Privacy Notice for European Users
GRAIL’s processing of your personal data may be subject to applicable privacy laws in the EEA and the UK, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Data Protection Act 2018 (“DPA18”).
For the purposes of this privacy notice, “personal data” means any data or information that relates to and can identify a living individual. The data controller of your personal data is GRAIL, Inc., which can be contacted by post at 1525 O’Brien Drive, Menlo Park, California 94025 (Attn: Legal Department), by email at firstname.lastname@example.org and by telephone at +1-833-694-2553
Provision of Personal Data.
If you are an individual in the EEA or the UK, or GRAIL’s processing of your personal data is otherwise subject to the GDPR or the DPA18, you may have certain rights with respect to your personal data. You can exercise these rights at any time by contacting us at email@example.com.
- Request Access to your Personal Data. You can request a copy of the personal data we hold about you
- Request Correction of Your Personal Data. You can ask us to correct any incomplete or inaccurate personal data we hold about you.
- Request Erasure of your Personal Data. You can ask us to delete your personal data where there is no legitimate reason for us continuing to process it.
- Request Restriction of Your Personal Data. You can ask us to suspend the processing of your personal data (such as when you want us to establish its accuracy or the reason for processing it).
- Request Portability of Your Personal Data. You can ask us to transfer your personal data to another data controller in a machine-readable form. This right will only apply where we process your personal data based on your consent or where the processing is necessary for the performance of a contract between us.
- Object to the Processing of Your Personal Data. You can object to our processing where we are relying on a legitimate interest (or those of a third party) as our legal basis. You can also object at any time to our use of your personal data for direct marketing purposes.
- Withdraw Your Consent. Where we are relying on your consent to process your personal data, you can withdraw consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. However, where we are relying on your consent as the legal basis for processing, we may not be able to provide certain products or services to you following the withdrawal of such consent.
- You also have the right to complain to an EEA or UK data protection authority in the place you live, work or where you believe a breach of the GDPR or the DPA18 occurred. However, GRAIL would appreciate the opportunity to address your concerns before you do this, so please contact us in the first instance at firstname.lastname@example.org.
If necessary, we will notify any other parties (such as our suppliers or service providers) to which we have transferred your personal data of any changes that we make when you make a request under the GDPR or the DPA18. While we communicate to these parties, we are not responsible for the actions they take to answer your request. In some cases, you may also be able to access your personal data held by these third parties and correct, amend or delete it where it is inaccurate.
Your rights under the GDPR and the DPA 18 may be limited, such as where fulfilling your request would reveal personal data about another person or would infringe the rights of a third party (including our rights), or if you ask us to erase personal data that we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.
Transferring Your Personal Data
When we transfer your personal data outside the EEA and the UK, and to the extent required by the GDPR and the DPA18, we rely on appropriate or suitable safeguards to transfer your personal data, including:
- Using standard contractual clauses approved by relevant authorities as ensuring adequate safeguards for personal data;
- Obtaining your consent to transfer personal data after first informing you about the possible risks of such a transfer;
- When the transfer is necessary for the performance of a contract between you and us or if the transfer is necessary for the performance of a contract between us and a third party that is entered into in your interest; and
- Where the transfer is necessary to establish, exercise or defend legal claims.
For further information, including to obtain a copy of the documents used to protect your personal data, please contact us at email@example.com.
Retaining Your Personal Data.
Have questions or concerns? Contact us:
Attention: Legal Department
1525 O’Brien Drive
By email: firstname.lastname@example.org
By telephone: +1-833-694-2553
Last Updated: January 1, 2023.