HIPAA NOTICE OF PRIVACY PRACTICES

Effective Date: July 30, 2018

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

In this Notice of Privacy Practices, we at Adaptive Biotechnologies Corporation, its subsidiaries and affiliates (“Adaptive,” “we” or “us”), explain our practices regarding the use and disclosure of medical and other personal information about you that we collect in conjunction with our clinical laboratory businesses, such as our clonoSEQ® service, and your rights relating to that information.

 

OVERVIEW

Your Rights
You have the right to:

• Get a copy of your medical record
• Correct your medical record
• Request confidential communications
• Ask us to limit the information we use or share
• Get a list of those with whom we’ve shared your information for certain purposes
• Get a copy of this privacy notice
• Choose someone to act for you
• Ask questions
• File a complaint if you believe your privacy rights have been violated

Your Choices
You have some choices in the way that we use and share information, such as how or whether we:

• Tell family and friends about your condition
• Provide information so that you may be located or rescued
• Engage in sales and marketing activities

Our Uses and Disclosures
We may use and share your information for various reasons, such as when we:

• Provide clinical laboratory services for you
• Run our organization
• Bill for testing services
• Help with public health and safety issues
• Do research under certain conditions
• Work with a coroner, medical examiner, or funeral director
• Comply with the law
• Address workers’ compensation, law enforcement, and other government or judicial requests
• Respond to lawsuits and legal actions

Each of the topics above is discussed in greater detail below.

YOUR RIGHTS
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you. In each case, if you have questions about how to exercise your rights, please email us at privacy@adaptivebiotech.com.

Get an electronic or paper copy of your medical record
• You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you.
• We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee for any copy or summary.

Ask us to correct your medical record
• You can ask us to correct health information about you that you think is incorrect or incomplete.
• We may say “no” to your request, but if we do, we’ll tell you why in writing within 60 days.

Request confidential communications
• You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
• We will say “yes” to all reasonable requests.

Ask us to limit what we use or share
• You can ask us not to use or share certain of your health information. Except as noted just below, we are not required to agree to your request, and we may say “no” if it would affect your care or for other justifiable reasons.
• If you pay for a service or health care item out-of-pocket in full, you can ask us not to share with your health insurer any information about your receipt of that service or health care item. We will say “yes” unless a law requires us to do otherwise.

Get a list of those with whom we’ve shared information
• You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
• We will include in that list all disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting per year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Get a copy of this privacy notice
• You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you
• If you have given someone medical power of attorney or if someone is your legal representative or guardian (or, in some cases, if someone is an administrator, executor, or other authorized person responsible for your estate), that person can exercise your rights and make choices about our uses and disclosures of your health information.
• If you are an unemancipated minor, your parent or legal guardian may exercise your rights and make choices about our uses and disclosures of your health information on your behalf.
• We will do what we can to make sure that any person who purports to be your legal representative has this authority before we take any action as directed or authorized by that person.

Ask questions
• You can ask questions about this notice and your rights at any time. Please contact our Customer Service Department or email us at privacy@adaptivebiotech.com.

File a complaint if you feel your rights are violated
• You can complain if you feel we have violated your rights by contacting us either by mail at Adaptive Biotechnologies Corporation, Attn: Privacy Officer, 1551 Eastlake Avenue East Suite 200, Seattle, Washington 98102, or by email at privacy@adaptivebiotech.com.

• You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting http://www.hhs.gov/ocr/privacy/hipaa/complaints

• We will not retaliate against you for complaining to us or filing a complaint.

 

YOUR CHOICES
In certain circumstances, you have the right to choose when and how much of your health information we may share. If you have a clear preference for how we share your information in any of the situations described below, please email us at privacy@adaptivebiotech.com. Tell us what you want us to do, and we will follow your instructions regarding the choices described below.

You have the right to tell us to:

• Share information with your family, close friends, or others involved in your care or payment for your care
• Share information with a disaster relief organization or others in order to help notify a person involved in your care about your location, condition, or vital status
• Share information with organ procurement organizations or related entities for the purpose of facilitating organ or tissue donation and transplantation

If you are not able to tell us your preference, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

In the cases below, we are prohibited from sharing your personal health information unless you give us written permission:

• Disclosure to third parties for marketing purposes
• Sale of your information, although as we continue to develop our business, we might sell or acquire subsidiaries, affiliates or business units. In such transactions, health records information generally is one of the transferred business assets. Also, in the unlikely event that Adaptive or substantially all of its assets are acquired, health records will of course be one of the transferred assets.

 

OUR USES AND DISCLOSURES
In accordance with applicable federal and state law, we typically use or share your health information in the following ways.

Providing clinical laboratory services for you
We can use your health information and share it with other professionals who are treating you.

Example: Discussions of the minimal residual disease result with your treating physician.

Run our organization or help your health care provider run their organization
We can use and share your health information to run our laboratory, develop and improve our services to improve your care, and contact you when necessary. We can also share your health information with your health care provider to help them run their business, such as to process claims for payment for services they provide to you or to conduct quality control.

Example: We share health information about you with our third party service providers to manage our business, for example helping us process your test orders and helping us securely store your information.

Bill for your services
We can use and share your health information to bill and get payment from health plans or other entities.

Example: We may give information about you to a third party billing business associate to forward to your health insurance plan so it will pay for the services you received.

Help with public health and safety issues
We can share health information about you for certain situations such as:

• Preventing disease
• Participating in public health investigations
• Helping with product recalls
• Reporting adverse reactions to medications or certain other injuries
• Reporting suspected abuse, neglect, or domestic violence
• Preventing or reducing a serious threat to anyone’s health or safety

Do research
We may maintain certain of your information in certain databases, which may be used or accessed by individuals within our organization for research purposes. We can use or share your information for health research (1) if we have obtained your signed authorization or (2) if we have received approval from an Institutional Review Board or Privacy Board to conduct the research without your express authorization. We can also use your information without your signed authorization to prepare for research, such as to prepare a research protocol, or share it for those purposes. We generally may share information for research purposes about anyone who is deceased without the deceased’s signed authorization.

Work with a coroner, medical examiner, or funeral director
We can share health information about an individual with a coroner, medical examiner, or funeral director when the individual dies.

Address workers’ compensation, law enforcement, and other government requests
Subject to certain limitations, we can use or share health information about you:

• For workers’ compensation claims or benefits
• For law enforcement purposes or with a law enforcement official
• With health oversight agencies for activities authorized by law
• For special government functions such as military, national security, and presidential protective services

Comply with the law
We will share information about you if state, federal or national laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.

Respond to lawsuits and legal actions or proceedings
We can share health information about you in response to a court or administrative order, or in response to a subpoena or other lawful process.

How else can we use or share your health information?
We are allowed or required to share your information in other ways and to other individuals–often in ways that contribute to the public good, such as public health or for law enforcement purposes. For more information see: http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html

We may not use or share your information other than as described in this notice without your written authorization. If you do provide such authorization, you may revoke that authorization, in whole or in part, at any time. You must send us your revocation in writing.

