Effective Date: October 4, 2018
Adaptive commits its cooperation with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regards to disputes over human resources data transferred from the EU and Switzerland in the context of the employment relationship. Adaptive will comply with any advice provided by such authorities as it relates to pertinent activities.
We may update this Policy from time to time consistent with the requirements of the Privacy Shield Framework, and we will provide appropriate notice of an such amendments on the Adaptive website Legal-Privacy page, https://www.adaptivebiotech.com/legal-privacy.
“Data Subject” means the individual to whom any given Personal Data covered by this Privacy Shield Policy refers.
“Personal Data” means any information relating to an individual residing in the European Union or Switzerland that can be used to identify that individual either on its own or in combination with other readily available data.
“Sensitive Personal Data” means Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.
II. TYPES OF PERSONAL DATA ADAPTIVE RECEIVES FROM THE EU AND SWITZERLAND
III. PURPOSES FOR PERSONAL DATA COLLECTION AND USE
- Conduct research and development
- Undertake product development
- Perform contracts and services
- Conduct healthcare operations
- Engage in marketing and sales, with proper consent
- De-identify or anonymize the information so it is no longer Personal Data and may be used for purposes other than those described here.
- Consider expressions of interest for employment and evaluate candidates and, if hired, employees.
Adaptive maintains reasonable procedures to help ensure that EU and/or Swiss Personal Data is reliable for its intended use, accurate, complete, and current. If Adaptive seeks to use Personal Data covered by this Privacy Shield Policy for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, Adaptive will provide Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. Adaptive takes reasonable and appropriate measures to retain Personal Data in identifiable form only for as long as it serves a purpose of legitimate use or other processing.
IV. PURPOSES FOR SHARING AND RECIPIENTS OF PERSONAL DATA
A. Third-Party Agents and Service Providers: We share Personal Data with unaffiliated third parties who provide us with services, such as those who assist us with technology, data analysis, or similar services. Where required by the Privacy Shield, we enter into written agreements with those third-party agents and service providers requiring them to provide at least the same level of protection that the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that third party agents and service providers process EU and/or Swiss Personal Data in accordance with our Privacy Shield obligations and (ii) to cease and remediate the adverse effects of any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers that perform services on our behalf for their handling of EU and/or Swiss Personal Data that we transfer to them.
B. Third-Party Data Controllers: In some cases, we may transfer EU and/or Swiss Personal Data to unaffiliated third-party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We will make such transfers only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by or notice provided to the Data Subjects, (ii) provide at least the same level of protection as is required by the Privacy Shield Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If we obtain knowledge that a third party acting as a controller is processing Personal Data covered by this Privacy Shield Policy in a way that is contrary to the Privacy Shield Principles, Adaptive will take reasonable steps to prevent or stop such processing. The third-party data controllers to whom we may disclose Personal Data include but are not limited to:
- Research and Development Partners.
- Acquirers or Assignees: In the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Adaptive or its assets, we may transfer Personal Information to the acquiring party or assignee.
- Corporate Investment Partners.
C. Entities Entitled Under Law: We also may disclose Personal Data in the following circumstances: (i) when required by applicable law, including laws outside your country of residence; (ii) to comply with legal process (iii) to respond to requests from public and government authorities; (iv) to meet national security or law enforcement requirements, or (v) to evaluate job candidates, check references or background, and if hired, regarding employment.
V. DATA SUBJECTS’ ACCESS TO THEIR PERSONAL DATA
Each Data Subject has the right to access the Personal Data Adaptive has obtained regarding he or she in reliance on the Privacy Shield and to request that we correct, amend, or delete that Personal Data if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, alternative choice of opt-in/out, or deletion of your EU and/or Swiss Personal Data, you can submit a written request to us as indicated in the “Contacting Us” section of this Policy below. We may request specific information from you to confirm your identity in order to respond to such a request. In some circumstances we may charge a reasonable fee for access to your information. If your EU and/or Swiss Personal Data was provided to us by an Adaptive customer, we may facilitate your access to such data by directing you to the customer that provided your data to us.
Adaptive maintains reasonable and appropriate security measures to protect EU and/or Swiss Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield Framework.
VII. COMPLAINTS AND MECHANISMS FOR RECOURSE
Each Data Subject may raise questions or complaints about the use or disclosure of their EU and/or Swiss Personal Data in conformance with the Privacy Shield Principles. If you have any such questions or complaints, please write to us as directed in the “Contacting Us” section of this Policy below. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EU and/or Swiss Personal Data within 45 days of receiving your complaint.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider, JAMS (free of charge) at https://jamsadr.com/eu-us-privacy-shield.
Under certain conditions detailed in the Privacy Shield, Data Subjects may be able to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. Information on the conditions for and steps necessary to pursue this option is available at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
VIII. CONTACTING US
Adaptive Biotechnologies Corporation
Attn: Kate Godfrey, JD, CCEP
VP, Compliance and Data Privacy Officer
1551 Eastlake Avenue East, Suite 200
Seattle, Washington 98102
Email to: email@example.com