Data Protection and Privacy Statement
Myriad Genetics, Inc. and its Affiliates
Myriad Genetics, Inc., 320 Wakara Way, Salt Lake City UT 84108, U.S.A., and its affiliated companies in the United States and Europe, including Myriad Genetics GmbH, Leutschenbachstraße 95, 8050 Zurich, Switzerland (“Myriad Switzerland”) and Myriad GmbH, Bunsenstrasse 7, 82152 Martinsried, Germany (“Myriad Germany”; collectively, “Myriad”) are committed to adhering to applicable data protection laws. This Data Protection and Privacy Statement discloses our practices with regard to the collection, processing and use of personal data of employees of Myriad Switzerland, Myriad Germany and other European affiliates of Myriad and patients undergoing clinical diagnostic testing (collectively “European Personal Data”).
COLLECTION, PROCESSING AND USE OF EUROPEAN PERSONAL DATA
Personal Data of Patients
Myriad Switzerland and Myriad Germany collect personal data of patients in the course of clinical diagnostic testing, inter alia, patient medical data and records, data of clinical diagnostic laboratory testing and genetic sequencing test results, name, address, medical history potentially including diagnosed cancer, and health insurance information of the patient. Myriad Switzerland and Myriad Germany may use this personal data for the following purposes: providing clinical laboratory services, including molecular diagnostic test services; creating anonymised analyses of biomarker and cancer type data for publication and internal research; and providing customer service.
Personal Data of Employees
Myriad Switzerland and Myriad Germany collect personal data of their employees, and the employees of Myriad’s European affiliates, in the course of the employment with them, inter alia the employee’s name, address, job title and salary information. Myriad Switzerland and Myriad Germany may use this personal data for general HR administrative functions, including hiring, performance assessment, promotion, salary and benefits determinations.
Data Transfers outside the EEA and Switzerland
Myriad Switzerland and Myriad Germany may transfer European Personal Data to its parent company, Myriad Genetics, Inc., affiliates and subsidiaries of Myriad Genetics Inc., business partners, and service providers (“Data Recipients”) for the purposes listed above.
Data Recipients may be located in countries outside the European Economic Area and Switzerland (“Third-Countries”) in which an adequate level of data protection equivalent to the European Union, the European Economic Area or Switzerland may not be guaranteed. If Data Recipients are located in Third-Countries without an adequate level of data protection, such as the United States, Myriad Switzerland and Myriad Germany have implemented appropriate measures to guarantee that the European Personal Data transferred are adequately safeguarded, e.g. by concluding EU Standard Contractual Clauses for transfer of personal data to third-countries, respectively, with the Data Recipients.
Data Security, Integrity and Access
Myriad takes reasonable precautions to protect European Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. Myriad makes reasonable efforts to keep European Personal Data reliable for its intended use, accurate, current and complete. Myriad provides European data subjects with access to their personal data with the opportunity to review and correct their personal data. European data subjects may contact the Myriad privacy contact person identified below to review their personal data. Myriad reserves the right to take reasonable steps to authenticate the identity of any individual seeking access to their Personal Data.
In the case of a legally binding order for access to the European Personal Data by an authorized public authority, Myriad may disclose European Personal Data to the extent necessary to comply with such binding order. In any such event, Myriad will use its reasonable efforts to comply with the data disclosure rules under HIPAA and seek that any disclosures of the personal data by it to any public authority are not massive, disproportionate and indiscriminate in a manner that it would go beyond what is necessary in a democratic society.
Requests for further information regarding this Data Protection and Privacy Statement or requests for access to, or review or correction of European Personal Data should be directed to the privacy contact person(s) listed below. Additionally, if any individual who experiences an issue regarding the European Personal Data that Myriad holds about him or her that he or she cannot resolve directly with Myriad, the individual may contact the competent local data protection authority in the EU or Switzerland for further information.
Privacy Contact Person(s):
Kerstin Bohmann, Director Regulatory Affairs
Myriad Services GmbH
Fraunhoferstraße 18a, 82152 Martinsried
Don Martin, Director Compliance
Myriad Genetic Laboratories, Inc.
320 Wakara Way
Salt Lake City, UT 84108
+1 (801) 883-3387
Version February 2017