Privacy Policy

Invitae may revise this Privacy Policy from time to time. All updates to this Privacy Policy will be posted on this web page. If we make significant changes, Invitae will notify you by posting a notice on the Websites. Please check the Websites for the most current version of our Privacy Policy. Your continued use of the Websites after we have posted a notice on the website constitutes your acceptance of such changes.

Invitae tracks visits to our Websites and uses visitor logs to compile anonymous aggregate statistics. This aggregate information is collected sitewide, and includes anonymous website statistics. In addition, when you browse our Websites, our system automatically collects information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, domain names, referring and exit pages and URLs, platform type, pages viewed and the order of these page views, the amount of time spent on particular pages, the date and time of your request and one or more cookies that may uniquely identify your browser. This information is used to analyze trends, administer the Websites, improve the design of our Websites, and otherwise enhance the services we provide.

Certain pages of the Websites and/or html email correspondence may use session cookies, persistent cookies or web beacons to anonymously track unique visitors, save website preferences and to allow us to recognize visits from the same computer and browser. Some cookies are essential for the operation of our Site (“Essential Cookies”). These cookies enable services you have specifically asked for.  These cookies remain on your device only until you close your browser after visiting our websites. Some cookies are used to collect anonymous information on the pages visited (“Performance Cookies”). For example, we might use Performance Cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages.  These cookies remain on your device only until you close your browser after visiting our website. Some cookies remember choices you make to improve your experience (Functionality Cookies”).  These Functionality Cookies remain on your device for an extended period of time.  When you revisit our Websites we recognize Functionality Cookies and remember your preferences or can automatically log you on to the website.  Personal information on our system may be associated with Functionality Cookies but the cookies themselves do not contain any of your personal information.  Finally we may use “Behaviorally Targeting Advertising Cookies” which collect information about your browsing habits to make advertising relevant to you and your interests. You have the option to reject the Websites’ cookies and still use the Websites. However, your access to the Website may be limited.  Further general information about cookies and how they work is available at www.allaboutcookies.org.

We may from time to time allow selected third parties to place cookies through the Websites to provide us with better insights into the use of the Websites or user demographics or to provide relevant advertising to you.  These third parties may collect information about a consumer’s online activities over time and across different websites when he or she uses our Websites. We may also permit third party service providers to place cookies through our Websites to perform analytic or marketing functions where you are notified of them and you have consented to the usage.   We do not control the use of such third party cookies or the resulting information and we are not responsible for any actions or policies of such third parties.

We do not use technology that recognizes a “do-not-track” signal from your web browser.    

Invitae may collect, store and use personally identifiable information that you provide or we receive from others, such as:

• Registration information when you create an account with us (such as name, email address, postal address, telephone number and email preferences). In the registration form, you may have an opportunity to elect to receive certain communications from us.
• Information you submit when contacting us (such as your name, contact information and any other information you choose to submit).
• Information you submit to the Patient Insights Network (“PIN”).
• Information from third parties (such as information submitted by a physician or job references or background checks if you apply for a job).
• Order information when you place an order with us (such as your name or contact information).
• Payment information if you make a payment through our Websites (such as payment card, billing and shipping information in addition to your contact information). 
• Job application information if you choose to apply for a position with Invitae through our Careers Page (such as your resume, contact information, employment and education history, and other related information; we may also receive information from references your identify and other third parties (for instance background checks)).

We may use third party services for processing payments or career applications through the Websites. Information you provide may be linked to other information that we have about you including data we automatically collect when you visit our Websites and information we have received from third parties.

We may use your personal information for our general commercial purposes such as to improve our Websites and to offer you information which Invitae believes may be of interest to you. This may include the following purposes, for example:

• to contact you,
• to improve this site and expand our business,
• to provide you with information that you have requested,
• If you are a healthcare provider or patient ordering our Services, to contact you about research opportunities, clinical trials, or clinical treatments for you or your patients when appropriate,
• to provide information about our Websites, the PIN and related clinical and research information,
• to respond to your inquiries,
• to provide you with technical support,
• to enforce our Terms and Conditions and other policies governing use of the Websites,
• to alert you to new features or enhancements to our services,
• to  communicate with you about your transactions or potential transactions with us,
• to administer your account including processing of payments,
• to ensure that our Websites and our Services function in an effective manner for you,
• to keep our Websites safe and secure, and
• to measure or understand the effectiveness of advertising and outreach.

We may combine your information with other information about you that is available to us, including information from other sources. Invitae will keep resumes confidential and will use them only for employment purposes. Use for any other purpose will be with your explicit consent. 

Invitae will not sell or rent your personally identifiable information to any other company or organization for direct marketing purposes. We may reveal information about you to unaffiliated third parties:

• if you request or authorize it;
• if the information is provided to help complete a transaction for you;
• if the information is provided to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce our Terms of Use or other agreements, or to protect our rights, property or safety or the rights, property or safety of our users or others (e.g., to a consumer reporting agency for fraud protection etc.);
• if the disclosure is done as part of a purchase, transfer or sale of services or assets (e.g., in the event that substantially all of our assets are acquired by another party, customer information may be one of the transferred assets);
• if the information is provided to our agents, outside vendors or service providers to perform functions on our behalf (e.g., analyzing data, providing marketing assistance, providing customer service, processing orders, etc.); or
• as otherwise described in this Privacy Policy.

We require our agents, vendors and service providers to limit their use of information but do not otherwise guarantee that any entity receiving such information in connection with one of these transactions will abide by this Privacy Policy. Agents, vendors and service providers who may have access to protected health information are contractually obligated to protect the privacy and security of such information. We may disclose aggregate statistical information to third parties for any purpose.

