Caris MPI, Inc. and Caris Science, Inc.

Caris MPI, Inc. and Caris Science Inc., and their affiliated companies in the United States, (collectively, “Caris”) recognize that the European Union and Switzerland have implemented “omnibus” data protection regimes established pursuant to the European Data Protection Directive (95/46/EC) and the Swiss Federal Act on Data Protection, respectively (collectively, “Data Protection Law”). Among other things, Data Protection Law generally requires “adequate protection” for the transfer of certain individually identifiable data about individuals in the Europe to Caris operations in the United States. Caris accordingly adheres to the requirements of the U.S.-EU and the U.S.–Swiss Safe Harbor Frameworks as set forth by the by the United States Department of Commerce (“Safe Harbor”) with respect to certain EU and Swiss Personal Data received in the United States about its patients in the EU and Switzerland (ldquo;European Patient Information”) and about healthcare professionals, distributors and other limited third parties in the EU and Switzerland (“Other European Personal Information”) (collectively,“European Personal Information”) (such individuals, “European Data Subjects”) for the purposes described below, as well as for employees in the EU and Switzerland. Caris provides its employees in the EU and Switzerland with information regarding Caris’s employee data privacy practices and Safe Harbor via separate policies and procedures.

COLLECTION, USE, AND DISCLOSURE OF EUROPEAN PERSONAL INFORMATION

Caris collects, uses, and discloses European Personal Information in the ordinary course of its business.

Caris may use European Patient Information for the following purposes: providing tumour profiling services and / or individual molecular diagnostic test orders; creating anonymised analyses of biomarker and cancer type data to publish at medical meetings and medical journals; conducting biomarker and / or profiling services research for clinical studies; providing customer service; other research and / or analysis; marketing; and collecting payment for services.

Caris may use Other European Personal Information for the following purposes: providing support for patient services; general communications; other research and / or analysis; marketing; and collecting payment for services.

Caris may disclose European Personal Information to its affiliates, subsidiaries, business partners, and service providers for the purposes listed above. In situations where Caris discloses European Personal Information to any third parties acting as service providers or “agents” on behalf of Caris, Caris will require the recipient to protect the disclosed European Personal Information in accordance with the relevant Safe Harbor Principles, or otherwise take steps to ensure that the European Personal Information is appropriately protected.

Data Security, Integrity and Access

Caris takes reasonable precautions to protect European Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Caris makes reasonable efforts to keep European Personal Information reliable for its intended use, accurate, current and complete. Caris also provides European Data Subjects with the opportunity to access, review and correct their own European Personal Information, and otherwise provides such individuals access to European Personal Information in accordance with Safe Harbor. European Data Subjects may contact the Caris Safe Harbor Privacy Contact identified below to review European Personal Information about them. Caris reserves the right to take reasonable steps to authenticate the identity of any such individual seeking access to European Personal Information.

Other Disclosures

Caris may disclose European Personal Information as necessary in connection with the sale or transfer of all or part of its business, where required or permitted by law, where Caris believes that such disclosures are appropriate in connection with a law enforcement request or otherwise permitted by Safe Harbor, or in order to investigate, prevent or take action regarding illegal activities or suspected fraud or enforce or apply Caris agreements.

Questions

Any questions regarding this Safe Harbor section of this Privacy Policy or requests for access to European Personal Information should be directed to the Safe Harbor Privacy Contact listed in this section. Additional information, including information on Caris’s Safe Harbor certification, may be obtained on the United States Department of Commerce website. In addition, if any individual located in the EU or Switzerland who experiences an issue regarding the European Personal Information that Caris holds about him or her that he or she cannot resolve directly with Caris, the individual may contact the local data protection authority for further information.

Safe Harbor Privacy Contact

Caris MPI, Inc.
Corporate Compliance Officer
6655 North Macarthur Blvd.
Irving, Texas 75039
USA
214-277-8700 main
866-771-8946 toll free