Last revised: December 30th, 2022
Please view our Notice of Privacy Practices to learn more about how we use and disclose your protected health information or PHI, our legal duties with respect to your PHI, and your rights with respect to your PHI and how you may exercise them.
This Policy is in addition to, and does not replace our Notice of Privacy Practices, which explains how we may use and disclose your protected health information or PHI, our legal duties with respect to your PHI, and your rights with respect to your PHI and how you may exercise them.
From time to time, we may make changes to this Policy, and it is your responsibility to periodically review this Policy for any changes.
Personal Information and What We Collect
“Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. We may collect Personal Information about you when you provide it to us, when you interact with the Services, and when other sources provide it to us.
Information You Provide to Us
In order to take advantage of certain Services or features offered or provided by Tempus, you may be asked to provide certain Personal Information. For example, we may collect:
- Direct identifiers, such as your name, address, email address, telephone number.
- Other Personal Information, such as identifiable health information, including genetic information, employment-related information, information about education and professional qualifications, including professional specialties, financial information, and demographic information like age, race, or gender. If you are a patient or recipient of health care services or Tempus tests, you should view our Notice of Privacy Practices.
- Other Personal Information you choose to provide, such as when you participate in a survey, register for an event, or when you request technical or consumer support.
- Financial and Payment Information, such as information we need to complete a transaction. If you apply or participate in Tempus’ patient assistance program, we may collect information to verify your eligibility in the program.
- Commercial Information, such as products and services purchased from us.
Information About Use of the Services
When accessing or using the Services, we may automatically collect:
- Internet activity, Log Information, and Service usage information, such as operating system, browser type and language, referring URLs, access times, pages viewed, links clicked and other information about your activities on the Services.
- Location information, such as information used to locate the device you use to access the Services. Location information may include: (i) the location of the device derived from GPS or WiFi use; (ii) the location derived from the IP address of the device or internet service used to access the Services, and (iii) other information made available by a user or others that indicates the current or prior location of the user.
- Profile and Inference Information, such as information about your preferences and characteristics.
Information from Third Parties
- We may collect data from public or commercially available sources, as permitted by law. Personal information may also be available from government agencies, public or third-party information sources, third-party service providers, or business partners. We also may collect information from industry and patient groups and associations, or combine information we have collected from multiple sources.
How We Use Your Personal Information
To Provide and Manage the Services. This includes, for example, enabling you to participate in features provided by the Services, performing our contracts with you or your employer or business, or with your doctors or other healthcare providers. We also may use information we gather to better understand and serve users and to improve our Services.
To Communicate with You. We may use your personal information to respond to questions you submit via the Services or to communicate with you regarding news, updates, or educational and marketing materials. You may opt-out of receiving commercial email messages from us by following the instructions in those messages.
As Required or Permitted by Law. We may use your personal information to comply with any applicable legal or regulatory obligations or for any other purpose permitted by law or with your lawful consent. We may deidentify, pseudonymize, or anonymize your Personal Information, which means that information that can be reasonably used to identify you will be removed. We may aggregate the deidentified data into a multi-modal real-world dataset to empower research and improve patient care. We create and use such de-identified information as permitted by law or with your consent.
How We Share Your Personal Information
- At Tempus. We may share your Personal Information internally among our business units and our affiliates in order to provide you our Services and generally to improve our product and service offerings.
- For Healthcare Purposes. We may share your Personal Information in accordance with our Notice of Privacy Practices.
- With vendors and other service providers. We may share your Personal Information with service providers who perform services for us and act at our direction. These services may include activities such as cloud storage and services, fulfillment services, and other IT services. Our policy is to prohibit these service providers from using your Personal Information for purposes other than providing services to us.
- In the event of a corporate transaction. In the event we go through a business transition like a merger, acquisition, reorganization, or sale of all or a portion of our assets, we may disclose your Personal Information to the party or parties of such transaction.
- To comply with our legal obligations or protect our rights. We will disclose your Personal Information if we think doing so is necessary to investigate or prevent actual or expected fraud, criminal activity, injury or damage to us or others or when otherwise required by statute, regulation, subpoena, court order, or other law, or if necessary to protect the rights, property, or safety or us, our employees, or others.
- With Third Parties. We may otherwise use information and share information about you with third parties with your consent. We also may provide to third parties information that is not directly identifiable as connected to you, such as information that has been aggregated or deidentified pursuant to the HIPAA expert determination method or HIPAA safe harbor method.
