Collecting and Using Information

Personal Information We Collect

Through your use of the Site and Services, we will collect personal information from you. For purposes of this Privacy Notice, “personal information” (also commonly referred to as “personal data” or “personally identifiably information (PII)”) refers to any information relating to an identified or identifiable natural person that we maintain in an accessible form.

Information You Provide
When you use the Site or Services, you may voluntarily provide us with the following types of personal information:

• Create a Portal Account. To create an account, you will provide us with your first and last name, email address, and password.
• Sign into Portal. To sign into your user account, you will provide us with your login credentials.
• Providing Diagnostic Samples. When you provide a sample for diagnostic testing, you may provide your name and contact information in addition to your sample.
• Making an Order. When you order test kits, you may provide us with your name, address, telephone number, insurance information, national provider identifier, desired test, gender, credit card information, and any other information you choose to provide.
• Contact Us. When you contact us by telephone or email, you may need to provide us with your name, email address, and/or phone number.
• Interact with our Site or Services. When you send us any feedback, questions, comments, suggestions, ideas, or interact with us in any way, you may need to provide us with your name and/or email address.
  
  

Information as You Navigate Our Site and Services
We automatically collect certain personal information through your use of the Site and Services. We will automatically collect certain personal information, such as the following:

• Usage Information. For example, the pages on the Site you access, the frequency of access, and what you click on while on the Site.
• Device Information. For example, hardware model, operating system, application version number, and browser.
• Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
• Location Information. Location information from Site visitors on a city-regional basis.
  
  

Third Party Information
We may receive certain personal information from you about a third party. For example, we may receive information about you from a provider if you have been referred to us for laboratory testing. Such sharing may be subject to an agreement with additional protections for your personal information. If you submit any personal information about another individual to us, you are responsible for making sure that you have the authority to do so and to allow us to use their personal information in accordance with this Privacy Notice.

How We Use Your Personal Information

We use the personal information we collect to provide the Services to you, to improve our Services and Site, and to protect our legal rights. In addition, we may use the personal information we collect to:

• Process your portal registration;
• Complete your diagnostic testing;
• Communicate with you about our Site or Services or to inform you of any changes to our Site or Services;
• Provide support;
• Maintain and improve our Site and Services;

• Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our terms of use;

• Defend our legal rights and the rights of others;
• Efficiently maintain our business; and
• Comply with applicable law.
  
  

How We Share Your Personal Information

Given the nature of CirrusDx’s Services, some personal information may be shared with your provider. In other instances, we may share the information that we collect about you in the following ways:

• With service providers who perform data services on our behalf (e.g., email, hosting, maintenance, backup, analysis, etc.). Any such service providers will be under an obligation to us to maintain the confidentiality of your personal information;
• To service providers to prepare, deploy and analyze advertising content;
• To the extent that we are required to do so by law;
• In connection with any legal proceedings or prospective legal proceedings;
• To establish, exercise, or defend our legal rights, including providing information to others for the purposes of fraud prevention;
• To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information;
• To any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition or in preparation for any of these events; and
• To any other person or entity where you consent to the disclosure.

 

Cookies and Other Tracking Technologies

The Site currently collects very limited information via cookies or other tracking technologies. However, like many other companies, we may use cookies and other tracking technologies (such as pixels and web beacons) (collectively, “Cookies”) in the future. We may use Cookies to:

• Estimate audience size and usage patterns;
• Understand and save your preferences for future visits, allowing us to customize the Site and Services to your individual needs;
• Advertise new content and services that relate to your interests;
• Keep track of advertisements and search engine results;
• Compile aggregate data about site traffic and site interactions to resolve issues and offer better site experiences and tools in the future; and
• Recognize when you return to the Site.
  
  

Some Cookies may be set by us, while separate entities set other Cookies. We use Cookies other entities set to provide us with useful information, to help us improve our Site and Services, to conduct advertising, and to analyze the effectiveness of advertising.

Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses Cookies to help us analyze how users interact with the Site and Services, compile reports on their activity, and provide other services related to their activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a returning visitor, and any referring website. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google, click here.

How You Can Opt Out of Cookies

Browser Settings
You can block Cookies by changing your Internet browser settings to refuse all or some Cookies. If you choose to block all Cookies (including essential Cookies) you may not be able to access all or parts of the Site.

You can find out more about Cookies and how to manage them by visiting www.AboutCookies.org or www.allaboutcookies.org.

Platform Controls
You can opt out of Cookies set by specific entities by following the instructions found at these links:

• Adobe: https://www.adobe.com/privacy/opt-out.html
• Google: https://adssettings.google.com

Advertising Industry Resources
You can understand which entities have currently enabled Cookies for your browser or mobile device and how to opt out of some of those Cookies by accessing the Network Advertising Initiative’s website or the Digital Advertising Alliance’s website. For more information on mobile specific opt-out choices, visit the Network Advertising Initiative’s Mobile Choices website. Please note these opt-out mechanisms are specific to the device or browser on which they are exercised. Therefore, you will need to opt out on every browser and device that you use.

 

Third Party Processors

To the extent we engage third-party processors to provide the Services, we have put in place appropriate procedures with the service providers we share your personal information with to ensure that your personal information is treated by those service providers in a way that is consistent with, and which respects the applicable laws on data security and privacy.

