Inocras Inc. and its subsidiaries and affiliates (“Inocras,” “we,” “us,” or “our”) are committed to protecting your
privacy. This Privacy Policy describes how and why we collect, store, use, or share personal information. By the
term “personal information,” we mean information that identifies, relates to, describes, is reasonably capable of
being associated with, or could reasonably be linked, directly or indirectly, to a particular person or household. We
collect, store, use, or share your personal information when you:
– Access or use our website, platforms, products, solutions, or services (collectively, “Services”);
– Interact with us, including by transmitting data or information by email, telephone, social media, and in
person; or
– Otherwise communicate with us.
This Privacy Policy will help you understand your privacy rights and choices. Please read this Privacy Policy
carefully. If you do not agree with our policies and practices, please do not use our website or platform. If you still
have any questions or concerns after reading this Privacy Policy, please contact us at the contact point as set out
below.
In this Privacy Policy, “Patients” are the patients whose data or samples are being provided to us for sequencing or
analysis. “Members” are the registered users of our website or platform.
Section 1. Purpose of Processing Personal Information
Inocras collects and uses personal information for the following purposes:
1. To provide Services to you, or to perform any contract that we will enter into or have entered into with you.
2. To process your registration on our websites or platforms.
3. To personalize your experience on our websites or platforms, including by using cookies and similar tracking
technology to keep track of your preferences.
4. To communicate with you and respond to or carry out your requests, questions, and feedback.
5. To verify your identity.
6. To maintain the quality of, and improve, existing Services and develop new Services.
7. To enforce and improve our security measures.
8. To maintain compliance with laws and regulations that apply to us.
9. Where we are allowed to do so by law or your consent, to provide you with marketing, promotion, or
advertising information, including by providing you with opportunities to participate in research or clinical
trials.
10. Where we are allowed to do so by law or your consent, to de-identify your personal information and use the
de-identified information for statistical compilation, scientific research, record-keeping for public interest
purposes, and other uses of de-identified information as allowed by law.
Section 2. Personal Information to be Collected and Processed
1. Inocras collects and processes the following personal information of the Members (“Member Information”):
a) Contact information. This includes information such as your name, phone number, fax number,
mailing/shipping address, email address, job title, affiliation (office/hospital/institution), account log-in
ID/username, and password. We collect this information when you provide it to us.
b) Payment-related information. This includes information such as billing address, debit/credit card
numbers, and other financial account information. We collect this information when you provide it to us.
c) National Provider Identifier (NPI), if you are a healthcare provider and provide your NPI to us.
d) Testimonials, if you provide us with testimonials related to your experiences with our Services.
e) Technical data, such as your internet protocol (“IP”) address, access logs, and cookies. This information
is automatically collected when you use our website or platform.
2. Inocras collects and processes the following personal information of the Patients (“Patient Information”):
a) Contact information. This includes information such as your name, phone number, fax number,
mailing/shipping address, and email address. We collect this information when you or your healthcare
provider provide it to us.
b) Payment-related information. This includes information such as billing address, debit/credit card
numbers, and other financial account information. We collect this information when you or your
healthcare provider provide it to us.
c) Demographic, clinical, genetic, or other information related to testing. This includes information such as
biological sex at birth, date of birth, age, marital status, patient ID numbers attributed to you by
clinicians, Test Acquisition Number (a unique ID number generated by us) attributed to you, medical
records/history, status/risks of any disease/condition, and information revealing your race or ethnic
origin. We collect this information when you or your healthcare provider provide it to us. In the case of
genetic information, we collect genetic information when we generate it from your sample and also if
you or your healthcare provider provide it to us.
d) Testimonials, if you provide us with testimonials related to your experiences with our Services.
3. We may collect the personal information of children under the age of 13 to perform the services, in which case
Inocras will collect the minimum amount of personal information necessary to provide the services with the
consent of a legal representative, in accordance with the applicable law of the jurisdiction.
