Introduction

PHIX Genomics Inc. is committed to protecting your privacy. Our privacy policy is based on the principles that:

1. You (The client) own your own data, so PHIX is only to use it and hold it as long PHIX (and its’ third parties) has your permission (Consent) to do so, and

2. PHIX complies with the privacy law of the Philippines (Republic Act 10173 – Privacy Act of 2012).

This Privacy Policy applies to the collection, use and disclosure of your personal information by PHIX in connection with your use of the Services accessed through the PHIX Genomics websites or software applications, and any and all products, software, services, mobile applications, features, tools, reports, action plans and web applications (including but not limited to text, graphics, images, and other material and information) as accessed from time to time by the user, regardless if the use is in connection with an account or not.

Please read also our Terms of Use of the Websites.

1. COLLECTION OF PERSONAL INFORMATION

1.1 Subject to your consent, PHIX collects identifiable information about you as is required to provide the Services to you. This “Personal Information” includes: (i) information you provide about yourself when registering for and/or purchasing our Services (e.g. name, email, address, user ID and password, and payment information (collectively, the “Registration Information”); (ii) information that we or our contractors generate from your samples and other test results, whether through processing of your saliva, blood, urine and fecal matter or any other means of analyzing your samples, in the course of providing the Services to you (collectively, the “Biomarker Information”); and (iii) additional information about yourself, like age and gender, and what you reported concerning your disease conditions, other health-related information, personal traits, ethnicity, family history, and other information, and any other information about yourself (other than the foregoing information) that you supply to us in one form or another (collectively, the “Self-Reported Information”).

1.2 Personal Information does not include de-identified versions of the Personal Information, including versions of the Biomarker Information and Biomarker Profile with your identity removed, versions of any other data generated from samples with your identity removed, and versions of any information that PHIX is provided about you (other than identifying information such as your name and contact information, and the Registration Information) with your identity removed; for avoidance of any doubt, information about you is de-identified (your identity is removed) when personal identifiers about you are removed from the applicable information, excluding the Biomarker Information and Self-Reported Information, which will remain as part of the de-identified information.

1.3 If you are under the age of 18, your parent or legal guardian needs to consent and agree to your use of PHIX’s Services, and your submission of all your Registration, Bio-Marker and Self-Reported Information, the use of your information for our Services and the eventual use of your De-Identified Information (see 2.2).

1.4 You can access and update your Personal Information in your account profile through the PHIX websites anytime. If need be, you may request that corrections be made to your Personal Information on file with PHIX. Any requests to view your Personal Information on file with PHIX or to make corrections to your Personal Information on file with PHIX can be directed to PHIX’s privacy officer at 110 Legazpi Street, Makati, Metro Manilla (the “Privacy Officer”).

2. USE OF PERSONAL INFORMATION

2.1 Personal Information submitted to us, may be used by us in connection with your use of the Services. PHIX may use your Personal Information to: (i) carry out the Services; (ii) administer and operate and maintain the PHIX Site and applications and the provision of the Services; (iii) test and analyze samples that you provide; (iv) generate and maintain Biomarker Profiles and other Biomarker Information; (v) personalize the Services and aspects of the PHIX Site and applications; (vi) to keep you informed about software updates; (vii) process transactions related to your use of the Services; (viii) handle inquiries, complaints, submissions and feedback relating to the Services and/or the PHIX Site and applications; (ix) contact you with your consent, including to promote, update, and announce new, improved or expanded Services or products, special offers, or other useful information pertaining to your needs; (x) store your Personal Information for providing the Services; (xi) maintain copies or backups of your Personal Information for security and archival purposes where we consider it appropriate; (xii) verify compliance with agreements between you and us; (xiii) improve the Services and the PHIX Site and applications; (xiv) generate De-Identified Information for ongoing research and development and commercial use by PHIX and its affiliates to enhance and expand upon our Services, systems, software, databases and offerings; (xv) conduct surveys or research about your opinion of current Services or of potential new Services that may be offered in the future; (xvi) track and monitor your activity through the web site and applications and the Services; (xvii) comply with legal and regulatory requirements; and (xviii) achieve other purposes as may, from time to time, be permitted by law.

