Washington Consumer Health Data Privacy Policy

In addition to our LetsGetChecked Privacy Policy this notice applies to Washington residents, and to “consumer health data” as defined by the Washington My Health My Data Act (MHMDA).

What Consumer Health Data We Collect

As described in the “What information we collect” section of the LetsGetChecked Privacy Policy, when you use our products and services, we collect, receive or otherwise process information in several different ways. In many cases, you choose what information to provide. Some information is required in order for us to provide our Products and Services. Because consumer health data is defined very broadly by MHMDA, much of the information we collect from you could be considered consumer health data.

Consumer health data we may collect from you could include:

1. Purchase and assistance information. We collect information when you purchase or use our Products and Services, when you phone our Support Team, or otherwise contact us for support. This information will include name, gender, contact information, billing address, delivery address and any further information you volunteer to provide to us.

2. Health-related data. When you purchase or use our Products and Services, we may collect and process data concerning your health. This could include information about your health-related conditions, symptoms, status, diagnoses, testing, or treatments (including surgeries, procedures, medications, or other interventions), measurements of bodily functions, vital signs, or characteristics, including photographs, (which may also be considered biometric information under certain privacy laws), health insurance or claims information, and information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health. Health-related data may also include Samples, Test Information or any other information we might receive from you, a medical practitioner, any third party you are affiliated with such as your insurance company, or Accredited Laboratory. When you activate or confirm eligibility for use of a Service or Product, we may collect and process information relating to your personal health, which could also include the collection of other types of sensitive information (see 8. “Sensitive” Information section below), such as information about your sex life, sexual orientation, your ethnicity, or a suitability questionnaire to confirm that the Service or Product is appropriate to your needs. You may also provide information to us if you connect a wearable device to one of our Products or Services.

3. Genetic and Genetic-Related Data. This is data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question (“Genetic Data”). Our collection of Genetic Data may include physical samples provided in connection with your use of our Products and Services (such as a blood sample, saliva sample, or nasal swab). We may also request or generate Genetic Data, medical history, family history, known familial genetic conditions or mutations where necessary to provide our Products and Services.

4. Biometric and Identity Verification Data. In connection with certain Products and Services, we may collect documentation (such as a government issued ID) or your biometric data, such as a face scan, for the purposes of verifying your identity. For certain organized health testing programs you participate in that are affiliated with your employer, insurer or other third party, we may collect your social security number (SSN) if they have this on record and require us to use this for the purposes of identity verification or, where no other unique identity number is available, for the purposes of matching your records across multiple parties who may be involved in your health testing program.

5. Correspondence. We will collect and maintain your contact details when you communicate with us, sign up for promotional material, participate in special promotions, or connect with us through social media. If you contact us by email, we may keep a record of that correspondence. If you make a request with regard to the handling of your Personal Information, we may retain information regarding the request and any actions we take or correspondence we provide in response to such request.

6. Website and device information. We collect information about your browser or device, including, where available, your IP address or device ID, operating system and browser type. We also collect details of your visits to our Site and Apps including, but not limited to, traffic data, location data, the resources that you access, web logs and other communication data. Our Site and Apps also use cookies; for detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy. We may also ask you for information when you report a problem with our Site or Apps. You may also choose to provide us access to certain features of your device, including allowing LetsGetChecked’s App to access your mobile phone camera to take pictures. This will enable you to use QR codes on our test kits (allowing you to quickly input test details and codes, rather than hand typing), and in some cases to verify your identity (for example to allow you to photograph and share with us a passport-style photo or proof of government issued identification or other documentation).

7. Survey information. If you respond to any surveys that we might request, which are completely voluntary, we will process your responses.

