forth below. Where GDPR or other similar relevant laws apply, we have set forth the legal bases for such processing (see above for further explanation of our legal bases).
Processing Activity | Legal Basis |
Providing support and Services: including to provide our Services; to communicate with you about your access to and use of our Services; to respond to your inquiries; to provide troubleshooting, fulfill your orders and requests, process your payments and provide technical support; and for other customer service and support purposes. | Performance of our contract with you (Art. 6(1)(b) GDPR); and our legitimate interests (Art. 6(1)(f) GDPR) |
Analyzing and improving our business: including to better understand how users access and use our Services, to evaluate and improve our Services and business operations, and to develop new Services; to conduct surveys and other evaluations (such as customer satisfaction surveys); and for other research and analytical purposes. | Our legitimate business interests (Art. 6(1)(f) GDPR) and/or with your consent (Art. 6(1)(a) GDPR) |
Personalizing content and experiences: including to tailor content we send or display on our websites and other Services; to offer location customization and personalized help and instructions; and to otherwise personalize your experiences. | Our legitimate business interests (Art. 6(1)(f) GDPR) and/or with your consent (Art. 6(1)(a) GDPR) |
Advertising, marketing, and promotional purposes: including to reach you with more relevant ads and to evaluate, measure, and improve the effectiveness of our ad campaigns; to send you newsletters, offers, or other information we think may interest you; to contact you about our Services or information we think may interest you; and to administer promotions and contests. | Our legitimate business interests (Art. 6(1)(f) GDPR) and/or with your consent (Art. 6(1)(a) GDPR) |
Planning and managing events: for event planning and management, including registration, attendance, connecting you with other event attendees, and contacting you about relevant events and related services. | Performance of our contract with you (Art. 6(1)(b) GDPR); our legitimate business interests (Art. 6(1)(f) GDPR) and/or with your consent (Art. 6(1)(a) GDPR) |
Market research and surveys: to administer surveys and questionnaires | Our legitimate business interests (Art. 6(1)(f) GDPR) and/or with your consent (Art. 6(1)(a) GDPR) |
Securing and protecting our business: including to protect and secure our business operations, assets, Services, network, and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third-party, or other unauthorized activities or misconduct. | Our legitimate business interests (Art. 6(1)(f) GDPR) and/or compliance with laws (Art. 6(1)(c) GDPR) |
Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend, or protect our rights or interests, including in the context of anticipated or actual litigation with third parties. | Our legitimate business interests (Art. 6(1)(f) GDPR) and/or compliance with laws (Art. 6(1)(c) GDPR) |
Auditing, reporting, corporate governance, and internal operations: including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, recordkeeping, and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy, or restructuring of all or part of our business. | Our legitimate business interests (Art. 6(1)(f) GDPR) and/or compliance with laws (Art. 6(1)(c) GDPR) |
Complying with legal obligations: including to comply with the law, our legal obligations and legal process, such as warrants, subpoenas, court orders, and regulatory or law enforcement requests. | Our legitimate business interests (Art. 6(1)(f) GDPR) and/or compliance with laws (Art. 6(1)(c) GDPR) |
5. Will we share your personal information with third parties?
We may disclose the personal information we collect as set forth in this section.
- Vendors and service providers: To third-party service providers and others who provide us with services such as website hosting, payment processing services, and postal services.
- Event organizers: To third parties involved with events that you register for, to facilitate your participation in those events.
- Business partners: To our business partners in order to perform services you request or authorize, including as set forth in this policy, in accordance with our commercial practices.
- Adaptive affiliates and subsidiaries: We may disclose personal information we collect to our affiliates or subsidiaries, who will use and disclose this personal information in accordance with the principles of this Privacy Policy.
- Corporate transactions and restructuring: In connection with planning, due diligence, negotiation and implementation of an actual or potential corporate reorganization, merger, sale, joint venture, transfer, investment transaction, or other disposition of all or any of our business, including in connection with any bankruptcy or similar proceedings.
- Legal obligations: As we deem necessary or appropriate under applicable laws, to respond to requests from public and government authorities including public and government authorities outside of your country of residence, to comply with court orders and other legal processes, to legally protect the rights, property, or safety of Adaptive, our users, or others, and to enforce our Website Terms of Use or other agreement with you.
- To protect us and others: When we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activity, suspected fraud, situations involving potential threats to the safety of any person, violations of our Website Terms of Use, or as evidence in litigation in which we are involved.
- Advertising and analytics partners: To third parties that provide advertising, campaign measurement, online and mobile analytics, and related services to us (with your consent, where required by applicable laws). They may use this information to help us better reach individuals with relevant ads and to measure and improve our ad campaigns, or to better understand how individuals interact with our Services. In addition, these third parties may combine the information collected from us and our Services with information collected about you from third-party sites, apps and services, in order to make inferences about you and your interests, to better tailor advertising and content to you across multiple sites, apps, and services, and to collect associated metrics.
- With consent: To third parties for other purposes, with your consent, or where you have requested us to disclose your personal information.
Aggregate and De-identified Information.
Notwithstanding any terms in this Privacy Policy, we may collect, use, disclose and otherwise process aggregated and in certain cases de-identified personal information, data sets and reports in order to assess, improve, and develop our business, products, and Services; prepare benchmarking reports on our industry; and for other research, marketing, and analytics purposes. Where we collect, use, disclose or otherwise process de-identified information, we will maintain and use this information in de-identified form and not attempt to reidentify the information, unless in accordance with applicable privacy laws.
6. How do we use cookies (and other tracking technologies)?
Our websites may use first party and third-party cookies, pixel tags, plugins and other tools, which are used in order to operate, secure and ensure the proper functionality of the websites and are otherwise necessary to the operation of the website (“necessary cookies”). On some of our websites, we may also use these tools to gather device, usage, and browsing information in order to personalize and improve your experience while using the websites, to improve and measure our advertising campaigns and to better reach users with relevant advertising both on our websites and on third-party websites, and to protect our Services.
Cookies. A cookie is a small file that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our website, while others are used to enable a faster log-in process or to allow us to track your activities while using our website. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Some of the Services may not work properly if you disable cookies.
Pixel Tags. Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some websites to, among other things, track the actions of users of the websites (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the websites and response rates. We and our service providers also use pixel tags in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Log Files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.
Third-Party Analytics. Our websites use automated devices and applications operated by third parties (e.g., Google Analytics), which use cookies and similar technologies to collect and analyze information about use of the websites and report on activities and trends.
Managing Your Cookie Preferences. You can manage your cookie preferences for our websites and opt out of certain cookies as explained below.
- Cookie Settings: On most of our websites, you can review or change your preferences for that website by adjusting your cookie settings.
- Browser controls: In addition, you may block or disable cookies for the device and browser you are using, through your browser settings; however, certain features on our websites may not be available or function properly if you block or disable cookies.
- Do-not-track signals: Please note that our websites do not recognize or respond to any signal which your browser might transmit through the so-called “Do Not Track” feature your browser might have. If you wish to disable cookies on our websites, you should not rely on any “Do Not Track” feature your browser might have.
Please note, that your preferences are applied on a browser and device basis. So, you will need to set your cookie preferences for each browser and device you use to access certain of our websites. Further, if you subsequently delete cookies, your preferences may be lost and need to be reset. Our websites that only use necessary cookies do not include a cookie settings manager.
7. How do we use third-party cookies from third-party companies or third-party ad networks?
We may work with third-party ad networks, channel partners, measurement services and others (“third-party ad companies”) to help us manage our advertising and marketing campaigns. In doing so, these third parties may collect browsing information, device ID and other online identifiers and location information, through the use of cookies, pixels tags, and other tools (“targeting cookies”) on certain of our websites (as well as across third-party websites and online services). These third parties may use this information to provide you more relevant ads and content on behalf of Adaptive and other companies, and to improve and evaluate such ads and content.
