Data Protection and Privacy Statement
Myriad Genetics, Inc. and its Affiliates
Myriad Genetics, Inc., 320 Wakara Way, Salt Lake City UT 84108, U.S.A., and its affiliated companies in the United States and Europe, including Myriad Genetics GmbH, Leutschenbachstrasse 95, 8050 Zurich, Switzerland (“Myriad Switzerland”) and Myriad Service GmbH, Staffelseestraße 6, 81477 Munich, Germany (“Myriad Germany”; collectively, “Myriad”) are committed to adhering to applicable data protection laws. This Data Protection and Privacy Statement discloses our practices with regard to the collection, processing and use of personal data of employees of Myriad Switzerland, Myriad Germany and other European affiliates of Myriad and patients undergoing clinical diagnostic testing (collectively “European Personal Data”).
COLLECTION, PROCESSING AND USE OF EUROPEAN PERSONAL DATA
Personal Data of Patients
Myriad Switzerland and Myriad Germany collect personal data of patients in the course of clinical diagnostic testing, inter alia, patient medical data and records, data of clinical diagnostic laboratory testing and genetic sequencing test results, name, address, medical history potentially including diagnosed cancer, and health insurance information of the patient. Myriad Switzerland and Myriad Germany may use this personal data for the following purposes: providing clinical laboratory services, including molecular diagnostic test services; creating anonymized analyses of biomarker and cancer type data for publication and internal research; and providing customer service.
Personal Data of Employees
Myriad Switzerland and Myriad Germany collect personal data of their employees, and the employees of Myriad’s European affiliates, in the course of the employment with them, inter alia the employee’s name, address, job title and salary information. Myriad Switzerland and Myriad Germany may use this personal data for general HR administrative functions, including hiring, performance assessment, promotion, salary and benefits determinations.
Personal Data of Business Partners and Contact Persons for Business Partners
Myriad Switzerland and Myriad Germany collect personal data from business partners, in so far as they are natural persons, and contact persons for business partners for the purpose of establishing professional contact and communication, maintaining business relations and implementing contracts between us and your employer, and for purposes of internal administration. We process your data for our legitimate interests, which are mentioned above. Insofar as we process personal data beyond this, this is based on your consent. If we did not get the contact details directly from you, we received them from your employer.
Data Transfers outside the EEA and Switzerland
Myriad Switzerland and Myriad Germany may transfer European Personal Data to its parent company, Myriad Genetics, Inc., affiliates and subsidiaries of Myriad Genetics Inc., business partners, and service providers (“Data Recipients”) for the purposes listed above.
Data Recipients may be located in countries outside the European Economic Area and Switzerland (“Third-Countries”) in which an adequate level of data protection equivalent to the European Union, the European Economic Area or Switzerland may not be guaranteed. If Data Recipients are located in Third-Countries without an adequate level of data protection, such as the United States, Myriad Switzerland and Myriad Germany have implemented appropriate measures to guarantee that the European Personal Data transferred are adequately safeguarded, e.g. by concluding EU Standard Contractual Clauses for transfer of personal data to third-countries, respectively, with the Data Recipients.
Data Security, Integrity and Access
Myriad takes reasonable precautions to protect European Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. Myriad makes reasonable efforts to keep European Personal Data reliable for its intended use, accurate, current and complete. Myriad provides European data subjects with access to their personal data with the opportunity to review and correct their personal data. European data subjects may contact the Myriad privacy contact person identified below to review their personal data. Myriad reserves the right to take reasonable steps to authenticate the identity of any individual seeking access to their Personal Data.
In the case of a legally binding order for access to the European Personal Data by an authorized public authority, Myriad may disclose European Personal Data to the extent necessary to comply with such binding order. In any such event, Myriad will use its reasonable efforts to comply with the data disclosure rules under HIPAA and seek that any disclosures of the personal data by it to any public authority are not massive, disproportionate and indiscriminate in a manner that it would go beyond what is necessary in a democratic society.
As the data subject you have the following rights, provided the legal conditions are fulfilled:
• Right to Information,
• Right to Rectification of incorrect data,
• Right to Erasure of Data,
• Right to Restriction of Processing,
• Right to Data Portability,
• Right to Objection
Provided the data processing is based on your consent, you may revoke it at any time, with effect on the future. You also have the right to launch a complaint with the Data Protection Supervisory Authority about the data processing.
Requests for further information regarding this Data Protection and Privacy Statement or requests for access to, or review or correction of European Personal Data should be directed to the privacy contact person(s) listed below. Additionally, if any individual who experiences an issue regarding the European Personal Data that Myriad holds about him or her that he or she cannot resolve directly with Myriad, the individual may contact the competent local data protection authority in the EU or Switzerland for further information.
Privacy Contact Persons:
Data Protection Officer
fox-on Datenschutz GmbH
Tel.: +49 22 66 – 90 15 920
SVP, Chief Compliance Officer
Myriad Genetic Laboratories, Inc.
320 Wakara Way
Salt Lake City, UT 84108
Tel.: +1 (801) 584-1136
Version September 2019