Privacy Policy (ENG)

Inocras Inc. and its subsidiaries and affiliates (“Inocras,” “we,” “us,” or “our”) are committed to protecting your privacy. This Privacy Policy describes how and why we collect, store, use, or share personal information. By the term “personal information,” we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular person or household. We collect, store, use, or share your personal information when you:
Access or use our website, platforms, products, solutions, or services (collectively, “Services”);
Interact with us, including by transmitting data or information by email, telephone, social media, and in person; or
Otherwise communicate with us.
This Privacy Policy will help you understand your privacy rights and choices. Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our website or platform. If you still have any questions or concerns after reading this Privacy Policy, please contact us at the contact point as set out below.
In this Privacy Policy, “Patients” are the patients whose data or samples are being provided to us for sequencing or analysis. “Members” are the registered users of our website or platform.
Purpose of Processing Personal Information
Inocras collects and uses personal information for the following purposes:
To provide Services to you, or to perform any contract that we will enter into or have entered into with you.
To process your registration on our websites or platforms.
To personalize your experience on our websites or platforms, including by using cookies and similar tracking technology to keep track of your preferences.
To communicate with you and respond to or carry out your requests, questions, and feedback.
To verify your identity.
To maintain the quality of, and improve, existing Services and develop new Services.
To enforce and improve our security measures.
To maintain compliance with laws and regulations that apply to us.
Where we are allowed to do so by law or your consent, to provide you with marketing, promotion, or advertising information, including by providing you with opportunities to participate in research or clinical trials.
Where we are allowed to do so by law or your consent, to de-identify your personal information and use the de-identified information for statistical compilation, scientific research, record-keeping for public interest purposes, and other uses of de-identified information as allowed by law.
Personal Information to be Collected and Processed
Inocras collects and processes the following personal information of the Members (“Member Information”):
Contact information. This includes information such as your name, phone number, fax number, mailing/shipping address, email address, job title, affiliation (office/hospital/institution), account log-in ID/username, and password. We collect this information when you provide it to us.
Payment-related information. This includes information such as billing address, debit/credit card numbers, and other financial account information. We collect this information when you provide it to us.
National Provider Identifier (NPI), if you are a healthcare provider and provide your NPI to us.
Testimonials, if you provide us with testimonials related to your experiences with our Services.
Technical data, such as your internet protocol (“IP”) address, access logs, and cookies. This information is automatically collected when you use our website or platform.

Inocras collects and processes the following personal information of the Patients (“Patient Information”):
Contact information. This includes information such as your name, phone number, fax number, mailing/shipping address, and email address. We collect this information when you or your healthcare provider provide it to us.
Payment-related information. This includes information such as billing address, debit/credit card numbers, and other financial account information. We collect this information when you or your healthcare provider provide it to us.
Demographic, clinical, genetic, or other information related to testing. This includes information such as biological sex at birth, date of birth, age, marital status, patient ID numbers attributed to you by clinicians, Test Acquisition Number (a unique ID number generated by us) attributed to you, medical records/history, status/risks of any disease/condition, and information revealing your race or ethnic origin. We collect this information when you or your healthcare provider provide it to us. In the case of genetic information, we collect genetic information when we generate it from your sample and also if you or your healthcare provider provide it to us.
Testimonials, if you provide us with testimonials related to your experiences with our Services.

We may collect the personal information of children under the age of 13 to perform the services, in which case Inocras will collect the minimum amount of personal information necessary to provide the services with the consent of a legal representative, in accordance with the applicable law of the jurisdiction.
Period of Retention and Use for Personal Information
We will retain your personal information for as long as necessary to fulfill the purposes for which we collected such information to the extent permitted by applicable law. For example, we may retain your personal information until the completion of the respective investigation if there is an ongoing investigation regarding a violation of relevant laws and regulations; and until the settlement of the relevant debts if any debts resulting from your use of the services remain unsettled. All personal information remains subject to the protections of HIPPA, and the commitments in this Privacy Policy, for as long as we retain it.
Provision of Personal Information to Third Parties
We may share your personal information with other parties as below, to the extent allowed by applicable law:

