Choose Your Language
Home  /  Privacy Policy

Privacy Policy

Last Updated: 20th September, 2019

BGI PRIVACY POLICY

BGI Genomics Co., Ltd., a publicly listed company incorporated under the laws and regulations of the People’s Republic of China (“China”), and its affiliated companies (hereinafter referred to as “BGI” or “we“) is committed to protecting and respecting your privacy and is the data controller for your Personal Data under this Privacy Policy.

This Privacy Policy outlines how we collect, use, process, disclose, transfer, and store your Personal Data when you use our websites, mobile applications, and/or our genetic testing and sequencing services (collectively the “Services”). Please read this Privacy Policy carefully to understand how we treat your Personal Data and/or Genetic Data that we may obtain in the course of providing our Services.

This Privacy Policy will help you understand the following:

  • Definition
  • What and How We Collect Your Personal Data
  • How We Use Your Personal Data
  • How Long We Keep Your Personal Data
  • How We Share and Disclose Your Personal Data
  • How Your Personal Data is Transferred
  • How We Protect Your Personal Data
  • Your Rights
  • How We Process Children’s Personal Data
  • How This Privacy Policy Is Updated
  • Contact Us
  •  

    1) Definition

    Affiliated Company” refers to a company that is related to BGI due to joint ownership or control.

    Third Party” refers to a company or person who does not have a related relationship arising out of joint ownership or control with BGI (i.e., a non-affiliated company) or other non-related person, or the Customer who engage the Services from BGI (i.e., Clinician, Hospital, Health Professional, Healthcare Service Provider, University, Research Institution, Pharmaceutical Companies)

    Genetic Data” refers to personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question

    Personal Data” refers to any information relating to an identified or identifiable natural person (“Personal Data Subject”), including Genetic Data. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location information, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    Sensitive Personal Data” refers to any Personal Data that the leakage, disclosure, or abuse of which could easily endanger personal and property safety, and easily lead to the harm of one’s personal reputation and mental and physical health, or lead to discriminatory treatment.

     

    2) What and How We Collect Your Personal Data

    The Personal Data can be collected by BGI directly from the Personal Data Subject or from a Third Party.

    BGI is responsible for the processing and treatment of Personal Data of you regarding to the Services entrusted to BGI. For the information which may constitute sensitive Personal Data in certain jurisdictions and regions, relevant terms and articles would be marked in bold for your special attention.

    The Personal Data collected by BGI can include but is not limited to:

  • full name, address and contact details
  • job title and employer details
  • date of birth
  • gender
  • weight
  • height
  • nationality
  • identification
  • banking information
  • sample material involving Genetic Data
  • any clinical information necessary for the purpose of the services or tests required, such as medical history (including any condition for which medical advice or treatment was sought, any form of consultation, investigation, prescription or treatment), allergies, lifestyle habits, current medication
  • family history
  • other medical test results or findings necessary for conducting genetic testing or sequencing services
  •  

    2.1) Information You Directly Provide to Us

    Certain Personal Data concerning you including Genetic Data are collected directly from you by BGI.

    BGI might collect the Personal Data in the following circumstances:

  • when you fill in a contract or place a purchase order for one of our Services
  • when we or our contracted local service provider issue you with a test request form for the purposes of conducting a genetic test
  • when you sign up on our website for a myBGI account
  • when you sign up on our website for our newsletter
  • when you submit a request for quote or send an enquiry via the contact forms on our website
  • when you request us to claim insurance compensation on behalf of you
  • when you fill in a contact form or consent to have your details recorded by us at a conference/event/tradeshow
  • when you reply to an email from BGI that you have previously consented to be sent to you
  • if you contact us or send us a message through social media channels
  •  

    The information above may be necessary for the adequate performance of the contract or purchase order between you and BGI and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with relevant requested Services.

     

    2.2) Information We Collect from Third Parties

    To enable us to provide better Services to you, where permitted by applicable laws, we may collect your Personal Data indirectly from a Third Party.

    We will put efforts to ensure the legitimacy of source of your Personal Data. However, please note that we do not control, supervise or respond for how the Third Party processes your Personal Data. Any request regarding the disclosure of your Personal Data to us should be directed to such Third Party.

     

    2.3) Information We Automatically Collect from You with Cookies and Similar Technologies

    A Cookie is a plain text file that is stored on computers or mobile devices by web servers. The contents of Cookies can only be retrieved or read by its creating server. Every Cookie is unique to your web browser or mobile application. A Cookie usually includes identifier, site name and some numbers and characters. Using Cookies, a website can store data of user preferences or products in shopping basket, etc.

    To ensure that our website is working normally and to personalize and customize your experience, we will use Cookies or similar tracking technologies, such as web beacons, pixels, and mobile identifiers to analyse trends, operate our website, track users’ movements around the websites, and to gather demographic information about our user base as a whole. We will not use Cookies for any purpose other than those stated in this Privacy Policy.

