Notice of Collection of Personal Information and Privacy Policy for California Residents
Your Information. Your Rights. Our Responsibilities.
THIS NOTICE DESCRIBES WHAT CATEGORIES OF PERSONAL INFORMATION ABOUT YOU MAY BE COLLECTED BY NATERA AND HOW IT IS USED AND SHARED.
Updated as of March 11, 2024
Scope
This Notice of Collection of Personal Information and Privacy Policy (“Privacy Notice”) applies to the collection of Personal Information from California residents on and after January 1, 2023. This Privacy Notice provides California residents with information and rights required by the California Privacy Rights Act (“CPRA”). The Privacy Notice applies only to individuals residing in the State of California who are considered “consumers” under the CPRA and from whom we collect “personal information” as described in the CPRA.
Please note that this Privacy Notice does not cover information protected by the Health Information Portability & Accountability Act (“HIPAA”), and the California Confidentiality of Medical Information Act (“CMIA”), both of which Natera complies with to the extent we provide health care and testing services, as documented in our Notice of Privacy Practices.
In other words, the categories of Personal Information covered by the CPRA, and disclosed in, this Notice, are limited to personal information that Natera collects, discloses, shares, and retains in the conduct of activities other than the provision of health care services, such as sales and marketing, and employment/HR-related activities.
This Privacy Notice also does not cover information collected as part of a clinical trial or other biomedical research study subject to or conducted in accordance with: the Federal Policy for the Protection of Human Subjects (the “Common Rule”); pursuant to good clinical practice guidelines issued by the International Council for Harmonisation; or pursuant to human subject protection requirements of the United States Food and Drug Administration.
By accessing our website, or submitting personal information to us, you consent to the processing, collection, use, sharing and disclosure of such information as set forth in this Privacy Notice, as it may be updated from time to time.
Definitions
Consumer: As used in this Notice, Consumer means a natural person who is a California resident, however identified, including by any unique identifier.
Personal Information: As used in this Notice, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identifiable individual or household. Personal Information does not include:
- publicly available information that is lawfully made available from federal, state, or local government records, or information that Natera has a reasonable basis to believe was lawfully made available to the general public by the Consumer or from widely distributed media, or by the Consumer;
- “Protected Health Information” (PHI) covered by HIPAA;
- other information exempt from the CCPA/CPRA, including information protected under other laws such as the Fair Credit Reporting Act; or
- information that is de-identified or aggregate consumer information
Sensitive Personal Information: We do not collect sensitive personal information for purposes of inferring characteristics.
All Other CPRA Definitions: All other terms used in this Notice, to include “Collect,” “Processing,” “Service Provider,” “Third Party,” “Sale,” “Share,” and “Consumer,” shall have the meanings afforded to them in the CPRA, whether or not such terms are capitalized herein, unless contrary to the meaning thereof.
Natera’s Personal Information Collection & Processing
We collect the following categories of personal information. This table also sets out the personal information we may have collected, shared or disclosed over the last twelve (12) months.
Natera does not Sell Personal Information. We do share your Personal Information with third party advertising vendors for cross-contextual behavioral advertising purposes. If you do not want your Personal Information shared for cross-contextual behavioral advertising purposes, including through third party cookies placed in your browser, please see our . To opt-out of Sharing, be sure that both the "Analytics" and "Targeted advertising (including real-time sharing)" checkboxes are not checked, and then click Confirm.
Category of Personal Data | Categories of Sources | “Share” with Third Parties | Categories of Third Parties With Whom We May “Share” or to Whom We May “Disclose” | |
---|---|---|---|---|
A. | Personal identifiers
Examples: Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number or other similar identifiers. Note: Some Personal Information in this category may overlap with other Categories. |
You, your authorized representatives, family members, or care givers.
Service Providers and Contractors. Health Insurance companies, and other payors. |
Yes | We Share Personal Identifiers with Third Party Advertisers and Advertising networks for the purpose of sales and marketing.
We Disclose to Legal and regulatory bodies, and other Third Parties as required by law. |
B. | Records identified by state law (including the California Customer Records statute (Cal. Civ. Code§ 1798.80(e)) This information comprises any information that identifies, relates to, describes or is reasonably capable of being associated with you or your household in our records, including your signature and other information related to your order. Note: Some Personal Information in this category may overlap with other Categories. |
You, your authorized representatives, family members, or care givers.
