Updated September 13, 2021
BiologyWorks holds ourselves to the highest standard when it comes to Data Privacy and conforms globally to the strictest privacy standards in place.
Our processing of EEA residents’ personal data is governed by the General Data Protection Regulation (the “GDPR”), which applies from 25 May 2018. The GDPR requires us to provide certain information to you about your Personal Data, which we refer to in this notice as “your personal information”, “Personal Identifiable Information”, “PII”.
For Residents of California in the United States, please consult our “Privacy Notice for California Residents”
Children’s Data and Information
One of BiologyWorks’ priorities is ensuring protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
BiologyWorks does not knowingly collect any Personal Identifiable Information from children under the age of 13 except where their parent/guardian has entered this information and given consent. If you think that your child provided this kind of information on our website or via our mobile apps, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.
1. What data do we collect?
If you are using our testing devices in standalone mode (i.e. with the USB cable only plugged into a power adapter) without using our online services such as our website or mobile applications, we do NOT collect any PII. Information collected to process the test (e.g. via a cartridge) is not stored anywhere other than on the memory of the device itself (which is ephemeral). Once the device is powered off, reset, or destroyed, the information contained within the device – including test results – is no longer retrievable.
If you use any of our online services, including our website and/or mobile applications, we collect information about you as reasonably necessary for the following activities:
Using our Services
We may collect all or a subset (depending on the use case and jurisdiction) of the following information when you use our Services:
Account Registration Information
- First and Last Name
- User Name
- Associated Website (if any)
- Email address
- Mobile phone number
- Date of Birth
- Biographical information
- Your Profile Picture or Avatar
Personal Information for Mandatory Public Health Reporting (Dependent on Nationality and Jurisdiction) – Only collected if you take one of our tests
- Patient nationality
- Patient name (last name, first name, middle initial)
- Patient street address
- Patient postal code
- Patient county
- Patient phone number with area code
- Patient date of birth
- Patient sex
- Patient race (where allowed)
- Patient ethnicity (where allowed)
- GPS location (when allowed)
NOTE: Any information that is NOT legally required for reporting to public health authorities will not be transmitted. Information collected will be anonymized and reduced in precision (i.e. GPS location) where allowed. Once transmitted, your Personal information is discarded immediately unless you opt-in to allow us to store this information in your profile to save you time for future tests or to use for the issuance of travel certificates or other passes.
Non-Personal Information for Mandatory Public Health Reporting – Via the BiologyWorks k(now)™ Rapid Molecular Detection Device, from BiologyWorks k(now)™ mobile apps, or from the ordering/testing Point-of-Care provider:
- Test type
- Identifier of testing device
- Test result
- Date/Time/Timezone of test and report
- Accession # / Specimen ID (as applicable)
- Ordering provider name and non-pharmaceutical interventions (as applicable)
- Ordering provider address (as applicable)
- Ordering provider postal code (as applicable)
- Ordering provider phone number (as applicable)
- Performing facility name and CLIA number (as applicable)
- Performing facility postal code (as applicable)
- Specimen source (as applicable)
- Date test ordered (as applicable)
- Date specimen collected
Personal Information for Issuing Certificates and For Saving Time During Future Tests
Should you choose to opt-in and allow us to store your personal information for future use or wish to issue Health Certificates (e.g. k(pass))
- User nationality
- Travel Document Type
- Travel Document Number
- User name (Last name, First name, Middle Initial)
- User street address
- User postal code
- User county
- User phone number with area code
- User date of birth
- User sex
- User race (where allowed)
- User ethnicity (where allowed)
- GPS location (when allowed)
Registered User Preference Information
- Your preferences such as preferred language, time zone, and the types of communication you would like to receive from us; and image (if you choose to provide this).
- Billing and other payment information (if you sign up for a paid service or purchase a Third-Party Service, or purchase e-commerce items such as our Product), including payment method details, such as credit card number, billing address and shipping address.
- Any Products or Services you have acquired from us, including the type of plan and transaction information related to the Services.
- Account Information, authentication tokens and other information relating to third-party Services accessed via our Services (if any).
- A specific location such as an address, a city, or a place (for example, originating location or destination location) if you choose to share this information.