Affiliates. We may share your personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
Service Providers and Contractors. We use trusted third parties (e.g., IT services, analytics services, etc.) to help us provide, improve, protect, and promote our Services, and to perform business operations, such as determining eligibility for our products. These third parties may contact you on our behalf to perform these business operations. These third parties will access your personal information only to perform tasks on our behalf in compliance with this Privacy Policy.
Other Applications and Third-party Links. The Sites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website or platform, we encourage you to read the privacy policies of every website you visit. Please remember that their use of your personal information will be governed by their privacy policies and terms.
The Public. We may make your testimonials public. If you gave us consent to use and share your testimonial but wish to update or delete it, please contact us at inquiry@​inocras.​com.
Advertising Partners. We may share personal information with third-party advertising companies.
For Compliance, Fraud Prevention and Safety. We may share personal information for the compliance, fraud prevention, and safety purposes described above and to comply with legal requirements and processes.
Business Transfers. We may sell, transfer or otherwise share some or all of our business or assets, including personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
Legal Purposes. We will disclose your personal information when we think it is necessary to investigate or prevent actual or expected fraud, criminal activity, injury or damage to us or others; when otherwise required by law, regulation, subpoena, court order, warrant, or similar legal process; or if necessary to assert or protect our rights or assets.
Other Parties. To another party or parties for any other purpose disclosed by us when you provided your personal information, with your consent or authorization, or as otherwise permitted or required by applicable law.
Your Rights, and How to Exercise Them
You may, at any time, exercise the right to peruse, correct, delete, and suspend the processing of your personal information against Inocras, by contacting us at inquiry@inocras.com, which we will honor without delay, subject to certain exceptions provided by applicable laws.
You may exercise this right through your agents such as your legal representative or a delegate, although you will be required to submit a power of attorney to Inocras confirming such delegation. Requests regarding children under the age of 13 must be made by their legal representatives.
We will confirm whether the person making the request holds such rights or is a legitimate agent.
Please note that your request may not be carried out if your personal information has already been de-identified, anonymized, or pseudonymized, or if you authorized us to share your personal information with others and we already shared your information with others in reliance of such authorization.
In some regions, you may have certain further rights under applicable data protection laws, and you may contact us at the contact point as set out below to request exercising such rights. Inocras will consider and act upon any such request in accordance with applicable data protection laws.
If you are a resident of certain U.S. states including California, you may further have the following rights; provided that these provisions only apply to the users residing in particular states or another jurisdiction whose laws or regulations recognize such rights:
Right to be informed. You have the right to know the following:
whether we collect and use your personal information;
the categories of personal information that we collect, the purposes;
the purposes for which we collected personal information is used; and
whether we sell or share personal information to third parties, the categories of the sold or shared personal information thereof, and the categories of third parties to whom the personal information was sold or shared;
Right to limit the use and disclosure of sensitive personal information. For the sensitive personal information collected by Inocras, you have the right to limit our use and disclosure of such information by clicking the banner “Limit the Use of My Sensitive Personal Information” which will be accessible at the bottom of the website of the Company;
Right to opt out. The user has the right to opt out of the sale or sharing of the user’s personal information by clicking the banner “Do Not Sell or Share My Personal Information” which will be accessible at the bottom of the website of the Company;
Right to non-discrimination for your exercise of privacy rights. Inocras will not discriminate against you if you exercise your privacy rights.
In some instances, your privacy rights and choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the section below.
If you are a Patient, you may further have the following rights:
getting a copy of your paper or electronic medical record; provided that we may charge a reasonable, cost-based fee;
correcting your paper or electronic medical record that you consider incorrect or incomplete; provided that we may reject your request pursuant to applicable laws, in which case we will inform you of the reason of rejection within 60 days;
requesting confidential communications;
limiting your information to be shared; provided that we may reject your request to limit your information to be share for the treatment, payment, and health care operations purposes;
getting a list of those with whom we’ve shared your information for 6 years prior to the date you ask; provided that we will provide one list a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months;
getting a copy of this Privacy Policy; and
asking us to share your medical information with your family, close friends, or others involved in your care.
Destruction of Personal Information
Inocras will, without delay, destroy your personal information when your personal information becomes unnecessary, such as in the cases of the expiration of the personal information retention period.
If Inocras needs to preserve your personal information in accordance with the applicable laws and regulations even when the personal information retention period agreed by you has elapsed or the purpose of processing has been achieved, Inocras will securely store your personal information and isolate it from further processing by storing it in a separate database.
Inocras takes the following destruction procedures and methods:
destruction procedures: Inocras will select the personal information that needs to be destroyed and destroy the personal information with the approval of Inocras’s personnel for the management of personal information; and
destruction method: Inocras destroys personal information recorded and stored in electronic file format using technical methods so that the information cannot be reproduced, and personal information recorded and stored on paper documents is destroyed by crushing or incineration with a shredder.
Safety Measures for Personal Information
Inocras has implemented the following appropriate and reasonable administrative and technical security measures designated to protect the security of your personal information:
administrative measures: establishment and implementation of internal management plans for personal information, regular employee training, etc.
technical measures: technical countermeasures against hacking, etc., encryption of personal data, storage access records, and prevention of forgery, etc.
Notwithstanding the foregoing, no electronic transmission over the Internet or information storage technology can be guaranteed 100% secure, so Inocras cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will endeavor our best to protect your personal information, the transmission of personal information to and from our website is at your own risk. Further, you should only access our website within a secure environment.
Installation, Operation, and Refusal Thereof of Automatic Personal Information Collection
Inocras uses ‘cookies’ to store and retrieve your usage information from time to time to provide individually customized services. Cookies are a small amount of information sent to your PC browser by the server (HTTP), which are used to operate the website, etc., and stored in your computer’s hard disk.
Purpose of use of cookies: Inocras uses cookies to provide you with optimized information by identifying the type of visit and use of each service and website you visit, popular search terms, and whether you have a secure connection.
Installation, operation, and rejection of cookies: You can reject the storage of cookies by setting your web browser’s privacy and security options; provided that by refusing to save cookies, you may experience difficulties in using customized services.
Privacy Officer
Inocras has designated the Privacy Officer, who manages personal information tasks and handles your complaints about personal information. Inocras will respond to your complaint about personal information, at the latest, not more than 45 days from the receipt of your complaints. Our Privacy Officer’s contact information is as follows:
▶
Privacy Officer