Service Providers and Contractors. Health Insurance companies, and other payors. |
No | We Disclose to Legal and regulatory bodies, and other Third Parties as required by law. |
C. | Protected classification characteristics under state or federal law
Examples: Race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, or military and veteran status. Note: Some Personal Information in this category may overlap with other Categories. |
You, your authorized representatives, family members, or care givers.
A health care provider, health insurance companies, and other payors. Service Providers and Contractors. |
No | We do not Share this category of Personal Information.
We do not Disclose this category of Personal Information to Third Parties, other than to Legal and regulatory bodies, and other Third Parties as required by law. |
D. | Commercial information
Examples: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
You. | No | We do not Share this category of Personal Information.
We do not Disclose this category of Personal Information to Third Parties, other than to Legal and regulatory bodies, and other Third Parties as required by law. |
E. | Biometric information | We do not Collect this Category of Personal Information for identification purposes. | N/A | N/A |
F. | Internet or other network activity information
Examples: Browsing history, search history, and information regarding your interaction with an Internet website, application, or advertisement (e.g., collected through cookies and other similar technologies). Note: Some Personal Information in this category may overlap with other Categories. |
Computers and mobile devices used by You.
Third-party advertising partners and other third- parties who provide digital marketing services. Service Providers and Contractors. |
Yes |
We Share Internet or other network activity information with Third Party Advertisers and Advertising networks for the purpose of sales and marketing.
We Disclose to Legal and regulatory bodies, and other Third Parties as required by law. |
G. | Geolocation data | We do not Collect this Category of Personal Information. | N/A | N/A |
H. | Audio, electronic, visual, thermal, olfactory, or similar information
Examples: calls may be recorded when you contact us via phone; CCTV cameras may be used in our facilities. |
You. | No | We do not Share this category of Personal Information.
We do not Disclose this category of Personal Information to Third Parties, other than to Legal and regulatory bodies, and other Third Parties as required by law. |
I. | Professional or employment-related information
Examples: Performance Management Information, such as employment status (full-time or part-time, regular or temporary); work schedule; job assignments; hours worked; accomplishments and awards; training and development information; performance evaluation information; discipline and counselling information; and employment termination information. Note: Some Personal Information in this category may overlap with other Categories. |
You, your family members or others you have authorized to submit employment-related information on your behalf, such as recruiters.
Colleagues and manager(s). Educational institutions, professional organizations, and other similar types of organizations. Publicly available social media. Service Providers and Contractors. |
No | We do not Share this category of Personal Information.
We Disclose to Legal representatives, family members and caregivers whom you have authorized us to Disclose to. We also Disclose to Legal and regulatory bodies, and other Third Parties as required by law. |
J. | Education information that is not “publicly available personally identifiable information” (as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) |
We do not Collect this Category of Personal Information. | N/A | N/A |
K. | Inferences drawn from personal information to create a profile | We do not Collect this Category of Personal Information. | N/A | N/A |
L. | Sensitive Personal Information | We do not Collect Sensitive Personal Information for the purpose of inferring characteristics. | N/A | N/A |
Additional Information on Natera’s Collection & Processing Practices
Business Purposes for Collecting Personal Information
We collect personal identifiers:
- to process job applications, onboard personnel, and to respond to questions you may have.
- to administer and provide benefits, and facilitate employee compensation planning, as well as work-related travel.
- to facilitate access to company facilities, equipment, accounts and systems.
- to administer and maintain the security of our facilities and our information technology resources, and to protect ours or other’s rights, property, or safety.
- to enable us to advertise and market our services and products.
- to support auditing and analytics related to our online site(s), such as counting ad impressions, unique visitors, and performing other website analytics.
- to enhance and improve the overall customer experience on our websites.
- to comply with applicable Legal and Regulatory requirements.
We collect Protected Classification Characteristics Under State or Federal Law:
- when voluntarily provided as part of the hiring process.
- to administer and provide benefits.
- for purposes of servicing our employees, and providing “reasonable accommodations,” when appropriate.
- to comply with applicable Legal and Regulatory requirements.
We collect Commercial Information:
- to enable Natera to advertise and market its services and products to potential patients, providers and health care organizations.
We collect Internet or other network activity information:
- to analyze and improve our products and services.
- to enable Natera to advertise and market its services and products.
- to monitor, investigate and enforce compliance with our terms and conditions, employee agreements, policies, and other legal and regulatory requirements.
- to administer and maintain the security of our information technology resources, and to protect ours or other’s rights, property, or safety.
- to enhance and improve the overall customer experience on, and interaction with, our websites.
- to comply with applicable Legal and Regulatory requirements.
We collect Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information:
- to analyze and improve our products and services.
