Last Updated: September 9, 2022
How This Statement Applies
This Privacy Statement (this “Statement”) describes how Lucira Health, Inc. and its affiliates and related corporations (collectively, “Lucira” or “we,” “us” or “our”) uses, discloses, processes, retains and removes information that relates to you (“Personal Information”), collected from or about you when you:
As you review this Statement, please also refer to the Terms of Use Agreement (“Terms of Use”) applicable to the Services. Any terms capitalized herein but not defined shall have the meanings assigned to such terms in the Terms of Use. By visiting or using the Products, Websites, and the Services or providing your Personal Information to us, you agree to accept the practices described in this Statement and understand the collection, use and disclosure of your Personal Information in the manner described in this Statement. If you do not agree with any portion of this Statement, do not access or otherwise use the Services.
Things to Know
For your convenience, the following is a quick summary of our Privacy Statement to help you understand the key elements. Please read the entire Privacy Statement for more detailed information as the full Privacy Statement will apply when you use our Services.
In connection with your use of the Products and the Services, we may collect, use and disclose Personal Information solely on your behalf. Additionally, you may provide to us your Personal Information through the Services. Specifically, Personal Information is information that identifies you as an individual and may include, for example and without limitation, your name, address, personal identification, telephone number, email address, records of communication with Lucira, payment card information and website usage information. We may collect this information automatically when you interact with the Services or you may directly provide us this information, but Lucira will only collect, use, and disclose your Personal Information as described in this Statement and as otherwise permitted by applicable law. Note that Lucira does not receive any Personal Information for or on behalf of your medical or healthcare provider and none of the Personal Information processed by Lucira is intended to be subject to the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations.
In some circumstances where a healthcare provider prescribes your use of the Product in a particular jurisdiction, that healthcare provider may also be subject to separate privacy obligations, as well as public health laws, in such jurisdiction which may require the healthcare provider to report a positive test result to public health authorities in such jurisdiction. For more information regarding these laws and obligations, contact your healthcare provider.
When you use the Services, Personal Information is collected or accessed either directly from you or via a third party who has been duly authorized by you to disclose your Personal Information to us. Some information such as your test result may be considered sensitive information in certain jurisdictions.
We collect Personal Information in the manner as set forth below:
Source | Information we Collect |
When you visit our Websites or access the Services | Your IP address, email address, information about interaction with our web services, device and network information, geographic information |
When you order Products | Your name, home address, payment information, contact details such as email address and phone number |
Personal Information that you provide to us (such as when you communicate with us, create an account or reach out for customer support) | Name, address, birthday, contact information such as email address and phone number; professional information, NPI numbers, and test results |
We may also collect and access Personal Information about you from another source, for example, a provider of a third-party application that you authorize to collect, access and disclose your Personal Information to us.
We will receive and record information about your use of the Services. For example, we will receive information about your use of the Services, which is linked to your use of the Services for security and other purposes. We will also use cookies and other tracking technologies to automatically collect and use certain technical data and usage information from your use of the Services, including but not limited to technical information about your device, your device’s operating system, IP address, and general geographic information.
IF YOU DO NOT WANT YOUR PERSONAL INFORMATION TO BE COLLECTED OR ACCESSED BY US, DO NOT ACCESS OR OTHERWISE USE THE SERVICES.
To Provide the Services and Communicate With You. If you access the Services, we may use your Personal Information to:
To Prevent Fraud or Misuse and Comply With The Law. In some cases, we may use your Personal Information to detect, prevent, and respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of the Services. We may also use your information to further comply with our legal and regulatory obligations (including but not limited to responding to regulatory complaints or court orders, disclosing to regulatory bodies and conducting audit checks, due diligence and investigations).
Using Anonymous and Aggregate Information. We may de-identify your Personal Information to remove information that would typically be used to identify you to create “Anonymous Information.” Anonymous Information is not Personal Information and is no longer information subject to this Statement because it does not reasonably identify or permit the identification of any individual and is not otherwise attributed or attributable to any one person. We may then aggregate your Anonymous Information with the Anonymous Information of other users to create “Aggregate Information.” We may use Aggregate Information for any lawful purpose, including sharing with third parties, who may be allowed to use Aggregate Information for their own purposes. For example, we might use Aggregate Information to improve the Services or combine it with other Anonymous Information for our business purposes.
Other Uses. To the extent permitted by applicable law, we may also use information (including Anonymous Information or Aggregate Information) to perform other administrative functions relating to the Services, such as ensuring information technology security and resource management.