2.2 PHIX may also use de-identified versions of your Biomarker Information and any other data generated from your samples and any information that PHIX is provided about you (collectively, the “De-Identified Information”) to: (i) conduct scientific and commercial research and development with the purpose of advancing personal care in human performance and health and improving and furthering the products and services we provide; (ii) conduct surveys and/or research relating to the opinion of customers and potential customers with respect to the Services or of potential new Services that may be offered in the future; (iii) publish or have published observations, analyses, data and/or results in scientific journals or other publications; (iv) advance and implement our commercial business and engage in commercial activity to further our business, including through enhancement and expansion of our Services, systems, software, databases, products and offerings; (v) engage in research and development that result in the development of commercial products or services; (vi) the same extent as provided for Personal Information in the paragraph immediately above; and (vii) conduct data analysis in connection with any of the foregoing activities. Any Personal Information used for scientific or commercial purposes, including with third parties, will be de-identified (i.e. it will be De-Identified Information), meaning your personal identifiers about you such as your name, contact information, and your physician’s identity will be removed, which will remain as part of the de-identified information).

2.3 We may engage other companies and individuals (“Third Party Service Providers”) and other researchers, investigators, and organizations (“Research Partners”) to carry out some or all of the uses of the Personal Information and/or De-Identified Information referred to in the foregoing paragraphs, and/or to perform some or all of the Services on our behalf. Third Party Service Providers and Research Partners may require or be provided with access to your Personal Information. We make commercially reasonable efforts to ensure that all Third Party Service Providers and Research Partners acting on our behalf provide a comparable level of protection for your Personal Information to the level of protection that we provide, as set out in this Privacy Policy.

2.4 Personal Information that we collect may be uploaded, moved, stored, processed in, backed up, transmitted and/or transferred between any of the countries in which we operate or do business (including across international borders), in our discretion, in order to enable us to use the Personal Information in accordance with this Privacy Policy, and you consent to the same.

3. DISCLOSURE OF PERSONAL INFORMATION

3.1 Any Personal Information provided by you, or that is derived by or through the PHIX Site and/or the Services, including your Biomarker Information and Self-Reported Information, is not sold, traded, rented, shared or otherwise transferred by us with any third party without your consent, except as described in this Privacy Policy and any agreement between you and us.

3.2 We may disclose your Personal Information on a need-to-know basis to our employees, officers, agents, Third Party Service Providers, Research Partners or subcontractors, to the extent that such disclosure is reasonably necessary for the purposes set out in Sections 2.1 and 2.2 of this Privacy Policy. We may also disclose your Personal Information to the extent required by law.

4. CONSENT

4.1 Your express, written consent is obtained, through the Consent Form, to collect, use or disclose Personal Information when you sign up with PHIX, for the purposes of availing PHIX’s Services. Implied consent is obtained in circumstances where a customer relationship already exists, express consent has previously been given, or the purpose of using the personal information is reasonably apparent to you. You can change your consent preferences at any time via your account profile or by contacting PHIX’s designated Privacy Officer at the address referred to in section 1.4 above.

4.2 You may withdraw your consent to the collection, use and disclosure of your Personal Information by PHIX as set out in this Privacy Policy at any time by writing to the Privacy Officer at the address noted above in section 1.4. Withdrawal of your consent to the collection, use and/or disclosure of your Personal Information as set out in this Privacy Policy may mean that PHIX is no longer able to deliver the Services and that any fees paid by you will be non-refundable and forfeited by you. If you withdraw your consent to the collection, use and disclosure of your Personal Information as set out in this Privacy Policy, any De-Identified Information generated from or based on your Personal Information before consent is withdrawn will continue to be retained and used by PHIX.

5. AUTOMATICALLY GATHERED INFORMATION

5.1 We may receive and store certain types of computer information whenever you interact with the PHIX Site or the Services. Examples of the information that we may automatically receive and store may include the Internet protocol (IP) address used to connect your computer to the Internet; computer and connection information such as browser type and version, operating system, and platform; and the full Uniform Resource Locators (URL) click stream to, through, and from our PHIX Site, including date and time information relating to your visits.

5.2 Such automatically gathered information may be used by PHIX for the operation of the Services provided to you via the PHIX Site or otherwise, to maintain the quality of the Services provided through the PHIX Site or otherwise, and to provide PHIX with general statistics relating to use of the Services and/or PHIX Site. We may use IP addresses to analyze trends, administer the site, and track user’s movement, to determine what Services are the most popular, advertise, and gather broad demographic information for aggregate use. Although we do receive IP addresses, we do not use them to identify you personally or disclose them to others.

