Last revised: June 30, 2020
Please view our HIPAA Notice of Privacy Practices to learn more about how we use and disclose your protected health information or PHI, our legal duties with respect to your PHI, and your rights with respect to your PHI and how you may exercise them.
Tempus Labs, Inc. (“Tempus,” “our,” “us,” or “we”) respects the privacy of all visitors and users of its online services and is dedicated to maintaining the accessibility, confidentiality, and integrity of all such information. This Privacy Policy (“Policy”) applies to all visitors to and users of the Tempus website www.tempus.com and all other Tempus-owned websites, domains, services, applications, and products (“Services”).
By using our Services, you agree to this Policy. We may make changes from time to time, and it is your responsibility to periodically review this Policy for any changes. Your continued use of the Services after we make changes is deemed to be an acceptance of those changes.
“Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. When you access and use the Services, we may collect the following categories of Personal Information from or about you:
Personal Information that you provide to us will be used as described in this Policy, our Notice of Privacy Practices, or in our Terms of Use.
We may use or disclose your Personal Information to:
We may also deidentify, pseudonymize, or anonymize your Personal Information, which means that information that can be reasonably used to identify you will be removed. We aggregate the deidentified data into a multi-modal real-world dataset to empower research and improve patient care. We create and use such deidentified information as permitted by law or with your consent.
A cookie is a small file placed on the hard drive of your computer. We use cookies if you have a Tempus account, use our Services, including our website and apps, or visit other websites and apps that use the Services. Cookies enable Tempus to offer the Services to you and to understand the information we receive about you, including information about your use of other websites and apps, whether or not you are registered or logged in.
You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of Tempus’ Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.
In addition, we may use third-party software, such as Google Analytics, to collect and process data. Google Analytics uses cookies to track your interactions with our Services, then collects that information and reports it to us, without identifying individual users. This information helps us improve our Services so that we can better serve users like you. More information about how Google uses data is located at www.google.com/analytics.
Our website does not currently recognize “Do Not Track” signals sent by some browsers.
We use technical, physical, and administrative safeguards that are designed to improve the confidentiality, integrity and accessibility of your Personal Information and Protected Health Information. We incorporate secure storage and transmission technologies including strong encryption, firewalls, fine-grained access control and secure audit. We cannot, however, ensure or warrant the security of any information you transmit to us via the Services, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our technical, physical, or administrative safeguards.
Our Services are not designed nor intended to be used or accessed by children under the age of 13. No one under age 13 may provide any information to or through the Services. We do not intentionally collect Personal Information from children through the Services. If you are under age 13, do not use or provide any information on or through the Services, including, but not limited to, your name, address, telephone number, e-mail address, user name or other. If we learn we have collected or received Personal Information from a child under age 13 without verification or parental consent, we will delete that information. If you believe that we may have collected any information, including Personal Information from or about a child under age 13, please contact us immediately at support@tempus.com.
If you are a resident of California, you may be entitled to the privacy rights described below under the California Consumer Privacy Act (“CCPA”). Please note that certain categories of Personal Information, such as PHI, are not covered by these CCPA privacy rights, but may be protected by HIPAA and other laws that provide similar protections.
The Right to Know. You have the right to request:
In general:
Specifically, Tempus has disclosed the following categories of Personal Information in the preceding 12 months: direct identifiers, other personal information, internet activity information, and commercial information.
The Right to Deletion. You have the right to request that Tempus delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
Non-discrimination. Tempus will not discriminate against you in any way if you choose to exercise your rights under the CCPA. However, if we delete your Personal Information based on a request you make, understand that you may be unable to use or access certain features of our Services.
You may exercise your right to know and your right to deletion twice a year free of charge. To exercise your right to know or your right to deletion, contact us at 800-739-4137 or email us at privacy@tempus.com. We endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
Other California Privacy Rights. California’s “Shine the Light” law also gives California residents the rights to request certain information regarding our disclosure of their Personal Information to third parties for those third parties’ direct marketing purposes. You may request information regarding the disclosure of your Personal Information to third parties for those third parties’ direct marketing purposes by emailing privacy@tempus.com or writing us at the address in the Contact Information section below. Please indicate “California Rights” in the subject or attention line of your communication.
If you are a resident of the European Union, you have certain data protection rights under the General Data Protection Regulation (GDPR).
Your Rights Under GDPR. Tempus is committed to providing individuals greater control over the processing of their personal data. You are entitled to certain rights under GDPR:
The rights above with an asterisk (*) are subject to certain conditions or exceptions and may not be applicable under this Privacy Notice. If you want to know more about those conditions, or if you would like to exercise one or more of the rights above, please contact us at privacy@tempus.com. You can also call us at 800-739-4137, but we prefer that you reach us by email. Tempus will never discriminate against individuals who exercise their legal rights concerning their personal data.
In addition, you can always reach out to your local data protection authority for more information on your rights. The identity of your local data protection authority depends on where you live, so we are unable to identify it for you. If you live in Europe, we have found this link to be helpful: https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en
Our Legal Basis for Processing Personal Data Under GDPR. We process personal data in order to perform our testing services and to bill for these services, to perform our contracts with you, and to meet our legal obligations. Additionally, our processing is necessary based on our legitimate interest of providing our healthcare and other services to you. It is likely that you provided your consent for our testing and for certain processing activities either directly to us or through your doctor.
International Transfers. As you may be aware, the United States has not been subject to a universal adequacy decision by the European Commission. This means that the European Commission has not determined that U.S. laws provide the same level of legal protections to individuals concerning their personal data and how it is used. In other words, processing in the U.S. may be undertaken with fewer privacy- and security-focused protections than in Europe, which may increase the risk of data breaches, losses of data, or similar events affecting personal data privacy and security. In any event, Tempus is firmly committed to data privacy and security and has implemented a number of measures that are intended to ensure all personal data (including your Personal Information) is protected just as strongly in the U.S. as it might be in Europe, including entering into EU-approved model contract clauses with certain of our processors (including those vendors or service providers we’ve described above) and providing appropriate technical and organizational measures to secure your Personal Information (as discussed above). If you have any questions about cross-border processing, please don’t hesitate to reach out to privacy@tempus.com.
This website and our Services are hosted in the United States and are intended for visitors located within the United States. Your use of the Services and provision of your information is subject to the laws and regulations of the United States and the State of Illinois. If you choose to use the Services from other regions of the world with laws governing data collection, use and disclosures that may differ from United States law, then you acknowledge and agree that (a) you are transferring your personal information outside of those regions to the United States, and (b) the laws and regulations of the United States regarding data privacy and security governing the use and disclosure of Personal Information and Protected Health Information may differ from those of your country of residence.
It is our policy to post any changes that we make to our Privacy Policy on our website. If we make material changes to how we treat our users’ Personal Information, we will update this Privacy Policy. The date our Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically visiting our website and this Policy for changes. For any questions or comments regarding this Privacy Policy, please contact us at privacy@tempus.com.
Please contact us with any questions or comments about this Policy, your Personal Information or our Notice of Privacy Practices, or your consent choices by email at privacy@tempus.com or by mail to 600 West Chicago Avenue, Suite 510, Chicago, IL 60654 Attn: Privacy Officer.