- Your messages, posts, comments, images, and other material you create and upload to the Services
Logs, usage, and support data
- Log data, which may include your IP address, the address of the web page you visited before using the Services, your browser type and settings, your device information, the date and time when you used the Services, information about your browser configuration, language preferences, unique identifiers, and cookies.
- Usage data and analytics, which may include the frequency of login, and the different types of activity undertaken by users.
- General Location information, such as IP address and the region in which you are located when you are logging in and using the Services.
- Customer support questions, issues, and general feedback that you choose to provide.
Surveys, events, and marketing information
If you choose to participate in our surveys, contests, events (such as webinars and in-person events), or activities with which we are affiliated, or request information from us about our Services, we may collect information about you related to the survey, contest, or event; your contact information, such as your name, email address, telephone number, organization name and address; and general information about your organization that you choose to provide, such as annual company revenue, number of employees, and industry.
In addition, we may collect information on email open and click rates, including whether individuals clicked on links, and which web pages are visited after opening the email.
Browsing our websites or using our mobile apps
When you browse our websites or use our mobile apps, we collect information about you as described below, some of which is collected automatically:
- When you use automated chat functionality (chatbots) to make an inquiry or other request, we may collect information about you such as your name and email address, your specific request, and information related to your use of our Services.
- Aggregated website and mobile app usage data including form analysis data (such as time taken to complete the form), engagement rate, session replay, and mouse movements. When visiting our website or using our mobile apps, you will be presented a consent form to opt-in to the collection of this data. Should you wish to change your settings, please visit our Privacy Settings page. Please note that on our websites the privacy functionality requires the use of cookie, so if you reset your cookies, you will need to review and fill-out the consent form again.
2. How do we collect your data?
Depending on the situation and the type of data involved, BiologyWorks may act as a data controller or a data processor as defined in the GDPR.
BiologyWorks acts as a data controller when we:
- Collect information from you to set up and administer your BiologyWorks account (for example, account information such as your name, date of birth, email address, and phone number);
- Collect information from you for mandatory reporting to public health authorities;
- Collect information from you to issue certificates;
- Monitor usage information on our website;
- Manage your contact and other related information to send marketing, Services, and other communications to you;
- Respond to a support or general inquiry; and
- Recruit individuals for job opportunities.
The legal basis for processing when BiologyWorks is a data controller include:
- Your consent (for example, when you have provided your information to sign up for an account or for a webinar; or you have provided your employment history when applying for a job). Where we rely on your consent to process personal data, you have the right to withdraw your consent at any time.
- It is necessary to perform a contract (for example, we may need your information to fulfill our obligations of providing Services to you under the terms relevant to the Services you have acquired).
- Legitimate interest (for example, to provide and maintain the Services to you, to maintain the security of the Services, and to attract new customers to maintain demand for the Services).
- We may have a legal obligation to process your personal data to comply with relevant laws (for example, reporting to public health authorities, or processing payroll and tax information to comply with relevant employment and tax legislation); or
- Processing is necessary to protect your vital interests or those of another person (for example, obtaining health-related information during a medical emergency).
BiologyWorks as data processor
- Where you are using our Services and making decisions about the personal data that is being processed in the Services (including selecting third-party accounts you wish to connect to the Services, or uploading and using Content), you are acting as a data controller and BiologyWorks is acting as a data processor. The third-party service providers we use to help us deliver the Services are referred to as “subprocessors” and are listed on this page.
- There are certain obligations under the GDPR that you have as a data controller, including being responsible for managing Content on the Services.
- As a data processor, BiologyWorks will only access and process Content to provide you with the Services in accordance with your instructions (which you provide through the Services), the Terms of Service, any third-party’s terms, and applicable laws.
- As part of delivering the Services, we may process Content to further improve the Services, such as enhancing usability and developing new features.
- If you, as a data controller, require BiologyWorks to agree to data protection requirements under Article 28, GDPR, or under UK data protection laws, BiologyWorks makes available a data processing addendum (“DPA”) that meets these requirements. Please email our Privacy team at Privacy@BiologyWorks.com to request this document.
- If you are using the Services as an authorized user of a BiologyWorks customer (whether that customer is your employer, another organization, or an individual), that customer determines its own policies (if any) regarding storage, access, modification, deletion, sharing, and retention of personal information and Content, which may apply to your use of the Services. Please check with that customer about the policies and settings it has in place.