Other than as described in this Statement, we do not sell your information governed by this Statement to unaffiliated third parties without first obtaining your authorization. We are not responsible for the information practices exercised by you or any third party you may authorize to receive your information or to whom you may provide access to information. We may disclose your information that we collect:
We may buy or be bought by other businesses or entities. In such event, we may transfer, assign or give access to the Personal Information we have collected as part of such merger, acquisition, sale or other change of control transaction. In such transactions, your information, including all Personal Information, may be included in the transferred business assets. In the event of our bankruptcy, insolvency, reorganization, receivership or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your information is treated, transferred or used and your Personal Information may be included in the transferred assets in accordance with applicable legal process and law.
We may also make disclosures of Personal Information in accordance with applicable law to comply with our legal obligations, where required. For example, this may involve sharing your test results with government authorities where we are required to do so for public health reporting purposes. In some circumstances, access to our Services is provided through a partnership with a third party, such as your employer or a government authority. Where we are required to automatically disclose Personal Information, such as your test results, with that partner or their designee as part of a partnership, we will attempt to notify you of this requirement before you submit your test result.
We strive to maintain reasonable administrative, technical, and physical safeguards designed to safeguard the information we collect through the Services. However, no information system can be 100% secure, so we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to the Services over networks that we do not control, including the internet, mobile, and wireless networks, or that reside on your devices or the devices of third parties to whom you disclose information.
Should a security incident or suspected incident occur, Lucira will take steps to determine the nature and scope of the incident. In the event that Lucira has determined that a security incident has occurred, we will notify the applicable data privacy authority and affected user(s), as applicable, in a manner and within a timeframe, consistent with applicable law.
The Services utilize analytics tools to help us understand how our Services are used. These analytics services, including Google Analytics, utilize cookies and similar technologies to collect information about online activities over time and across third-party websites and services.
We do not currently respond to do not track signals or other mechanisms that provide a method to opt out of the collection of information across websites and online services. Visit the following website, www.allaboutdnt.com, for more information about do not track signals.
The Services are not directed to, nor do we knowingly collect information directly from, children under the age of 13. Do not allow children under the age of 13 to sign up for an account. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us at the contact information listed below.
We reserve the right to update this Statement from time to time by posting a new Policy on this page. If we make any changes to this Statement, we will change the effective date listed on the Policy. You are advised to consult this Statement regularly for any changes, and your continued use of the Services after such changes have been made constitutes acceptance of those changes. If we make any revisions that materially change the ways in which we use or disclose the Personal Information previously collected from you through the Services, we will give you the opportunity to consent to such changes before applying them to that information.
Depending on the law that applies to you, we may be required to provide some additional information. Please review the list below to find any additional information relevant to your situation.
Sensitive Personal Information
The Personal Information we collect may constitute sensitive Personal Information in your jurisdiction with your consent or as permitted under applicable law. While use of the Services is not required to use the Products, without collection of such Personal Information or your refusal to provide us with such Personal Information, we may not be able to provide the Services to you.
Your Privacy Choices
If your contact information changes or you no longer wish to receive the Services, information or communications from us please let us know via email at dpo@lucirahealth.com.
You have the following rights with regard to your Personal Information and may exercise your right via email at dpo@lucirahealth.com:
If you do not correctly or sufficiently provide the Personal Information requested, you may no longer be eligible to receive the Services.
Lawful Grounds for Processing
We are committed to only using your Personal Information to the extent relevant, necessary or permitted by applicable law. Where we rely on our legitimate business interests, we have undertaken an assessment where we have balanced your rights against ours to ensure that our interest is not overridden by the interests you have to protect your Personal Information.
The lawful bases for the different purposes set out in this notice are as follows:
Lawful Basis | Purposes |
Consent |
|
Necessary for the performance of the Terms of Use |
|
Compliance with legal obligations |
|
Legitimate interest |
|
Cross-Border Transfer of Personal Information
By using the Services, you understand that your Personal Information will be processed in the United States of America. We may also disclose and process your Personal Information in El Salvador when you reach out to us or our commercial partners for support regarding the Products. We may update this Statement from time to time to identify other jurisdictions this Statement where we may process your Personal Information. Your Personal Information will be transferred to the United States of America and El Salvador and processed and stored there under local privacy standards which may differ from those applicable in your country, and which are not regarded as providing an adequate level of protection of Personal Information by the European Commission.
If applicable, Lucira will implement appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to protect your Personal Information before your Personal Information is transferred out of your country. For more information regarding the appropriate safeguards in place, please contact us at the details set out below in Section 10.
Retention of Personal Information
We will maintain the results from the Products for up to one year, after which the result data will be automatically deleted, unless you request us to preserve the data for a longer period of time. Personal Information tied to your account will be held for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your Personal Information for a period of time that enables us to:
We will delete your Personal Information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.