Section 3. Period of Retention and Use for Personal Information
We will retain your personal information for as long as necessary to fulfill the purposes for which we collected such
information to the extent permitted by applicable law. For example, we may retain your personal information until
the completion of the respective investigation if there is an ongoing investigation regarding a violation of relevant
laws and regulations; and until the settlement of the relevant debts if any debts resulting from your use of the
services remain unsettled. All personal information remains subject to the protections of HIPPA, and the
commitments in this Privacy Policy, for as long as we retain it.
Section 4. Provision of Personal Information to Third Parties
We may share your personal information with other parties as below, to the extent allowed by applicable law:
1. Affiliates. We may share your personal information with our corporate parent, subsidiaries, and affiliates, for
purposes consistent with this Privacy Policy.
2. Service Providers and Contractors. We use trusted third parties (e.g., IT services, analytics services, etc.) to
help us provide, improve, protect, and promote our Services, and to perform business operations, such as
determining eligibility for our products. These third parties may contact you on our behalf to perform these
business operations. These third parties will access your personal information only to perform tasks on our
behalf in compliance with this Privacy Policy.
3. Other Applications and Third-party Links. The Sites may include links to third-party websites, plug-ins and
applications. Clicking on those links or enabling those connections may allow third parties to collect or share
data about you. We do not control these third-party websites and are not responsible for their privacy policies.
When you leave our website or platform, we encourage you to read the privacy policies of every website you
visit. Please remember that their use of your personal information will be governed by their privacy policies
and terms.
4. The Public. We may make your testimonials public. If you gave us consent to use and share your testimonial
but wish to update or delete it, please contact us at inquiry@inocras.com.
5. Advertising Partners. We may share personal information with third-party advertising companies.
6. For Compliance, Fraud Prevention and Safety. We may share personal information for the compliance, fraud
prevention, and safety purposes described above and to comply with legal requirements and processes.
7. Business Transfers. We may sell, transfer or otherwise share some or all of our business or assets, including
personal information, in connection with a business transaction (or potential business transaction) such as a
corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of
bankruptcy or dissolution.
8. Legal Purposes. We will disclose your personal information when we think it is necessary to investigate or
prevent actual or expected fraud, criminal activity, injury or damage to us or others; when otherwise required
by law, regulation, subpoena, court order, warrant, or similar legal process; or if necessary to assert or protect
our rights or assets.
9. Other Parties. To another party or parties for any other purpose disclosed by us when you provided your
personal information, with your consent or authorization, or as otherwise permitted or required by applicable
law.
Section 5. Your Rights, and How to Exercise Them
1. You may, at any time, exercise the right to peruse, correct, delete, and suspend the processing of your personal
information against Inocras, by contacting us at inquiry@inocras.com, which we will honor without delay,
subject to certain exceptions provided by applicable laws.
a) You may exercise this right through your agents such as your legal representative or a delegate, although
you will be required to submit a power of attorney to Inocras confirming such delegation. Requests
regarding children under the age of 13 must be made by their legal representatives.
b) We will confirm whether the person making the request holds such rights or is a legitimate agent.
c) Please note that your request may not be carried out if your personal information has already been de-
identified, anonymized, or pseudonymized, or if you authorized us to share your personal information
with others and we already shared your information with others in reliance of such authorization.
2. In some regions, you may have certain further rights under applicable data protection laws, and you may
contact us at the contact point as set out below to request exercising such rights. Inocras will consider and act
upon any such request in accordance with applicable data protection laws.
3. If you are a resident of certain U.S. states including California, you may further have the following rights;
provided that these provisions only apply to the users residing in particular states or another jurisdiction whose
laws or regulations recognize such rights:
a) Right to be informed. You have the right to know the following:
– whether we collect and use your personal information;
– the categories of personal information that we collect, the purposes;
– the purposes for which we collected personal information is used; and
– whether we sell or share personal information to third parties, the categories of the sold or shared
personal information thereof, and the categories of third parties to whom the personal information
was sold or shared;
b) Right to limit the use and disclosure of sensitive personal information. For the sensitive personal
information collected by Inocras, you have the right to limit our use and disclosure of such information
by clicking the banner “Limit the Use of My Sensitive Personal Information” which will be accessible at
the bottom of the website of the Company;
c) Right to opt out. The user has the right to opt out of the sale or sharing of the user’s personal information
by clicking the banner “Do Not Sell or Share My Personal Information” which will be accessible at the
bottom of the website of the Company;
d) Right to non-discrimination for your exercise of privacy rights. Inocras will not discriminate against you
if you exercise your privacy rights.
e) In some instances, your privacy rights and choices may be limited, such as where fulfilling your request
would impair the rights of others, our ability to provide a service you have requested, or our ability to
comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we
address your request, you may submit a complaint by contacting us as provided in the section below.