In addition, we may share certain hashed customer list information, such as email address, (“Custom Lists”) with third parties—such as Facebook, LinkedIn and Google—so that we can better target ads and content to our users and others with similar interests within their services. These third parties use the personal information we provide to help us target ads and to enforce their terms, but we do not permit them to use or share the data we submit with other third-party advertisers.
Your Preferences.
On our websites that include targeting cookies, you may review, opt out of or update your preferences for third-party advertising tags and cookies on that website, using our Cookie Settings manager, as noted in Section 6 above. In addition, you can opt out of being included in our Custom Lists by submitting a request through our Custom List Settings Portal.
In addition, you can learn more about the information collection practices and “opt out” procedures of many third-party ad companies by visiting www.aboutads.info/choices (US), or www.youradchoices.ca/choices/ (Canada), or www.youronlinechoices.com (EU).
In addition, you can learn more about the information collection practices and “opt out” procedures of many third-party ad companies by visiting www.aboutads.info/choices (US), or www.youradchoices.ca/choices/ (Canada), or www.youronlinechoices.com (EU).
8. Will we transfer your personal information internationally?
Adaptive is located in the United States. If you are located outside the United States—such as in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland—and you submit personal information to Adaptive, that information will be transferred to the United States and other jurisdictions in which we or our vendors operate. The data protection laws in these jurisdictions may not be equivalent to those in your jurisdiction of residence. Adaptive will take steps to ensure that your personal information is subject to appropriate safeguards, including, where required, by implementing appropriate adequacy measures, such as the EU standard contractual clauses (as approved by the European Commission) for the transfer of personal data to processors established in third countries. The current form for the standard contractual clauses can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. For additional information regarding the mechanism under which your personal data is transferred outside of the EEA/UK, you may contact us as set forth below, in Section 16 – Contact Us.
9. Which rights do you have with respect to the processing of your personal information?
Subject to applicable law, Adaptive gives individuals several ways to access, amend, and exercise their choices and rights regarding their personal information, as set forth in this section.
Marketing preferences. You may opt out of marketing emails by using the unsubscribe option in each marketing email we send to you. If you opt out of direct marketing communications, we may to the extent permitted by applicable law still send you non-promotional communications, such as those about your account or our ongoing business relationship. In addition, you can opt out of being included in our Custom Lists by submitting a request through our Custom List Portal.
Cookie settings. On our websites that include targeting cookies, you may review, opt out of or update your preferences for third-party advertising tags and cookies on that website, using our Cookie Settings manager, as noted in Section 7 above.
Access, amendment and deletion. You may request to review, make amendments, have deleted, or otherwise exercise your rights, under applicable privacy laws, over your personal information that we hold, subject to certain limitations under applicable law. You may submit a request to us related to your personal information by utilizing our Data Subject Request Portal or emailing us at privacy@adaptivebiotech.com. Please note that we may maintain copies of information that you have updated, modified, or deleted, in our business records and in the normal course of our business operations, as permitted or required by applicable law. Your access to or correction of your personal information is subject to applicable legal restrictions and the availability of such information. Further, we may take reasonable steps to verify your identity before granting such access or making corrections.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality that we owe to others, if we are legally entitled to deal with the request in a different way, or if relevant exemptions apply to some or all of the personal information subject to the request.
Additional information for certain jurisdictions. Adaptive is committed to respecting the privacy rights of individuals under all privacy laws applicable to us. At the end of this Privacy Policy, we provide specific information for individuals in certain jurisdictions, as required under certain privacy laws, including in:
- EEA/UKIf you are located in the EEA/UK, please review Section 17 A. GDPR – EEA/UK below for information about data subject rights under the GDPR and UK Data Protection Act.
- Other US StatesIf your personal information is subject to a state privacy law (e.g., California, Connecticut, Colorado, Delaware, Iowa, Montana, Tennessee, Texas, Utah, and Virginia), please review Section 17.B – Residents in Other US Jurisdictions. If you are a California resident, you can access supplemental information about your rights under California law at our Notice at Collection.
10. Do we include links to other websites and third-party programs?
Our websites may contain links to enable you to visit other websites of interest easily. We do not have any control over any such other website. Therefore, we cannot be responsible for the protection and privacy of any information you provide while visiting such websites and such websites are not governed by this Privacy Policy. You should exercise caution and look at the privacy policy applicable to the website in question.
11. What data security measures do we apply to protect your personal information?
We have implemented security measures designed to protect the personal information we collect from unauthorized access or disclosure, including technical and organizational security measures designed to safeguard and secure the personal information we collect. Despite this, data security cannot always be guaranteed. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us at privacy@adaptivebiotech.com. In addition, you or anyone on your behalf are specifically requested not to send to us any health information or other sensitive personal information via email or via our external website outside of information related to the purchasing of T-Detect; for information related to our clonoSEQ services, such information may be submitted in Adaptive’s secure Diagnostics Portal.
12. How long do we retain your personal information?
We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. For example, we may retain personal information for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe it is necessary to establish, defend or protect our legal rights and interests or those of others.
13. What is the minimum age for individuals whose personal information we process?
Our websites are directed towards adults. We do not knowingly collect or use any personal information from children under the age of sixteen (16) on our websites, and if we become aware that we have collected such information we will take steps to delete it.
14. How can you access our Website Terms of Use?
If you choose to visit our websites, your visit and any dispute over privacy is subject to this Privacy Policy and our Terms of Service, including limitations on damages, resolution of disputes, and application of the law of the state of Washington, United States of America, which is available at: www.adaptivebiotech.com/terms-of-service/.
15. Revisions
This Privacy Policy is current as of the Effective Date above. We may revise this Privacy Policy from time to time. All updates to this statement will be posted on this web page. If we make material changes that affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our website notifying you at your email address of record with us. Please check our website periodically for the most current version of our Privacy Policy.
16. Contact Us
If you have any questions or concerns related to this Privacy Policy or our information practices, please email us at privacy@adaptivebiotech.com.
You may also contact us via postal mail at:
Adaptive Biotechnologies Corporation
Attn: Adaptive Legal Department
Privacy and Data Protection Officer
1165 Eastlake Avenue East,
Seattle, Washington 98109, USA
17. Additional information for individuals in certain jurisdictions
A. GDPR Rights – EEA/UK
To the extent that the GDPR or the UK Data Protection Act applies to Adaptive’s processing of your personal information, you may, subject to applicable law, have the following rights in relation to your personal information:
- To obtain from us confirmation as to whether personal information concerning you is being processed, and where that is the case, to request access to the personal information. The accessed information includes – among others – the purposes of the processing, the categories of personal information concerned, and the recipients or categories of recipient to whom the personal information have been or will be disclosed. You have the right to obtain a copy of the personal information undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs;
- To correct any personal information that we hold about you;
- To have your personal information deleted under certain circumstances unless continued processing is necessary by law;
- To have the processing of your personal information restricted where you dispute its accuracy, if you think its processing is unlawful, or if you otherwise object to its processing, or when Adaptive no longer needs your personal information and you need it in relation to a legal claim;
- To receive copies of your personal information we have obtained from you in a structured, commonly used, and machine readable format and to reuse it elsewhere or to ask us to transfer it to a third-party of your choice, under certain circumstances;
- To object at any time to any processing of your personal information which has our legitimate interests as its legal basis. You may exercise this right without incurring any costs. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. The right to object does not exist, in particular, if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded;
- To request that we change the manner in which we contact you for direct marketing purposes. You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes;
- To obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside the EU/EEA/UK. We may redact data transfer agreements to protect commercial terms;
- To complain to your national data protection regulator if you feel that any of your personal information is not being processed in accordance with the GDPR or UK law; and
- To withdraw your consent, where the processing of your personal information is based on consent (see Section 5 above); if you withdraw your consent, Adaptive will, without affecting the lawfulness of our processing prior to the withdrawal of your consent, stop processing your personal information, unless we have another legal basis for doing so.