Information We Have Collected and/or Disclosed for a Business Purpose in the Past 12 Months
We have collected the following categories of Personal Information from consumers within the preceding twelve (12) months:
Category | Examples | Business Purpose Disclosures |
A. Identifiers. | Your name, date of birth, IP address, email address, and similar identifiers.
| To our vendors, service providers, and parties to whom you direct us to disclose this information with. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, physical characteristics or description, address, telephone number, employment information, financial information, or medical information. Some personal information included in this category may overlap with other categories. | To our vendors, service providers, and parties to whom you direct us to disclose this information with. |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), medical condition, sex (including gender, gender identity, gender expression). | To our vendors, service providers, and parties to whom you direct us to disclose this information with. |
D. Commercial information. | Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | To our vendors, service providers, and parties to whom you direct us to disclose this information with. |
E. Internet or other similar network activity. | Information about interaction with our web services. | To our vendors, service providers, and parties to whom you direct us to disclose this information with. |
F. Inferences drawn from other personal information. | Inferences based on the above-listed categories of personal information. | N/A |
Your Rights and Choices
California residents have certain rights regarding their Personal Information. This section describes those rights and how to exercise them.
Right to Know and Data Portability: You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive your request and confirm your identity, we will disclose to you:
Right to Delete: You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions under applicable law.
Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above, please submit a request by emailing us at dpo@lucirahealth.com. Only you, or someone legally authorized to act on your behalf (“authorized agent”), may make a request to know or delete related to your personal information.
Your request should include sufficient detail that allows us to properly understand, evaluate, and respond to the request accordingly. Please note that we may require additional information from you in order to honor your request. We will only use Personal Information provided in a verifiable consumer request to verify your identity or authority to make the request.
If you are submitting a request through an authorized agent, the authorized agent must provide us with your signed written permission stating that the agent is authorized to make the request on your behalf. We may also request that any authorized agents verify their identity and may reach out to you directly to confirm that you have provided the agent with your permission to submit the request on your behalf.
Sales of Personal Information: The CCPA defines certain Personal Information disclosures to third parties in exchange for monetary or other valuable consideration as “sales.” We do not “sell” Personal Information as that term is defined under CCPA, nor do we sell the Personal Information of minors under 16 years of age with actual knowledge.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
Sensitive Personal Information
The Personal Information we collect may constitute sensitive Personal Information in your jurisdiction. We will only collect, use or disclose sensitive Personal Information if we have obtained consent from you.
Access and correction
You may have the right to request access to or correction of your Personal Information and may exercise such rights via email at dpo@lucirahealth.com. We will respond to any request for access or correction of Personal Information within 20 days or other period permissible under applicable law. We will ask you to verify your identity before we give you access to your Personal Information to correct it.
Cross-Border Transfer of Personal Information
By using the Services, you agree to the transfer, storage, use and processing of your Personal Information in the United States of America and El Salvador, or other jurisdictions. Privacy standards I these jurisdictions may differ from those applicable in your country.
Before your Personal Information is transferred out of your country, Lucira will take reasonable steps to ensure that the overseas recipient does not breach applicable law, regulations, and standards in relation to your Personal Information and provides at least the same level of protection to your Personal Information as required by law in your country.
Complaints
If you are concerned that we may have breached our obligations to you under applicable law, please contact us in writing at dpo@lucirahealth.com and we will endeavor to work with you to resolve the issue. If you are not satisfied with the action taken, you can make a complaint in accordance with the below:
For residents of Australia: To the Office of the Australian Information Commissioner.
For Residents of Canada: To the Office of the Privacy Commissioner of Canada.
For Residents of New Zealand: To the Office of the New Zealand Privacy Commissioner.
Lucira (contact details are set out below) is the controller responsible for the Personal Information we collect and process.
Address: 1412 62nd Street, Emeryville, California 94608
Contact No (United States and Canada): +1 (888) 582-4724
Contact No (Australia): +61 1800-431-541
Contact No (New Zealand): +64 800-447-452
If you have any questions about this Statement or the Services, please contact us at luci@lucirahealth.com or you may contact our Data Protection Officer, whose contact information is set out below:
Email address: dpo@lucirahealth.com
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the relevant authority.
These self-tests have been authorized by Health Canada under an Interim Order Authorization. The Lucira COVID-19 & Flu Test has been authorized only for the testing of nasal swabs from symptomatic individuals for the detection of nucleic acid from SARS-CoV-2, influenza A, and influenza B, not for any other viruses or pathogens. The Lucira COVID-19 Test has been authorized for testing of nasal swabs from individuals with or without symptoms for the detection of nucleic acid from SARS-CoV-2, not for any other viruses or pathogens.
To request more information contact us or call customer support at 1-888-582-4724
Monday -Friday 7:00am-5:00pm PT
For general media inquiries, please contact Lucira@luckybreakpr.com. If your media request is urgent, please contact: media@lucirahealth.com
© 2023 Lucira Health, Inc. All rights reserved.
Canada
US