“De-identified” means that we have removed your personally-identifiable information, such as your name, address, or birthdate. We may use de-identified information that we have obtained from our Services for various purposes, including for example:

• In accordance with regulatory requirements, we may de-identify, store and use patients’ samples and information for internal quality control, validation, and research and development. This is important for Invitae to maintain high quality genetic testing and to develop new genetic tests. We may use de-identified PIN information as permitted by law. 
• In accordance with regulatory requirements, we may also share de-identified patients’ samples and information with other laboratories for quality assurance and validation purposes. Such sharing is essential to having high quality genetic testing within the community of testing laboratories.
• We may contribute de-identified genetic variants that we have observed in the course of providing our Services to publicly available databases such as ClinVar. We do this to increase understanding and raise awareness of the significance of genetic variants within the medical and scientific communities.
• We may use or disclose de-identified patient information for general research purposes. This may include research collaborations with third parties, such as universities, hospitals or other laboratories, in which we utilize de-identified clinical cases, at the individual level or in the aggregate, in accordance with our study protocols, and we may present or publish such information. This may also include commercial collaborations with private companies for purposes such as to determine the prevalence of particular disorders or variants among the patients we have tested, or to determine whether any of the patients we have tested might be suitable for potential recruitment for research, clinical trials, or clinical care; however, we will not directly contact these patients about these opportunities without their prior written consent.
• We may disclose de-identified PIN information to registrants of the PIN website and to third parties as permitted by law.

We use reasonable technical, administrative and physical measures to protect information contained in our system against misuse, loss or alteration. Information that you provide to Invitae through these Websites is encrypted using industry standard Secure Sockets Layer (SSL) technology, with the exception of information you send via email. Your information is processed and stored on controlled servers with restricted access. Unfortunately no method of electronic transmission is 100% secure, so we cannot ensure or warrant the security of any information you transmit to our Websites, and you do so at your own risk. Please keep your user name, password, ID numbers, or other special access credentials  secure; if we receive instructions using your log-in information we will consider that you have authorized the instructions.

You can update, amend or delete your account information and preferences at any time by visiting the My Account page after logging in. You may withdraw information you have submitted to the PIN database at any time by contacting the PIN coordinator at coordinator@pin.invitae.com; this will deactivate your account and the personally identifiable information in your profile will be removed.

Invitae email correspondence will include instructions on how to update certain personal information and how to unsubscribe from our emails and postal mail correspondence. Please follow the instructions in the emails to notify Invitae of changes to your name, email address and preference information. Invitae will take reasonable steps, such as confirmation emails, to verify your identity before granting access to your personal information.

If you choose to unsubscribe from our email and/or postal mail services, you will no longer receive this type of promotional correspondence. We will still be able to communicate with you about your account and your transactions with us. Invitae may retain your information for a period of time to resolve disputes, troubleshoot problems or for other valid business or legal reasons.

You can choose to delete or block cookies by setting your browser to either reject all cookies or to allow cookies only from selected sites. If you block cookies performance of the Site may be impaired and certain features may not function at all.

You agree that you have provided notice to, and obtained consent from, any third party individuals whose personal information you supply to us, including with regard to: (a) the purposes for which such third party’s personal information has been collected; (b) the intended recipients or categories of recipients of the third party’s personal information; (c) which of the third party’s information is obligatory and which information, if any, is voluntary; and (d) how the third party can access and, if necessary, rectify the information held about them.

Our Websites are controlled and operated by Invitae. By choosing to visit our Websites or otherwise provide information to Invitae, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the laws of the State of California. If you are accessing our Websites from any location with regulations or laws governing personal data collection, use or disclosure that differ from United States laws or regulations, please note that through your continued use of our Websites, which is governed by the laws of the State of California and the United States of America and this Privacy Policy, you are transferring personal information to the United States of America and you consent to that transfer and to the collection and processing of such information in the United States. You also consent to the adjudication of any disputes arising in connection with our Websites in the federal and state courts of San Francisco County in the State of California. You also agree to attempt to mediate any such disputes.

The Invitae Websites are directed toward adults. If you are under the age of 13, you must obtain the authorization of a responsible adult (parent, legal custodian, or teacher) before using or accessing our Websites. We will not knowingly collect or use any personal information from any children under the age of 13. If we become aware that we have collected any personal information from children under 13, we will promptly remove such information from our databases.

The Invitae Websites may contain links to external websites. Invitae does not maintain these sites and is not responsible for the privacy practices of sites that it does not operate. Please refer to the specific privacy policies posted on these sites.

In addition to the other terms of this Privacy Policy, the following terms concern how medical information concerning our patients is used or disclosed through our Physician’s Portal. 

• Users - The Physician’s Portal is only for the use of physicians and their authorized representatives as stated in the Terms and Conditions of Use for the Physician Portal. 
• Protected Health Information - The Physician’s Portal is used for the storage and transmission of Protected Health Information between Invitae and physicians and their authorized representatives. Protected Health Information is used in accordance with the Health Information Portability and Accountability Act (HIPAA) and applicable federal and state laws governing patient privacy. Protected Health Information available on the Physician’s Portal may only be used or disclosed for treatment and other authorized purposes as stated in the Notice of Privacy Practices. 
• Security Measures - Information accessed through this Physician’s Portal, including Protected Health Information, is secured using administrative, physical and technical safeguards. For example, the transfer of information is encrypted using industry standard Secure Sockets Layer (SSL) technology and information is stored on controlled servers with restricted access. All access is password protected and each individual user has his/her own user name and password. All access is tracked at Invitae for security purposes.

These Websites are owned and operated by Invitae Corporation. You can contact us using the Contact Us page or by mail at 1400 16th St., San Francisco, CA 94103, 800-436-3037, or 415-374-7782.