4. If you are a Patient, you may further have the following rights:
a) getting a copy of your paper or electronic medical record; provided that we may charge a reasonable,
cost-based fee;
b) correcting your paper or electronic medical record that you consider incorrect or incomplete; provided
that we may reject your request pursuant to applicable laws, in which case we will inform you of the
reason of rejection within 60 days;
c) requesting confidential communications;
d) limiting your information to be shared; provided that we may reject your request to limit your
information to be share for the treatment, payment, and health care operations purposes;
e) getting a list of those with whom we’ve shared your information for 6 years prior to the date you ask;
provided that we will provide one list a year for free but will charge a reasonable, cost-based fee if you
ask for another one within 12 months;
f) getting a copy of this Privacy Policy; and
g) asking us to share your medical information with your family, close friends, or others involved in your
care.
Section 6. Destruction of Personal Information
1. Inocras will, without delay, destroy your personal information when your personal information becomes
unnecessary, such as in the cases of the expiration of the personal information retention period.
2. If Inocras needs to preserve your personal information in accordance with the applicable laws and regulations
even when the personal information retention period agreed by you has elapsed or the purpose of processing
has been achieved, Inocras will securely store your personal information and isolate it from further processing
by storing it in a separate database.
3. Inocras takes the following destruction procedures and methods:
a) destruction procedures: Inocras will select the personal information that needs to be destroyed and
destroy the personal information with the approval of Inocras’s personnel for the management of
personal information; and
b) destruction method: Inocras destroys personal information recorded and stored in electronic file format
using technical methods so that the information cannot be reproduced, and personal information recorded
and stored on paper documents is destroyed by crushing or incineration with a shredder.
Section 7. Safety Measures for Personal Information
1. Inocras has implemented the following appropriate and reasonable administrative and technical security
measures designated to protect the security of your personal information:
a) administrative measures: establishment and implementation of internal management plans for personal
information, regular employee training, etc.
b) technical measures: technical countermeasures against hacking, etc., encryption of personal data, storage
access records, and prevention of forgery, etc.
2. Notwithstanding the foregoing, no electronic transmission over the Internet or information storage technology
can be guaranteed 100% secure, so Inocras cannot promise or guarantee that hackers, cybercriminals, or other
unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or
modify your information. Although we will endeavor our best to protect your personal information, the
transmission of personal information to and from our website is at your own risk. Further, you should only
access our website within a secure environment.
Section 8. Installation, Operation, and Refusal Thereof of Automatic Personal Information Collection
Inocras uses ‘cookies’ to store and retrieve your usage information from time to time to provide individually
customized services. Cookies are a small amount of information sent to your PC browser by the server (HTTP),
which are used to operate the website, etc., and stored in your computer’s hard disk.
1. Purpose of use of cookies: Inocras uses cookies to provide you with optimized information by identifying the
type of visit and use of each service and website you visit, popular search terms, and whether you have a
secure connection.
2. Installation, operation, and rejection of cookies: You can reject the storage of cookies by setting your web
browser's privacy and security options; provided that by refusing to save cookies, you may experience
difficulties in using customized services.
Section 9. Privacy Officer
1. Inocras has designated the Privacy Officer, who manages personal information tasks and handles your
complaints about personal information. Inocras will respond to your complaint about personal information, at
the latest, not more than 45 days from the receipt of your complaints. Our Privacy Officer’s contact
information is as follows:
▶ Privacy Officer
– Name : Juliana Escobar
– Positio : Privacy Officer
n
– Contact : (858)-665-2120 / inquiry@inocras.com
2. You may inquire about all personal information protection-related inquiries, handling complaints, damage
relief, etc. that occurred while using Inocras’s services to our Privacy Officer and the following department in
charge:
– Departmen
t
: Quality Assurance
– Contact : (858)-665-2120 / inquiry@inocras.com
3. Inocras endeavors to ensure your right to self-determination of personal information and to provide
consultation and damage relief due to personal information infringement. If you intend to report or consult,
please contact the department above.