You may submit a request to us regarding your personal data held by Adaptive through our Data Subject Request Portal.
Please note that we may rely on applicable exemptions under EU, Member State, or UK law in order to deny part or all of your request. If we do so, we will inform you when responding to your request.
EU / UK Representative. Adaptive has representatives established in the EU and UK to comply with EU and UK law. You can contact our EU and UK representatives using the following information:
- EU Representative:
DataRep
Cuserstraat 93, Floor 2 and 3
Amsterdam, 1081 CN, Netherlands
- UK Representative:
DataRep
107-111 Fleet Street
London, EC4A 2AB, United Kingdom
B. Residents of Certain US States
In this subsection, we provide additional information about how we process personal information for US residents that is not otherwise covered earlier in this Policy, particularly for those residing in a state with data privacy laws and regulations. This includes, but is not limited to California, Connecticut, Colorado, Delaware, Iowa, Montana, Tennessee, Texas, Utah, and Virginia. This subsection does not address or apply to our handling of publicly available information made lawfully available by state or federal governments or other personal information that is subject to an exemption under the applicable data privacy law. Additional information for residents of California can be found at our Notice at Collection.
i. What information do we collect about you? Section 4 of this Policy details at a higher level the types of information that we provide about the categories of information we collect about you, the reasons why we collect and use information about you, as well as the sources of such information. Section 5 of this Policy provides more information about the types of parties to whom we may disclose your personal information. California residents can obtain supplemented information about how we use and disclose their personal information at our Notice at Collection.
The table below sets out, generally, the categories of personal information we collect about US residents and how we may disclose such information to third parties for business or commercial purposes. Our collection, use, disclosure, and other processing of personal information about a US resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident.
Categories and Description of Personal Information Collected | Categories of Third Parties to Whom We May Disclose this Information for a Business or Commercial Purpose | |
Identifiers | Includes direct identifiers, such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, government identifiers, and other similar identifiers. | • service providers advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • event organizers • business partners who provide services you request • advertising networks analytics providers • social networks • internet service providers • operating systems and platforms • others as required by law or directed by you |
Customer Records | Includes paper and electronic customer records containing personal information (such as name, contact information) that individuals provide us in order to obtain our products and services. For example, this may include information collected when an individual register for an account or enters into an agreement with us related to our services. | • service providers advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • business partners who provide services you request • others as required by law or directed by you |
Protected Classifications | Includes characteristics of protected classifications under US state or federal laws, such as race, sex, age, and disability, such as disability information and medical conditions (e.g., which we may collect in order to make available appropriate accommodations for events and other activities we host). | • service providers advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • event organizers • business partners who provide services you request • others as required by law or directed by you |
Commercial Information | Includes records of personal property, products or Services purchased, obtained, or considered, or other purchasing or use histories or tendencies. | • service providers advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • business partners who provide services you request • others as required by law or directed by you |
Internet or other electronic network activity information | Includes browsing history, clickstream data, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, including access logs and other usage data related to your use of any company websites, applications or other online services. | • service providers advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • advertising networks • analytics providers social networks • operating systems and platform providers • others as required by law or directed by you |
Geolocation Data | Includes precise location information. | • service providers advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • business partners who provide services you request • others as required by law or directed by you |
Professional and employment information | Includes professional or employment-related information (such as current and former employer(s) and position(s), business contact information and professional memberships). | • service providers advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • others as required by law or directed by you |
Education information | Information about an individual’s education history. | • service providers advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • others as required by law or directed by you |
Audio, video and other electronic data | Includes audio, electronic, visual, thermal, olfactory, or similar information, such as, thermal screenings and CCTV/video footage | • service providers advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • others as required by law or directed by you |
Profiles and Inferences | Includes inferences drawn from personal information to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes. | • service providers advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • analytics providers • others as required by law or directed by you |
Sensitive personal information | As an employer and/or prospective employer, assigned work location, contract holder or holder of other employer-like relationship, we may collect certain sensitive information about you. Depending on where you are from, information in the employment context may not be regulated in your state. You can read more about our privacy practices as an employer in our California HR Privacy Notices. We may also process sensitive personal information as HIPAA regulated entity or for scientific research purposes, as described in Section 1. | • service providers advisors and agents • government entities and law enforcement • our affiliates and subsidiaries • others as required by law or directed by you |
ii. What categories of personal information may be sold or shared with third parties?
Several US privacy laws define a “sale” as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration and the California Privacy Rights Act (“CPRA”) defines “sharing” broadly to include disclosing or making available personal information to a third-party for purposes of cross-context behavioral advertising. While we do not disclose personal information to third parties in exchange for monetary compensation, we may disclose or make available to third-party ad companies (e.g., through third-party cookies and pixel tags on our websites) identifiers and internet and other electronic activity information in order to improve and measure our ad campaigns and reach customers and potential customers with more relevant ads and content. Where relevant, users can opt out of such third-party tags and cookies, other than those that are “necessary,” by adjusting their cookie settings. Our Cookie Preference Manager is also accessible through the “Do Not Sell or Share My Personal Info” link in the footer of our website.
iii. What privacy rights apply to you?
Residents of certain U.S. states (as noted above) have additional rights under applicable privacy laws, subject to certain limitations, which may include:
- Correction: The right to correct inaccuracies in their personal information, taking into account the nature and purposes of the processing of the personal information.
- Deletion: Subject to certain exceptions, US residents may have the right to, at no charge, request deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies.
- Access: To confirm whether we are processing their personal information and to obtain a copy of their personal information in a portable and, to the extent technically feasible, readily usable format.
- Limit Uses: To extent sensitive personal information is governed by applicable law, certain US residents may have the right to limit our use or disclose sensitive personal information to those authorized by applicable law.
- Opt Out: To opt out of certain types of processing, including:
- to opt out of the “sale” of their personal information
- to opt out of targeted advertising by us
- to opt out of any processing of personal information for purposes of making decisions that produce legal or similarly significant effects.
- Appeal: In certain states, such as Virginia, you may appeal our decision by contacting privacy@adaptivebiotech.com
For residents of California, the following additional rights are available to you:
- Opt Out of Sales and Sharing: California residents have the right to opt out of our sale and sharing of their personal information. We do not sell or share personal information about residents who we know are younger than 16 years old without opt-in consent.
- Request to Know/Access: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them and to receive information about how we have handled their personal information in the prior 12 months, including the:
- categories of personal information collected;
- categories of sources of personal information;
- business and/or commercial purposes for collecting and selling their personal information;
- categories of third parties to whom we have disclosed or shared their personal information;
- categories of personal information that we have disclosed or shared with a third-party for a business or commercial purpose; and
- categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third-party.
For residents of California, the following additional rights are available to you:
- Opt Out of Sales and Sharing: California residents have the right to opt out of our sale and sharing of their personal information. We do not sell or share personal information about residents who we know are younger than 16 years old without opt-in consent.
- Request to Know/Access: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them and to receive information about how we have handled their personal information in the prior 12 months, including the:
- categories of personal information collected;
- categories of sources of personal information;
- business and/or commercial purposes for collecting and selling their personal information;
- categories of third parties to whom we have disclosed or shared their personal information;
- categories of personal information that we have disclosed or shared with a third-party for a business or commercial purpose; and
- categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third-party.
California residents may make a Request to Know/Access up to twice every 12 months.
- Right to Non-discrimination: California residents have the right not to be subject to discriminatory treatment for exercising their rights under the CCPA.
We will respond to your request in accordance with and as required by applicable privacy laws.
iv. How can you submit a request related to your personal information?
