Privacy Policy, North America

Datirium, LLC and its affiliated entities ("the Company," "we" or "us") are committed to protecting the privacy and security of information about you. This policy addresses how we handle and protect personal information on the Datirium website or a related website controlled by Company (the ​"Site"), in the SciDAP platform ("Platform"), or in the provision of any support or other services ("Services"). This Privacy Policy will explain how we collect, access, use, and disclose private information about those using the Site, Platform or Services. By using the Site, Platform or Services you consent to this Privacy Policy.

1. INFORMATION WE COLLECT

1.1. PERSONAL INFORMATION

When you register with us for access to the Site, Platform or Services, and successfully complete the account registration process, you will become a ​"User" of the Company's services. As a User, you will have the opportunity to create a profile ("Profile") and to add information, data, and connections to the Platform including genetic information ("Platform Data"). At the time that you register, create a Profile, and at other times, we collect information that you provide and that may include information that personally identifies you, your company, or other entity, such as your name, address, telephone number, e‑mail addresses, as well as other information that you provide to us or that you include in your Profile or account (together, your ​"Personal Information"). In providing Personal Information, Platform Data or other information as part of the Site, Platform or Services, you should not include health-related information such as medical conditions, names of providers, treatments and other care information, regarding yourself or any third party (such as a patient or research subject), particularly if such data can be used to link Platform Data to a particular individual. Certain uses of the Site, Platform or Services may require that you provide certain requested information, and if you do not provide such information you may not be able to use the Site, Platform or Services.

We recommend that you protect the private and sensitive information contained within your Profile and any Platform Data provided and consider carefully whether to permit any third party to access your Profiles or Platform Data. All Users are responsible for monitoring the Profile content and Platform Data, whether uploaded by the User or by a third party. Please note that you, and not the Company, are responsible for maintaining and protecting all Profile content and Platform Data. From time to time, we may check for updates to your data and/​or require that you provide additional or new information or update information.

1.2. USAGE DATA

We automatically collect usage information regarding how Users, third parties and other users access and use the Site or Platform ("Usage Data"). For example, we may automatically collect information on the device you use and your location, the type of web browser you use, your Internet Service Provider, your IP address, the pages you view, the functions you utilize, the time and duration of your visits, crash logs and other information relating to your use of the Site or Platform. We use this information to analyze trends, administer our services and Company's businesses, troubleshoot any user problems, and to enhance and update the Company's services. In addition, we may disclose Usage Data to other parties for research, general marketing administration, billing, or other purposes. Other than as set forth in the "Other Transfers" section of this Privacy Policy, we do not, however, sell any information that would identify you (such as name, address, or social security or patient numbers) or that would contain sensitive information about you such as credit card numbers.

1.3. ACTIVITY DATA

When you or a third party or others provide, or we collect, information, or carry information, we may process and store such data and other related information ("Activity Data") in order to provide the Platform or Services to you. Some Activity Data may be retained or not completely deleted. Accordingly, we cannot and do not guarantee that the Activity Data will be completely deleted, and therefore any Activity Data that you send or allow to be accessed is sent or provided at your own risk.

1.4. STATISTICAL DATA

We may use aggregated or pseudonymized genomic data, genomic data or metadata that you process on the Platform for statistical and research purposes (e.g. to create aggregated statistical data and results) and for purposes of product improvement.

2. COOKIES AND DO NOT TRACK

Like many other websites, we use cookies on the Site and Platform (a small, removable data file that is stored by the web browser on your computer that identifies your computer and browser when you visit our Site or use our Platform or Services). We do not use cookies to collect Personal Information but rather to improve the quality of our services. Most web browsers and our applications are initially set up to accept cookies. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. Please note, however, that certain features of the Site may not function if you delete or disable cookies. Some of the Service Providers (as defined below) that we work with may use their own cookies in connection with the services they perform on our behalf. The Site's cookies do not access a user's hard drive to collect any information stored on the hard drive.

Additionally, your browser may offer you a ​"Do Not Track" option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Site does not support Do Not Track requests at this time, which means that we collect information about your online activity while you are using our Site. We do not collect online activity after you leave our Site.

3. HOW WE USE THE INFORMATION WE COLLECT AND WHEN WE MAY SHARE THAT INFORMATION

As a general policy, we use Personal Information and Activity Data for internal purposes only. We will not disclose Personal Information or Activity Data to third parties without your consent, except as explained in this Privacy Policy. We may use Activity Data for technical validations after changes to the platform or to a pipeline and in such a case explicit consent will be obtained for specific data elements. When we use genomic data or metadata for statistical or research purposes, or for product improvement purposes, we do not disclose the genomic data or metadata. We may however disclose the statistical result. Other than as set forth in the ​"Other Transfers" section of this Privacy Policy, we will not, however, sell information that identifies you without your explicit consent.