 

“Do Not Track” Signals

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to, or alter its practices when it receives “Do Not Track” signals.

 

Third Party Links

The Site may contain links that will let you leave the Site and Services and access another website. Linked websites are not under our control. This Privacy Notice applies solely to personal information that is acquired on this Site and Services. We accept no responsibility or liability for third-party websites and encourage you to review third-party privacy practices via each respective website.

 

Security

We maintain commercially reasonable security measures to protect the personal information we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

 

Children’s Privacy

The Site and Services are not intended for children under 16 years of age. We do not knowingly collect, use, or disclose personal information from children under 16.

 

Your Personal Information and Your Rights–United States Only

California Shine the Light Law

We do not disclose personal information obtained through our Site or Services to third-parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.

 

Your Personal Information and Your Rights–Europe and Similar Jurisdictions

If you are in a country in the European Economic Area (EEA), the United Kingdom, or other jurisdictions with similar privacy rights, you may be entitled to the following explanation of the legal bases we rely on to process your personal information and a description of your privacy rights.

In certain circumstances, you have the following data protection rights:

• The right to access. You have the right to obtain from us confirmation as to whether or not we are processing personal data about you and, if so, the right to be provided with the information contained in this Privacy Notice.
• The right of rectification. You have the right to have your personal information corrected/rectified if that information inaccurate or incomplete.
• The right to object. You have the right to object to our processing of your personal information in certain circumstances.
• The right of restriction. You have the right to request that we restrict the processing of your personal information in certain circumstances.
• The right to data portability. You have the right to be provided with a copy of the personal information we have on you in a structured, machine-readable, and commonly used format.
• The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.
• The Right to Delete. You can ask us to delete your personal information if:
  • We no longer need it for the purposes for which we collected it;
  • We have been using it with no valid legal basis;
  • We are obligated to erase it to comply with a legal obligation to which we are subject;
  • We need your consent to use the information, and you withdraw consent;
  • You object to us processing your personal data where our legal basis for doing so is our legitimate interests and there are no overriding legitimate grounds for the processing.
    
    

Even if you make a request for deletion, we may need to retain certain information for legal or administrative purposes, such as record keeping, maintenance of opt-out requirements, defending or making legal claims, or detecting fraudulent activities. We will retain information in accordance with the “How Does CirrusDx Retain Your Personal Information? Section below. If you do exercise a valid right to have your personal data deleted, please keep in mind that deletion by third parties to whom the information has been provided might not be immediate and that the deleted information may persist in backup copies for a reasonable period (but will not be available to others).

In order make a request regarding your personal information, please contact info@cirrusdx.com.

If you have a comment, question, or complaint about how we are handling your personal information, we hope that you contact us as described herein to allow us to resolve the matter. In addition, if you are located in the EEA, you may submit a complaint regarding the processing of your personal information to a regulatory authority.

The following links may assist you in finding the appropriate regulator:

• In the UK, you have the right to lodge a complaint with the Information Commissioner: ico.org.uk.
• In Switzerland, you have the right to contact the Federal Data Protection and Information Commissioner (FDPIC): https://www.edoeb.admin.ch/edoeb/en/home.html.
• In the EU, you have the right to lodge a complaint with your local data protection authority. To find your local authority, you can check the list on the European Data Protection Board website: https://edpb.europa.eu/about-edpb/board/members_en.
• In Australia, you have the right to lodge a complaint with the Privacy Commissioner: https://www.oaic.gov.au/.
• In Brazil, you have the right to lodge a complaint with the National Data Protection Authority (ANPD): https://www.gov.br/anpd/pt-br.
• In Canada, you have the right to lodge a complaint with the Office of the Privacy Commissioner in Canada: https://www.priv.gc.ca/en/.
  
  

Legal Basis for Processing
If you are located in the EEA or a jurisdiction that requires a similar legal basis for processing, our legal basis for collecting and using the personal information described in this Notice depends on the personal information we collect and the specific context in which we collect it.

We may process personal information because:

• It is necessary for the performance of a contract between you and CirrusDx;
• You have given us consent to do so (in applicable jurisdictions);
• The processing is in our legitimate interest as the Controller, when that legitimate interest is not overridden by your rights;
• You brought a claim against us, or we brought a claim against you in relation to your personal information;
• CirrusDx must comply with the law.
  
  

Where certain sensitive personal information is processed based on your explicit consent, you may have the right to withdraw such consent at any time. To do so, please contact us as described in this Privacy Notice. If there is a different legal basis that would permit us to continue processing your personal information after withdrawing consent, we will notify you of that legal basis at the time of your request.

How Does CirrusDx Retain Your Personal Information?
We will retain your personal Information for as long as necessary to fulfill the purposes for which we collect it and as set out in this Privacy Notice and for the purpose of satisfying any legal, accounting, or reporting requirements that apply to us.

 

How to Contact Us

For questions or concerns about our privacy policies or practices, please contact us at:

Cirrus Dx, Inc.
9901 Belward Campus Drive, Suite 300
Rockville, Maryland 20850

Phone: 240-813-8801
General Email Inquiry: info@cirrusdx.com

Last Updated: July 30, 2025