US residents (or their authorized agents) may submit verifiable requests to Adaptive using the following tools:
- Online through our Data Subject Requests Portal;
- By phone at (888) 552-8988 (US Toll Free);
- Email to the Adaptive Privacy Office at privacy@adaptivebiotech.com; or
- By physical mail to Adaptive Privacy Office c/o Adaptive Legal Department, 1165 Eastlake Avenue E., Seattle, WA 98109
For users of the Data Subject Request Form, you must provide the information requested at the prompt. This information may change depending on the jurisdiction in which you reside, who you are, and the nature of your request.
Authorized agents may initiate a request on behalf of another individual online using our webform; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.
As noted above, you may exercise your right to opt out by clicking the “Do Not Sell and Share My Info” link in the footer of our website, and by adjusting your Cookie Settings.
Global Privacy Control
In addition, our website responds to global privacy control—or “GPC”—signals, which means that if we detect that your browser is communicating a GPC signal, we will process that as a request to opt that particular browser and device out of sales and sharing (i.e., via cookies and tracking tools) on our website. Note that if you come back to our website from a different device or use a different browser on the same device, you will need to opt out (or set GPC for) that browser and device as well. More information about GPC is available at: https://globalprivacycontrol.org/.
For more information about our privacy practices, you may contact us as set forth in Section 16 Contact Us above.
HIPAA NOTICE OF PRIVACY PRACTICES
Effective Date: November, 20, 2024
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
In this Notice of Privacy Practices, Adaptive Biotechnologies Corporation (“Adaptive,” “we” or “us”), explains our practices in compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) regarding the use and disclosure of medical and other personal information (your “protected health information” or “PHI”)) that we collect in conjunction with our clinical laboratory services, such as our clonoSEQ® services , and your rights relating to your PHI.
OVERVIEW
Your Rights
You have the right to:
- Get a copy of your medical record
- Ask us to correct your medical record
- Request confidential communications
- Ask us to limit the PHI we use or disclose
- Get a list of those with whom we’ve disclosed your PHI for certain purposes
- Get a copy of this privacy notice
- Choose someone to act for you
- Ask questions about your PHI
- File a complaint if you believe your privacy rights have been violated
Your Choices
You have some choices in the way that we use and disclose your PHI, such as how or whether we:
- Tell your family and friends about your condition
- Provide your PHI to others so that you may be located
- Engage in sales and marketing activities
How We Typically Use and Disclose Your Protected Health Information
We may use and disclose your PHI for various reasons, such as when we:
- Provide clinical laboratory services for you
- Run our organization
- Bill for testing services
- Help with public health and safety issues
- Do research under certain conditions
- Work with a coroner, medical examiner, or funeral director
- Comply with the law
- Address workers’ compensation, law enforcement, and other government or judicial requests
- Respond to lawsuits and legal actions
Each of the topics mentioned above is discussed in greater detail below.
YOUR RIGHTS
When it comes to your PHI, you have certain rights. This section explains your rights and some of our responsibilities to help you.
If you have questions about how to exercise your rights, please email us at privacy@adaptivebiotech.com or contact us by phone at (888) 552-8988 (US Toll Free).
Get an electronic or paper copy of your medical record
- You can ask to see or get an electronic or paper copy of your medical record and other PHI we have about you by
- Using our electronic request form
- By completing our form and sending it to us
- By email, at privacy @adaptivebiotech.com
- By mail, at 1165 Eastlake Avenue East, Seattle, WA 98109 ATTN: HIPAA Privacy Officer
- By fax, at (206) 260-7175
- We will provide a copy or a summary of your PHI, usually within 30 days of your request. We may charge a reasonable, cost-based fee for any copy or summary.
Ask us to correct your medical record
- You can ask us to correct PHI about you that you think is incorrect or incomplete.
- We may say “no” to your request, but if we do, we’ll tell you why in writing within 60 days.
Request confidential communications
- You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
- We will say “yes” to all reasonable requests.
Ask us to limit what we use or disclose
- You can ask us not to use or disclose certain of your PHI. Except as noted just below, we are not required to agree to your request, and we may say “no” if it would affect your care or for other justifiable reasons.
- If you pay for a service or health care item out-of-pocket in full, you can ask us not to disclose with your health insurer any information about your receipt of that service or health care item for the purpose of receiving payment or conducting healthcare operations. We will say “yes” unless a law requires us to do otherwise.
Get a list of those with whom we’ve disclosed protected health information
- You can ask for a list (accounting) of the times we’ve disclosed your PHI for six years prior to the date you ask, who we disclosed it with, and why.
- We will include in that list all disclosures except for those that were made for treatment, payment, or health care operations purposes, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting per year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Get a copy of this privacy notice
- You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
Choose someone to act for you
- If you have given someone medical power of attorney or if someone is your legal representative or guardian (or, in some cases, if someone is an administrator, executor, or other authorized person responsible for your estate), that person can exercise your rights and make choices about your PHI.
- If you are an unemancipated minor, your parent or legal guardian may exercise your rights and make choices about your PHI on your behalf.
- We will do what we can to make sure that any person who purports to be your legal representative has this authority before we take any action as directed or authorized by that person.
Ask questions
You can ask questions about this notice and your rights at any time. Please contact our Customer Service Department or email us at privacy@adaptivebiotech.com.
File a complaint if you feel your rights are violated
You can complain if you feel we have violated your rights by contacting us either by mail at Adaptive Biotechnologies Corporation, Attn: Privacy Officer, 1165 Eastlake Avenue East Seattle, Washington 98109, or by email at privacy@adaptivebiotech.com.
You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting http://www.hhs.gov/ocr/privacy/hipaa/complaints/
We will not retaliate against you for complaining to us or filing a complaint.
YOUR CHOICES
In certain circumstances, you have the right to choose when and how much of your PHI we may disclose. If you have a clear preference for how we disclose your PHI in any of the situations described below, please email us at privacy@adaptivebiotech.com. Tell us what you want us to do, and we will follow your instructions regarding the choices described below.
You have the right to tell us to:
- Disclose PHI with your family, close friends, or others involved in your care or payment for your care.
- Disclose PHI with a disaster relief organization or others in order to help notify a person involved in your care about your location, condition, or vital status.
- Disclose PHI with organ procurement organizations or related entities for the purpose of facilitating organ or tissue donation and transplantation.
If you are not able to tell us your preference, we may go ahead and disclose your PHI if we believe it is in your best interest. We may also disclose your PHI when needed to lessen a serious and imminent threat to health or safety.
Unless you give us written permission, we are prohibited from sharing your PHI with persons other than our service providers:
- For marketing purposes
- In exchange for any form of remuneration (However, if we were to sell assets, business units, or our company, it would be permissible for us to transfer your PHI as part of such a sale).
OUR USES AND DISCLOSURES
In accordance with applicable federal and state law, we typically use or disclose your PHI in the following ways:
When providing clinical laboratory services for you
We can use your PHI and disclose it with other professionals who are treating you.
Example: Discussions of the minimal residual disease result with your treating physician.
Run our organization or help your health care providers run their organizations
We can use and disclose your PHI with those who help us to operate our laboratory, to develop and improve our services, and to contact you when necessary. We can also disclose your PHI with your health care providers to help them run their businesses, such as to process claims for payment for services they provide to you or to conduct quality control.
Example: We disclose PHI about you with our third-party service providers to manage our business, for example, helping us process your test orders and helping us securely store your PHI.
Bill for your services
We can use and disclose your PHI to bill and get payment from your health plans or other entities.
Example: We may disclose PHI about you to a third-party billing services provider to process and forward to your health insurance plan so it will pay for the services you received from us.
Help with public health and safety issues
We can disclose PHI about you for certain situations such as:
- Preventing disease
- Participating in public health investigations
- Helping with product recalls
- Reporting adverse reactions to medications or certain other injuries
- Reporting suspected abuse, neglect, or domestic violence
- Preventing or reducing a serious threat to anyone’s health or safety
Do Research
We may maintain certain of your PHI in certain databases, which may be used or accessed by individuals within our organization for research purposes. We can use or disclose your PHI for health research (1) if we have obtained your signed authorization or (2) if we have received approval from an Institutional Review Board or Privacy Board to conduct the research without your express authorization. We can also use a subset of your PHI (known as a limited data set) without your signed authorization to prepare for research, such as to prepare a research protocol, or disclose your PHI for those purposes. We generally may disclose PHI for research purposes about anyone who is deceased without the deceased’s representative’s signed authorization.
