Last Updated: 11th August, 2020
“Affiliated Company” refers to a company that is related to BGI due to joint ownership or control.
“Third Party”refers to a company or person who does not have a related relationship arising out of joint ownership or control with BGI (i.e., a non-affiliated company) or other non-related person, or the Customer who engage the Services from BGI (i.e., Clinician, Hospital, Health Professional, Healthcare Service Provider, University, Research Institution, Pharmaceutical Companies).
“Genetic Data” refers to personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.
“Personal Information” refers to any information relating to an identified or identifiable natural person(“Personal Data Subject”), including Genetic Data. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location information, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Sensitive Personal Information” refers to any Personal Data that the leakage, disclosure, or abuse of which could easily endanger personal and property safety, and easily lead to the harm of one’s personal reputation and mental and physical health, or lead to discriminatory treatment.
2) What and How We Collect Your Personal Information
The Personal Information can be collected by BGI directly from the Personal Data Subject or from a Third Party with the consent of the Personal Data Subject or where permitted by law.
BGI is responsible for the processing and treatment of Personal Information of you regarding to the Services entrusted to BGI. For the information which may constitute sensitive Personal Information in certain jurisdictions and regions,relevant terms and articles would be marked in bold for your special attention..
The Personal Information collected by BGI can include but is not limited to:
2.1) Information You Directly Provide to Us
Certain Personal Information concerning you including Genetic Data are collected directly from you by BGI.
BGI might collect the Personal Information in the following circumstances:
The information above may be necessary for the adequate performance of the contract or purchase order between you and BGI and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with relevant requested Services.
2.2) Information We Collect from Third Parties
To enable us to provide better Services to you, where permitted by applicable laws, we may collect your Personal Information indirectly from a Third Party.
We will put efforts to ensure the legitimacy of source of your Personal Information. However, please note that we do not control, supervise or respond for how the Third Party processes your Personal Information. Any request regarding the disclosure of your Personal Information to us should be directed to such Third Party.
2.3) Information We Automatically Collect from You with Cookies and Similar Technologies
A Cookie is a plain text file that is stored on computers or mobile devices by web servers. The contents of Cookies can only be retrieved or read by its creating server. Every Cookie is unique to your web browser or mobile application. A Cookie usually includes identifier, site name and some numbers and characters. Using Cookies, a website can store data of user preferences or products in shopping basket, etc.
As true of most websites, our website gathers certain information automatically. This information may include Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, the files viewed on our website (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyse trends in the aggregate and administer the site.
You may manage or delete Cookies based on your preferences. You can clear all Cookies on your computer and most web browsers have Do Not Track function. If Do Not Track is enabled on your browser, all of our websites will respect your choice.
If you want to know more about how to change browser settings, please click the following links for popular browser software: Microsoft Internet Explorer, Microsoft Edge, Mozilla Firefox, Google Chrome, Safari for macOS and Safari for iOS.
BGI does use HubSpot to record and store customer information when it has been voluntarily submitted to us through a form on our website or obtained through other legitimate means. HubSpot may also be used to contact customers for marketing or commercial purposes where consent has been given or where local laws allow.
3) How We Use Your Personal Information
We collect your Personal Information so that we can:
3.1) Use Upon Your Consent
We may process your Personal Information for the purposes as follows with your consent.
3.2) Use Without Your Consent
In accordance with applicable laws, BGI may process your Personal Information for the one of the following purposes without your consent:
4) How Long We Keep Your Personal Information
BGI will retain the Personal Data for no longer than it is necessary for the purposes as long as needed to provide the Services requested from BGI or requested by applicable laws and regulations. Beyond the above retention period, we will delete or anonymize your Personal Information.
5) How We Share and Disclose Your Personal Information
Within BGI, the Personal Information collected are only accessible to the members of BGI who, within the scope of their specific tasks, are responsible for it and whose access to these data is expressly required for the performance of their tasks.
BGI may also share the Personal Information collected with its affiliated companies, trusted third parties, suppliers and sub-contractors through which you have ordered one of our services and consented to receive your Personal Information, as well as the Insurance Company if their intervention is required.
We will never share or disclose your Personal Information without obtaining your consent unless when:
6) How Your Personal Information is Transferred
Subject to applicable local legal requirements, your Personal Information may be transferred, stored and processed outside of the country where you live or have ordered our Services from, including to our subsidiaries, affiliated companies and service providers located in other jurisdictions, and may become subject to the laws of such jurisdictions. The primary location of where your Personal Information will be stored or processed for the Services you have ordered from BGI will be stated in the governing contract and/or the test request form.
We only provide your Personal Information to our subsidiaries, affiliated companies and services providers where it is necessary to meet the purpose for which you have submitted your Personal Information and in particular if necessary for the provision of services and support. We take steps to ensure that BGI companies follow our data protection policy, this privacy notice and applicable local law when handling Personal Information and that service providers put in place adequate safeguards to protect the Personal Information entrusted to them, as outlined below.
6.1) Transfer outside of EU
For Personal Information of Personal Data Subjects who are in EU: BGI will implement appropriate measures to ensure that Personal Information remain protected and secure when transferred outside EU, in accordance with applicable data protection and privacy laws, such as:
In the absence of the above appropriate safeguards, we will ask you for your explicit consent for cross-border transmission of your Personal Information. In the meantime, security measures such as encryption or de-identification will be adopted for the safety of your Personal Information.
7) How We Protect Your Personal Information
BGI uses a variety of security measures and technologies to help protect Personal Information from unauthorised access, use, disclosure, alteration or destruction with applicable data protection and privacy laws.
Amongst others, when BGI shares the Personal Information of a Personal Data Subject with external suppliers/subcontractors or services providers, BGI may put in place a written agreement which commits the suppliers/sub-contractors or services providers to keep these Personal Information confidential and put in place appropriate security measures to keep this information secure.
Some of the safeguards we use to protect your information are firewalls, data encryption, and access controls. The administrative measures we use include establishment of department and designation of person responsible for protection of Personal Information, conducting self-evaluation on security of Personal Information, organization of training on relevant staff, etc.
In case of Personal Information security incident, we will in a timely manner according to laws and regulations inform you about the basic conditions and possible influence of security incident, response measures that are already taken or to be taken by us, suggestions for you regarding precautions and risk control, corrective measures for you, etc. To the extent permitted by law, we will inform you about relevant situations of the incident in a timely manner via email, fax, telephone or push notification, or any other means of communication we deem appropriate. When it is difficult to notify every Personal Data Subject individually, we will properly and effectively issue a public announcement.
8) Your Rights
We respect your legal rights with regards to your Personal Information. Below are the rights you may exercise before us by sending an email to BGI_INTL_GDPR@bgi.com. Please note that for the sake of security, we may ask you to verify your identity before further processing your request.
However, please note that BGI is contractually obliged to retain certain information as necessary for our legitimate business interests, to comply with our legal interest, or in accordance with legislation.
9) How We Process Children’s Personal Information
Although the definition of children varies according to laws and customs in different jurisdictions, we treat anyone under 16 years old (or equivalent minimum age in relevant jurisdiction) as a child.
We will only collect and process Children’s Person Information after we have obtained explicit consent of their guardian. When we find that a child’s Personal Information is collected without explicit consent of his or her guardian, we will delete the relevant data as soon as possible
11) Contact Us
For any privacy concern, you may, at any time, contact BGI through BGI_INTL_GDPR@bgi.com and generally you will get our reply in thirty (30) working days or such shorter period as provided by law.