 

OUR RESPONSIBILITIES
We are required to:

• Maintain the privacy and security of your personal health information in accordance with applicable law;
• Provide you with this notice of our legal duties and privacy practices with respect to your personal health information;
• Notify you if a breach occurs that may have compromised the privacy or security of your personal health information; and
• Adhere to the duties and privacy practices described in this notice and give you a paper copy of the notice upon your request..

For more information see: http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html

 

CHANGES TO TERMS OF THIS NOTICE
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site.

 

OTHER INSTRUCTIONS FOR NOTICE
Adaptive’s U.S. Privacy Officer and International Data Protection Officer is
Kate Godfrey, Vice President, Compliance and Privacy Officer, who can be reached by mail at
1551 Eastlake Avenue East, Suite 200,
Seattle, Washington 98102,
by telephone at (206) 693-2227 or by email at privacy@adaptivebiotech.com.

PRIVACY SHIELD PRIVACY POLICY

Effective Date: October 4, 2018

This Privacy Shield Privacy Policy applies to Personal Data (as defined below) transferred from countries that are members of the European Union (EU) or from Switzerland to Adaptive Biotechnologies Corporation (“Adaptive” or “we” or “us”) in the United States in reliance on the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework, respectively. To learn more about the Privacy Shield Framework, please visit https://www.privacyshield.gov/.

The scope of this Policy is distinct from other privacy policies that Adaptive maintains, including the Adaptive Online Privacy Policy, and Adaptive’s HIPAA Notice of Privacy Practices (applicable to health information that we collect in conjunction with our clinical laboratory businesses). Please refer to those other privacy policies to learn about our treatment of Personal Data collected in those other contexts.

Adaptive has certified with the U.S. Department of Commerce that it adheres to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability. For more information about these Principles, or how to enforce your rights, please contact: privacy@adaptivebiotech.com. You may find our certification page at https://www.privacyshield.gov/list. If there is any conflict between the policies in this Privacy Shield Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles will govern. For purposes of enforcing compliance with the Privacy Shield Principles, Adaptive is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission.

Adaptive commits its cooperation with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regards to disputes over human resources data transferred from the EU and Switzerland in the context of the employment relationship. Adaptive will comply with any advice provided by such authorities as it relates to pertinent activities.

We may update this Policy from time to time consistent with the requirements of the Privacy Shield Framework, and we will provide appropriate notice of an such amendments on the Adaptive website Legal-Privacy page, https://www.adaptivebiotech.com/legal-privacy.

 

I. DEFINITIONS

“Data Subject” means the individual to whom any given Personal Data covered by this Privacy Shield Policy refers.

“Personal Data” means any information relating to an individual residing in the European Union or Switzerland that can be used to identify that individual either on its own or in combination with other readily available data.

“Sensitive Personal Data” means Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.

 

II. TYPES OF PERSONAL DATA ADAPTIVE RECEIVES FROM THE EU AND SWITZERLAND
The Personal Data that Adaptive may collect in reliance on this Privacy Shield Privacy Policy includes individual contact information, health information (which we treat as Sensitive Personal Data), certain financial information which may include payment account information, and information on personal preferences and demographics. Additionally, Adaptive may collect information relating to an expression of interest in employment and background checks.

 

III. PURPOSES FOR PERSONAL DATA COLLECTION AND USE
Adaptive obtains Personal Data in reliance on this Privacy Shield Privacy Policy in order to:

  1. Conduct research and development
  2. Undertake product development
  3. Perform contracts and services
  4. Conduct healthcare operations
  5. Engage in marketing and sales, with proper consent
  6. De-identify or anonymize the information so it is no longer Personal Data and may be used for purposes other than those described here.
  7. Consider expressions of interest for employment and evaluate candidates and, if hired, employees.

Adaptive maintains reasonable procedures to help ensure that EU and/or Swiss Personal Data is reliable for its intended use, accurate, complete, and current. If Adaptive seeks to use Personal Data covered by this Privacy Shield Policy for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, Adaptive will provide Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Adaptive takes reasonable and appropriate measures to retain Personal Data in identifiable form only for as long as it serves a purpose of legitimate use or other processing.

 

IV. PURPOSES FOR SHARING AND RECIPIENTS OF PERSONAL DATA

A. Third-Party Agents and Service Providers: We share Personal Data with unaffiliated third parties who provide us with services, such as those who assist us with technology, data analysis, or similar services. Where required by the Privacy Shield, we enter into written agreements with those third-party agents and service providers requiring them to provide at least the same level of protection that the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that third party agents and service providers process EU and/or Swiss Personal Data in accordance with our Privacy Shield obligations and (ii) to cease and remediate the adverse effects of any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers that perform services on our behalf for their handling of EU and/or Swiss Personal Data that we transfer to them.

 

B. Third-Party Data Controllers: In some cases, we may transfer EU and/or Swiss Personal Data to unaffiliated third-party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We will make such transfers only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by or notice provided to the Data Subjects, (ii) provide at least the same level of protection as is required by the Privacy Shield Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If we obtain knowledge that a third party acting as a controller is processing Personal Data covered by this Privacy Shield Policy in a way that is contrary to the Privacy Shield Principles, Adaptive will take reasonable steps to prevent or stop such processing. The third-party data controllers to whom we may disclose Personal Data include but are not limited to:

  1. Research and Development Partners. 
  2. Acquirers or Assignees: In the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Adaptive or its assets, we may transfer Personal Information to the acquiring party or assignee.
  3. Corporate Investment Partners.

 

C. Entities Entitled Under Law: We also may disclose Personal Data in the following circumstances: (i) when required by applicable law, including laws outside your country of residence; (ii) to comply with legal process (iii) to respond to requests from public and government authorities; (iv) to meet national security or law enforcement requirements, or (v) to evaluate job candidates, check references or background, and if hired, regarding employment.

 

V. DATA SUBJECTS’ ACCESS TO THEIR PERSONAL DATA
Each Data Subject has the right to access the Personal Data Adaptive has obtained regarding he or she in reliance on the Privacy Shield and to request that we correct, amend, or delete that Personal Data if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, alternative choice of opt-in/out, or deletion of your EU and/or Swiss Personal Data, you can submit a written request to us as indicated in the “Contacting Us” section of this Policy below. We may request specific information from you to confirm your identity in order to respond to such a request. In some circumstances we may charge a reasonable fee for access to your information. If your EU and/or Swiss Personal Data was provided to us by an Adaptive customer, we may facilitate your access to such data by directing you to the customer that provided your data to us.

 

VI. SECURITY
Adaptive maintains reasonable and appropriate security measures to protect EU and/or Swiss Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield Framework.

 

VII. COMPLAINTS AND MECHANISMS FOR RECOURSE
Each Data Subject may raise questions or complaints about the use or disclosure of their EU and/or Swiss Personal Data in conformance with the Privacy Shield Principles. If you have any such questions or complaints, please write to us as directed in the “Contacting Us” section of this Policy below. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EU and/or Swiss Personal Data within 45 days of receiving your complaint.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider, JAMS (free of charge) at https://jamsadr.com/eu-us-privacy-shield.

Under certain conditions detailed in the Privacy Shield, Data Subjects may be able to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. Information on the conditions for and steps necessary to pursue this option is available at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

 

VIII. CONTACTING US
If you have any questions or concerns related to this Privacy Policy or the information practices of this organization, please write to us at:

Adaptive Biotechnologies Corporation
Attn: Kate Godfrey, JD, CCEP
VP, Compliance and Data Privacy Officer
1551 Eastlake Avenue East, Suite 200
Seattle, Washington 98102
USA

Email to: privacy@adaptivebiotech.com

ONLINE PRIVACY POLICY

Effective Date: June 10, 2020

This Online Privacy Policy (our “Privacy Policy”) sets out how Adaptive Biotechnologies Corporation and our subsidiaries and affiliates (“Adaptive,” “we” or “us”) collects, uses and discloses the personal information we collect, as described in the Scope section below.  This Privacy Policy does not apply to any personal information we collect that is subject to the U.S. Health Insurance Portability and Accountability Act and associated regulations (HIPAA), which is subject to our HIPAA Notice of Privacy Practices, any personal information that we collect and process on behalf of our clients as processor or services provider (such personal information is subject to the privacy policies of our clients), or other personal information that is out of scope as described in the Scope section below.

Overview of Our Collection and Use of Personal Information
We think transparency is important.  In this overview, we summarize the relevant personal information we collect and how we use it, which is further explained in our Privacy Policy below.  Keep in mind that the actual personal information we collect and how we use it varies depending upon the nature of our relationship and interactions with you.  Also, in some cases (such as where required by law), we ask for your consent or give you certain choices prior to collecting or using certain personal information.

Personal Information Collected. Generally, we collect the following categories of personal information:

  • Identifiers: such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, government identifiers, and other similar identifiers.
  • Customer records: paper and electronic customer records containing personal information.
  • Protected classifications: characteristics of protected classifications under US state or federal laws, such as race, sex, age, and disability.
    • Commercial information: including records of personal property, products or Services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
    • Internet or other electronic network activity information: such as browsing history, clickstream data, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, including access logs and other usage data related to your use of any company websites, applications or other online services.
    • Geolocation data: precise location information.
    • Employment information: professional or employment-related information.
    • Education information: information that is not publicly-available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
    • Inferences: inferences drawn from personal information to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

 

Purposes of Use. Generally, we use and disclose personal information for the following purposes:

  • Providing support and Services and operating our websites
  • Analyzing and improving our business
  • Personalizing content and experiences
  • Advertising, marketing and promotional purposes
  • Securing and protecting our business
  • Defending our legal rights
  • Auditing, reporting, corporate governance, and internal operations
  • Complying with legal obligations

If you are a California resident, review section 16.B. CCPA – California Residents below for more about our information practices and your rights under the California Consumer Privacy Act (CCPA), including your rights to opt-out of the “sale” of your personal information as defined by the CCPA.

  1. SCOPE
    This Privacy Policy applies to the personal information that we collect related to:
  • individuals who access or use of our websites and online services (together, the “Services”) or whose personal information we otherwise receive in providing the Services;
  • individuals that register for our Services, for example an immunoSEQ®Analyzer user account or a clonoSEQ® Diagnostics Portal account;
  • our current, former, and prospective clients and business partners;
  • attendees and participants at events that we host or sponsor;
  • individuals who use our Services; and
  • other individuals that otherwise communicate or interact with us.

Not covered by this notice.
This Privacy Policy does not apply to:

  • the samples and associated personal information that we receive from our institutional clients, as a data processor, or any information generated from such samples;
  • the samples and associated personal information that we receive from US study participants from any clinical or research study of which Adaptive is sponsoring, or any information generated from such samples;
  • samples and information that we receive related clonoSEQ laboratory and testing services or any other information that is subject to HIPAA, such as samples we receive for testing purposes associated with our laboratory services; this information is subject to our HIPAA Notice of Privacy Practices; or
  • job applicants and candidates who apply for employment, or to employees and non-employee workers, whose personal information is subject to different privacy notices which are provided to such individuals in the context of their employment or working relationship with Adaptive.
  1. COLLECTION OF PERSONAL INFORMATION
    Generally, we collect your personal information on a voluntary basis. However, if you decline to provide certain personal information that is marked mandatory, you may not be able to access certain of the Services and/or we may be unable to fully respond to your inquiry.

Sources of Personal InformationWe collect personal information directly from individuals (for example, when an individual registers for an account with us or contacts us), automatically related to the use of the Services, and in some cases, from third parties (such as clients and business partners, social networks, platform providers, payment processors, and operators of certain third-party services that we use).

Information We Collect Directly.  We collect information directly from individuals that use our Services, register for or attend our events or otherwise communicate or interact with us.  For example:

We may collect the following information from you:

  • Personal information you give us on our website or by email in order to obtain our Services: including any personal information you enter on our websites, such as when completing a “contact us” form or establishing or updating your profile in a service user account, your name and job title, your employer name or other affiliation, contact and shipping information including your email address, credit card or other payment card information (as applicable), information obtained through our use of cookies (explained below), purchase history (which we sometimes aggregate with similar information from other customers), and when provided, certain health information. Additionally, when you email us, call us, or otherwise send us communications, we collect and maintain a record of your contact details, communications and our responses. Also, if you post or submit reviews and comments to us, we may maintain a record of this content, including the location, date, and time of submission.
  • Personal information you give us for marketing purposes: including your business contact information, such as if you sign up to receive news, updates, offers and other marketing communications from us, we may collect your name and contact information. We may also collect name, email address, and other information when you participate in promotions, events or activities offered by us (collectively, “events”) or submit surveys or feedback to us.

Information Related to the Use of Our Services.  We may collect information via automated means or derive information about you when you use our website or Services or otherwise interact with us.  For example:

  • Usage data:we and our third-party providers may use cookies, pixels, tags, log-files, and other technologies to collect information about a user from their browser or device, including: IP address (and associated location information); MAC address; login credentials; browser type, version, and time zone setting; browser plug-in types and versions; screen resolution; operating system name and version; operating platform; device model; the URL from which you navigated to our website, as well as the pages you visited, links you clicked and activities performed on our website; and date and time stamps associated with your activities on our websites. We may also collect other technical information to help us identify your device for fraud prevention, diagnostic and similar purposes.  Please see the Cookies and Similar Technologies section below for more information.
  • Other: we may use CCTV and similar tools to monitor and secure our premises, which may lead to the collection of recordings about visitors to our premises. Further, if you contact our customer support services or participate in public events or webinars, we may record these interactions.

 

Information We Collect from Third Parties. We may collect personal information about you from third parties we work with such as third-party providers of services to us (e.g., fraud detection, identity verification and security), social networks, advertising networks, analytics providers, event sponsors, joint marketing partners, public records, and our affiliated companies.

For example:

  • information from third party platforms related to your posts about or interactions with us on social media services.
  • information from advertising networks or analytics providers related to your viewing of interactions with our ads, marketing or other content.
  • demographic information, updated professional or contact details and similar information from data brokers, public records, and affiliated companies.
  1. PURPOSES AND USE OF PERSONAL INFORMATION
    We may collect, use, disclose, and otherwise process your personal information for the purposes described in this section.
  2. Legal Bases for Processing Personal Information (where applicable)
    Certain laws, including the General Data Protection Regulation (GDPR), require that we inform you of the legal bases for our processing of your personal information.  Pursuant to the GDPR (and other similar relevant laws, such as the UK Data Protection Act), we may process personal information for the following legal bases:
  • Performance of contractprocessing of your personal information which is required for us to perform obligations or exercise rights under contracts that you may have with us (for example, if you use our Services).
  • Compliance with lawsto comply with our legal obligations (for example, maintaining information in accordance with tax, audit, or company law requirements and responding to legal process).
  • Our legitimate business interests: in furtherance of our legitimate business interests including:
    • to facilitate your participation in interactive features you may choose to use on our websites and Services and to personalize your experience with the Services by presenting content tailored to you.
    • to correspond with you, notify you of events or changes to our Services, or otherwise respond to your queries and requests for information, which may include marketing to you.
    • to send you advertising material via email, such as surveys and promotions (except where consent is required under applicable laws).
    • to provide and personalize the Services.
    • for data analysis, audits, fraud monitoring and prevention, and developing new products, enhancing, improving or modifying our websites, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
    • to protect and defend our legal rights and interests and those of third parties.
  • With your consent: where applicable laws require that we obtain your consent to collect and process your personal information, we will obtain your consent accordingly. When we obtain your consent, the GDPR (where it applies) and other applicable laws give you the right to withdraw your consent without penalty (g., you have agreed to receive marketing emails. By signing up or ticking “yes”, you are agreeing to allow Adaptive to use your data for outreach and marketing purposes. By unsubscribing, you revoke that consent.) You can do this at any time by contacting us using the details at the end of this Privacy Policy. In some jurisdictions (not including where the GDPR applies), your use of the websites may be taken as implied consent to the collection and processing of personal information as outlined in this Privacy Policy.

 

  1. Use and Processing of Personal Information
    We collect, use, and otherwise process your personal information for the below commercial or business purposes. While the purposes for which we may process personal information will vary depending upon the circumstances, in general we use personal information for the purposes set forth below.  Where GDPR or other similar relevant laws apply, we have set forth the legal bases for such processing (see above for further explanation of our legal bases) in parenthesis.
  • Providing support and Services: including to provide our Services; to communicate with you about your access to and use of our Services; to respond to your inquiries; to provide troubleshooting, fulfill your orders and requests, process your payments and provide technical support; and for other customer service and support purposes. (Legal basis: performance of our contract with you; and our legitimate interests)
  • Analyzing and improving our business: including to better understand how users access and use our Services, to evaluate and improve our Services and business operations, and to develop new Services; to conduct surveys and other evaluations (such as customer satisfaction surveys); and for other research and analytical purposes. (Legal basis: our legitimate business interests and/or with your consent)
  • Personalizing content and experiences: including to tailor content we send or display on our websites and other Services; to offer location customization and personalized help and instructions; and to otherwise personalize your experiences. (Legal basis: our legitimate business interests and/or with your consent)
  • Advertising, marketing, and promotional purposes: including to reach you with more relevant ads and to evaluate, measure, and improve the effectiveness of our ad campaigns; to send you newsletters, offers, or other information we think may interest you; to contact you about our Services or information we think may interest you; and to administer promotions and contests. (Legal basis: our legitimate business interests and/or with your consent)
  • Securing and protecting our business: including to protect and secure our business operations, assets, Services, network, and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorized activities or misconduct. (Legal basis: our legitimate business interests and/or compliance with laws)
  • Defending our legal rightsincluding to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend, or protect our rights or interests, including in the context of anticipated or actual litigation with third parties. (Legal basis: our legitimate business interests and/or compliance with laws)
  • Auditing, reporting, corporate governance, and internal operations: including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping, and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy, or restructuring of all or part of our business. (Legal basis: our legitimate business interests and/or compliance with laws)
  • Complying with legal obligations: including to comply with the law, our legal obligations and legal process, such as warrants, subpoenas, court orders, and regulatory or law enforcement requests. (Legal basis: our legitimate business interests and/or compliance with laws)

Aggregate and de-identified information. We may de-identify personal information and create anonymous and aggregated data sets and reports in order to assess, improve, and develop our business, products, and Services; prepare benchmarking reports on our industry; and for other research, marketing, and analytics purposes.

 

  1. DISCLOSURE OF PERSONAL INFORMATION
    We may disclose the personal information we collect as set forth in this section.
  • Service providers: to third-party service providers to provide us with services such as website hosting, payment processing services, and postal services.
  • Event organizers: to third parties involved with events that you register for, to facilitate your participation in those events.
  • Business partners: to our business partners in order to perform services you request or authorize, including as set forth in this policy, in accordance with our commercial practices.
  • Corporate transactions and restructuring: in connection with planning, due diligence, negotiation and implementation of an actual or potential corporate reorganization, merger, sale, joint venture, transfer, investment transaction, or other disposition of all or any of our business, including in connection with any bankruptcy or similar proceedings.
  • Legal obligations: as we deem necessary or appropriate under applicable laws, to respond to requests from public and government authorities including public and government authorities outside of your country of residence, to comply with court orders and other legal processes, to legally protect the rights, property, or safety of Adaptive, our users, or others, and to enforce our Website Terms of Use or other agreement with you.
  • To protect us and others: when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activity, suspected fraud, situations involving potential threats to the safety of any person, violations of our Website Terms of Use, or as evidence in litigation in which we are involved.
  • Advertising and analytics partners: to third parties that provide advertising, campaign measurement, online and mobile analytics, and related services to us (with your consent, where required by applicable laws). They may use this information to help us better reach individuals with relevant ads and to measure and improve our ad campaigns, or to better understand how individuals interact with our Services. In addition, these third parties may combine the information collected from us and our Services with information collected about you from third-party sites, apps and services, in order to make inferences about you and your interests, to better tailor advertising and content to you across multiple sites, apps, and services, and to collect associated metrics.
  • With consent: to third parties for other purposes, with your consent.


Aggregate and de-identified information.
 We may share aggregate or de-identified information, which does not identify and is not linked or linkable to a particular individual, with third parties for research, marketing, analytics, and other purposes.

  1. COOKIES AND SIMILAR TECHNOLOGIES
    Our websites may use first party and third-party cookies, pixel tags, plugins and other tools to gather device, usage, and browsing information when users visit our websites or use our online Services.  We use the information for security purposes, to facilitate navigation, to personalize and improve your experience while using the websites, to improve and measure our advertising campaigns and to better reach users with relevant advertising both on our websites and on third-party websites.

Cookies. A cookie is a small file that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our website, while others are used to enable a faster log-in process or to allow us to track your activities while using our website. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Some of the Services may not work properly if you disable cookies.

Pixel tags and other similar technologies. Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some websites to, among other things, track the actions of users of the websites (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the websites and response rates.  We and our service providers also use pixel tags in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Log files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and internet browser type and version. This information is gathered automatically and stored in log files.

Third-Party analytics tools. Our websites use automated devices and applications operated by third parties (e.g., Google Analytics), which use cookies and similar technologies to collect and analyze information about use of the websites and report on activities and trends.

Do-Not-Track signals. Please note that our websites do not recognize or respond to any signal which your browser might transmit through the so-called ‘Do Not Track’ feature your browser might have. If you wish to disable cookies on our websites, you should not rely on any ‘Do Not Track’ feature your browser might have.

Preferences. You can review or change your preferences for most third-party cookies and tags on our websites by adjusting your cookie settings:

Please note, that your preferences are applied on a browser and device basis.  So, you will need to set your cookie preferences for each browser and device you use to access our Site.  Further, if you subsequently delete cookies, your preferences may be lost and need to be reset.

Browser controls. In addition, you may block or disable cookies for the device and browser you are using, through your browser settings; however, certain features on our websites may not be available or function properly if you block or disable cookies. Our websites currently do not respond to “do not track” signals.  To review or change your cookie preferences, click the Cookie Settings button below:

For more information about how our websites uses cookies and similar technologies and how you can opt out of or change your preferences for certain cookies, please see our Cookie Policy.

  1. INTEREST BASED ADVERTISING
    We may work with third-party ad networks, channel partners, measurement services and others (“third-party ad companies”) to display advertising on our Services, and to manage our advertising on third-party sites and online services. We and these third-party ad companies may use cookies, pixels tags, and other tools to collect activity information on our Services (as well as on third-party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent, your device’s geolocation information.  These third-party ad companies use this information to provide you more relevant ads and content on behalf of Adaptive and other companies and to improve and evaluate such ads and content.

Your preferences. You may review, opt out of or update your preferences for third-party advertising tags and cookies on our websites, by updating your cookie settings for our websites using the button below:

Cookie Settings

In addition, you can learn more about the information collection practices and “opt-out” procedures of many third-party ad companies by visiting www.aboutads.info/choices (Digital Advertising Alliance (US)), or www.youradchoices.ca/choices/  (Digital Advertising Alliance of Canada) or www.youronlinechoices.com (EU).

  1. TRANSFERS OF YOUR PERSONAL INFORMATION
    Adaptive is located in the United States. If you are located in the European Economic Area (EEA) or the United Kingdom (UK) and you submit personal information to Adaptive, that information will be transferred to the United States (and other jurisdictions in which we or our vendors operate), where data protection laws are not equivalent to those in the EEA and UK. Where your personal information is transferred to Adaptive, such transfers are carried out on the basis of your consent and/or Adaptive’s EU-US Privacy Shield certification. You can access Adaptive’s EU-US Privacy Shield registration hereand Adaptive’s EU-US Privacy Shield policy here.  Adaptive also takes reasonable security measures to protect your personal information during such transfers and to protect its privacy and security in the United States.
  2. RIGHTS AND CHOICES REGARDING PERSONAL INFORMATION
    In this section we describe the choices individuals have regarding our collection, use, and handling of their personal information.

Access, amendment and deletion. You may request to review, make amendments, have deleted, or otherwise exercise your rights, under applicable privacy laws, over your personal information that we hold, subject to certain limitations under applicable law. You may submit a request to us related to your personal information by emailing us at privacy@adaptivebiotech.com. Please note that we may maintain copies of information that you have updated, modified, or deleted, in our business records and in the normal course of our business operations, as permitted or required by applicable law. Your access to or correction of your personal information is subject to applicable legal restrictions and the availability of such information. Further, we may take reasonable steps to verify your identity before granting such access or making corrections.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality that we owe to others, if we are legally entitled to deal with the request in a different way, or if relevant exemptions apply to some or all of the personal information subject to the request.

Additional information for certain jurisdictions. Adaptive is committed to respecting the privacy rights of individuals under all privacy laws applicable to us. At the end of this Privacy Policy, we specific information for individuals in certain jurisdictions, as required under certain privacy laws:

  • GDPR – EEA/UK: section a. GDPR – EEA/UK below provides information about data subject rights under the GDPR and UK Data Protection Act.
  • CCPA – California Residents: section B. CCPA – California Residents below sets forth additional information for California residents, about their rights under the CCPA.
  1. LINKS TO OTHER WEBSITES
    Our websites may contain links to enable you to visit other websites of interest easily. We do not have any control over any such other website. Therefore, we cannot be responsible for the protection and privacy of any information you provide while visiting such websites and such websites are not governed by this Online Privacy Policy. You should exercise caution and look at the privacy policy applicable to the website in question.
  2. SECURITY
    We have implemented security measures to protect the personal information we collect from unauthorized access or disclosure, including technical and organizational security measures to safeguard and secure the personal information we collect. Despite this, data security cannot always be guaranteed. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us at privacy@adaptivebiotech.com. In addition, you or anyone on your behalf are specifically requested not to send to us any health information or other sensitive personal information via email or via our external website; for information related to our clonoSEQ services, such information may be submitted in Adaptive’s secure clonoSEQ portal.

  3. RETENTION PERIOD
    We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.  We may retain personal information for longer where required by our regulatory obligations, professional indemnity obligations, or where we believe it is necessary to establish, defend or protect our legal rights and interests or those of others.
  4. CHILDREN
    Our websites are directed toward adults. We do not knowingly collect or use any personal information from children under the age of 13, and if we become aware that we have collected such information we will delete it.
  5. WEBSITE TERMS OF USE
    If you choose to visit our websites, your visit and any dispute over privacy is subject to this Online Privacy Policy and our Website Terms of Use, including limitations on damages, resolution of disputes, and application of the law of the state of Washington, United States of America, which is available at https://www.adaptivebiotech.com/terms-of-use/.
  6. REVISIONS
    We may revise this Online Privacy Policy from time to time. All updates to this statement will be posted on this web page. If we make material changes that affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our website notifying you at your email address of record with us. Please check our website for the most current version of our Online Privacy Policy.
  7. CONTACT AND COMMENTS
    If you have any questions or concerns related to this Privacy Policy or our information practices, please email us at privacy@adaptivebiotech.com.  You may also contact us via postal mail at:

Adaptive Biotechnologies Corporation
Attn: Kate Godfrey, JD, CCEP
VP, Government Affairs, Chief Compliance and Privacy Officer

1551 Eastlake Avenue East, Suite 200
Seattle, Washington 98102, USA
privacy@adaptivebiotech.com

16. ADDITIONAL INFORMATION FOR INDIVIDUALS IN CERTAIN JURISDICTIONS

A. GDPR Rights – EEA/UK
To the extent that the GDPR or the UK Data Protection Act applies to Adaptive’s processing of your personal information, you may have the following rights in relation to that personal information:

  • to obtain from us confirmation as to whether or not personal information concerning you is being processed, and where that is the case, to request access to the personal information. The accessed information includes – among others – the purposes of the processing, the categories of personal information concerned, and the recipients or categories of recipient to whom the personal information have been or will be disclosed. You have the right to obtain a copy of the personal information undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs;
  • to correct any personal information that we hold about you;
  • to have your personal information removed under certain circumstances unless continued processing is necessary by law;
  • to have the processing of your personal information restricted where you dispute its accuracy, if you think its processing is unlawful, or if you otherwise object to its processing, or when Adaptive no longer needs your personal information and you need it in relation to a legal claim;
  • to receive copies of your personal information under certain circumstances;
  • to object at any time to any processing of your personal information which has our legitimate interests as its legal basis. You may exercise this right without incurring any costs. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. The right to object does not exist, in particular, if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded;
  • to request that we change the manner in which we contact you for marketing purposes. You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes;
  • to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside the EU/EEA/UK. We may redact data transfer agreements to protect commercial terms; and
  • to complain to your national data protection regulator if you feel that any of your personal information is not being processed in accordance with the GDPR.
  • to withdraw your consent, where the processing of your personal information is based on consent (see the Purposes and Use of Personal Information section above); if you withdraw your consent, Adaptive will stop processing your personal information, unless we have another legal basis for doing so.

 

You may submit a request to us regarding your personal data held by Adaptive here.  You may also submit a request to us or contact us about this privacy policy or our privacy practices by emailing us at privacy@adaptivebiotech.com.  Please note that we may rely on applicable exemptions under EU, Member State, or UK law in order to deny part or all of your request.  If we do so, we will inform you when responding to your request.

B. CCPA – California Residents
In this section, we provide information for California residents, as required under California privacy laws, including the California Consumer Privacy Act (CCPA), which requires that we provide California residents certain specific information about how we handle their personal information, whether collected online or offline. Below, we provide information as required under California privacy laws, including the CCPA. This section does not address or apply to our handling of publicly available information made lawfully available by state or federal governments or other personal information that is subject to an exemption under Section 1798.145(c) – (f) of the CCPA.

Categories of personal information we may collect, use and disclose. Our collection, use, and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident. The list below sets out generally the categories of personal information about California residents that we may collect and may disclose to third parties for a business purpose. We collect these categories of personal information from the sources described in the Collection of Personal Information section above and use and disclose this personal information for the purposes described in the Purposes and Use of Personal Information and Disclosure of Personal Information sections above.

  • Identifiers: such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, government identifiers, and other similar identifiers.
  • Customer records: paper and electronic customer records containing personal information.
  • Protected classifications: characteristics of protected classifications under US state or federal laws, such as race, sex, age, and disability.
  • Commercial information: including records of personal property, products or Services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
  • Internet or other electronic network activity information: such as browsing history, clickstream data, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, including access logs and other usage data related to your use of any company websites, applications or other online services.
  • Geolocation data: precise location information.
  • Employment information: professional or employment-related information.
  • Education information: information that is not publicly-available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
  • Inferences: inferences drawn from personal information to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

 

Categories of Personal Information Sold The CCPA defines a “sale” as disclosing or making available personal information to a third party in exchange for monetary or other valuable consideration. While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” certain categories of personal information as defined under the CCPA.  We may disclose or make available to third-party ad companies (e.g., through third-party tags on our websites) identifiers and internet and other electronic activity information in order to improve and measure our ad campaigns and reach customers and potential customers with more relevant ads and content. Users can opt out of most third-party tags and cookies by adjusting their cookie settings.

 

CCPA Rights. California law grants California residents’ certain rights as set forth below.

  • Do-Not-Sell: California residents have the right to opt-out of our sale of their personal information. We do not sell personal information about residents who we know are younger than 16 years old without opt-in consent.
  • Requests to DeleteSubject to certain exceptions, California residents have the right to, at no charge, request deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies.
  • Request to Know: California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to receive information about how we have handled their personal information in the prior 12 months, including the:
    • categories of personal information collected;
    • categories of sources of personal information;
    • business and/or commercial purposes for collecting and selling their personal information;
    • categories of third parties to whom we have disclosed or shared their personal information;
    • categories of personal information that we have disclosed or shared with a third party for a business purpose; and
    • categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.

California residents may make a Request to Know up to twice every 12 months.

  • Right to Non-discrimination: California residents have the right not to be subject to discriminatory treatment for exercising their rights under the CCPA.
  • Submitting Requests: California consumers (or their authorized agents) may submit verifiable Requests to Know and Requests to Delete by submitting a request here.  We will respond to California residents’ requests as required by the CCPA.  You must complete all required fields on our webform (or otherwise provide us with this information via email at privacy@adaptivebiotech.com).  We will take steps to verify your request by matching the information provided by you with the information we have in our records.  If we are unable to adequately verify a request, we will notify the requestor. In some cases, we may request additional information in order to verify your request or where necessary to process your request.  You may also submit a Do-Not-Sell request by clicking the “Do Not Sell My Info (California Residents)” link in the footer of our website; you may also opt out of sales under the CCPA by adjusting your Cookie Settings:

For more information about our privacy practices, you may contact us as set forth in the Contact and Comments section above.

CA PRIVACY NOTICES

Effective Date: January 1, 2020

California Resident Privacy Notices
Adaptive Biotechnologies Corporation (“Adaptive,” “we,” “our” or “us”)
California Employee Privacy Notice

PURPOSE OF THIS NOTICE: This California HR Privacy Notice (the “Notice”) describes our collection and use of certain personal information relating to our current and former full-time, part-time and temporary employees and staff, as well as Adaptive officers, directors and owners who are California residents (each an “Employee”).   This Notice describes our collection and use of personal information about Employees and is intended to satisfy our applicable notice requirements under the California Consumer Privacy Act (“CCPA”).  We may provide Employees additional notices about our data collection practices that are covered by other laws (e.g., if we conduct a background check and/or collect health information).

SCOPE OF THIS NOTICE: This Notice applies to personal information that we collect and use in order to manage the employment relationship (including emergency contact information) and other personal information related to our administration of benefits to Employees.

What is personal information? In this Notice, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

What isn’t covered by this notice.  This Notice does not address or apply to our collection of personal information that is not subject to the CCPA, such as protected health information (or “PHI”), consumer credit reports and background checks, publicly available data lawfully made available from state or federal governement records, or other information that is exempt under the CCPA.  This Notice also does not apply to the personal information we collect from contractors or job applicants, or from customers or end users of our products and services, including Employees in the context of their personal use of our products and services (which is subject to our Privacy Policy). 

Are our practices the same for all Employees?  The categories of personal information we collect, and our use of personal information may vary depending upon the circumstances, such as an Employee’s role and responsibilities with Adaptive. The information in this Notice is intended to provide an overall description of our collection and use of personal information about Employees.

Categories of Personal Information Collected: Generally, we may collect the below categories of personal information about Employees:

Identifiers: such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

Paper and electronic records: such as records that may contain name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Commercial information: including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Characteristics of protected classifications: such as race/ethnicity, gender, sex, veteran status, disability, and other characteristics of protected classifications under California or federal law. (Note: generally, this information is collected on a voluntary basis, and is used in support of our equal opportunity and diversity and inclusion efforts or where otherwise required by law.)