Work with a coroner, medical examiner, or funeral director
We can disclose PHI about an individual with a coroner, medical examiner, or funeral director when the individual dies.
Address workers’ compensation, law enforcement, and other government requests
Subject to certain limitations, we can use or disclose PHI about you:
- For adjudication of workers’ compensation claims or benefits
- For law enforcement purposes or with a law enforcement official
- With health oversight agencies for activities authorized by law
- For special government functions such as military, national security, and presidential protective services
Comply with the law
We will disclose PHI about you if state, federal or local laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
Respond to lawsuits and legal actions or proceedings
We can disclose PHI about you in response to a court or administrative order, or in response to a subpoena or other lawful process.
How else can we use or disclose your protected health information?
We are allowed or required to disclose your PHI in other ways and with other individuals in ways that the law permits, such as to contribute to the public good, public health, or for law enforcement purposes. For more information see: http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html
We may not use or disclose your PHI other than as described in this notice without your written authorization. If you do provide such authorization, you may revoke that authorization, in whole or in part, at any time. You must send us your revocation in writing.
OUR RESPONSIBILITIES
- We are required to:
- maintain the privacy and security of your PHI in accordance with applicable law;
- provide you with this notice of our legal duties and privacy practices with respect to your PHI
- notify you if a breach occurs that may have compromised the privacy or security of your PHI; and
- adhere to the duties and privacy practices described in this notice and give you a paper copy of the notice upon your request.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html
CHANGES TO TERMS OF THIS NOTICE
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site.
OTHER INSTRUCTIONS FOR NOTICE
You can contact Adaptive’s Privacy Office, including the HIPAA Privacy Officer:
- By email at privacy@adaptivebiotech.com
- By mail at 1165 Eastlake Avenue East, Seattle WA 98109
California HR Privacy Notices
Effective date: June 30, 2023
About the California HR Privacy Notices
This document highlights how Adaptive Biotechnologies Corporation and our affiliates and subsidiaries (“Adaptive,” “we,” “our” or “us”) collect, use, disclose, and otherwise process personal information related to individuals who are California residents and who work for (as a full-time employee or contractor) or apply to work for Adaptive.
This document contains the privacy notices for California Employees, California Contractors and California Job Applicants. Please use the links to navigate to the privacy notices for each category, as well as to the specific sections outlining what information we collect and to whom we may disclose it:
- California Employee Privacy Notice
- California Contractor Privacy Notice
- California Applicant Privacy Notice
California Employee Privacy Notice
PURPOSE OF THIS NOTICE: This California Employee Privacy Notice (the “Notice”) describes how Adaptive Biotechnologies Corporation and our affiliates and subsidiaries (“Adaptive,” “we,” “our” or “us”) collect, use, disclose and otherwise process personal information relating to our current employees and staff, as well as Adaptive officers, directors and owners who are California residents (each an “Employee”) and is intended to satisfy our applicable notice and privacy policy requirements under the California Consumer Privacy Act and the regulations issues thereto (collectively, the “CCPA”). The information in this Notice is intended to provide an overall description of our processing of Employee personal information. We may provide Employees additional notices about our data practices, such as those covered by other laws (e.g., if we conduct a background check). We encourage you to carefully read this Notice, together with any other privacy notice we may provide to you).
SCOPE OF THIS NOTICE: This Notice applies, generally to the Employee personal information that we collect, use, and otherwise process in the context of your employment relationship with us including personal information that we process to manage your working relationship, administer benefits, grant and control access to our systems and assets, and process Employee onboarding and terminations, as well as personal information we receive related to Employee beneficiaries, dependents and emergency contacts.
What isn’t covered by this notice. This Notice does not address or apply to our collection of personal information that is not subject to the CCPA, such as protected health information (or “PHI”), consumer credit reports and background checks, publicly available data lawfully made available from state or federal government records, or other information that is exempt under the CCPA. This Notice also does not apply to the personal information we collect from contractors or job applicants, which is subject to different privacy notices, or to the personal information we collect about customers (which is subject to our Privacy Policy).
Are our practices the same for all Employees? The categories of personal information we collect, and our use of personal information may vary depending upon the circumstances, such as an Employee’s role and responsibilities with Adaptive. The information in this Notice is intended to provide an overall description of our collection and use of personal information about Employees.
Categories of Personal Information Collected and Disclosed: Below, we define, generally, the categories of personal information about Employees that we collect and have collected in the prior twelve (12) months, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose. In some cases (such as where required by law), we may ask for you to consent or give you certain choices prior to collecting or using certain personal information:
California Employee Privacy Notice | ||
---|---|---|
Category | Description | May Be Disclosed To |
Identifiers | such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers | • Service providers • Advisors and agents • Benefits providers • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Categories of Personal Information Described in Cal. Civ. Code § 1798.80 | such as records that may contain name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information | • Service providers • Advisors and agents • Benefits providers • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Commercial Information | including browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, as well as physical and network access logs and other network activity information | • Service providers |
Characteristics of Protected Classifications Under State, Local and Federal Law | such as race/ethnicity, gender, sex, veteran status, disability, and other characteristics of protected classifications under state, local or federal law (Note: generally, this information is collected on a voluntary basis, and is used in support of our equal opportunity and diversity and inclusion efforts or where otherwise required by law) | • Service providers • Advisors and agents • Benefits providers • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Internet or Other Electronic Network Activity Information | including browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, as well as physical and network access logs and other network activity information | • Service providers • Advisors and agents • Benefits providers • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Audio, Electronic, Visual, or Similar Information | audio, electronic, visual, or similar information, such as CCTV footage, photographs, and call recordings and other audio recording (e.g., recorded meetings and webinars) | • Service providers • Advisors and agents • Benefits providers • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Professional or Employment-Related Information | professional or employment-related information, such as performance information, professional membership records, references, assessment records, resumes, cover letters and work history, attendance records, conduct information (including disciplinary and grievance records), and termination data | • Service providers • Advisors and agents • Benefits providers • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Education Information | defined as information that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99) | • Service providers • Advisors and agents • Benefits providers • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Inferences and Profiles | such as inferences drawn from any of the personal information identified above, to create a profile about an individual reflecting her or his preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes | • Service providers • Advisors and agents • Benefits providers • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Sensitive Personal Information | such as (a) Social Security number and other government identifiers; (b) financial account and payment information (e.g., for direct deposit purposes); (c) racial or ethnic origin or sexual orientation (e.g., on a voluntary basis to support our equal opportunity and diversity and inclusion efforts and reporting obligations, or where otherwise required by law, or union membership); and (d) health information (e.g., as necessary to provide reasonable accommodations) | • Service providers • Advisors and agents • Benefits providers • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Operating systems and platforms |
We do not sell or share (as defined by the CCPA) personal information or sensitive personal information related to Employees, including those we know who are under the age of 16.
Sources of Personal Information. In general, we may collect the Employee personal information identified in the table above from the following categories of sources:
- Directly from you
- Recruiters and recruiting platforms
- Referrals and references
- Former employers
- Other Employees
- Publicly available information and data brokers
- Service providers, representatives and agents, including service providers used for routine background checks
- Affiliates and subsidiaries
Retention. Adaptive retains the personal information we collect only as reasonably necessary for the purposes described below or otherwise disclosed to you at the time of collection. For example, we will retain your information as necessary to comply with our tax, accounting and recordkeeping obligations, to consider you for additional positions (with your permission), as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and comply with our legal obligations.