4. SUPPORT SERVICES

Company may use your Personal Information to contact you regarding our services. For example, we may message you or provide a notification through an application to let you know about new releases, patches and other updates to the Site, Platform or Services.

From time to time, we may establish business relationships with other businesses that we believe are trustworthy and who have confirmed that their privacy practices are consistent with ours ("Service Providers"). For example, we may contract with Service Providers to provide certain services, such as hosting and maintenance, customer relationship management and data storage and management. We provide our Service Providers with only the information necessary for them to perform these services on our behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information and Activity Data from unauthorized access, use or disclosure. Service Providers are prohibited from using Personal Information or Activity Data in any manner other than as specified by Company.

We may also work with third party marketing and advertising companies. These companies may collect and use information about your use of services in order to provide advertisements about goods and services that may be of interest to you or for direct marketing campaigns. Advertisements may be shown via the Site or third party websites. These companies may place or recognize a unique cookie on your computer or device or use other similar technologies.

5. STANDARD ANALYTICS INFORMATION

We may use and disclose to third parties certain Usage Data. We use certain Service Providers to help analyze how users use the Site, Platform and/​or Service. They may use cookies to collect information such as how often users visit the Site, what pages they visit, and what other sites they used prior to coming to the Site. We use this information to improve our services. A Service Provider may plant a persistent Cookie on your web browser or device to identify you as a unique member the next time you visit the Site.

6. OTHER TRANSFERS

We may share Personal Information, Usage Data and Activity Data with businesses controlling, controlled by, or under common control with Company. If Company is merged, acquired, or sold, if Company acquires a new business unit or affiliate, or in the event of a transfer of some or all of our assets, we may disclose or transfer Personal Information, Usage Data and Activity Data (including Platform Data) in connection with such transaction without your further consent.

7. COMPLIANCE WITH LAWS AND LAW ENFORCEMENT

Company cooperates with government and law enforcement officials to enforce and comply with the law. We may therefore disclose Personal Information, Usage Data, Activity Data, and any other information about you, if we deem that it is reasonably necessary to: (a) satisfy any applicable law, regulation, legal process (such as a subpoena or court order) or enforceable governmental request; (b) enforce the Terms and Conditions of Use, including investigation of potential violations thereof; © detect, prevent, or otherwise address fraud, security or technical issues; (d) comply with health monitoring and reporting requirements or recommendations; or (e) protect against harm to the rights, property or safety of Company, its users or the public as required or permitted by law.

8. BE CAREFUL HOW YOU SHARE YOUR OWN INFORMATION

Please remember that any content you or any user uploads to the Site, along with any Personal Information or content that you or any user voluntarily discloses online or through the Platform or Services in a manner other users can view (a ​"Public Disclosure"), becomes publicly available to these other users, and can be collected and used by these other users, and transferred or made public without our consent. In particular, be careful not to include in, or attach to, any Platform Data any identifiers including, for example, labelling a file with an individual's name, identifier, date of service or other similar information. You agree that any use or further disclosure of a Public Disclosure or any other content by another user of our services is not a use or disclosure by us. We do not control the policies and practices of any other third party site or service.

Additionally, when you share information with third parties, using the Site or otherwise, that information may be passed along or made public by others. Therefore, anyone with access to such information can potentially use it for any purpose, including sending unsolicited communications.

9. SECURITY

Company is committed to protecting the security of your Personal Information. We employ reasonable security measures designed to protect your Personal Information from unauthorized access in accordance with accepted industry practices. Regardless of our efforts, no data transmission over the Internet or other network, including any of Company's services such as the Platform Data, can be guaranteed to be 100% secure. Accordingly, we cannot and do not guarantee the security of any information you or any user transmits on or through the Site, Platform or Services, and any information you transmit is sent at your own risk.

10. CHILDREN'S PRIVACY

We do not knowingly collect or solicit Personal Information from children under the age of 13. By using the Site, Platform or Services, you represent that you are at least 13 years old. If you are under 13, please do not use the Site or attempt to register for any services or send any personal information about yourself to us. If you are under 18, please do not attempt to download, register for, or create a Profile. If we become aware that we have inadvertently received or collected Personal Information from a user of Company's services who is under the age of 13, we will attempt to immediately delete that information from our files and records. Furthermore, we encourage users of the Site, Platform or Services that are minors that are 13 years of age or older to ask their parents or guardians for permission before sending any information about themselves over the Internet.