Internet or other electronic network activity information: including browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, as well as physical and network access logs and other network activity information.

Audio, video and other electronic data: audio, electronic, visual, thermal, or similar information, such as, CCTV footage, photographs, and call recordings and other audio recording (e.g., recorded meetings and webinars).

Biometric information: physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including fingerprints, faceprint, hand, palm, vein patterns, DNA, imagery of the iris, retina, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information (collected where permitted by and subject to applicable laws).

Employment History: professional or employment-related information.

Education Information: information about education history or background that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

Inferences drawn from personal information collected: inferences used to create a profile about an individual reflecting her or his preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

Purposes for collecting and using personal information: Generally, we may use the above categories of personal information for the following purposes:

Compensation and Benefits. Relating to our administration of compensation and benefits, including:
• Administering employee payroll, salary, reimbursement and compensation
• Administering employee pensions, IRAs and 401K, health insurance, medical plans, and other employee benefits administration (which may include the collection of personal information about others such as beneficiaries, where necessary to administer such benefits)
• Administering Employee Stock options
• Reviewing, assessing and administering employee salary and compensation increases and bonuses
• Calculating deductions, issuing tax return-related documents and forms to employees
• Reviewing timecards and reported time worked
• Monitoring and managing PTO, holiday, FMLA, and other leaves of absences

Management of Employment Relationship. To manage our relationship with Employees, including related to:
• Hiring, terminations, relocation, transfers, promotions and disciplinary actions
• Reviewing performance and related management
• Conducting Employee performance reviews, compensation and bonus reviews, and headcount and salary reviews
• Administering and monitoring compliance with our policies and procedures
• Maintaining records of emergency contact information for use in the event of an emergency
• Administering or performing employment contracts where applicable
• Conducting pre-employment and employment screening
• For professional development and training purposes
• Verification and management of applicable Employee credentials, licensing and other qualifications
• Facilitating employee communication and collaboration, such as through the corporate directory, employee bios and other similar
• Facilitating the safety of our Employees
• In support of our equal opportunity employment policy and diversity and inclusion program

Business Operations and Client Services. Relating to the organization and operation of our business and our performance of services to clients, including related to:
• Operating our business by developing, producing, marketing, selling and providing goods and services
• Providing after-sales services to clients
• Auditing and assessing performance of business operations, including client services and associated activities
• Training and quality control
• Satisfying client reporting and auditing obligations
• Facilitating business development opportunities, as relevant
Facilitating communications in furtherance of the foregoing

Security and Monitoring. In order to monitor and secure our resources, network, premises and assets, including:
• Monitoring for, preventing and investigating suspected or alleged misconduct or violations of work rules
• Monitoring for, preventing, investigating, and responding to security and privacy incidents
• Providing and managing access to physical and technical access controls
• Monitoring activities, access and use to ensure the security and functioning of our systems and assets
• Securing our offices, premises and physical assets, including through the use of electronic access systems and video monitoring. [Please see the Adaptive Code of Conduct for additional information about our monitoring practices.]

Auditing, Accounting and Corporate Governance. Relating to financial, tax and accounting audits, and audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business purposes such as administration of our records retention program.
M&A and Other Business Transactions. For purposes of planning, due diligence and implementation of commercial transactions, for example mergers, acquisitions, asset sales or transfers, bankruptcy or reorganization or other similar business transactions.

Defending and Protecting Rights. In order to protect and defend our rights and interests and those of third parties, including to manage and respond to employee and other legal disputes, to respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.

Compliance with Applicable Legal Obligations. Relating to compliance with applicable legal obligations (such as hiring eligibility, responding to subpoenas and court orders) as well as assessments, reviews and reporting relating to such legal obligations, including under employment and labor laws and regulations, Social security and tax laws, environmental regulations, workplace safety laws and regulations, and other applicable laws, regulations, opinions and guidance.
[Other Business and Commercial Purposes. In addition, we may use the personal information we collect about Employees for other purposes including analytics and insights.

CONTACTING US ABOUT THIS NOTICE:  If you have any questions or concerns regarding our use of personal information as described in this Notice, please contact privacy@adaptivebiotech.com.

Adaptive Biotechnologies Corporation (“Adaptive,” “we,” “our” or “us”)
California Contractor Privacy Contractor Notice

PURPOSE OF THIS NOTICE: This California Contractor Privacy Notice (the “Contractor Notice”) describes our collection and use of certain personal information relating to our current and former contractors and other non-employee workers who are California residents (each a “Contractor”).   This Contractor Notice describes our collection and use of certain personal information about Contractors and is intended to satisfy our applicable notice requirements under the California Consumer Privacy Act (“CCPA”).  We may provide Contractors additional notices about our data collection practices that are covered by other laws (e.g., if we conduct a background check and/or collect health information).

SCOPE OF THIS NOTICE: This Contractor Notice applies to personal information that we collect and use in order to manage work assignments and our working relationship with Contractors.

What is personal information? In this Contractor Notice, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

What isn’t covered by this notice.  This Contractor Notice does not address or apply to our collection of personal information that is not subject to the CCPA, such as protected health information (or “PHI”), consumer credit reports and background checks, publicly avaulable data lawfully made available from state or federal governement records, or other information that is exempt under the CCPA.  This Contractor Notice also does not apply to the personal information we collect from employees or job applicants.

Are our practices the same for all Contractors?  The categories of personal information we collect, and our use of personal information may vary depending upon the circumstances, such as a Contractor’s work assignment or the amount or sensitivity of the information or assets they may access as part of their work assignment. The information in this Contractor Notice is intended to provide an overall description of our collection and use of personal information about Contractors.

Categories of Personal Information Collected: Generally, we may collect the below categories of personal information about Contractors:

Identifiers: such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

Paper and electronic records: such as records that may contain name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Characteristics of protected classifications: such as race/ethnicity, gender, sex, veteran status, disability, and other characteristics of protected classifications under California or federal law. (Note: generally, this information is collected on a voluntary basis, and is used in support of our equal opportunity and diversity and inclusion efforts or where otherwise required by law.)

Internet or other electronic network activity information: including browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, as well as physical and network access logs and other network activity information.

Biometric information: physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including fingerprints, faceprint, hand, palm, vein patterns, DNA, imagery of the iris, retina, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information (collected where permitted by and subject to applicable laws).

Employment History: professional or employment-related information.