Cookies & Other Data Collection Technologies
You can review your Internet browser settings, typically under the sections “Help” or “Internet Options”, to exercise choices you have for certain cookies. Please note that by blocking or deleting cookies used in our Services you may be unable to access certain parts of Tempus’ Services
We may use the following categories of cookies:
Essential Cookies: These cookies are strictly necessary to provide you with features available through our website and apps and to use some of their features, such as contact forms. Because these cookies are strictly necessary to deliver the Services, you cannot refuse them without impacting how our Services function.
Performance and Functionality Cookies: These cookies are used to enhance the performance and functionality of our Services but are non-essential to their use. Without these cookies, certain functionality may become unavailable.
Analytics and Customization Cookies: These cookies collect information that is used to help us understand how our Services are being used or how effective our marketing activities are, or to help us customize our Services for you in order to enhance your experience.
Persistent Cookies: These record your visit to our website and apps, recognize you as a previous visitor and track your activity on the website or apps.
Web Beacons and Pixel Tags: We may use software code on a web page or in an email message called web beacons and pixel tags. These are placed on web pages or in our emails and notify us if you access the pages or open or click an email. These tools allow us to measure response to our communications and improve our Services.
You can learn more about how to manage all cookies across different types of browsers by visiting www.allaboutcookies.org. The site includes additional useful information on cookies. Cookie management tools are device and browser specific and may not work on all devices.
Our website does not currently recognize “Do Not Track” signals sent by some browsers.
We use technical, physical, and administrative safeguards that are designed to improve the confidentiality, integrity and accessibility of your Personal Information and Protected Health Information. We incorporate secure storage and transmission technologies including strong encryption, firewalls, fine-grained access control and secure audit. We cannot, however, ensure or warrant the security of any information you transmit to us via the Services, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our technical, physical, or administrative safeguards.
Our Services are not designed nor intended to be used or accessed by children under the age of 13. No one under age 13 may provide any information to or through the Services. We do not intentionally collect Personal Information from children through the Services. If you are under age of 13, do not use or provide any information on or through the Services, including, but not limited to, your name, address, telephone number, e-mail address, user name or other. If we learn we have collected or received Personal Information from a child under age 13 without verification or parental consent, we will delete that information. If you believe that we may have collected any information, including Personal Information from or about a child under age 13, please contact us immediately at email@example.com.
Tempus complies with all applicable state and federal laws in addressing requests for access to Personal Information in our possession related to minors under the age of 18.
Additional Information for Consumers in the US
Depending on your state of residence, you may be entitled to additional privacy rights regarding your Personal Information. For example, if you are a resident of California, you may be entitled to the privacy rights described below under the California Consumer Privacy Act (“CCPA”) and other applicable laws. Please note that certain categories of Personal Information, such as PHI, are not covered by state law privacy rights, but may be protected by HIPAA and other laws that provide similar protections.
The Right to Know. You have the right to request:
- the specific pieces of Personal Information we have about you;
- the categories of Personal Information we have collected about you in the last 12 months;
- the categories of sources from which that Personal Information was collected;
- if we sold or disclosed your Personal Information in the last 12 months and the categories of your Personal Information that we sold or disclosed;
- the categories of third parties with whom we share your Personal Information; and
- the purpose for collecting and selling Personal Information.
- Within the past 12 months, Tempus has collected the categories of personal information detailed in the section titled “Personal Information and What We Collect” above.
- Within the past 12 months, Tempus has not sold (within the meaning of CCPA and applicable state law) Personal Information about any adults or minors in the preceding 12 months.
- Within the past 12 months, Tempus has sold (within the meaning of CCPA and applicable state law) de-identified information.
- Tempus may disclose the categories of Personal Information that we collect to third parties as described above under “How We Share Your Personal Information.”
Specifically, Tempus has disclosed the following categories of Personal Information in the preceding 12 months: direct identifiers, other personal information, internet activity information, and commercial information.
The Right to Deletion. You have the right to request that Tempus delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
Non-discrimination. Tempus will not discriminate against you in any way if you choose to exercise your rights under the law. However, if we delete your Personal Information based on a request you make, understand that you may be unable to use or access certain features of our Services.
You may exercise your right to know and your right to deletion twice a year free of charge. To exercise your right to know or your right to deletion, contact us at 800-739-4137 or email us at firstname.lastname@example.org. We endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
California Confidentiality of Medical Information Act. California law grants California residents, including children, the right to request access to their medical information, in certain circumstances, including mental health records. You may request access to your medical information by emailing email@example.com, or by writing us at the address in the Contact Information section below.