3. How will we use your data?
We use your information for the purposes described below:
Mandatory Public Health Reporting and Legal Compliance
- We use personal information that you provide and information gathered from our Products and Services in order to perform mandatory public health reporting and comply with local laws and regulations. We will, where possible, always inform you before your information is reported and not report more than is legally required for your jurisdiction.
Providing and securing our Services
- We need to identify and authenticate our users to ensure, for example, that only those authorized users are able to use the Services for themselves or their organization, and to make changes to their accounts.
- We use information that you provide when signing up to set up your account, process payments, contact you regarding the Services, and manage your account.
- We use your contact information and information related to your request to respond to your inquiries, manage our contract with you, respond to your questions and requests, and send you updates and information about the Services.
- We use logging and other data such as general location information (for example, the IP address of your browser or device) to help us manage the performance, security and compliance of the Services.
- Where you have chosen to share your specific location information, we use this information to provide location-based features, such as enabling you to share your anonymized coarse location to help with public health dashboards and monitoring, and to use any functionality that relies on location information.
- We analyze usage information, your feedback, support queries, and survey responses to help us understand and make improvements to our Services.
Communicating with you
We use your contact information where appropriate to send you information about our Services, events, marketing communications (consistent with your preferences—see “Marketing” below), and job opportunities. We also use email statistics, such as open rates, to assess the effectiveness of, and to make improvements to our communications.
Improving our websites and applications
We use information about you to help us understand usage patterns and other activities on our websites and applications so that we can diagnose problems and make improvements, including enhancing usability and security.
4. How do we store your data?
BiologyWorks securely stores your data in global data centers in compliance with data privacy and data sovereignty laws applicable to your jurisdiction. See here for a description of security precautions taken.
We retain your information only as long as required to provide the Services requested by you, for record keeping purposes, to comply with our legal obligations, resolve disputes, and enforce the terms of Services.
After it is no longer necessary for us to retain information about you, we will dispose of it in a secure manner or anonymize the information.
BiologyWorks would like to send you information about products and services of ours that we think you might like, as well as those of our partner companies. This requires your explicit consent and opt-in. If you have consented and agreed to receive marketing communications from us, you may always opt out later in your Privacy Settings. You have the right at any time to stop BiologyWorks from contacting you for marketing purposes or sharing your data with other companies.
6. What are your data protection rights?
BiologyWorks would like to make sure you are fully aware of all your data protection rights. You are entitled to the following:
- The right to access – You have the right to request copies of your personal data from BiologyWorks. We may charge you a small fee for this service.
- The right to rectification – You have the right to request that BiologyWorks correct any information you believe is inaccurate. You also have the right to request that BiologyWorks complete information you believe is incomplete.
- The right to erasure – You have the right to request that BiologyWorks erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that BiologyWorks restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to BiologyWorks’ processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that BiologyWorks transfers the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have thirty (30) days to respond to you.
If you would like to exercise any of these rights, please contact us at our email: firstname.lastname@example.org or call us at: +1 855 958-KNOW (5669) and reference “BiologyWorks Privacy” when leaving a message.
or write to us:
Attn: BiologyWorks Privacy Team
137 N. Larchmont Blvd., #136
Los Angeles, CA 90004
7. What are cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. For further information, please see our Cookie Notice.
9. What types of cookies do we use?
Please see our Cookie Notice.
10. How to manage your cookies
Please see our Cookie Notice.
11. Privacy policies of other websites
13. How to contact us
Call us at +1 855 958-KNOW (5669) and leave us a message.
Or write us at:
137 N. Larchmont Blvd., #136
Los Angeles, CA 90004
In addition, BiologyWorks has appointed an external Data Protection Officer (DPO) and European Authorized Representative (EAR) to represent BiologyWorks under GDPR. If you have any questions or concerns about BiologyWorks’ personal data policies or practices under GDPR or if you would like to exercise your privacy rights, please direct your query to our DPO. Our DPO’s name and contact information are as follows:
PRIVACY PRAXIS SRL
CHAUSSÉE DE LOUVAIN 498
LASNE, BELGIUM 1380
BE +32 2 318 05 30
US +1 202 788 9715
14. How to contact the appropriate authorities
You have the right to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority. For citizens of the EU, the EU Commission has a list here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm