Privacy Policy

Your Privacy is Important to Biocept

Last updated: November 2021

This Privacy Policy explains what information we collect in connection with the testing services provided by Biocept, and how we protect your important information. We urge you to read our Privacy Policy so that you will understand our commitment to both you and your information.

The materials on the Biocept website (Biocept.com) and Biocept’s Facebook, LinkedIn, Twitter, and YouTube pages (collectively, the “Site”) are provided by Biocept, Inc. (“Biocept” or “we”) as a service to its customers and the general public, and shall be used for informational purposes only. This Privacy Policy applies when you use any website, mobile application, or other online service (collectively, the “Services”) that links to or refers to this Privacy Policy.

Your use of this Site constitutes your agreement to the terms of the Site’s privacy policy. If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what personally identifiable information we collect, how we use it, and under what circumstances we disclose it. If you do not agree to these terms, you are not authorized to use the Site or to download any materials from the Site.

What information may be collected by Biocept?

Limited personal identifiable patient data may be collected such as name, address, phone number, date of birth, gender, social security number, physician chart identification number, insurance data, billing address and laboratory tests and results (“Patient Data and Physician Data”).

Certain personal identifiable information regarding you and your data may be viewed by physicians utilizing Biocept’s services. This information may also be collected on or transferred to our secure Physician WebPortal Site in which your physician may retrieve your test results.

Users of the Physician WebPortal Site are required, for HIPPA and security purposes, to provide a unique username and user password.
Users of the Physician WebPortal Site are required, for HIPPA and security purposes, to provide a unique username and user password.

How does Biocept use cookies?

We do collect limited information about end users of the Biocept Site and the Physician WebPortal Site through the use of Cookies. “Cookies” are small computer files that we transfer to the end user’s computer hard drive that allows us to assist with the navigation within our site. Cookies are never used to store any Patient Data or Physician Data and are only utilized to assist with the operational programs necessary for use of the Site.

Most internet browsers are set to automatically accept cookies. Depending on your browser, you can set it to warn you before accepting cookies, or you can set it to refuse them. Please refer to the ‘help’ button (or similar) on your browser to learn more about how you can do this. Disabling cookies may impact your experience on our websites. If you use different devices to access our websites, you will need to ensure that each browser of each device is set to your cookie preference. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on our website. You can change your cookie settings at any time.

We may use Google Analytic cookies on the Site. You may review how Google uses cookies here: https://policies.google.com/privacy?hl=en-US.

How does Biocept use your information?

Your information is kept strictly confidential, and we do not sell it.

The collection of Patient Data and Physician Data by Biocept is required primarily for placing an order for laboratory tests, facilitating the interpretation and return of the result, and to provide billing information so that third party payers have sufficient information to enable payment for services rendered. These data are supplied to Biocept by the requesting physician and/or their staff.

Be advised that neither Biocept’s website nor its employees or representatives will ever ask for a user password in an unsolicited phone call or e-mail – and you should not disclose your user password to any unauthorized third party under any circumstances.

Biocept will not disclose to unaffiliated companies any Patient Data or any Physician Data. Any Patient Data or Physician Data provided to entities affiliated with Biocept will be treated in accordance with the terms of this Privacy Policy, unless you are otherwise notified. In the following limited circumstances, we will consider and may release data to third parties: 1) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or other court order; or 2) in special cases, such as a physical threat to the patient, or physician, or other.

What physical and technical security is in place to protect information disclosed to Biocept?

Biocept hosts the Physician WebPortal Site internally. Personal data from those who have signed up is stored in a secured database on Biocept’s premises. Biocept has a non-disclosure agreement with each of its employees and contractors regarding all information created or collected on Biocept premises. Relationships with technology partners do not in any way compromise the integrity or confidentiality of Site users’ personal information.

Biocept maintains the highest standards in securing and controlling all data housed within our Data Center. Patient Data and Physician Data are only accessible to authorized users. Ours is a highly secure system that meets or exceeds all of the standards and requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Firewalls, encryption, digital certificates, and authentication through user ID and passwords protect every element of our solution.

In order to operate a secure server, Biocept ensures that the server itself is first physically protected. All entry paths into the server are secured; this includes direct access to the hardware itself, as well as local and remote access through terminals or the Internet. Only authorized Biocept employees are permitted to access Patient Data and Physician Data. All Biocept employees must abide by our Privacy Policy, and those who violate our Privacy Policy are subject to disciplinary action up to and including termination.