If you believe a child who is under the age of 13 has provided us with Personal Information, please contact us atDatirium@​Datirium.​com.

11. WHERE INFORMATION IS MAINTAINED

While we attempt to store all Personal Information and Activity Data regionally, in some cases certain of such data may be transferred to and maintained on servers or databases located outside your state, province, or country. By using the Site, Platform and/​or Services, you agree that the collection, use, transfer, and disclosure of your Personal Information and communications will be governed by the applicable laws in the United States.

12. ACCURACY AND RETENTION

You can always review, correct, update, or change your Profile. Upon your request, we will: (1) stop sending direct marketing or other emails that are not administrative in nature and related to your Profile or your use of services, to your email address if you wish to opt out of our direct marketing efforts; and/​or (2) disable your account to prevent any future activity through that account. You may make any of these requests by emailing the request toDatirium@​Datirium.​com. If you have questions or concerns regarding this Privacy Policy, please e‑mail them toDatirium@​Datirium.​com. Please do not email any sensitive information.

Under California Civil Code Sections 1798.83−1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/​or third parties for marketing purposes and providing contact information for such affiliates and/​or third parties. If you are a California resident and would like a copy of this notice, please submit a written request toDatirium@​Datirium.​com.

13. CHANGES TO THE PRIVACY POLICY

We may periodically change this Privacy Policy. If we decide to change this Privacy Policy, we will inform you by posting the revised Privacy Policy on the Site, within any relevant application or otherwise. Those changes become effective upon posting, the date of which is shown as the ​"Revised On" date in the revised Privacy Policy. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected. By continuing to use the Site, Platform and/​or Services, you agree to be bound by the revised Privacy Policy. However, in the case of a material change of this Privacy Policy (for example, a change in the use of data that we have already collected), we will request your express consent to the new use.

Privacy Policy, Europe

This Privacy Statement describes how Datirium, LLC, a private limited company incorporated under the laws of the state of Ohio, USA, with registered offices at 3559 Kroger Ave, Cincinnati, OH, 45226, USA processes your personal data when offering their services.

Datirium endeavors to process your personal data in compliance with the European Regulation (EU) 2016⁄679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation or ​"GDPR") and any other applicable data protection law.

Datirium reserves the right to update this document from time to time. You are therefore kindly advised to regularly check this document.

Please note that you can visit Datirium's websites without providing any personal data to Datirium. In that case, Datirium will only collect limited anonymous statistical data in relation to the general use of its website (e.g. the number of visitors, the amount of data traffic, etc).

1. How does Datirium use your personal data?

Datirium processes personal data for various purposes. Below you will find a detailed description of each purpose.

1.1 Client management related purposes

Datirium may process your personal data for client management purposes and for entering into contact with you, such as:

Contacting you following a request (necessary for the performance of the contract or precontractual measures) (legitimate interest, i.e. the freedom to undertake);

If you contact Datirium in person or through the contact form, Datirium processes your personal data to enter in contact with you and/​or your relevant employees. If your request has a general nature, the legal ground is consent or legitimate interest. If your request relates to a quote, the legal ground is contractual necessity. The personal data processed for this purpose includes identification data, personal characteristics (e.g. gender) and contact details (e.g. name, address, phone number, e‑mail address, etc). The personal data will be stored for a period of 10 years.

Client management purposes (legitimate interest, i.e. the freedom to undertake) (necessary for the performance of the contract), including the creation and management of user accounts;

If you create an account and if you execute an agreement with Datirium, Datirium will process your personal data and/​or the personal data of your employees for client management purposes and for the performance of the agreement. The personal data processed for this purpose includes identification data, personal characteristics (e.g. gender), contact details (e.g. name, address, phone number, e‑mail address, etc) and financial data. The legal ground is contractual necessity. The personal data will be stored for a period of 10 years following termination or expiry of the agreement.

Improving its services and analyzing general trends (legitimate interest, i.e. the freedom to undertake);

Datirium processes personal data to improve its service and to analyze general trends in relation to the use of its services. The personal data processed for this purpose includes identification data and contact details (e.g. name, address, phone number, e‑mail address, etc) and (meta)data in relation to your use of Datirium's services (e.g. number of analyses run, input file sizes, etc). The legal ground for this processing is Datirium legitimate interest (i.e. the freedom to undertake). The personal data will be stored for a period of 10 years.