    As true of most websites, our website gathers certain information automatically. This information may include Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, the files viewed on our website (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyse trends in the aggregate and administer the site.

    You may manage or delete Cookies based on your preferences. You can clear all Cookies on your computer and most web browsers have Do Not Track function. If Do Not Track is enabled on your browser, all of our websites will respect your choice.

    If you want to know more about how to change browser settings, please click the following links for popular browser software: Microsoft Internet Explorer, Microsoft Edge, Mozilla Firefox, Google Chrome, Safari for macOS and Safari for iOS.

    BGI does use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics does make use of cookies in order to facilitate analysis of how users use the Site and to track Site traffic. This data does not identify individual users and BGI is not able to use this data to individually identify any user of the site. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that should you refuse the use of cookies, you may not be able to use certain features otherwise available on the Site.

     

    3) How We Use Your Personal Data

    We collect your Personal Data so that we can:

  • perform our Services
  • improve our Services
  • keep you updated about our Services
  • contact you with other relevant Services we think you might be interested in
  •  

    3.1) Use Upon Your Consent

    We may process your Personal Data for the purposes described in this Privacy Policy as follows with your consent.

  • Provide and improve our Services: The Personal Data we collect will be used to provide you with our Services, process your orders or fulfil the contract between you and BGI. In particular, we will not use your Genetic Data for any purpose other than to provide our Services without your prior consent.
  • Advertising and marketing: The Personal Data we collect will be used to personalize and improve our advertising, send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences. You can opt-out of receiving marketing messages from us easily by following the unsubscribe instructions included in our marketing messages. After you choose to opt-out, we will stop processing and delete your relevant Personal Data promptly
  • We will acquire your consent in advance when the information is to be used for a purpose that is not specified in this Privacy Policy. We will acquire your consent in advance when the information collected for a specific purpose is to be used for other purposes.

     

    3.2) Use Without Your Consent

    In accordance with applicable laws, BGI may process your Personal Data for the one of the following purposes without your consent:

  • To perform its contractual obligations;
  • To protect the vital interests of the Personal Data Subject or another natural person if the Personal Data Subject is physically or legally incapable of giving consent;
  • To comply with applicable laws, regulations and guidance; in the course of our legitimate interests.
  •  

    4) How Long We Keep Your Personal Data

    BGI will retain the Personal Data for no longer than it is necessary for the purposes as long as needed to provide the Services requested from BGI or requested by applicable laws and regulations. Beyond the above retention period, we will delete or anonymize your Personal Data.

     

    5) How We Share and Disclose Your Personal Data

    Within BGI, the Personal Data collected are only accessible to the members of BGI who, within the scope of their specific tasks, are responsible for it and whose access to these data is expressly required for the performance of their tasks.

    BGI may also share the Personal Data collected with its affiliated companies, trusted third parties, suppliers and sub-contractors through which you have ordered one of our services and consented to receive your Personal Data, as well as the Insurance Company if their intervention is required.

    We will never share or disclose your Personal Data without obtaining your consent unless when:

  • It is directly relevant to national security or national defence security;
  • It is directly relevant to public security, public health or significant public interest;
  • It is directly relevant to investigation, prosecution, trial and execution of judgment of crimes;
  • It is for the purpose of protecting life, property or other significant legal rights and interests of Personal Data subjects or others, and it is difficult to obtain consents from such persons;
  • The Personal Data collected has been disclosed by the Personal Data Subject to the public actively; or
  • It is otherwise provided by applicable laws and regulations.
  •  

    6) How Your Personal Data is Transferred

    We will never transfer any Personal Data of you outside of the country or jurisdiction where our Services performed without your authorization and consent.

    After acquiring your authorisation and consent, and subject to applicable local legal requirements, your Personal Data may be transferred, stored and processed outside of the country where you live or have ordered our Services from. The primary location of where your Personal Data will be stored or processed for the Services you have ordered from BGI will be stated in the governing contract and/or the test request form.

    We only provide your Personal Data to our subsidiaries and affiliated companies where it is necessary to meet the purpose for which you have submitted your Personal Data and in particular if necessary for the provision of services and support. We take steps to ensure that BGI companies follow our data protection policy, this privacy notice and applicable local law when handling Personal Data.

     

    6.1) Transfer outside of EU

    BGI will implement appropriate measures to ensure that Personal Data remain protected and secure when transferred outside EU, in accordance with applicable data protection and privacy laws, such as:

  • The country to which the Personal Data are transferred has benefited from an adequacy decision by the European Commission under Article 45 of the GDPR; or
  • Standard data protection contractual clauses as approved by the European Commission pursuant to Article 47 of the GDPR have been established.
  • In the absence of the above appropriate safeguards, we will ask you for your explicit consent for cross-border transmission of your Personal Data. In the meantime, security measures such as encryption or de-identification will be adopted for the safety of your Personal Data.