Section 10. Updates to This Privacy Policy
Inocras may amend the Privacy Policy to comply with applicable law or to reflect any changes in the provision of
service, in which case Inocras will notify you of such amendment before the effective date of such amendment.
Section 11. Special Provision for Patients
1. If you are a Patient, Inocras will further have the following responsibilities to process your personal
information:
a) we are required by law to maintain the privacy and security of your protected health information;
b) we will let you know promptly if a breach occurs that may have compromised the privacy or security of
your information;
c) we will follow the duties and privacy practices described in this privacy policy and promptly give you a
copy of this Privacy Policy upon your request; and
d) we will not use or share your information other than as described here unless you give us written
approval or unless otherwise provided in this Privacy Policy or any applicable.
2. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
Section 12. Privacy Notice to California Residents
This Section only applies to users of our Services that reside in the State of California, in addition to the above. For
purposes of this Section, the term "personal information" does not include information subject to HIPAA or the
California Confidentiality of Medical Information Act. For example, this Section does not apply to genetic test
records or to any data or medical records stored by us.
If you are a California Resident, you are entitled to certain privacy rights relating to your personal information
including under the California Consumer Privacy Act (“CCPA”). This section describes those rights and how you
can exercise those rights.
1. Explanation of Your CCPA Rights
a) Right to Know and Access Personal Information. You have the right to access and know what personal
information we collect about you, and how we use, disclose, or sell such personal information. We do not
"share" personal information as that term is used in the California Consumer Privacy Act.
b) Right to Request Deletion of your Personal Information. You have the right to request that we delete the
personal information we have about you subject to certain limitations. If we do not delete your personal
information for reasons permitted under applicable law, we will let you know the reason why.
c) Right to Correct Inaccurate Personal Information. You have the right to request that we correct inaccurate
personal information that we maintain about you.
d) Right to Opt Out of Sale of your Personal Information. You may have the right to opt out of the sale or
sharing of your Personal Data.
e) Right to Non-Discrimination. We will not discriminate or retaliate against you for exercising any of your
rights identified in this privacy policy.
2. How to Exercise Your Rights. If you want to exercise your rights, please contact our privacy officer by
emailing inquiry@inocras.com, or sending a letter to the privacy officer at 6330 Nancy Ridge Drive Suite 106,
San Diego, CA 92121. If you want to exercise your right to opt out of the sale of your personal information,
you can also click on the banner "Do Not Sell or Share My Personal Information.”
3. Identity Verification for requests. If you make a request related to personal information about you, you will be
required to supply a valid means of identification as a security precaution. We will verify your identity with a
reasonably high degree of certainty using the following procedure where feasible: we will match identifying
information you provide when making the request to the personal information maintained by us, or use a third-
party identity verification service. If it is necessary to collect additional information, we will use the
information only for verification purposes and will delete it as soon as practicable after complying with your
request. For requests related to particularly sensitive information, we may require additional proof of your
identity.
4. Authorizing a Third Party to Make a Request. If you wish to authorize a third party to make a request on your
behalf through an authorized agent, you must contact us directly and you or the third party acting on your
behalf must provide a valid California power of attorney or comparable documentation of written permission
from you and verification of your identity. Such power of attorney must meet the requirements of Probate
Code sections 4000 to 4465. You may also make a privacy request on behalf of your minor child.
5. Categories of Personal Information We Collect.
a) Inocras collects and processes the following personal information of the Members:
– Identifiers. Your name, alias, postal address, IP address, email address, account name, and other
similar identifiers.
– Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §
1798.80(e)). This may include the identifiers above, credit card number, or debit card number.
– Commercial information. Records of products or services purchased, obtained, or considered, or
other purchasing or consuming histories.