Purposes for collecting and using personal information. Subject to applicable legal restrictions, generally, we collect, use, disclose and process Employee personal information as reasonably necessary for the following purposes:
Compensation and Benefits: relating to our administration of payroll, compensation, and benefits, including:
- Administering employee payroll, salary, and compensation, travel and expense reimbursement
- Administering employee pensions, IRAs and 401K, health insurance, medical plans, and other employee benefits (which may include the collection of personal information about others such as beneficiaries)
- Administering Employee Stock options
- Salary, bonus and compensation analysis
- Calculating deductions, issuing tax return-related documents and forms to employees
- Reviewing timecards and reported time worked
- Monitoring and managing PTO, holiday, FMLA, and other leaves of absences
Management of Employment Relationship: to manage our relationship with Employees, including related to:
- Hiring, terminations, relocation, transfers, promotions and disciplinary actions
- Conducting Employee performance reviews, compensation and bonus reviews, and headcount and salary reviews
- Providing training and career development
- Tracking attendance, time entries and working hours
- Administering and monitoring compliance with our policies and procedures
- Maintaining records of emergency contact information for use in the event of an emergency
- Administering or performing employment contracts where applicable
- Conducting pre-employment and employment screening
- For professional development and training purposes and to ensure you have and maintain the correct qualifications and skills to perform your role and identify any future training needs
- Verification and management of Employee identity and credentials, licensing, work visas, memberships and other qualifications
- Facilitating employee communication and collaboration, such as through the corporate directory, employee bios and other similar
- Facilitating the safety of our Employees
- In support of our equal opportunity employment policy and diversity and inclusion program, including monitoring and reporting on equal opportunity
Business Operations and Client Services: relating to the organization and operation of our business and our performance of services to clients, including related to:
- Operating our business by developing, producing, marketing, selling and providing goods and services
- Providing after-sales services to clients
- Auditing and assessing performance and business operations, including client services and associated activities
- Training and quality control
- Satisfying client reporting and auditing obligations
- Facilitating business development opportunities, as relevant
- Facilitating communications in furtherance of the foregoing
Security and Monitoring: in order to monitor and secure our resources, network, premises and assets, including:
- to detect, prevent, investigate and respond to suspected or alleged misconduct or violations of company polices or work rules
- to detect, prevent, investigate and respond to security and privacy incidents
- Providing and managing access to physical and technical access controls
- Maintaining and reviewing, access and activity logs and records to ensure the security and functioning of our systems and assets
- Securing our offices, premises and physical assets, including through the use of electronic access systems and video monitoring. Please see the Adaptive Code of Ethics and Business Conduct and Employee Handbook for additional information about our monitoring practices.
Health and Safety: for health and safety purposes, such as contact tracing or including conducting appropriate screenings of Employees prior to entering or accessing certain locations or premises.
Auditing, Accounting and Corporate Governance: accounting and corporate governance relating to financial, tax and accounting audits, and audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business purposes such as administration of our records retention program.
M&A and Other Business Transactions: for purposes of planning, due diligence and implementation of commercial transactions, for example mergers, acquisitions, asset sales or transfers, bankruptcy or reorganization or other similar business transactions.
Defending and Protecting Rights: in order to protect and defend our rights and interests and those of third parties, including to manage and respond to employee and other legal disputes, to respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.
Compliance with Applicable Legal Obligations: relating to compliance with applicable legal obligations (such as hiring eligibility, responding to subpoenas and court orders) as well as assessments, reviews and reporting relating to such legal obligations, including under employment and labor laws and regulations, Social Security and tax laws, environmental regulations, workplace safety laws and regulations, and other applicable laws, regulations, opinions and guidance.
Other Business and Commercial Purposes: in addition, we may use the personal information we collect about Employees for other purposes including analytics and insights.
Sensitive Personal Information. Notwithstanding the purposes described above, we do not collect, use or disclose sensitive personal information about Employees beyond the purposes authorized by the CCPA (pursuant to Cal Civ. Code § 1798.121 and § 7027(m) of the CCPA regulations). Accordingly, we only use and disclose sensitive personal information about Employees as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.
Your CCPA Rights. California Employees have certain rights under the CCPA with respect to their personal information, subject to certain limitations and exceptions
- Deletion: the right to request deletion of their personal information that we have collected about them.
- Know/access: the right to know what personal information we have collected about them, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about them.
- Correction: the right to request correction of inaccurate personal information we maintain about them.
- Opt out of sales and sharing: the right to opt out of the sale and sharing of their personal information. However, as discussed above we do not sell or share Employee personal information.
- Limit use/disclosure of sensitive personal information: the right to request to limit certain uses and disclosures of sensitive personal information. However, as discussed above, we do not use or disclose Employee personal information beyond the purpose authorized by the CCPA.
- Non-discrimination: not to be subject to discriminatory treatment for exercising their rights under the CCPA.
Submitting CCPA Requests. Employees may submit a request to Adaptive to exercise their CCPA rights to know/access, to delete and to correct their personal information held by us by submitting a privacy request to us online through our Data Subject Requests Portal or by calling (206) 659-0067 (and selecting the options for the People and Culture Team).
We will take steps to verify your request by matching the information provided by you with the information we have in our records. Your request must:
- Provide sufficient information that allow us to reasonably verify you are the person about whom we collected personal information or an authorized representative (i.e., by completing all required fields on our webform if you choose to submit a request in that manner).
- Describe your request with sufficient details that allow us to properly understand, evaluate, and respond to it.
In some cases, we may request additional information in order to verify your request or where necessary to process your request. Authorized agents may initiate a request on behalf of another individual through one of the above methods;
authorized agents will be required to provide proof of their authorization and we may also require that the relevant Employee directly verify their identity and the authority of the authorized agent.
CONTACTING US ABOUT THIS NOTICE: If you have any questions or concerns regarding our processing of personal information as described in this Notice, please contact privacy@adaptivebiotech.com.
California Contractor Privacy Notice
PURPOSE OF THIS NOTICE: This California Contractor Privacy Notice (the “Contractor Notice”) describes how Adaptive Biotechnologies Corporation and its affiliates and subsidiaries (“Adaptive,” “we,” “our” or “us”) collect, use, disclose and otherwise process the personal information relating to our contractors and other non-employee workers who are California residents (each a “Contractor”) and is intended to satisfy our applicable notice and privacy policy requirements under the California Consumer Privacy Act and the regulations issues thereto (collectively, the “CCPA”). The information in this Notice is intended to provide an overall description of our processing of Contractor personal information. We may provide Contractors additional notices about our data practices, such as those that are covered by other laws (e.g., if we conduct a background check). We encourage you to carefully read this Notice, together with any other privacy notice we may provide to you.
SCOPE OF THIS NOTICE: This Contractor Notice applies, generally, to the Contractor personal information that we collect, use, disclose and otherwise process in order to manage work assignments and our working relationship with Contractors.
What isn’t covered by this notice. This Contractor Notice does not address or apply to our collection of personal information that is not subject to the CCPA, such as protected health information (or “PHI”), consumer credit reports and background checks, publicly available data lawfully made available from state or federal government records, or other information that is exempt under the CCPA. This Contractor Notice also does not apply to the personal information we collect from employees or job applicants, which is subject to different privacy notices, or to the personal information we collect about customers (which is subject to our Privacy Policy).
Are our practices the same for all Contractors? The categories of personal information we collect, and our use of personal information may vary depending upon the circumstances, such as a Contractor’s work assignment or the amount or sensitivity of the information or assets they may access as part of their work assignment. The information in this Contractor Notice is intended to provide an overall description of our collection and use of personal information about Contractors.