1.2 Supplier management purposes

Datirium processes personal data for supplier management purposes, such as:

Contacting you (necessary for the performance of the contract or precontractual measures);

If you contact Datirium in person or through the contact form as a (prospective) supplier, Datirium processes your personal data to enter in contact with you and/​or your relevant employees. If your request has a general nature, the legal ground is consent or legitimate interest. If your request relates to a quote, the legal ground is contractual necessity. The personal data processed for this purpose includes identification data, personal characteristics (e.g. gender) and contact details (e.g. name, address, phone number, e‑mail address, etc). The personal data will be stored for a period of 10 years. For quote related processing, the personal data will be stored for a period of 10 years.

Managing (prospective) suppliers (legitimate interest, i.e. the freedom to undertake) (necessary for the performance of the contract);

If you are a (prospective) supplier Datirium shall process personal data to manage its relationship with you and your employees. The personal data processed for this purpose includes identification data, personal characteristics (e.g. gender), contact details, professional data and financial data. Your personal data may be obtained from third parties, such as your employer, or through public websites (e.g. LinkedIn). The personal data shall be stored for a period of 10 years following the termination or expiry of our contractual relationship.

1.3 Commercial communication

Datirium may send you commercial information about Datirium and its service offerings, either by e‑mail, by telephone, via social networks or by ordinary mail.

If you have opted-in to receive commercial communication from Datirium, the legal ground is consent. If you are an existing client of Datirium, the legal ground may be consent (if you opted in) or legitimate interest (if you did not opt in or if consent is not legally required otherwise). The legitimate interest of Datirium is the freedom to undertake.

The personal data processed for this purpose includes identification data, personal characteristics (e.g. gender) and contact details (e.g. name, address, phone number, e‑mail address, etc). Your personal data may be (partially) obtained from third parties, such as your employer, or through public websites (e.g. LinkedIn). This information shall be kept by Datirium for a period of 10 years following the last meaningful contact.

1.4 Statistical and research purposes

Datirium may process pseudonymized genomic data processed by means of its platform for statistical and research purposes and product improvement purposes. Such processing will be limited to generating aggregated statistical data which may subsequently be used by Datirium for its own purposes, e.g. for product improvement purposes.

The legal ground of this processing is Datirium's legitimate interest derived from the freedom to undertake.

The aggregated statistical result is anonymous data and therefore no longer subject to the GDPR.

2. Data transfers

Personal data may be transferred to recipients in the United States of America.

3. Recipients of the personal data

Datirium may share your personal data with other recipients such as:

Other entities within the Datirium group

Individuals within your own organization (i.e. your employees, consultants and advisors)

Banks and payment service providers

Processors that provides Datirium with services within the context of a data processing agreement and with the unique aim to provide assistance to Datirium

Police and other law enforcement authorities, as Datirium might be legally compelled to disclose information as part of an investigation or judicial proceedings

Partners with whom Datirium is working to improve and diversify its services

4. What rights do you have regarding the processing of your personal data?

The GDPR grants you a number of rights (data subject rights). You have a right:

To access and rectify your data

To opt-out at any time, free of charge, of our processing for direct marketing purposes ("right to opt out of direct marketing")

To be forgotten, to the erasure and to the restriction of processing of your data

To retract your consent at any time to the processing of your data

To data portability

To object to the processing of your personal data

to be informed, in case of automated decision-making process, of the logic underlying the system and the importance and consequences envisaged by the processing for the person concerned

Exercising these rights may be subject to conditions. E.g. the right to retract your consent only applies for processing based on your consent and the right to object to processing for direct marketing purposes does not apply to our processing for the purpose of contract performance. Datirium's data protection officer (DPO) may be contacted at any time to obtain further information about these legal conditions and restrictions.

Before submitting any complaint with the Supervisory Authority, Datirium kindly asks you to contact its DPO in order to seek a speedy and mutually acceptable solution.

5. Security

Datirium has implemented an adequate system of protection of your personal data. These measures include adequate technical and organizational measures required to protect your personal data against the accidental or unauthorized destruction, accidental loss as well as against any alteration, access or any other unauthorized process of your personal data. Nevertheless, no security system can guaranty 100% of security. Datirium remains at your disposal should you have any questions relating to the confidentiality and the safety of your personal data.

You also have an important role in keeping your personal data secure. If you have created an account on Datirium's platform, you have to choose a sufficiently strong password and you have to keep your credentials and password confidential at all times.

6. How to contact Datirium

You may contact Datirium at the following address:

Datirium, LLC

3559 Kroger Ave,

Cincinnati, OH, 45226

USA

Datirium@​Datirium.​com

If you have a specific request related to this privacy statement or to data protection in general, or if you wish to exercise any right granted to you, feel free to contact Datirium's data protection officer:Datirium@​Datirium.​com