Spiral Genetics (Spiral) keeps your name, email and company name so you can use our system. We may place cookies on your browser to make our system faster. We may use your name and email to send you information about our system. Please keep your personal information up to date. We will not sell your information to outside companies. You may stop receiving information from us at any time. You are responsible for maintaining the privacy of data you enter into our system. We keep your data very private on our cloud providers. At present, we use AWS and Microsoft Azure. Spiral is a U.S. company. We follow the laws of all the countries where we operate. We follow the laws of Europe, like GDPR. If you need more information, see the sections below.
Information Spiral May Collect From You
Our primary goals in collecting information are to provide genomic information management and analysis services to you, to improve our features, content, and to run our business.
Genomic Information that You Voluntarily Provide
Spiral collects and stores the genomic sequence data that you submit to us along with metadata and other information related to the data. You agree to and accept full responsibility for obtaining all necessary permissions and informed consents from the donors of all samples from which your submitted sequence data is derived.
HIPAA, Protected Health Information, and the Clinical Compliance Features
Spiral is not a Covered Entity as that term is defined in the Health Insurance Portability and Accountability Act of 1996, as amended, and its related regulations (collectively, "HIPAA").
You agree that you will not upload, store, or otherwise transfer PHI to Spiral. You acknowledge that this may require you, in some instances, to anonymize sequence data prior to uploading it. You further agree to indemnify and hold harmless Spiral of and from any and all claims, demands, losses, causes of action, damage, lawsuits, judgments, including attorneys' fees and costs, arising out of or relating to your uploading, storing, or transferring of PHI.
User Account Information/Personally Identifiable Information
When you register with us and during your use of the Site, we will ask you for personally-identifiable information, which is information about you that can be used to contact or identify you ("Personal Information"), such as: your name, company or organization name, title, email address, postal address, telephone numbers, and, if you sign up for a paid account, billing information. If you contact us, we may also keep a record of that correspondence or communication, including any Personal Information it contains.
Cookies and Tracking Pixels
User Reference Data
You may also be permitted to upload your own data, including reference genomes, to Spiral in the course of using our services. You agree to and accept full responsibility for obtaining all permissions, consents, and rights necessary for uploading and using any such software and data.
Security of Your Information
No data transmission over the Internet or data storage system can be 100% secure. Although we strive to protect your information, we cannot guarantee the security of information you transmit to us, we transmit to you, or that we store on your behalf. If at any time you believe that your interaction with us or your information is no longer secure, inform us immediately.
Further, if you register with Spiral, your profile, Personal Information, and sequence data submitted by you will be password-protected. You agree that you will be responsible for all actions taken under an authenticated login. Accordingly, we recommend that you select a strong password and do not divulge that password to anyone. Also, be certain to sign out of your Spiral account and close your browser window when you have finished to prevent others from accessing your information and data.
Please note that while Spiral offers a service for storing your sequence data, which is backed up, we cannot guarantee that such sequence data will be secure, reliable, or available. Accordingly, Spiral will not be responsible for any loss or corruption of data, or any other harm that results from your access to or use of Spiral’s services despite the security features of our service described in this policy and elsewhere.
How your Information May be Used
We may use your Personal Information to improve our products and services, to ensure contact information is up to date and accurate, to improve our customer service, to reduce risk and prevent fraud, to provide you with a personalized experience and to communicate with you regarding new service features and related products and services provided by our partners, events, and other information and notices we believe you may find interesting or useful. We will not sell or provide your information to third parties for their own direct marketing purposes.
We use the automatic usage and other non-Personal Information collected to maintain, secure, and improve our services, and to understand your interests. We may generate statistical information regarding our user-base and use it to analyze our services or business.
When Does Spiral Share Your Information?
We store the software and sequence data you submit and your account, profile, and member information (including Personal Information) on "cloud" servers owned and operated by third party providers. Our current providers are Microsoft Azure and Amazon Web Services (AWS). Our Site is designed to encrypt all stored sequence data using encryption algorithms such as AES-256. For information about Microsoft Azure and Amazon Web Service's privacy protection and data security practices, please visit https://azure.microsoft.com/en-us/services/security-center and http://aws.amazon.com/security.
We may rely on various third-party service providers and contractors to provide services that support our operations, including, without limitation, maintenance of our databases, distribution of emails and newsletters on our behalf, data analysis, payment processing and other services of an administrative nature.
Compliance with Laws and Law Enforcement
Spiral cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Information and other user information when we, in our sole discretion, have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may (either intentionally or unintentionally) be causing injury to or interference with our rights or property, users of our services, or anyone else who could be harmed by such activities. We may also disclose user information when we believe, in our sole discretion, that such disclosure is required by applicable law. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
We reserve the right to transfer any and all information that we collect from users, including Personal Information, to a third party in the event of any corporate reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Spiral's business, assets, or stock.
Changing or Deleting Your Information
You may review, update, correct or delete the Personal Information you provide to us by contacting us. If you completely delete all such information, then your account may become deactivated. If you would like us to delete your account in our system, please contact us at firstname.lastname@example.org with a request that we delete your Personal Information from our database. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or for legitimate business purposes.
Limiting Use in Our Email List
If you no longer wish to receive new product/service notices, email newsletters or other future promotional communications from us, please follow the opt-out instructions included in each such communication or notify us by email at email@example.com with the word "remove" in the subject header, and we will remove your name from our email recipient list. You may not, however, opt out of necessary service or account maintenance notices or other administrative and transactional notices.
Links and Third Party Applications
We may provide links to websites or applications maintained by third parties, which we believe you may find useful. Spiral is not responsible for the privacy practices of these other websites or applications and we encourage you to review the privacy policies of each of those other websites or applications before using such websites and applications. If you click on these third-party links, these other websites or applications may place their own cookies or other files on your computer, collect data, or solicit Personal Information from you. Other websites and applications will have different policies and rules regarding the use or disclosure of the personal information you submit to them. We make no representation with regard to the policies or business practices of any websites or applications to which you connect through a link from Spiral, and are not responsible for any material contained on, or any transactions that occur between you and any such website or application.
General Data Privacy Regulation (GDPR)
Spiral is compliant with the GDPR regulations, effective May 25, 2018. In the language of GDPR, Spiral positions itself as a Data Processor or Subprocessor for our customers, who are either Data Controllers or Data Processors. As such, Spiral is not liable for the provisions of GDPR that pertain to the Data Controllers. Spiral’s obligations as a Data Processor include, but are not limited to the following:
Spiral shall follow the instructions of the Customer in the management of their data. Spiral shall not opportunistically use or mine or use personal data that it is entrusted, aside from those mentioned elsewhere in this document or under the written instructions of the Customer.
Spiral shall obtain written permission from the Customer before engaging a subprocessor and assume liability for failures of the subprocessor to meet the requirements of GDPR.
Upon request, Spiral shall delete or return all personal data to the Customer at the end of the service contract.
Spiral shall enable and contribute to compliance audits conducted by the Customer’s controller or a competent representative of the controller.
Spiral shall take reasonable steps to secure data, such as encryption, stability and uptime, backup and disaster recovery, and regular security testing.
Spiral shall notify the Customer without undue delay upon learning of data breaches.
Spiral shall make every effort to restrict personal data transfer to a third country only if legal safeguards are obtained.
Spiral shall make the Data Protection Officer available to address concerns or questions upon request.
Spiral is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
If you have any questions, comments, or concerns regarding this Policy, please contact us by email at firstname.lastname@example.org.