Education Information: information about education history or background that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

Inferences drawn from personal information collected: inferences used to create a profile about an individual reflecting her or his preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Purposes for collecting and using personal information: Generally, we may use the above categories of personal information for the following purposes:

Management and Oversight. To manage work assignments and the working relationship with contractors, including:
• Reviewing, assessing and administering payments to or for Contractors
• Reviewing timecards and reported time worked
• Reviewing and validating qualifications (e.g., credentials and licenses) and experience and approving assignments
• Conducting due diligence and screening of Contractors
• Monitoring compliance with company policies and procedures
• Administration of relevant training
• Administration of speaking events or similar engagements
• Maintaining records of emergency contact information for use in the event of an emergency
• Granting access to relevant systems, tools and assets
• Otherwise as necessary related to a particular job assignment

General Business Operations. In support of our business operations, including related to:
• Auditing and assessing performance of business operations, including client services and associated activities
• Training and quality control
• Satisfying client reporting and auditing obligations

Security and Monitoring. In order to monitor and secure our resources, network, premises and assets, including:
• Monitoring for, preventing and investigating suspected or alleged misconduct or violations of policies and procedures
• Monitoring for, preventing, investigating, and responding to security and privacy incidents
• Providing and managing access to physical and technical access controls
• Monitoring activities, access and use to ensure the security and functioning of our systems and assets
• Securing our offices, premises and physical assets, including through the use of electronic access systems and video monitoring. [Please see Adaptive Code of Conduct for additional information about our monitoring practices.]

Auditing, Accounting and Corporate Governance. Relating to financial, tax and accounting audits, and audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business purposes such as administration of our records retention program.

M&A and Other Business Transactions. For purposes of planning, due diligence and implementation of commercial transactions, for example mergers, acquisitions, asset sales or transfers, bankruptcy or reorganization or other similar business transactions.

Defending and Protecting Rights. In order to protect and defend our rights and interests and those of third parties, including to manage and respond to employee and other legal disputes, to respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.

Compliance with Applicable Legal Obligations. Relating to compliance with applicable legal obligations (such as hiring eligibility, responding to subpoenas and court orders) as well as assessments, reviews and reporting relating to such legal obligations, including under employment and labor laws and regulations, Social security and tax laws, environmental regulations, workplace safety laws and regulations, and other applicable laws, regulations, opinions and guidance.

[Other Business and Commercial Purposes. In addition, we may use the personal information we collect about Contractors for other purposes including analytics and insights.

CONTACTING US ABOUT THIS NOTICE:  If you have any questions or concerns regarding our use of personal information as described in this Contractor Notice, please contact privacy@adaptivebiotech.com.

Adaptive Biotechnologies Corporation (“Adaptive,” “we,” “our” or “us”)
California Applicant Privacy Notice

PURPOSE OF THIS NOTICE: This California Applicant Privacy Notice (the “Applicant Notice”) describes our collection and use of certain personal information relating to external job applicants and candidates for positions with Company (”Applicants”).  For California residents, this Applicant Notice describes our collection and use of certain personal information about Applicants and is intended to satisfy our applicable notice requirements under the California Consumer Privacy Act (“CCPA”).  We may provide Applicants additional notices about our data collection practices that are covered by other laws (e.g., if we conduct a background check or extend an employment offer).

SCOPE OF THIS NOTICE: This Applicant Notice applies to the personal information that we collect from and about Applicants, in the context of reviewing, assessing, considering, managing, storing or processing their applications or otherwise considering them for a position with us.

What is personal information? In this Applicant Notice, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

What isn’t covered by this notice.  This Applicant Notice does not address or apply to our collection of personal information that is not subject to the CCPA, such as consumer credit reports and background checks, publicly avaulable data lawfully made available from state or federal governement records, or other information that is exempt under the CCPA.  This Applicant Notice also does not apply to the personal information we collect from employees or contractors (which is subject to  separate privacy notices).

Are our practices the same for all Applicants?  The categories of personal information we collect, and our use of personal information may vary depending upon the position(s) or location, as well as the associated qualifications and responsibilities.  The information in this Applicant Notice is intended to provide an overall description of our collection and use of personal information about Applicants.

Categories of Personal Information Collected: Generally, we may collect the following categories of personal information (as set forth in the CCPA) about Applicants:

Identifiers: such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

Paper and electronic records: such as records that may contain name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Commercial information: including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Characteristics of protected classifications: such as race/ethnicity, gender, sex, veteran status, disability, and other characteristics of protected classifications under California or federal law. (Note: generally, this information is collected on a voluntary basis, and is used in support of our equal opportunity and diversity and inclusion efforts or where otherwise required by law.).

Internet or other electronic network activity information: including browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, as well as physical and network access logs and other network activity information.

Employment History: professional or employment-related information.

Education Information: information about education history or background that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

Inferences drawn from personal information collected: inferences used to create a profile about an individual reflecting her or his preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Purposes for collecting and using personal information: Generally, we may use the above categories of personal information for the following purposes:

Recruiting, Hiring and Managing, and Evaluating Applicants. To review, assess, recruit, consider or otherwise manage applicants, candidates and job applications, including:
• Scheduling and conducting interviews
• Identifying candidates, including by working with external recruiters
• Reviewing, assessing and verifying information provided, to conduct criminal and background checks, and to otherwise screen or evaluate Applicants’ qualifications, suitability and relevant characteristics
• Extending offers, negotiating the terms of offers, and assessing salary and compensation matters
• Satisfying legal and regulatory obligations
• Communicating with Applicants regarding their applications and about other similar position(s) for which they may be interested
• Maintaining Applicant personal information for future consideration
• In support of our equal opportunity employment policy and practices

Security and Monitoring. In order to monitor and secure our resources, network, premises and assets, including:
• Monitoring for, preventing and investigating suspected or alleged misconduct or violations of work rules
• Monitoring for, preventing investigating, and responding to security and privacy incidents
• Providing and managing access to physical and technical access controls
• Monitoring activities, access and use to ensure the security and functioning of our systems and assets
• Securing our offices, premises and physical assets, including through the use of electronic access systems and video monitoring

Auditing, Accounting and Corporate Governance. Relating to financial, tax and accounting audits, and audits and assessments of our business operations, security controls, financial controls, or compliance with legal obligations, and for other internal business purposes such as administration of our records retention program.
M&A and Other Business Transactions. For purposes of planning, due diligence and implementation of commercial transactions, for example mergers, acquisitions, asset sales or transfers, bankruptcy or reorganization or other similar business transactions.

Defending and Protecting Rights. In order to protect and defend our rights and interests and those of third parties, including to manage and respond to employee and other legal disputes, to respond to legal claims or disputes, and to otherwise establish, defend or protect our rights or interests, or the rights, interests, health or safety of others, including in the context of anticipated or actual litigation with third parties.

Compliance with Applicable Legal Obligations. Relating to compliance with applicable legal obligations (such as hiring eligibility, responding to subpoenas and court orders) as well as assessments, reviews and reporting relating to such legal obligations, including under employment and labor laws and regulations, Social security and tax laws, environmental regulations, workplace safety laws and regulations, and other applicable laws, regulations, opinions and guidance.
Other Business and Commercial Purposes. In addition, we may use the personal information we collect about Applicants for other purposes including analytics and insights.

CONTACTING US ABOUT THIS NOTICE:  If you have any questions or concerns regarding our use of personal information as described in this Applicant Notice, please contact privacy@adaptivebiotech.com.

back_to_top