8. “Sensitive” Information. “Sensitive” personal information may be collected as defined by certain U.S. state laws and other applicable privacy laws. This could include information already mentioned above but can include: government identification for identity verification purposes such as your social security, driver’s license, state identification card, or passport number; your account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; your precise geolocation; your racial or ethnic origin; the contents of your mail, email, and text messages unless LetsGetChecked is the intended recipient of the communication; your genetic data; the processing of biometric information for the purpose of uniquely identifying you; personal information collected and analyzed concerning your health; personal information collected and analyzed concerning your sex life or sexual orientation.

Sources, Purposes of Collecting Consumer Health Data, and Sharing

We collect, use and share consumer health data as defined by MHMDA for a number of purposes:

To provide you with our Products and Services.

To receive, store and analyze your Samples at Accredited Laboratories.

To receive, review, store and communicate your Test Information to you, including by presenting your Test Information and other reported history via the LetsGetChecked secure environment.

To communicate with you via various channels including by phone, SMS text message, email, and physical mail, to support in the delivery of Products and Services or to send you important account-related communications. For example, communicating with you by phone to discuss your results, or sending you an email or text message to notify you that your results are ready.

To provide you with your results and, in some instances, relevant treatment options.

To de-identify your information for service improvement, product quality improvement, research, operations or to disclose to trusted partners for business or other purposes.

We may use your Personal Information for research purposes where we have a legal basis to do so, or may contact you about research opportunities, clinical trials, or clinical treatments for you when appropriate. The legal basis for this activity is generally express prior consent (e.g. to participate in a research study), or if consent is not required as a legal basis for such activities, LetsGetChecked is acting in its legitimate business interests where not overridden by your interests or fundamental rights and freedoms.

To fill and support your purchases of our Products and Services, including to process payments and to provide customer assistance. This may also include sharing your information with physicians, prescription service providers, or pharmacies where we have legal basis to do so.

To ensure that content from our Site and Apps is presented in an effective manner for you and your device.

To contact you with offers, updates, and news related to Services and Products you have purchased, unless you choose not to receive these. With your consent, we may also share Personal Information with third parties for advertising purposes. This excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

To analyze information to help us administer, support and improve our business.

To detect, investigate and prevent activities that may violate our policies or agreements or be illegal, including by sharing information with law enforcement.

To retain certain records about the handling of any Samples you send us for regulatory purposes.

To fulfill any legal obligations and legal requirements, for example regulatory reporting to health agencies, or retaining certain tax and accounting records for financial reporting.

For COVID-19 testing we use Personal Information to provide you or any authorized parties (such as an employer or other organization that you have consented to us sharing results with) with testing services, and to support in public health efforts or research (for example, reporting positive test results to local health agencies where legally required). If we use your Personal Information or Test Information for anything beyond this, we will ask for your explicit consent or else explain the legal basis for any further use of your data, if such use does not rely on your consent.

As described in the “Right to Know – Further Information” section of our Privacy Policy, we collect personal data, which may include consumer health data as defined by MHMDA, from a variety of sources. We may also share it for the purposes described above, where we have a legal basis to do so, with certain categories of third parties and affiliates. Certain types of data may be collected from different sources, and shared with different categories of third party, for different purposes as detailed further below.

Purchase and assistance information including name, gender, contact information, billing address, delivery address, government issued ID if required for identity verification, payment information, and any further information you volunteer to provide through the Site and Apps.

Categories of Sources:

• You

• Resellers and B2B Customers (e.g. if you are an employee or member of a health insurance plan, your employer or health insurer may provide us with certain necessary Personal Information for purposes of providing you with our services. If you purchase through a reseller channel, that reseller may provide your order and shipping details to allow us to fulfill your order)

Business or Commercial Purposes:

• To receive, store and analyze your Samples

• To receive, review, store and communicate Test Information

• To provide results

• To help facilitate your prescription order and delivery

• To de-identify information

• To fill and support purchases and delivery of Products and Services

• Processing payments

• Customer assistance

• Site and Apps development

• Marketing

• Administer, support and improve our business.

• To combat activities that may violate our policies or agreements or be illegal

• To retain certain tax and accounting records.

