Privacy Policy

GRAIL, Inc. and its subsidiaries and affiliates (collectively, “GRAIL”) is providing this Privacy Policy to set out the principles governing our use of personal information that we may obtain about you through one or more of our websites at which this Privacy Policy is posted including GRAIL.com (the “GRAIL Site”), provider.grail.com (the “Provider Portal”), my.grail.com (the “Patient Portal”) and Galleri.com (the “Galleri Site”) (collectively, our “Sites”) and in connection with our business (our “Business”).

If you are using our Sites in connection with a HIPAA covered service, please refer to our HIPAA Notice of Privacy Practices, which describes how we use and disclose your protected health information (“PHI”) and your rights with respect to your PHI. In connection with HIPAA covered services, in the event of a conflict between this Privacy Policy and the HIPAA Notice of Privacy Practices, our HIPAA Notice of Privacy Practices will control.

Users in California should also read the Privacy Notice for California Residents, which describes our practices and your rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. You may have certain rights regarding our processing of your personal information under applicable state law including, for example, if you are a consumer in Colorado, Connecticut, Nevada, Utah or Virginia. Please see our Supplemental State Privacy Notice for more information.

If you are in the EU/EEA or the UK, this Privacy Policy is provided for informational purposes only. Users in the EEA and UK should also read the Privacy Notice for European Users, which provides additional information about how GRAIL processes, stores and transfers your personal information and the rights that you have with respect to such personal information.

If you are outside the European Economic Area (“EEA”) or the United Kingdom (“UK”), by using our Sites, you agree to our use of the personal information that we obtain about you.  If you do not agree to this Privacy Policy, do not use our Sites.

Please read this Privacy Policy carefully. We may change our Privacy Policy from time to time. We therefore ask you to check it occasionally to ensure that you are aware of the most recent version that will apply each time you access our Sites. In the event of material changes to this Privacy Policy, we will notify you. Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on our Sites (or as otherwise indicated at the time of posting). In all cases, your continued use of our Sites, products and services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy. 

For your convenience, our Sites may contain links to a number of other websites that we do not own or operate. If you access those links, you will leave our Sites. This Privacy Policy does not apply to those other websites; we suggest contacting those websites directly for information on their data collection and distribution policies. Any reference to a linked website or any specific third party product or service by name does not constitute or imply its endorsement by us, and you assume all risk with respect to its use.

Information We Collect
We may collect personal information when you visit or interact with our Sites, fill in forms on our Sites, interact with our Business, correspond with us by phone, e-mail or otherwise, or when you inquire about or apply for employment opportunities at GRAIL. This personal information generally refers to information that relates to an identified or identifiable individual or household, such as a name, contact details, or address, and includes the following information, which are referred to in this Privacy Policy as “personal information” generally. 

  • Information You Provide Us. When you interact with our Sites, for example when you complete one of our online forms such as a job application form, you may provide us with information that we collect, including:
    • Contact Information such as your name, title, company, mailing address, email address, phone number, password, resume information, professional credentials, institutional affiliations and any other information you choose to provide to us;
    • Health / Test Order Information such as certain health information related to cancer status or cancer risk, demographic information, email address, and address (to the extent such information constitutes PHI, it will be subject to our HIPAA Notice of Privacy Practices);
    • Biographical and demographic information such as date of birth, age, gender, marital status, and information regarding any parents or legal guardians;
    • Testimonials such as any information you provide related to your experiences with our products and services;
    • Marketing and communication data which tells us your preference in receiving marketing from us and our third parties and your communication preferences;
    • Sensitive personal information such as your race or ethnicity, or criminal offenses. Please note that we do not ask for any sensitive personal information through our Sites (except for responses to job postings that are collected by a third party) and request that you omit any such information in any communications with us. If you send us sensitive personal information, we will delete it unless you provide your specific consent to having us include it in your account, as it will be processed with the rest of your personal information; and
    • Payment-related information such as credit card and financial account information.
  • Information that we collect automatically when you visit our Sites. When you visit our Sites, we may collect the following information from your computer or other electronic device (for more information regarding our collection of this information, please see our Cookie Notice).
    • Technical data such as your internet protocol (“IP”) address, your login data, the web page you visited before visiting our Sites, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Sites; and
    • Usage data which tells us how you use our Sites.

Personal information does not include information that can no longer be used to identify you, whether in combination with other information or otherwise, including de-identified or aggregated consumer information.

Purposes for which we will use your personal information
We will only use your personal information in compliance with applicable law. Most commonly, we will use your personal information in the following circumstances:

  • To provide services to you or to perform the contract we are about to enter into or have entered into with you.
  • To manage our relationship with you.
  • To process your registration on our Sites and send you information about changes to our Terms of Service and other policies.
  • To communicate with you and respond to your service-related requests, questions, and feedback.
  • To verify your identity or provide you with the information, products and services that you request. For example, we provide information or respond to your questions when you contact us.
  • To facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics.
  • To provide, evaluate, improve, protect, and promote our Sites and our products. Note that we use your usage data and technical data, including the actions you take in your account (such as visits to our Sites, page interaction information, and search history) as well as cookies and other technologies for these purposes, as further described in our Cookie Notice.
  • To comply with a legal or regulatory obligation, such as a subpoena, court order, warrant, or similar legal process.
  • Where you have given your consent and as described to you when we collect your personal information.
  • Where it is necessary for our legitimate interests (or those of a third party) and, where consistent with applicable laws.
  • To provide you with access to content and features on our Sites and develop our Business and our Sites;
  • To enhance your experience when you visit our Sites, such as remembering your preferences. We may also use your personal information to provide you with information about our Business we feel may interest you, market new products to you, and send you communications about new features. If you do not want us to use your data in this way, select the ‘unsubscribe’ link in any email communication, or text ‘STOP’ to opt out of any SMS communication, from us;
  • To monitor the use of our Sites and use personal information to help us provide, evaluate, improve, protect, and promote our Sites and our products, both online and offline;
  • To ensure the security of our Sites, by preventing unauthorized or malicious activities;
  • To investigate any complaints received from you or from others about our Sites or our Business;
  • To enforce compliance with our Terms of Service and other policies and to help other organizations (such as copyright owners) enforce their rights;
  • To protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); and
  • To investigate and deter fraudulent, harmful, unauthorized, unethical, or illegal activity.

Sharing Your Data

We may share information as discussed below. 

Affiliates. We may share your personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service Providers and Contractors. GRAIL uses trusted third parties with whom we contract to help us provide, improve, protect, and promote our Sites and our Business, and to perform business operations, such as determining eligibility for our products. These third parties may contact you on our behalf to perform these business operations. These third parties will access your personal information only to perform tasks on our behalf in compliance with this Privacy Policy.

Other Applications and Third-party Links. The Sites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our Sites, we encourage you to read the privacy policies of every website you visit. Please remember that their use of your personal information will be governed by their privacy policies and terms.

The Public, with your consent. We may make available functionality that enables you to disclose information to the public. We do not control how other individuals or third parties use any personal information that you choose to make available to the public. If you gave us consent to post a testimonial on our Sites and/or social media pages but wish to update or delete it, please contact us at privacy@grailbio.com.

For Compliance, Fraud Prevention and Safety. We may share personal information for the compliance, fraud prevention and safety purposes described above and to comply with legal requirements and processes.

Business Transfers. We may transfer or otherwise share some or all of our business or assets, including personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Legal Purposes. We will disclose your personal information when we think it is necessary to investigate or prevent actual or suspected fraud, criminal activity, injury or damage to us or others; when otherwise required by law, regulation, subpoena, court order, warrant, or similar legal process; or if necessary to assert or protect our rights or assets.

Other Parties. To another party or parties for any other purpose disclosed by us when you provided your personal information, with your consent or authorization, or as otherwise permitted or required by applicable law.

Protecting Your Data

We take reasonable precautions intended to help protect the personal information that we collect and store; however, no system or online transmission of data is completely secure. We cannot guarantee the security of information transmitted to or through our services. Any transmission is at your own risk. Please use security measures to protect your personal information. 

Children

Consistent with the United States Children’s Online Privacy Protection Act of 1998 (“COPPA”), we do not knowingly request personally identifiable information from anyone under the age of 13 without requiring parental consent. Any person who provides their personal information to GRAIL through our Sites represents that they are 13 years of age or older. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable. We encourage parents with concerns to contact us at privacy@grailbio.com.

Where We Store and Transfer Your Data

The Sites are controlled by GRAIL from its offices in the United States. GRAIL may store and use information in the United States, the UK and other jurisdictions; any personal information provided to GRAIL will be transmitted to or within those jurisdictions. GRAIL also may transfer information and personal information to other jurisdictions to facilitate GRAIL’s third party processors’ access to and/or processing of information and/or personal information. Such jurisdictions may have privacy laws not as protective as those in your jurisdiction. Users in the EEA and the UK should read the important information provided in the Privacy Notice for European Users about transfer of personal information outside of the EU/EEA and UK.

GRAIL makes no representation that materials on our Sites are appropriate or available for use in other locations, and access to them from territories where their contents are illegal is prohibited. Those who choose to access our Sites from other locations do so on their own initiative and are responsible for compliance with applicable local laws.

Your Choices

Update Your Information. If you become aware that the personal information we maintain about you is inaccurate, incomplete, misleading, irrelevant or out of date, you may contact us using our online request form.

Marketing Communications. You may opt out of marketing-related emails by clicking the “Unsubscribe” link at the bottom of each such email, or by sending an email with the subject line “Unsubscribe” to privacy@grailbio.com. You may continue to receive service-related and other non-marketing emails. You may opt-out of receiving physical mail by contacting privacy@grailbio.com

Do Not Track. Some internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Testimonials. If you gave us consent to post a testimonial on our Sites and/or or social media pages, but wish to update or delete it, please contact us at privacy@grailbio.com.

Use of Cookies and Other Technologies

Certain of our Sites use “cookies” to gather general information about the browsing activities of visitors to those Sites. Please see our Cookie Notice for more information. 

Retaining Your Personal Data

We seek to only retain personal information for as long as necessary to fulfill the purposes for which we collected such information, as set out in this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements, subject to your rights, in certain circumstances, to have your personal information erased. We may be required in law to hold certain personal information for specific periods. In other cases, we will retain your personal information for an appropriate period after our relationship ends to protect ourselves from legal claims or to administer our business. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Contact

Have questions or concerns about our Privacy Policy? Contact us:

GRAIL, Inc.
Attention: Legal Department
1525 O’Brien Drive
Menlo Park
California 94025

By email: privacy@grailbio.com

By telephone: +1-833-694-2553

Last Updated: December 10, 2024.