– Internet or other similar network activity. Browsing history, search history, and information on a
consumer’s interaction with a website, application, or advertisement.
– Sensitive personal information. This includes your driver's license or government issued
identification number.
– Professional information. This includes information relating to your role as a representative or agent
of an entity.
– Log data. We receive information that is automatically recorded by our servers when you visit our
website or mobile apps, including your IP address.
– Other. Your information regarding products and services, testimonials and other information as
described in our Privacy Policy.
b) Inocras collects and processes the following personal information of the Patients:
– Identifiers. Your name, alias, postal address, IP address, email address, account name, and other
similar identifiers.
– Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §
1798.80(e)). This may include the identifiers above, credit card number, or debit card number.
– Protected classification characteristics under California or federal law. This includes age (40 years
or older), race, marital status, medical condition, physical or mental disability, and sex.
– Commercial information. Records of products or services purchased, obtained, or considered, or
other purchasing or consuming histories.
– Internet or other similar network activity. Browsing history, search history, and information on a
consumer’s interaction with a website, application, or advertisement.
– Sensitive personal information. This includes your race, ethnicity, driver's license or government
issued identification number.
– Professional information. This includes information relating to your role as a representative or agent
of an entity.
– Log data. We receive information that is automatically recorded by our servers when you visit our
website or mobile apps, including your IP address.
– Other. Your information regarding products and services, testimonials and other information as
described in our Privacy Policy.
c) Inocras may collect personal information of children under the age of 13 or 14 to perform the services, in
which case Inocras will collect the minimum amount of personal information necessary to provide the
services with the consent of a legal representative, in accordance with the applicable law of the
jurisdiction.
6. How We Collect Your Personal Information. We collect your personal information (i) from you, when you set
up your account or interact with us regarding your account, for billing and payment, for when you start,
receive, or discontinue services, and when you otherwise interact with us or our representatives; (ii) from
providers, by working with and receiving personal information from third parties such as healthcare providers,
service providers, vendors, contractors, credit agencies, or market researchers who provide products and
services on our behalf; and (iii) automatically, from your use of our website or platform.
7. Purpose for Collecting or Selling Personal Information. Your personal information may be collected or used
for the purposes described in Sections 1 or 4 of this Privacy Policy, as well as for other purposes that may be
described to you when we collect your personal information.
8. Categories of Third Parties to Whom We Disclose Your Personal Information. We may disclose your personal
information to the third parties described in Section 4 of thie Privacy Policy.
9. Retention. We retain your personal information based on legal requirements or business needs. Generally, we
only retain personal information for as long as is reasonably necessary for our business purpose or as required
by law. Information we retain remains subject to the protections of applicable law and the commitments made
by Invitae in this Privacy Policy.
10. Selling or Sharing Personal Information.
a) If you did not consent to clinical trial matching services provided by our partner(s) by authorizing us to
sell or share your protected health information with our partner(s), we did not and will not sell or share
your protected health information. However, we use cookies for our website. Under California law, the
use of cookies for targeted or cross-context behavioral advertising that requires your data such as internet
activity or geolocation may constitute a “sale” or “sharing” of your personal information by us. In the
past 12 months, we may have sold or shared your internet activity or geolocation with third parties whose
cookies are on our websites. You can opt-out of this “sale” of information by using our cookie
management tool.
b) If you authorized us to sell or share your protected health information with our partners for clinical trial
purposes by signing our HIPAA release form, we may have shared it with our partners, in strict
compliance with the letter and spirit of the HIPAA release form. You can click on the banner “Do Not
Sell or Share My Personal Information” to revoke your authorization and opt-out of our further
disclosure.
11. California Shine the Light Law. California residents may also request information from us once per calendar
year about any personal information shared with third parties for the third party’s own direct marketing
purposes, including the categories of information and the names and addresses of those businesses with which
we have shared such information. To make such a request, please reach us at the contact information listed
above. This request may be made no more than once per calendar year, and we reserve our right not to respond
to requests submitted other than to the email or mailing addresses specified below.
The Privacy Policy shall take effect from April 23, 2024.