- to train personnel, as well as to make the material available to personnel for training at a later point in time.
- to monitor, investigate and enforce compliance with our terms and conditions, employee agreements, policies, legal and regulatory requirements.
- to facilitate access to company facilities, equipment, accounts and systems.
- to administer and maintain the security of our facilities and our information technology resources, and to protect ours or other’s rights, property, or safety.
- to comply with applicable Legal and Regulatory requirements.
We Collect Professional or Employment-Related Information:
- to administer the employment relationship, including for purposes of recruiting, hiring, candidate verification/checks, placement and benefits services.
- to provide and administer employee benefits.
- to enable Natera to engage in, an operate, our performance management processes.
- for salary and compensation planning.
- to enable our employee referral and company recognition programs.
- to monitor access to company facilities, equipment, accounts and systems and to maintain the security of our information systems.
- to conduct workforce investigations.
- to ensure compliance with our licensing, certification and quality management requirements, and with applicable law.
Natera Uses Service Providers and Contractors for the Following Services
- websites and job boards focused on candidates, publicizing job opportunities, and recruiting.
- help us verify, validate and manage information you have provided for purposes of seeking employment.
- provide recruiting, hiring, candidate verification/checks and benefit services for us, and on our behalf.
- provide benefit verification, program enrollment, and product fulfillment in connection with our services.
- assist Natera in providing employees with “reasonable accommodations,” when appropriate.
- provide services in furtherance of work-related travel, events, meetings, and other similar activity.
- provide training services on our behalf.
- provide connectivity, hosting, application and/or security services to, or on our behalf.
- provide marketing, sales, customer engagement, and analytics services for us.
- access to information you make publicly available, such as through social media.
- provide data they have collected from your use of their services, or through the Third Parties they work with.
Third Parties with Whom Natera Shares Personal Information
- We Share Personal Identifiers with Third Party Advertisers and Advertising networks for the purpose of sales and marketing.
- We Share aggregated Consumer Internet/Network activities on our website with Third Party Advertisers and Advertising networks for the purpose of sales and marketing.
- We Share individual Consumer Internet/Network activities with Third Party Advertisers and Advertising networks for the purpose of sales and marketing.
- We Share aggregated Consumer Internet/Network activities with Third Parties to enhance and improve the overall customer experience on our website.
Retention
We process your Personal Information for the period necessary to fulfill the purposes outlined in this Policy, and in accordance with the provisions of relevant laws and regulations.
Natera’s criteria for Retention of your Personal Information is determined by the following:
- The purpose for which the Personal Information was collected and the fulfillment of that purpose
- The ground(s) (legal basis) upon which the Personal Information was collected (e.g., where consent is the legal basis, you have a right to revoke such consent in certain circumstances)
- Mandatory retention periods provided for by contractual and/or legal/regulatory requirements
- The length of time required by Natera’s document retention policies or other applicable law
Security
Natera implements appropriate technical and organizational security measures, to protect against and detect accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Personal Information.
Natera requires its Service Providers and Contractors to whom we provide your Personal Information in order to provide their services, to maintain the privacy and security of your Personal Information. In addition, depending on the information or purpose for Collection, only Natera employees and Service Providers and Contractors who have a “need to know” your information may be permitted to access it
Personal Information about children
Our Site is not intended for use by children under 16 years of age. We do not knowingly collect or accept personal information from children under 16. If you are under 16, do not access, use or provide any information on the Site or on or through any of its features. We do not have any actual knowledge that we sell or share the personal information of children under the age of 16. Moreover, anyone under 18 years of age should seek their parent’s or guardian’s permission prior to using or disclosing any personal data through our Site.
Your Rights As a California Consumer
All Consumers covered by the CPRA have the following rights with regard to how Natera processes their Personal Information:
The Right to Know
You have the right to know:
- The categories of Personal Information that we have collected about you
- The categories of sources from which the Personal Information is collected
- The business or commercial purpose for collecting your Personal Information
- Whether or not that Personal Information is Sold or Shared
- The categories of third parties with whom we have Shared your Personal Information
- Whether any categories of Personal Information were Disclosed for a business purpose to third parties and the categories of third parties with whom we have Disclosed your personal information
- The specific pieces of Personal Information that the Company has collected about you
Your request may pertain to the Personal Information collected about you on or after January 1, 2022. If your request covers a time period beyond twelve [12] months from the date of your request, we may deny your request as to that time period where it would be impossible for us to provide you with the information or involve disproportionate effort. We may deny your request to search for certain information under certain circumstances (e.g., where we retain the information solely for legal and compliance purposes).
