Consumer Health Data Privacy Policy

This Washington Consumer Health Data Privacy Policy (“Policy“) describes the practices of Bloodworks (“Company“,  or “We“) for collecting and using Washington residents’ consumer health data, as that term is defined in the Washington My Health My Data Act.

This Policy applies to the websites that we operate and that link to or post this Policy in email, text, and other electronic messages between you and Bloodworks, products, applications, platforms, or other services linking to this Policy, and/or through mobile and desktop applications you download from this website (collectively, the “Websites”).

Please read the entire Privacy Policy before using our Websites. By using the Websites, you consent to the terms of this Privacy Policy. Other privacy policies may apply for your personal information that is not consumer health data and if you are not a Washington resident. To view our privacy notice(s) including those describing how we treat other personal information, visit Website Privacy – Bloodworks Northwest (bloodworksnw.org) and HIPAA – Privacy Practices – Bloodworks Northwest (bloodworksnw.org).

Consumer Health Data We May Collect About You

We collect and use different types of consumer health data from and about you, including:

• Information about any of the following:
  • individual health conditions, treatment, diseases, or diagnoses;
  • use of prescribed medication; and/or
  • bodily functions, vital signs, symptoms, or measurements of physical health status.

We may use information that we collect through the Websites for a variety of purposes including, but not limited to, the following purposes:

• Fulfilling the purposes for which you provided the data or that were described when it was collected.
• Performing the services or providing the goods that you request from Us and responding to your questions or requests for information.
• Notifying you about changes to the Websites.
• Facilitating services and operations performance, security, and integrity, including performance analytics, identity verification and authorization, site and application optimization, and quality control.
• Recordkeeping and auditing.
• Complying with our legal obligations and risk management, audit, investigations and reporting, and other legal and compliance reasons.
• Administering customer accounts and preferences.
• Our internal research and product or service design and development.

Consumer Health Data Sources

We collect consumer health data from the following sources:

• You, including when you sign up for email lists or programs.
• Your device when you visit or interact with our sites, applications, or services, including through cookies, web beacons, and similar technologies that automatically send Us information when you browse, use, visit, or otherwise interact with our sites, applications, or services.
• Our business and marketing partners, who provide Us with information about consumers who are viewing our content across other websites or applications, purchasing our products, or interacting with our promotions, benefits, or programs.

Consumer Health Data Disclosures

We do not sell your consumer health data.

We may disclose any of the consumer health data categories listed above to processors, service providers, and contractors that help Bloodworks provide products and services to you. We may also disclose your consumer health data to other third parties, including but not limited to, the following:

• Service Providers: We may share your information with service providers, contractors and other third parties that perform certain functions or Websites on our behalf or support our business (such as to host the Websites, fulfill requests, provide Websites, manage databases, provide patient assistance programs, perform analyses, provide customer service, or send communications for us).
• Business Transfer: If we sell all or part of our business, or make a sale or transfer of assets, or are otherwise involved in a merger or business transfer, or in the unlikely event of bankruptcy, a business reorganization, or similar event, we may transfer your information as part of such transaction.
• FDA and Prescribing Physicians: If you contact Bloodworks regarding your experience with one of our products, we may use the information you provide in submitting reports to regulatory agencies, such as the U.S. Food and Drug Administration, and as otherwise required of Us by law. We also may use the information to contact the prescribing physician to follow up regarding an event involving the use of our product.
• Administrative or Legal Process: We may disclose your information to third parties in order to protect the legal rights, safety, and security of our organization, our corporate business partners, and the users of our Websites; enforce our Terms of Use; respond to and resolve claims or complaints; prevent fraud or for risk management purposes; and comply with or respond to law enforcement or legal process or a request for cooperation by a government or other entity, whether or not legally required.
• Other Parties With Your Express or Implied Consent: We may share information with third parties when you consent to such sharing.
• Aggregate Information: We may use, share, and or disclose aggregate information, such as demographic and usage statistics, with advertisers, sponsors or other organizations and anonymous, and in some cases de-identified information, for research, analytics, and other purposes.

We instruct these processors, service providers, contractors, and third parties to only use consumer health data as permitted by our contracts with them and consistent with applicable law.

We may also disclose consumer health data as permitted by applicable law, including:

• With your consent.
• To prevent, detect, protect from, or respond to security incidents, identity theft, fraud, harassment, or malicious or deceptive activities.
• To a third party acquiring our assets if Company sells its business or otherwise is part of a merger, acquisition, bankruptcy, or other transaction involving a third party taking control of our assets or business.
• To investigate, report, or take legal action to protect our rights, property, and safety and the rights, property, and safety of others.
• To protect your or others’ vital interests, including health and safety.

Request to Remove Consumer Health Data

If you wish to request deletion of your consumer health data, send Bloodworks a request using the following form. Within a 45-day period, Bloodworks reserves the right to either approve or reject the consumer’s request. In the case that your request is rejected, you may appeal Bloodwork’s decision to take action on a request. In response to an appeal, Bloodworks will again have 45 days from receipt of an appeal to inform the consumer in writing of any action taken or not taken in response to the appeal. Upon approval of the consumer’s request to delete, Bloodworks will delete the consumer health data from its records, as well as notify all affiliates, processors, contractors, and other third parties of the deletion request.

Questions

Please direct any questions regarding this Policy to: [email protected]
Date

This policy is effective as of September 27, 2024

Bloodworks, Attention: General Counsel
921 Terry Avenue
Seattle, WA 98104