     

    7) How We Protect Your Personal Data

    BGI uses a variety of security measures and technologies to help protect Personal Data from unauthorised access, use, disclosure, alteration or destruction with applicable data protection and privacy laws.

    Amongst others, when BGI shares the Personal Data of a Personal Data Subject with external suppliers/subcontractors, BGI may put in place a written agreement which commits the suppliers/sub-contractors to keep these Personal Data confidential and put in place appropriate security measures to keep this information secure.

    Some of the safeguards we use to protect your information are firewalls, data encryption, and access controls. The administrative measures we use include establishment of department and designation of person responsible for protection of Personal Data, conducting self-evaluation on security of Personal Data, organization of training on relevant staff, etc.

    In case of Personal Data security incident, we will in a timely manner according to laws and regulations inform you about the basic conditions and possible influence of security incident, response measures that are already taken or to be taken by us, suggestions for you regarding precautions and risk control, corrective measures for you, etc. We will inform you about relevant situations of the incident in a timely manner via email, fax, telephone, push notification, etc. When it is difficult to notify every Personal Data Subject individually, we will properly and effectively issue a public announcement.

     

    8) Your Rights

    We respect your legal rights with regards to your Personal Data. Below are the rights you may exercise before us by sending an email to BGI_INTL_GDPR@bgi.com. Please note that for the sake of security, we may ask you to verify your identity before further processing your request.

  • To access the Personal Data BGI hold about you: You are entitled to access and request copies of Personal Data that you provided to us, unless applicable laws provide otherwise.
  • To be informed about how BGI uses your Personal Data: We strive to be transparent about how we use your data. We keep you informed as to what we do with your Personal Data through this Privacy Policy.
  • To have these data rectified promptly in case of inaccuracy/incompleteness: If you find that your Personal Data processed by us is inaccurate or incomplete, you are entitled to ask us to make rectifications.
  • To have your Personal Data erased in specific circumstances: You can request us to delete your Personal Data if we do not have a legal reason to continue to process and hold it.
  • To restrict the processing of your Personal Data: You have the right to ask us to restrict how we process your Personal Data. If you restrict our processing, we will not further process but are still permitted to store the data.
  • To object to the processing of your Personal Data: You have the right to object to our processing your data even if it is based on our legitimate interests, the exercise of official authority, direct marketing (including data aggregation), and processing for the purpose of statistics.
  • The right to data portability: To the extent permitted by laws and regulations, you have the right to request for the receipt of the transfer to another firm/organization in a structured, commonly used and machine-readable form of the Personal Data provided to BGI.
  • To lodge a complaint to BGI: You have the right to lodge a complaint by contacting BGI_INTL_GDPR@bgi.com or to the local data protection authority if your privacy rights are violated or if you have suffered as a result of the unlawful processing of your Personal Data.
  • Possibility of withdrawal of the consent/ subsequent refusal to transmit Personal DataIf you wish to withdraw your previous consent or refuse the transfer of your Personal Data, you can send a written statement to BGI. BGI will respect that choice in accordance with its own legal obligations. This could mean that BGI may not be able to perform the actions necessary to achieve the purposes as set out in this Privacy Policy and affect the way in which BGI deals with you and/or for any related entities. Moreover, this withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. In this case, BGI will not be responsible for any direct or indirect damage of any kind that might occur as result of the withdrawal of the consent.
  •  

    However, please note that BGI is contractually obliged to retain certain information as necessary for our legitimate business interests, to comply with our legal interest, or in accordance with legislation.

     

    9) How We Process Children’s Personal Data

    Although the definition of children varies according to laws and customs in different jurisdictions, we treat anyone under 14 years old (or equivalent minimum age in relevant jurisdiction) as a child.

    We will only collect and process Children’s Person Data after we have obtained explicit consent of their guardian. When we find that a child’s Personal Data is collected without explicit consent of his or her guardian, we will delete the relevant data as soon as possible.

     

    10) How This Privacy Policy is Updated

    BGI reserves the right to modify this Privacy Policy at any time in accordance with this provision. The circumstances where we may change our Privacy Policy include but not limited to: there is major change of our service mode, e.g. purpose of processing Personal Data, type of processed Personal Data, usage mode of Personal Data; major change in terms of our ownership structure, organization structure, e.g. change of owners due to business adjustment, bankruptcy, merging, etc.; change of main object to which the Personal Data is publicly disclosed, shared, or transferred; change of your rights involved in Personal Data processing and their exercises; change of our responsible department, contacts and complaint channels for security of Personal Data; when there is high risk according to the Personal Data impact assessment report, etc.

    If we make major changes to this Privacy Policy, we will post the revised Privacy Policy on our website and update the “Last Updated” date at the top of this Privacy Policy.

     

    11) Contact Us

    For any privacy concern, you may, at any time, contact BGI through BGI_INTL_GDPR@bgi.com and generally you will get our reply in thirty (30) working days.