Categories of Personal Information Collected and Disclosed: Below, we define, generally, the categories of personal information about Contractors that we collect, and have collected in the prior twelve (12) months, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose. In some cases (such as where required by law), we may ask for to consent or give you certain choices prior to collecting or using certain personal information:
Personal Information Collected | May Be Disclosed To | |
---|---|---|
Category | Description | |
Identifiers | such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number (or Employer Identification number), driver’s license number, passport number, or other similar identifiers | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Categories of Personal Information Described in Cal. Civ. Code § 1798.80 | such as records that may contain name, signature, Social Security number (or Employer Identification number), physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Commercial Information | including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies | • Service providers |
Characteristics of Protected Classifications Under State, Local and Federal Law | such as race/ethnicity, gender, sex, veteran status, disability, and other characteristics of protected classifications under state, local, or federal law (Note: generally, this information is collected on a voluntary basis, and is used in support of our equal opportunity and diversity and inclusion efforts or where otherwise required by law) | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Internet or Other Electronic Network Activity Information | including browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, as well as physical and network access logs and other network activity information | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Audio, Electronic, Visual, or Similar Information | audio, electronic, visual, or similar information, CCTV footage, photographs, and call recordings and other audio recording (e.g., recorded meetings and webinars) | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Professional or Employment-Related Information | professional or employment-related information, such as performance information, professional membership records, references, assessment records, resumes, cover letters and work history, attendance records, conduct information (including disciplinary and grievance records), and termination data | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Education Information | defined as information that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99) | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Inferences and Profiles | such as inferences drawn from any of the personal information identified above, to create a profile about an individual reflecting her or his preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Sensitive Personal Information | such as (a) Social Security number, Employer Identification number, and other government identifiers; (b) financial account and payment information (e.g., for direct deposit purposes); and (c) health information (e.g., as necessary to provide reasonable accommodations) | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Operating systems and platforms |
We do not sell or share (as defined by the CCPA) personal information or sensitive personal information related to Contactors, including those we know who are under the age of 16.
Sources of Personal Information: In general, we may collect the Contractor personal information identified in the table above from the following categories of sources:
- Directly from you
- Recruiters and recruiting platforms
- Referrals and references
- Former employers
- Other Contractors or Employees
- Publicly available information and data brokers
- Service providers, representatives and agents, including service providers used for routine background checks
- Affiliates and subsidiaries
Retention: Adaptive retains the personal information we collect only as reasonably necessary for the purposes described below or otherwise disclosed to you at the time of collection. For example, we will retain your information as necessary to comply with our tax, accounting and recordkeeping obligations, to consider you for additional positions (with your permission), as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and comply with our legal obligations.
Purposes for collecting and using personal information: Subject to applicable legal restrictions, generally, we may collect, use, disclose and process the above categories of personal information for the following purposes:
Management and Oversight: to manage work assignments and the working relationship with contractors, including:
- Reviewing, assessing and administering payments to or for Contractors
- Reviewing timecards and reported time worked
- Reviewing and validating qualifications (e.g., credentials and licenses) and experience and approving assignments
- Conducting due diligence and screening of Contractors
- Monitoring compliance with company policies and procedures
- Administration of relevant training
- Administration of speaking events or similar engagements
- Maintaining records of emergency contact information for use in the event of an emergency
- Granting access to relevant systems, tools and assets
- Otherwise as necessary related to a particular job assignment
General Business Operations: in support of our business operations, including related to:
- Auditing and assessing performance of business operations, including client services and associated activities
- Training and quality control
- Satisfying client reporting and auditing obligations
Security and Monitoring: in order to monitor and secure our resources, network, premises and assets, including:
- Monitoring for, preventing and investigating suspected or alleged misconduct or violations of policies and procedures
- Monitoring for, preventing, investigating, and responding to security and privacy incidents
- Providing and managing access to physical and technical access controls
- Monitoring activities, access and use to ensure the security and functioning of our systems and assets
- Securing our offices, premises and physical assets, including through the use of electronic access systems and video monitoring. [Please see Adaptive Code of Conduct for additional information about our monitoring practices.]
Health and Safety: for health and safety purposes, such as contact tracing or including conducting appropriate screenings of Employees prior to entering or accessing certain locations or premises.
Auditing, Accounting and Corporate Governance: relating to financial, tax and accounting audits, and audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business purposes such as administration of our records retention program.
M&A and Other Business Transactions: for purposes of planning, due diligence and implementation of commercial transactions, for example mergers, acquisitions, asset sales or transfers, bankruptcy or reorganization or other similar business transactions.
Defending and Protecting Rights: in order to protect and defend our rights and interests and those of third parties, including to manage and respond to employee and other legal disputes, to respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.
Compliance with Applicable Legal Obligations: relating to compliance with applicable legal obligations (such as hiring eligibility, responding to subpoenas and court orders) as well as assessments, reviews and reporting relating to such legal obligations, including under employment and labor laws and regulations, Social Security and tax laws, environmental regulations, workplace safety laws and regulations, and other applicable laws, regulations, opinions and guidance.
Other Business and Commercial Purposes: in addition, we may use the personal information we collect about Contractors for other purposes including analytics and insights.
Sensitive Personal Information: Notwithstanding the purposes described above, we do not collect, use or disclose sensitive personal information about Contractors beyond the purposes authorized by the CCPA (pursuant to Cal Civ. Code § 1798.121 and § 7027(m) of the CCPA regulations). Accordingly, we only use and disclose sensitive personal information about Contractors as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.
Your CCPA Rights: California Contractors have certain rights under the CCPA with respect to their personal information, subject to certain limitations and exceptions:
- Deletion: the right to request deletion of their personal information that we have collected about them.
- Know/access: the right to know what personal information we have collected about them, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about them.
- Correction: the right to request correction of inaccurate personal information we maintain about them.
- Opt out of sales and sharing: the right to opt out of the sale and sharing of their personal information. However, as discussed above we do not sell or share Contractors’ personal information.
- Limit use/disclosure of sensitive personal information: the right to request to limit certain uses and disclosures of sensitive personal information. However, as discussed above, we do not use or disclose Contractors’ personal information beyond the purpose authorized by the CCPA.
- Non-discrimination: not to be subject to discriminatory treatment for exercising their rights under the CCPA.
- Submitting CCPA Requests. Employees may submit a request to Adaptive to exercise their CCPA rights to know/access, to delete and to correct their personal information held by us by submitting a privacy request to us online through our Data Subject Requests Portal or by calling (206) 659-0067 (and selecting the options for the People and Culture Team).
We will take steps to verify your request by matching the information provided by you with the information we have in our records. Your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative (i.e., by completing all required fields on our webform if you choose to submit a request in that manner).
- Describe your request with sufficient details that allow us to properly understand, evaluate, and respond to it.
In some cases, we may request additional information in order to verify your request or where necessary to process your request. Authorized agents may initiate a request on behalf of another individual through one of the above methods; authorized agents will be required to provide proof of their authorization and we may also require that the relevant contractor directly verify their identity and the authority of the authorized agent.
CONTACTING US ABOUT THIS NOTICE: If you have any questions or concerns regarding our use of personal information as described in this Contractor Notice, please contact privacy@adaptivebiotech.com.
California Applicant Privacy Notice
PURPOSE OF THIS NOTICE: This California Applicant Privacy Notice (the “Applicant Notice”) describes how Adaptive Biotechnologies Corporation and its affiliates and subsidiaries (“Adaptive,” “we,” “our” or “us”) collect, use, disclose and otherwise process the certain personal information relating to external job applicants and candidates for positions with Company (”Applicants”) and is intended to satisfy our applicable notice and privacy policy requirements under the California Consumer Privacy Act and the regulations issues thereto (collectively, the “CCPA”). The information in this Notice is intended to provide an overall description of our processing of Applicant personal information. We may provide Applicants additional notices about our data practices, such as those that are covered by other laws (e.g., if we conduct a background check or extend an employment offer). We encourage you to carefully read this Notice, together with any other privacy notice we may provide to you.