5.3 The PHIX website may use “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize PHIX pages, or register with the PHIX website or services, a cookie helps PHIX to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same PHIX website, the information you previously provided can be retrieved, so you can easily use the PHIX features that you customized. You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the PHIX services or websites you visit.

6. SECURITY AND RETENTION OF PERSONAL INFORMATION

6.1 PHIX secures your Personal Information from unauthorized access, use and disclosure by third parties. We use a variety of physical, electronic, and managerial procedures in order to protect the Personal Information that we collect. This includes maintaining computer equipment, networks, programs, and documentation to a high standard and restricting access to equipment and information to appropriate staff. The PHIX database holding personal health information was developed according to the principles of Privacy by Design and has advanced features for privacy, security, and governance. Sophisticated controls for data de-identification and audit logging for compliance reporting are employed.

6.2 PHIX’s database security is aligned with the Philippine’s Republic Act 10173 – Data Privacy Act of 2012. All of our Third Party Service Providers and Research Partners are required under their contracts with us to use commercially reasonable efforts to maintain your confidentiality and may not use your information for any unauthorized purpose. We review our procedures and security measures regularly to ensure that they are properly administered and remain effective and appropriate for the sensitivity of the information.

6.3 There are always risks associated with providing Personal Information and sensitive data, whether in person, by phone, mobile, or tablet device, via the Internet or via other technologies. You acknowledge that the transmission of information and data over the Internet is inherently insecure, and there are no security systems that are completely safe or fool-proof against hacking or tampering. PHIX endeavours to take commercially reasonable precautions to prevent and minimize such risks in connection with your Personal Information, but PHIX offers no (and hereby expressly disclaims any) guarantee, representation, warranty, or covenant of any kind with respect to securing your Personal Information from unauthorized access, use and disclosure by third parties.

6.4 You are solely responsible for controlling access to your accounts associated with the PHIX Site and/or the Services, and maintaining the confidentiality and security of your accounts and related password information.

6.5 Personal Information shall not be kept by PHIX for any longer than is necessary for the purposes identified in this Privacy Policy. Personal Information that is no longer required to fulfil the purposes identified in this Privacy Policy will be destroyed, erased, or converted to De-Identified Information.

7. THIRD PARTY PRIVACY POLICIES AND LINKS

7.1 The PHIX Site may include hyperlinks to, and details of, third party web sites or Internet resources. PHIX does not endorse, approve of, verify, attest to, or offer any representation or warranty with respect to, the accuracy of the content of such web sites that are linked. If you decide to leave the PHIX Site and access these third-party sites, you do so at your own risk.

7.2 When you click on one of these links, you are contacting another web site or Internet resource that may collect information about you including Personal Information, voluntarily or through cookies. The privacy policies of such third parties may not mirror those of PHIX. PHIX has no control over other web sites or Internet resources or their policies regarding the collection, use and disclosure of your Personal Information, and PHIX accepts no responsibility or liability for the privacy practices of third parties, including any unauthorized collection, use or disclosure of your Personal Information through third party web sites or Internet resources. Use of these web sites is at your own risk.

8. CHANGES TO THIS PRIVACY POLICY

8.1 Our Privacy Policy may be amended from time to time. We encourage you to review the current Privacy Policy from time to time. The collection, use and disclosure of Personal Information by PHIX will be governed by the version of this Privacy Policy in effect at that time. All new, amended, or otherwise modified terms take effect immediately. We will alert you and ask for your consent if at any time there are changes that could affect the use of your Personal Information.

9. MISCELLANEOUS

9.1 This Privacy Policy and all matters relating to your use of the Services and the PHIX Site shall be governed by and construed in accordance with the laws of the Philippines, without regard to conflict of law principles.

PHIX welcomes your comments regarding this Privacy Policy. If you would like more information on this Privacy Policy or PHIX’s organizational privacy policies, if you believe that PHIX has not adhered to the terms of this Privacy Policy, or if you would like to view and/or request that corrections be made to your Personal Information on file with PHIX, please contact PHIX’s Privacy Officer at 110 Legazpi Street, Makati, Metro Manilla. We will use commercially reasonable efforts to promptly identify and remedy any failure by PHIX to adhere to the terms of this Privacy Policy.

v1.2020