The Right to Deletion
You have the right under the CPRA to request that we delete any Personal Information about you that we have we collected from you under certain circumstances. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which the Personal Information was provided.
- Comply with a legal obligation.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
For requests to delete made electronically, you may be required to submit the request to delete, and then separately confirm that you want your personal information deleted. We will maintain a record of your request to delete.
The Right to Correction
You may request that we correct any inaccurate Personal Information we maintain about you.
The Right to Receive Specific Pieces of Personal Information
You have the right under certain circumstances to receive specific pieces of your Personal Information in a format that is understandable, and to the extent technically feasible, in a structured, commonly used, machine readable format that allows you to transmit the information to another entity.
The Right to Opt-Out of the Sale/Sharing of Your Personal Information
We do not sell Personal information. You have the right to know what information is Shared with third parties, and to whom, and to opt out of sharing for cross-context behavioral advertising.
The Right to Non-Discrimination
You have the right under the CPRA not to be discriminated or retaliated against for exercising your rights. For example, we will not make hiring, firing, promotion, or disciplinary decisions based on or in consideration of your exercise of your rights, nor will we charge you different prices or rates for our services as a result of you exercising your rights.
Financial Incentives
We do not provide financial incentives to Consumers who allow us to Collect, retain, Sell, or Share their Personal Information. We will describe such programs to you if and when we offer them to you. Please note that we do not provide discounts and incentives to individuals who use our products and services, which could be considered an offer of a “financial incentive” under the CPRA.
California Shine the Light Law/Online Privacy Protection Act
California Civil Code §1798.83 provides that California residents may request certain information concerning the disclosure of personal information to third parties for direct marketing purposes. Pursuant to California Business Code §§22575-22579, you may review and request changes to any of your personal information that we have collected. Should you wish to request this information or exercise these rights, please reach us at the contact information provided below.
Do Not Track Signals and Global Privacy Controls
We recognize Do Not Track Signals (DNT) and Global Privacy Controls (GPC) associated with your browser. If your browser has these signals enabled, we will not use Targeted advertising cookies or Analytics cookies. In case of a conflict between the use of DNT/GPC, and selections made using the , the DNT/GPC selection will take precedence (i.e., we will not use Targeted advertising or Analytics cookies).
If you permit us to Share your personal information, we are not responsible for third party tracking technologies that may be used on our Site. Such third parties may serve you content based on tracking your activities across different websites. Unless you have opted-out of Sharing for cross-context behavioral advertising, you consent to potentially encountering third party tracking technologies when you use our Site.
Access By Persons With Disabilities
Persons with disabilities who need assistance accessing this CPRA Privacy Notice may contact us as provided for above, and depending on your individual needs, the Company will grant reasonable requests to furnish this policy in an alternative format.
How To Contact Natera
The Contact Us page on this web site allows for you to specifically request access and information about the CPRA, the information we may have about you and how you or your agent can access this information. In addition, Natera has a toll-free phone number available for your use: 877-NAT-PRIV (877-628-7748). You may also send your request to our physical and email addresses specified below.
We will: (i) confirm receipt of requests to know, data portability, to correct inaccurate information or to delete within ten [10] business days of the request; and (ii) generally respond to requests to know, data portability, to correct inaccurate information or to delete within forty-five [45] calendar days of the request. If we need additional time to respond to your request beyond the forty-five [45] calendar days, we will provide you with notice explaining the reasons we need more time, and we will then take up to an additional forty-five [45] calendar days to respond to your request.
If you are unable to review or access this Notice due to a disability, you may contact us at “privacyofficer@natera.com,” or by calling the toll-free number listed above, to receive this Notice in an alternative format.
Verification of Consumers Exercising Their Rights
We may ask you to provide information to aid us in verifying your identity before we comply with your request. Likewise, if you authorize an agent to make a request on your behalf, we may require you to verify/confirm that you provided the agent with permission to submit that request. In some instances, we may decline to honor your request if: i) we are unable to verify your identity; ii) unable to verify the authority of the individual representing as your authorized agent; or iii) an exception applies under the CPRA. In all cases, we will respond to your request consistent with all applicable laws.
Our Address and Contact Information is:
Privacy Officer
Natera, Inc.
201 Industrial Road, Suite 410
San Carlos, CA 94070
United States of America
Tel: (650) 249-9090
Changes to this Notice
We reserve the right to amend this Notice at our discretion and at any time. When we make material changes to this Notice, we will notify you by posting an updated Notice on our website and listing the effective date of such update.