Third Parties with Whom Shared:

• Service Providers

• Payment processors

• Labs

• Pharmacies

• Healthcare Providers

• Your health insurer

• Public health agencies

• Marketing affiliates

• Other third parties (such as your employer or insurer if you are testing through a program sponsored or subsidized by them)

Health Related Data including Sensitive information such as in relation to your past, present and future health and healthcare, health insurance information, sex life or sexual orientation, sex at birth or gender, and ethnicity.

Categories of Sources:

• You

• Your healthcare providers or insurer

• Labs

Business or Commercial Purposes:

• To receive, store and analyze your Samples

• To receive, review, store and communicate Test Information

• To provide results

• To help facilitate your prescription order and delivery

• To de-identify information or use it for research, with your consent.

• To fill and support purchases of Products and Services

• Customer assistance

Third Parties with Whom Shared:

• Labs

• Pharmacies

• Healthcare Providers

• Your health insurer

• Public health agencies

• Service Providers

•Other third parties that support the ordering, processing, fulfillment and delivery of Products and Services

• Other third parties (such as your employer or insurer if you are testing through a program sponsored or subsidized by them)

Genetic and Genetic Related Data.

Categories of Sources:

• You

• Your healthcare provider

• Labs

Business or Commercial Purposes:

• To receive, store and analyze your Samples

• To receive, review, store and communicate Test Information

• To provide results and genetic counselling

• To help facilitate your prescription order and delivery

• To de-identify information or use it for research, with your consent.

• To fill and support purchases and delivery of Products and Services

• Customer assistance

Third Parties with Whom Shared:

• Labs

• Healthcare Providers and genetic counsellors

• Service Providers

• Other third parties that support the ordering, processing, fulfillment and delivery of Products and Services

• Other third parties with your consent

Biometric Data such as photos used to compare against government issued ID for identity verification purposes.

Categories of Sources:

• You

• Identity Verification Service Providers

Business or Commercial Purposes:

• To verify and identify

Third Parties with Whom Shared:

• Identity Verification Service Providers

Correspondence, sign-ups for materials and promotions.

Categories of Sources:

• You and other correspondents

Business or Commercial Purposes:

• To fill and support purchases of Products and Services

• Processing payments

• Customer assistance

• Site and Apps development

• Marketing

• Administer, support and improve our business.

• To combat activities that may violate our policies or agreements or be illegal

• To retain certain tax and accounting records.

Third Parties with Whom Shared:

• Marketing affiliates and Service Providers

• Payment processors

• Tax agencies

• Other third parties with your consent (such as your employer or insurer if you are testing through a program sponsored or subsidized by them)

Website, Apps and device information.

Categories of Sources:

• You

• Your devices

Business or Commercial Purposes:

• Track use of Site and Services

• Increase navigation efficiency of the Site and Apps

• Personalization of the Site and Apps

• Marketing

• Site and Apps development.

Third Parties with Whom Shared:

• Marketing Service Providers

• Analytics Service Providers

Survey and Questionnaire Response Information.

Categories of Sources:

• You

Business or Commercial Purposes:

• Site and Apps development

• Marketing

• Administer, support and improve our business and products

• Research

Third Parties with Whom Shared:

• Service Providers

• Other third parties (such as your employer or insurer if you are testing through a program sponsored or subsidized by them)

Your Privacy Rights

Washington’s MHMDA provides you with data privacy rights over your consumer health data. Under the MHMDA, consumers have a right to delete their consumer health data, access their consumer health data, withdraw consent from collection and sharing of consumer health data, and to receive a list of all third parties and affiliates — including contact information — who receive their individual data from the regulated entity. If your request to exercise a right under the MHMDA is denied, you may appeal that decision by contacting our privacy support team via DPO@LetsGetChecked.com. If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.

You may exercise your rights and make a request to us by emailing us at DPO@LetsGetChecked.com. You may also contact us via toll free phone number at +1 (888) 396-7375.

Last Updated: March 11th 2024