–
Name
:
Alexis Paner

–
Position
:
Privacy Officer

–
Contact
:
(858)-665-2120 / inquiry@inocras.com

You may inquire about all personal information protection-related inquiries, handling complaints, damage relief, etc. that occurred while using Inocras’s services to our Privacy Officer and the following department in charge:

–
Department
:
Quality Assurance

–
Contact
:
(858)-665-2120 / inquiry@inocras.com

Inocras endeavors to ensure your right to self-determination of personal information and to provide consultation and damage relief due to personal information infringement. If you intend to report or consult, please contact the department above.
Updates to This Privacy Policy
Inocras may amend the Privacy Policy to comply with applicable law or to reflect any changes in the provision of service, in which case Inocras will notify you of such amendment before the effective date of such amendment.
Special Provision for Patients
If you are a Patient, Inocras will further have the following responsibilities to process your personal information:
we are required by law to maintain the privacy and security of your protected health information;
we will let you know promptly if a breach occurs that may have compromised the privacy or security of your information;
we will follow the duties and privacy practices described in this privacy policy and promptly give you a copy of this Privacy Policy upon your request; and
we will not use or share your information other than as described here unless you give us written approval or unless otherwise provided in this Privacy Policy or any applicable.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
Privacy Notice to California Residents
This Section only applies to users of our Services that reside in the State of California, in addition to the above. For purposes of this Section, the term “personal information” does not include information subject to HIPAA or the California Confidentiality of Medical Information Act. For example, this Section does not apply to genetic test records or to any data or medical records stored by us.

If you are a California Resident, you are entitled to certain privacy rights relating to your personal information including under the California Consumer Privacy Act (“CCPA”). This section describes those rights and how you can exercise those rights.