SCOPE OF THIS NOTICE: This Applicant Notice applies, generally, to the personal information that we collect from and about Applicants, in the context of reviewing, assessing, considering, managing, storing or processing their applications or otherwise considering them for a position with us.
What isn’t covered by this notice. This Applicant Notice does not address or apply to our collection of personal information that is not subject to the CCPA, such as consumer credit reports and background checks, publicly available data lawfully made available from state or federal government records, or other information that is exempt under the CCPA. This Applicant Notice also does not apply to the personal information we collect from employees or contractors (which is subject to separate privacy notices), or to the personal information we collect about our customers (which is subject to our Privacy Policy).
Are our practices the same for all Applicants? The categories of personal information we collect, and our use of personal information may vary depending upon the position(s) or location, as well as the associated qualifications and responsibilities. The information in this Applicant Notice is intended to provide an overall description of our collection and use of personal information about Applicants.
Categories of Personal Information Collected and Disclosed: Below, we define, generally, the categories of personal information about Employees that we collect and have collected in the prior twelve (12) months, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose. In some cases (such as where required by law), we may ask for to consent or give you certain choices prior to collecting or using certain personal information:
Personal Information Collected | May Be Disclosed To | |
---|---|---|
Category | Description | |
Identifiers | such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Categories of Personal Information Described in Cal. Civ. Code § 1798.80 | such as records that may contain name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Characteristics of Protected Classifications Under State, Local and Federal Law | such as race/ethnicity, gender, sex, veteran status, disability, and other characteristics of protected classifications under state, local or federal law (Note: generally, this information is collected on a voluntary basis, and is used in support of our equal opportunity and diversity and inclusion efforts or where otherwise required by law) | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Internet or Other Electronic Network Activity Information | including browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, as well as physical and network access logs and other network activity information | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Audio, Electronic, Visual, or Similar Information | audio, electronic, visual, or similar information, such as CCTV footage, photographs, and call recordings and other audio recording (e.g., recorded meetings and webinars) | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Professional or Employment-Related Information | professional or employment-related information, such as performance information, professional membership records, references, assessment records, resumes, cover letters and work history, attendance records, conduct information (including disciplinary and grievance records), and termination data | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Education Information | defined as information that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99) | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Inferences and Profiles | such as inferences drawn from any of the personal information identified above, to create a profile about an individual reflecting her or his preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Internet service providers • Operating systems and platforms |
Sensitive Personal Information | such as (a) Social Security number and other government identifiers; (b) financial account and payment information (e.g., for direct deposit purposes); (c) racial or ethnic origin or sexual orientation (e.g., on a voluntary basis to support of our equal opportunity and diversity and inclusion efforts and reporting obligations, or where otherwise required by law, or union membership); and (d) health information (e.g., as necessary to provide reasonable accommodations) | • Service providers • Advisors and agents • Recruiters • Affiliates and subsidiaries • Regulators, government agencies, and law enforcement • Operating systems and platforms |
We do not sell or share (as defined by the CCPA) personal information or sensitive personal information related to Applicants, including those we know who are under the age of 16.
Sources of Personal Information. In general, we may collect the Applicant personal information identified in the table above from the following categories of sources:
- Directly from you
- Recruiters and recruiting platforms
- Referrals and references
- Former or other employers
- Our Employees
- Publicly available information and data brokers
- Service providers, representatives and agents, including service providers used for routine background checks
- Affiliates and subsidiaries
Retention. Adaptive retains the personal information we collect only as reasonably necessary for the purposes described below or otherwise disclosed to you at the time of collection. For example, we will retain your information as necessary to comply with our recordkeeping obligations, to consider you for additional positions (with your permission), as well as an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and comply with our legal obligations.
Purposes for collecting and using personal information: Subject to applicable legal restrictions, generally, we collect, use, disclose and otherwise process the above categories of personal information for the following purposes:
Recruiting, Hiring and Managing, and Evaluating Applicants: to review, assess, recruit, consider or otherwise manage applicants, candidates and job applications, including:
- Scheduling and conducting interviews
- Identifying candidates, including by working with external recruiters
- Reviewing, assessing and verifying information provided, to conduct criminal and background checks, and to otherwise screen or evaluate Applicants’ qualifications, suitability and relevant characteristics
- Extending offers, negotiating the terms of offers, and assessing salary and compensation matters
- Satisfying legal and regulatory obligations
- Communicating with Applicants regarding their applications and about other similar position(s) for which they may be interested
- Maintaining Applicant personal information for future consideration
- In support of our equal opportunity employment policy and practices
Security and Monitoring: in order to monitor and secure our resources, network, premises and assets, including:
- Monitoring for, preventing and investigating suspected or alleged misconduct or violations of work rules
- Monitoring for, preventing, investigating, and responding to security and privacy incidents
- Providing and managing access to physical and technical access controls
- Monitoring activities, access and use to ensure the security and functioning of our systems and assets
- Securing our offices, premises and physical assets, including through the use of electronic access systems and video monitoring
Auditing, Accounting and Corporate Governance: relating to financial, tax and accounting audits, and audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business purposes such as administration of our records retention program.
M&A and Other Business Transactions: for purposes of planning, due diligence and implementation of commercial transactions, for example mergers, acquisitions, asset sales or transfers, bankruptcy or reorganization or other similar business transactions.
Defending and Protecting Rights: in order to protect and defend our rights and interests and those of third parties, including to manage and respond to employee and other legal disputes, to respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.
Compliance with Applicable Legal Obligations: relating to compliance with applicable legal obligations (such as hiring eligibility, responding to subpoenas and court orders) as well as assessments, reviews and reporting relating to such legal obligations, including under employment and labor laws and regulations, Social Security and tax laws, environmental regulations, workplace safety laws and regulations, and other applicable laws, regulations, opinions and guidance.
Other Business and Commercial Purposes: in addition, we may use the personal information we collect about Applicants for other purposes including analytics and insights.
Sensitive Personal Information: notwithstanding the purposes described above, we do not collect, use or disclose sensitive personal information about Applicants beyond the purposes authorized by the CCPA (pursuant to Cal Civ. Code § 1798.121 and § 7027(m) of the CCPA regulations). Accordingly, we only use and disclose sensitive personal information about Applicants as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.
Your CCPA Rights. California Applicants have certain rights under the CCPA with respect to their personal information, subject to certain limitations and exceptions
- Deletion: the right to request deletion of their personal information that we have collected about them.
- Know/access: the right to know what personal information we have collected about them, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about them.
- Correction: the right to request correction of inaccurate personal information we maintain about them.
- Opt out of sales and sharing: the right to opt out of the sale and sharing of their personal information. However, as discussed above we do not sell or share Applicants’ personal information.
- Limit use/disclosure of sensitive personal information: the right to request to limit certain uses and disclosures of sensitive personal information. However, as discussed above, we do not use or disclose Applicants’ personal information beyond the purpose authorized by the CCPA.
- Non-discrimination: not to be subject to discriminatory treatment for exercising their rights under the CCPA.
- Submitting CCPA Requests. Applicants may submit a request to Adaptive to exercise their CCPA rights to know/access, to delete and to correct their personal information held by us by submitting a privacy request to us online through our Data Subject Requests Portal or by calling (206) 659-0067 (and selecting the options for the People and Culture Team).
We will take steps to verify your request by matching the information provided by you with the information we have in our records. Your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative (i.e., by completing all required fields on our webform if you choose to submit a request in that manner).
- Describe your request with sufficient details that allow us to properly understand, evaluate, and respond to it.
In some cases, we may request additional information in order to verify your request or where necessary to process your request. Authorized agents may initiate a request on behalf of another individual through one of the above methods; authorized agents will be required to provide proof of their authorization and we may also require that the relevant Applicant directly verify their identity and the authority of the authorized agent.
CONTACTING US ABOUT THIS NOTICE: If you have any questions or concerns regarding our use of personal information as described in this Applicant Notice, please contact privacy@adaptivebiotech.com.