Other California Privacy Rights. California’s “Shine the Light” law also gives California residents the right to request certain information regarding our disclosure of their Personal Information to third parties for those third parties’ direct marketing purposes. You may request information regarding the disclosure of your Personal Information to third parties for those third parties’ direct marketing purposes by emailing firstname.lastname@example.org or by writing us at the address in the Contact Information section below. Please indicate “California Rights” in the subject or attention line of your communication.
Your European Union and United Kingdom Privacy Rights
If you are a resident of the European Union or the United Kingdom, you have certain data protection rights under the General Data Protection Regulation (GDPR).
Your Rights Under GDPR
Tempus is committed to providing individuals greater control over the processing of their personal data. You are entitled to certain rights under GDPR:
- Right to Request Information. You have the right to ask us questions about our processing of your Personal Data, including if you feel information is missing from this Privacy Notice.
- Right to Access. You have the right to request access to your Personal Data.
- Right to Rectification. You have the right to ask us to correct errors, or to complete omissions, in your Personal Data.
- *Right to Erasure. You may have the right to ask us to delete your Personal Data. Some people call this the “right to be forgotten.”
- *Right to Object. You may have the right to object to, and stop, our processing of your Personal Data.
- *Right to Restriction of Processing. You may have the right to limit our processing of your Personal Data.
- *Right to Data Portability. You may have the right to receive, or have us transmit to another person, a portable copy of your Personal Data.
The rights above with an asterisk (*) are subject to certain conditions or exceptions and may not be applicable under this Privacy Notice. If you want to know more about those conditions, or if you would like to exercise one or more of the rights above, please contact us at email@example.com. You can also call us at 800-739-4137, but we prefer that you reach us by email. Tempus will never discriminate against individuals who exercise their legal rights concerning their personal data.
Retention of Your Personal Information
We will retain your personal information for as long as is reasonably necessary to fulfill the relevant purposes set out in this privacy notice and during the period required or permitted by law. The retention period will primarily be determined by relevant legal and regulatory obligations and/or duration of our business relationship with you. We will securely delete or erase your personal information if there is no valid business reason for retaining your data.
In addition, you can always reach out to your local data protection authority for more information on your rights. The identity of your local data protection authority depends on where you live, so we are unable to identify it for you. If you live in Europe, we have found this link to be helpful: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en
Our Legal Basis for Processing Personal Data Under GDPR
In most cases, our use of your personal data is necessary:
- for us to carry out a contract with you, such as a contract to purchase a product or a Service;
- so that we can comply with our legal or regulatory obligations, and/or cooperate with regulators and other authorities; or
- for the purposes of pursuing our legitimate interests and where these are not overridden by your interests or fundamental rights or freedoms which require protection of personal data, such as to manage and improve our business and customer engagements and relationships to support the Services, and evaluate the use of our Services.
We will process your personal data only for purposes permitted by law. This includes processing where necessary for the following purposes:
- to comply with a request or order from a competent court, law enforcement authority or other government agency; and/or
- to enforce, exercise or defend legal claims.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data. If you have any questions or need more information regarding the legal basis and purpose for processing your personal data, please contact us at firstname.lastname@example.org.
As you may be aware, the United States is not subject to a universal adequacy decision by the European Commission. This means that the European Commission has not determined that U.S. laws provide the same level of legal protections to individuals concerning their personal data and how it is used. In other words, processing in the U.S. may be undertaken with fewer privacy- and security-focused protections than in Europe, which may increase the risk of data breaches, losses of data, or similar events affecting personal data privacy and security. In any event, Tempus is firmly committed to data privacy and security and has implemented a number of measures that are intended to ensure all personal data (including your Personal Information) is protected just as strongly in the U.S. as it might be in Europe, including entering into EU-approved model contract clauses with certain of our processors (including those vendors or service providers we’ve described above) and providing appropriate technical and organizational measures to secure your Personal Information (as discussed above). If you have any questions about cross-border processing, please don’t hesitate to reach out to email@example.com.
Other International Visitors (non-EU or UK)
This website and our Services are hosted in the United States and are intended for visitors located within the United States. Your use of the Services and provision of your information is subject to the laws and regulations of the United States and the State of Illinois. If you choose to use the Services from other regions of the world with laws governing data collection, use and disclosures that may differ from United States law, then you acknowledge and agree that (a) you are transferring your personal information outside of those regions to the United States, and (b) the laws and regulations of the United States regarding data privacy and security governing the use and disclosure of Personal Information and Protected Health Information may differ from those of your country of residence.
Please contact us with any questions or comments about this Policy, your Personal Information or our Notice of Privacy Practices, or your consent choices by email at firstname.lastname@example.org or by mail to 600 West Chicago Avenue, Suite 510, Chicago, IL 60654 Attn: Privacy Officer.