To protect access to all sensitive information, the Biocept system is configured with leading encryption technology. The same level of security as online banking protects the Biocept system, using secured socket layering (SSL) with 128-bit encryption for all data transmissions. Access to data will only be permitted with proper presentation of a unique user name and password. It is the end user’s responsibility to protect the integrity and secrecy of these assigned identification codes.

Given the nature of the Internet, we cannot warrant or represent that Patient Data or Physician Data is fully protected against loss, misuse or alteration by third parties, such as determined hackers. Biocept utilizes state-of-the-art hardware and software firewalls to prevent unauthorized access to our data systems. When transmitting Patient Data or Physician Data to user browsers over the Internet, our encryption measures ensure that only the end-user would receive the data in a legible format. Interception of transmissions without appropriate authentication would result in unintelligible data.

Does Biocept abide by HIPAA Regulations?

Biocept will maintain the confidentiality of all Patient Information in accordance with applicable federal and state laws and regulations, including, but not limited to, HIPAA. Biocept recognizes our responsibilities to the patients, physicians and laboratories that utilize our services pursuant to HIPAA and commits to aid all parties in guaranteeing their full compliance with this federal statute and the regulations promulgated to implement it.

Children’s Privacy

Our Site is not directed to children (individuals under the age of 18). We do not knowingly collect, maintain, or process children’s Personal Information unless the child’s parent or guardian consents and provides the information. If we determine that we have received a child’s Personal Information from a source other than the child’s consenting parent/guardian, we will immediately delete the information.

“Do Not Track” Signals

Your browser may offer a Do Not Track (DNT) setting. If you turn that setting on, your browser sends a signal to websites indicating that you don’t want to be tracked over time or across third party sites. We don’t currently respond to these signals because there is not yet a common understanding of how to process them or a consensus on what “tracking” means.

Your Rights and Choices

Opt-Out Of Marketing Communications

You may opt-out of our marketing emails by using the unsubscribe link provided in the email.

If you are a California resident, you may have additional rights as described below.

Links to Third Party Sites

Our Site may contain links to third-party websites, products or services. If you use these links, you will leave our site. Such links do not constitute or imply an endorsement, sponsorship or recommendation by us of the third party, the third-party website or the information contained therein, and we shall not be responsible or liable for your use thereof. Such use shall be subject to the terms of use and privacy policies applicable to those sites.

Third Party Direct Marketing

We don’t share Personal Information with third parties for their direct marketing purposes.

How We Share Personal Information

Vendors

We may share Personal Information with contractors, service providers, and other vendors who assist or support us in providing the Services. Examples of these third party services may include hosting of our Services, storing data, performing analytics, processing payments, or sending marketing communications. Our agreements with vendors prohibit them from retaining, using or disclosing the Personal Information we share with them for any purpose other than providing services to us.

Mandatory Disclosures And Legal Proceedings

We may have a legal obligation to disclose Personal Information to government authorities or other third parties pursuant to a valid regulatory request, subpoena or court order. We may also need to disclose and otherwise process your Personal Information in accordance with applicable law to prevent physical harm or financial loss, protect the vital interests of a person, enforce our various policies or terms of use, protect our property, services and legal rights, prevent fraud, support auditing, compliance and corporate governance functions, or comply with applicable law.

Change In Control Or Merger

We may transfer your information in the event of the sale of substantially all of the assets of our business to a third-party or in the event of a corporate merger, consolidation, acquisition or reorganization. However, in such event, any acquirer will be subject to the provisions of our commitments to you or we will not disclose your information.

With Your Direction Or Consent

We will share your Personal Information with other third parties, such as your physicians or health care providers, as you may direct or otherwise consent.

California Residents (CCPA Statement)

This statement makes additional disclosures to California residents (i.e., “consumers”), and describes rights they have, under the California Consumer Privacy Act of 2018, as amended.(the “CCPA”). You can learn more about the CCPA here: https://oag.ca.gov/privacy/ccpa

The rights described in this statement may not apply if you are interacting with us on behalf of an organization that is our customer, vendor or partner, or if the information is subject to regulation under HIPAA or its state equivalent.

Collection Of Personal Information

The categories of Personal Information we have collected about consumers in the past 12 months are as follows:

Categories of personal information we collect Business purposes for which information may be used or disclosed Parties with whom information may be shared
Identifiers such as your name, phone number, and address, email, as well as unique identifiers tied to the Account, browser, application, or device you’re using.

Demographic information, such as your age, gender and language.

Health information, such as prescriptions, lab tests, and lab results.

Financial information, such as your payment information, a history of purchases you make with us, and your insurance information.

Internet, network, and other activity information such as information about the interaction of your apps, browsers, and devices with our Site.

Providing Services: Patient Data and Physician Data by Biocept is required primarily for placing an order for laboratory tests, facilitating the interpretation and return of the result, and to provide billing information so that third party payers have sufficient information to enable payment for services rendered. These data are supplied to Biocept by the requesting physician and/or their staff.

 

 

Protecting against security threats, abuse, and illegal activity: Biocept uses and may disclose information to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent or illegal activity or harm to the rights, property or safety of Biocept, our users, or the public as required or permitted by law.

Research and development: Biocept uses information to improve our services and to develop new products, features, and technologies that benefit our customers or you.

Vendors and Service Providers: trusted businesses or persons that process information on Biocide’s behalf, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

 

Law enforcement or other third parties, for the legal reasons described in “How does Biocept use your information?”

Sale Or Disclosure Of Personal Information

We don’t sell consumers’ Personal Information.

Within the past 12 months, we disclosed the following categories of Personal Information for a business purpose (to the categories of recipients listed):

  • Identifiers (to physicians and their staff)
  • Demographic Information (to physicians and their staff)
  • Health Information (to physicians and their staff)
  • Device/Browser Information (to vendors)
  • Internet Activity (to vendors)

Your Rights As a Californian

California residents have the right to make the following requests to covered businesses. The requests may be made by a consumer, by a consumer on behalf of the consumer’s minor child, or by a person authorized by the consumer to act on the consumer’s behalf.

Right To Request Information About Collection, Disclosure or Sale of Personal Information

You have the right to request that a business disclose to you: (i) the categories and specific pieces of Personal Information the business has collected about you within the past 12 months, (ii) the categories of sources from which the Personal Information is collected, (iii) the business or commercial purposes for collecting or selling Personal Information, and (iv) the categories of third parties with whom the business shares Personal Information.

If a business sells Personal Information, or discloses it for a business purpose, you also have the right to request that the business disclose the following with respect to the 12-month period preceding your request: (i) the categories of Personal Information that the business sold about you and the categories of third parties to whom the Personal Information was sold, and (ii) the categories of Personal Information that the business disclosed about you for a business purpose.

This type of request may be referred to as a “Request to Know.” Before we can honor a Request to Know, we need to verify that the person making it is the consumer whose Personal Information we have. Our method for verifying any particular request weighs information we receive as part of the request, the sensitivity of the consumer information at issue, and the risk of harm to the consumer from unauthorized disclosure.

Right to Request Deletion of Personal Information

You have the right to request that a business delete any Personal Information that the business has collected from you. This type of request may be referred to as a “Request to Delete.”

Before we can honor a Request to Delete, we need to verify that the person making the request is the consumer whose Personal Information we have. Our method for verifying any particular request weighs information we receive as part of the request, the sensitivity of the consumer information at issue, and the risk of harm to the consumer from unauthorized deletion.

We are not required to delete Personal Information if we still need it in order to complete the transaction for which the information was collected, provide a good or service requested by you (or that we reasonably anticipate based on our relationship with you), perform a contract with you, comply with a legal obligation, enable internal uses that are consistent with the context in which you provided the information, or accomplish any other objective recognized as an exception to the right to deletion under applicable law.

Right to Opt-Out of the Sale of Personal Information

You have the right to direct a business that sells Personal Information about you to third parties not to sell your Personal Information. This type of request may be referred to as a “Request to Opt-Out.” Because we don’t “sell” Personal Information as defined by the CCPA, we don’t offer an opt-out mechanism.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment by a business for the exercise of your privacy rights under the CCPA.

How to Submit a Request To “Know” or “Delete”

You can submit a Request to Know or Delete to privacy@biocept.com. The request must state “CCPA Request” and include:

  • your first and last name;
  • an email address at which you can be reached for purposes of the request;
  • the California county in which you reside;
  • for a Request to Know, the disclosure(s) you are requesting;
  • for a Request to Delete, a clear statement that you want us to delete your Personal Information; and
  • the reason(s) you believe we have collected, disclosed or sold your Personal Information, specifically, within the past 12 months (for example, you purchased a product or received a communication from us)

If you are submitting a request on behalf of another consumer as their authorized representative, you must include the foregoing information about the consumer and attach a copy of a power of attorney appointing you as a duly authorized representative under California Probate Code sections 4000 to 4465 or written permission from the consumer to make the request.

After confirming receipt of your request, we’ll contact you if we need more information in order to verify it. If we can’t verify a request, we may deny it.

Changes To This Policy

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

Contact Us

Should you have any questions regarding this policy or privacy policies, please write to us at info@biocept.com.