Explanation of Your CCPA Rights
Right to Know and Access Personal Information. You have the right to access and know what personal information we collect about you, and how we use, disclose, or sell such personal information. We do not “share” personal information as that term is used in the California Consumer Privacy Act.
Right to Request Deletion of your Personal Information. You have the right to request that we delete the personal information we have about you subject to certain limitations. If we do not delete your personal information for reasons permitted under applicable law, we will let you know the reason why.
Right to Correct Inaccurate Personal Information. You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt Out of Sale of your Personal Information. You may have the right to opt out of the sale or sharing of your Personal Data.
Right to Non-Discrimination. We will not discriminate or retaliate against you for exercising any of your rights identified in this privacy policy.
How to Exercise Your Rights. If you want to exercise your rights, please contact our privacy officer by emailing inquiry@inocras.com, or sending a letter to the privacy officer at 6330 Nancy Ridge Drive Suite 106, San Diego, CA 92121. If you want to exercise your right to opt out of the sale of your personal information, you can also click on the banner “Do Not Sell or Share My Personal Information.”
Identity Verification for requests. If you make a request related to personal information about you, you will be required to supply a valid means of identification as a security precaution. We will verify your identity with a reasonably high degree of certainty using the following procedure where feasible: we will match identifying information you provide when making the request to the personal information maintained by us, or use a third-party identity verification service. If it is necessary to collect additional information, we will use the information only for verification purposes and will delete it as soon as practicable after complying with your request. For requests related to particularly sensitive information, we may require additional proof of your identity.
Authorizing a Third Party to Make a Request. If you wish to authorize a third party to make a request on your behalf through an authorized agent, you must contact us directly and you or the third party acting on your behalf must provide a valid California power of attorney or comparable documentation of written permission from you and verification of your identity. Such power of attorney must meet the requirements of Probate Code sections 4000 to 4465. You may also make a privacy request on behalf of your minor child.
Categories of Personal Information We Collect.
Inocras collects and processes the following personal information of the Members:
Identifiers. Your name, alias, postal address, IP address, email address, account name, and other similar identifiers.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). This may include the identifiers above, credit card number, or debit card number.
Commercial information. Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories.
Internet or other similar network activity. Browsing history, search history, and information on a consumer’s interaction with a website, application, or advertisement.
Sensitive personal information. This includes your driver’s license or government issued identification number.
Professional information. This includes information relating to your role as a representative or agent of an entity.
Log data. We receive information that is automatically recorded by our servers when you visit our website or mobile apps, including your IP address.
Other. Your information regarding products and services, testimonials and other information as described in our Privacy Policy.
Inocras collects and processes the following personal information of the Patients:
Identifiers. Your name, alias, postal address, IP address, email address, account name, and other similar identifiers.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). This may include the identifiers above, credit card number, or debit card number.
Protected classification characteristics under California or federal law. This includes age (40 years or older), race, marital status, medical condition, physical or mental disability, and sex.
Commercial information. Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories.
Internet or other similar network activity. Browsing history, search history, and information on a consumer’s interaction with a website, application, or advertisement.
Sensitive personal information. This includes your race, ethnicity, driver’s license or government issued identification number.
Professional information. This includes information relating to your role as a representative or agent of an entity.
Log data. We receive information that is automatically recorded by our servers when you visit our website or mobile apps, including your IP address.
Other. Your information regarding products and services, testimonials and other information as described in our Privacy Policy.
Inocras may collect personal information of children under the age of 13 or 14 to perform the services, in which case Inocras will collect the minimum amount of personal information necessary to provide the services with the consent of a legal representative, in accordance with the applicable law of the jurisdiction.
How We Collect Your Personal Information. We collect your personal information (i) from you, when you set up your account or interact with us regarding your account, for billing and payment, for when you start, receive, or discontinue services, and when you otherwise interact with us or our representatives; (ii) from providers, by working with and receiving personal information from third parties such as healthcare providers, service providers, vendors, contractors, credit agencies, or market researchers who provide products and services on our behalf; and (iii) automatically, from your use of our website or platform.
Purpose for Collecting or Selling Personal Information. Your personal information may be collected or used for the purposes described in Sections 1 or 4 of this Privacy Policy, as well as for other purposes that may be described to you when we collect your personal information.
Categories of Third Parties to Whom We Disclose Your Personal Information. We may disclose your personal information to the third parties described in Section 4 of thie Privacy Policy.
Retention. We retain your personal information based on legal requirements or business needs. Generally, we only retain personal information for as long as is reasonably necessary for our business purpose or as required by law. Information we retain remains subject to the protections of applicable law and the commitments made by Invitae in this Privacy Policy.
Selling or Sharing Personal Information.
If you did not consent to clinical trial matching services provided by our partner(s) by authorizing us to sell or share your protected health information with our partner(s), we did not and will not sell or share your protected health information. However, we use cookies for our website. Under California law, the use of cookies for targeted or cross-context behavioral advertising that requires your data such as internet activity or geolocation may constitute a “sale” or “sharing” of your personal information by us. In the past 12 months, we may have sold or shared your internet activity or geolocation with third parties whose cookies are on our websites. You can opt-out of this “sale” of information by using our cookie management tool.
If you authorized us to sell or share your protected health information with our partners for clinical trial purposes by signing our HIPAA release form, we may have shared it with our partners, in strict compliance with the letter and spirit of the HIPAA release form. You can click on the banner “Do Not Sell or Share My Personal Information” to revoke your authorization and opt-out of our further disclosure.
California Shine the Light Law. California residents may also request information from us once per calendar year about any personal information shared with third parties for the third party’s own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To make such a request, please reach us at the contact information listed above. This request may be made no more than once per calendar year, and we reserve our right not to respond to requests submitted other than to the email or mailing addresses specified below.

The Privacy Policy shall take effect from April 28, 2025.

Privacy Policy (KOR)

㈜이노크라스코리아 개인정보 처리방침