Last revised: July 1, 2021
Please view our Notice of Privacy Practices to learn more about how we use and disclose your protected health information or PHI, our legal duties with respect to your PHI, and your rights with respect to your PHI and how you may exercise them.
By using our Services, you agree to this Policy. We may make changes from time to time, and it is your responsibility to periodically review this Policy for any changes. Your continued use of the Services after we make changes is deemed to be an acceptance of those changes.
“Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. When you access and use the Services, we may collect the following categories of Personal Information from or about you:
We may use or disclose your Personal Information to:
We may also deidentify, pseudonymize, or anonymize your Personal Information, which means that information that can be reasonably used to identify you will be removed. We aggregate the deidentified data into a multi-modal real-world dataset to empower research and improve patient care. We create and use such deidentified information as permitted by law or with your consent.
Our website does not currently recognize “Do Not Track” signals sent by some browsers.
We use technical, physical, and administrative safeguards that are designed to improve the confidentiality, integrity and accessibility of your Personal Information and Protected Health Information. We incorporate secure storage and transmission technologies including strong encryption, firewalls, fine-grained access control and secure audit. We cannot, however, ensure or warrant the security of any information you transmit to us via the Services, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our technical, physical, or administrative safeguards.
Our Services are not designed nor intended to be used or accessed by children under the age of 13. No one under age 13 may provide any information to or through the Services. We do not intentionally collect Personal Information from children through the Services. If you are under age 13, do not use or provide any information on or through the Services, including, but not limited to, your name, address, telephone number, e-mail address, user name or other. If we learn we have collected or received Personal Information from a child under age 13 without verification or parental consent, we will delete that information. If you believe that we may have collected any information, including Personal Information from or about a child under age 13, please contact us immediately at email@example.com.
Tempus complies with all applicable state and federal laws in addressing requests for access to Personal Information in our possession related to minors under the age of 18.
If you are a resident of California, you may be entitled to the privacy rights described below under the California Consumer Privacy Act (“CCPA”) and other applicable laws. Please note that certain categories of Personal Information, such as PHI, are not covered by these CCPA privacy rights, but may be protected by HIPAA and other laws that provide similar protections.
The Right to Know. You have the right to request:
Specifically, Tempus has disclosed the following categories of Personal Information in the preceding 12 months: direct identifiers, other personal information, internet activity information, and commercial information.
The Right to Deletion. You have the right to request that Tempus delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
Non-discrimination. Tempus will not discriminate against you in any way if you choose to exercise your rights under the CCPA. However, if we delete your Personal Information based on a request you make, understand that you may be unable to use or access certain features of our Services.
You may exercise your right to know and your right to deletion twice a year free of charge. To exercise your right to know or your right to deletion, contact us at 800-739-4137 or email us at firstname.lastname@example.org. We endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
California Confidentiality of Medical Information Act. California law grants California residents, including children, the right to request access to their medical information, in certain circumstances, including mental health records. You may request access to your medical information by emailing email@example.com, or writing us at the address in the Contact Information section below.
Other California Privacy Rights. California’s “Shine the Light” law also gives California residents the rights to request certain information regarding our disclosure of their Personal Information to third parties for those third parties’ direct marketing purposes. You may request information regarding the disclosure of your Personal Information to third parties for those third parties’ direct marketing purposes by emailing firstname.lastname@example.org or writing us at the address in the Contact Information section below. Please indicate “California Rights” in the subject or attention line of your communication.
If you are a resident of the European Union, you have certain data protection rights under the General Data Protection Regulation (GDPR).
Your Rights Under GDPR. Tempus is committed to providing individuals greater control over the processing of their personal data. You are entitled to certain rights under GDPR:
The rights above with an asterisk (*) are subject to certain conditions or exceptions and may not be applicable under this Privacy Notice. If you want to know more about those conditions, or if you would like to exercise one or more of the rights above, please contact us at email@example.com. You can also call us at 800-739-4137, but we prefer that you reach us by email. Tempus will never discriminate against individuals who exercise their legal rights concerning their personal data.
In addition, you can always reach out to your local data protection authority for more information on your rights. The identity of your local data protection authority depends on where you live, so we are unable to identify it for you. If you live in Europe, we have found this link to be helpful: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en
Our Legal Basis for Processing Personal Data Under GDPR. We process personal data in order to perform our testing services and to bill for these services, to perform our contracts with you, and to meet our legal obligations. Additionally, our processing is necessary based on our legitimate interest of providing our healthcare and other services to you. It is likely that you provided your consent for our testing and for certain processing activities either directly to us or through your doctor.
International Transfers. As you may be aware, the United States has not been subject to a universal adequacy decision by the European Commission. This means that the European Commission has not determined that U.S. laws provide the same level of legal protections to individuals concerning their personal data and how it is used. In other words, processing in the U.S. may be undertaken with fewer privacy- and security-focused protections than in Europe, which may increase the risk of data breaches, losses of data, or similar events affecting personal data privacy and security. In any event, Tempus is firmly committed to data privacy and security and has implemented a number of measures that are intended to ensure all personal data (including your Personal Information) is protected just as strongly in the U.S. as it might be in Europe, including entering into EU-approved model contract clauses with certain of our processors (including those vendors or service providers we’ve described above) and providing appropriate technical and organizational measures to secure your Personal Information (as discussed above). If you have any questions about cross-border processing, please don’t hesitate to reach out to firstname.lastname@example.org.
This website and our Services are hosted in the United States and are intended for visitors located within the United States. Your use of the Services and provision of your information is subject to the laws and regulations of the United States and the State of Illinois. If you choose to use the Services from other regions of the world with laws governing data collection, use and disclosures that may differ from United States law, then you acknowledge and agree that (a) you are transferring your personal information outside of those regions to the United States, and (b) the laws and regulations of the United States regarding data privacy and security governing the use and disclosure of Personal Information and Protected Health Information may differ from those of your country of residence.
Please contact us with any questions or comments about this Policy, your Personal Information or our Notice of Privacy Practices, or your consent choices by email at email@example.com or by mail to 600 West Chicago Avenue, Suite 510, Chicago, IL 60654 Attn: Privacy Officer.