Last Updated: 20th September, 2019
“Affiliated Company” refers to a company that is related to BGI due to joint ownership or control.
“Third Party” refers to a company or person who does not have a related relationship arising out of joint ownership or control with BGI (i.e., a non-affiliated company) or other non-related person, or the Customer who engage the Services from BGI (i.e., Clinician, Hospital, Health Professional, Healthcare Service Provider, University, Research Institution, Pharmaceutical Companies)
“Genetic Data” refers to personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question
“Personal Data” refers to any information relating to an identified or identifiable natural person (“Personal Data Subject”), including Genetic Data. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location information, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Sensitive Personal Data” refers to any Personal Data that the leakage, disclosure, or abuse of which could easily endanger personal and property safety, and easily lead to the harm of one’s personal reputation and mental and physical health, or lead to discriminatory treatment.
2) What and How We Collect Your Personal Data
The Personal Data can be collected by BGI directly from the Personal Data Subject or from a Third Party.
BGI is responsible for the processing and treatment of Personal Data of you regarding to the Services entrusted to BGI. For the information which may constitute sensitive Personal Data in certain jurisdictions and regions, relevant terms and articles would be marked in bold for your special attention.
The Personal Data collected by BGI can include but is not limited to:
2.1) Information You Directly Provide to Us
Certain Personal Data concerning you including Genetic Data are collected directly from you by BGI.
BGI might collect the Personal Data in the following circumstances:
The information above may be necessary for the adequate performance of the contract or purchase order between you and BGI and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with relevant requested Services.
2.2) Information We Collect from Third Parties
To enable us to provide better Services to you, where permitted by applicable laws, we may collect your Personal Data indirectly from a Third Party.
We will put efforts to ensure the legitimacy of source of your Personal Data. However, please note that we do not control, supervise or respond for how the Third Party processes your Personal Data. Any request regarding the disclosure of your Personal Data to us should be directed to such Third Party.
2.3) Information We Automatically Collect from You with Cookies and Similar Technologies
A Cookie is a plain text file that is stored on computers or mobile devices by web servers. The contents of Cookies can only be retrieved or read by its creating server. Every Cookie is unique to your web browser or mobile application. A Cookie usually includes identifier, site name and some numbers and characters. Using Cookies, a website can store data of user preferences or products in shopping basket, etc.
As true of most websites, our website gathers certain information automatically. This information may include Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, the files viewed on our website (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyse trends in the aggregate and administer the site.
You may manage or delete Cookies based on your preferences. You can clear all Cookies on your computer and most web browsers have Do Not Track function. If Do Not Track is enabled on your browser, all of our websites will respect your choice.
If you want to know more about how to change browser settings, please click the following links for popular browser software: Microsoft Internet Explorer, Microsoft Edge, Mozilla Firefox, Google Chrome, Safari for macOS and Safari for iOS.
3) How We Use Your Personal Data
We collect your Personal Data so that we can:
3.1) Use Upon Your Consent
3.2) Use Without Your Consent
In accordance with applicable laws, BGI may process your Personal Data for the one of the following purposes without your consent:
4) How Long We Keep Your Personal Data
BGI will retain the Personal Data for no longer than it is necessary for the purposes as long as needed to provide the Services requested from BGI or requested by applicable laws and regulations. Beyond the above retention period, we will delete or anonymize your Personal Data.
5) How We Share and Disclose Your Personal Data
Within BGI, the Personal Data collected are only accessible to the members of BGI who, within the scope of their specific tasks, are responsible for it and whose access to these data is expressly required for the performance of their tasks.
BGI may also share the Personal Data collected with its affiliated companies, trusted third parties, suppliers and sub-contractors through which you have ordered one of our services and consented to receive your Personal Data, as well as the Insurance Company if their intervention is required.
We will never share or disclose your Personal Data without obtaining your consent unless when:
6) How Your Personal Data is Transferred
We will never transfer any Personal Data of you outside of the country or jurisdiction where our Services performed without your authorization and consent.
After acquiring your authorisation and consent, and subject to applicable local legal requirements, your Personal Data may be transferred, stored and processed outside of the country where you live or have ordered our Services from. The primary location of where your Personal Data will be stored or processed for the Services you have ordered from BGI will be stated in the governing contract and/or the test request form.
We only provide your Personal Data to our subsidiaries and affiliated companies where it is necessary to meet the purpose for which you have submitted your Personal Data and in particular if necessary for the provision of services and support. We take steps to ensure that BGI companies follow our data protection policy, this privacy notice and applicable local law when handling Personal Data.
6.1) Transfer outside of EU
BGI will implement appropriate measures to ensure that Personal Data remain protected and secure when transferred outside EU, in accordance with applicable data protection and privacy laws, such as:
In the absence of the above appropriate safeguards, we will ask you for your explicit consent for cross-border transmission of your Personal Data. In the meantime, security measures such as encryption or de-identification will be adopted for the safety of your Personal Data.
7) How We Protect Your Personal Data
BGI uses a variety of security measures and technologies to help protect Personal Data from unauthorised access, use, disclosure, alteration or destruction with applicable data protection and privacy laws.
Amongst others, when BGI shares the Personal Data of a Personal Data Subject with external suppliers/subcontractors, BGI may put in place a written agreement which commits the suppliers/sub-contractors to keep these Personal Data confidential and put in place appropriate security measures to keep this information secure.
Some of the safeguards we use to protect your information are firewalls, data encryption, and access controls. The administrative measures we use include establishment of department and designation of person responsible for protection of Personal Data, conducting self-evaluation on security of Personal Data, organization of training on relevant staff, etc.
In case of Personal Data security incident, we will in a timely manner according to laws and regulations inform you about the basic conditions and possible influence of security incident, response measures that are already taken or to be taken by us, suggestions for you regarding precautions and risk control, corrective measures for you, etc. We will inform you about relevant situations of the incident in a timely manner via email, fax, telephone, push notification, etc. When it is difficult to notify every Personal Data Subject individually, we will properly and effectively issue a public announcement.
8) Your Rights
We respect your legal rights with regards to your Personal Data. Below are the rights you may exercise before us by sending an email to BGI_INTL_GDPR@bgi.com. Please note that for the sake of security, we may ask you to verify your identity before further processing your request.
However, please note that BGI is contractually obliged to retain certain information as necessary for our legitimate business interests, to comply with our legal interest, or in accordance with legislation.
9) How We Process Children’s Personal Data
Although the definition of children varies according to laws and customs in different jurisdictions, we treat anyone under 14 years old (or equivalent minimum age in relevant jurisdiction) as a child.
We will only collect and process Children’s Person Data after we have obtained explicit consent of their guardian. When we find that a child’s Personal Data is collected without explicit consent of his or her guardian, we will delete the relevant data as soon as possible.
11) Contact Us
For any privacy concern, you may, at any time, contact BGI through BGI_INTL_GDPR@bgi.com and generally you will get our reply in thirty (30) working days.