Data Protection and Privacy Statement

Myriad Genetics, Inc. and its Affiliates

Myriad Genetics, Inc., 320 Wakara Way, Salt Lake City UT 84108, U.S.A., and its affiliated companies in the United States and Europe, including Myriad Genetics GmbH, Leutschenbachstrasse 95, 8050 Zurich, Switzerland (“Myriad Switzerland”) and Myriad Service GmbH, Staffelseestraße 6, 81477 Munich, Germany (“Myriad Germany”; collectively, “Myriad”) are committed to adhering to applicable data protection laws. This Data Protection and Privacy Statement discloses our practices with regard to the collection, processing and use of personal data of employees of Myriad Switzerland, Myriad Germany and other European affiliates of Myriad and patients undergoing clinical diagnostic testing (collectively “European Personal Data”).

COLLECTION, PROCESSING AND USE OF EUROPEAN PERSONAL DATA

Personal Data of Patients

Myriad Switzerland and Myriad Germany collect personal data of patients in the course of clinical diagnostic testing, inter alia, patient medical data and records, data of clinical diagnostic laboratory testing and genetic sequencing test results, name, address, medical history potentially including diagnosed cancer, and health insurance information of the patient. Myriad Switzerland and Myriad Germany may use this personal data for the following purposes: providing clinical laboratory services, including molecular diagnostic test services; creating anonymized analyses of biomarker and cancer type data for publication and internal research; and providing customer service.

Personal Data of Employees

Myriad Switzerland and Myriad Germany collect personal data of their employees, and the employees of Myriad’s European affiliates, in the course of the employment with them, inter alia the employee’s name, address, job title and salary information. Myriad Switzerland and Myriad Germany may use this personal data for general HR administrative functions, including hiring, performance assessment, promotion, salary and benefits determinations.

Data Transfers outside the EEA and Switzerland

Myriad Switzerland and Myriad Germany may transfer European Personal Data to its parent company, Myriad Genetics, Inc., affiliates and subsidiaries of Myriad Genetics Inc., business partners, and service providers (“Data Recipients”) for the purposes listed above.

Data Recipients may be located in countries outside the European Economic Area and Switzerland (“Third-Countries”) in which an adequate level of data protection equivalent to the European Union, the European Economic Area or Switzerland may not be guaranteed. If Data Recipients are located in Third-Countries without an adequate level of data protection, such as the United States, Myriad Switzerland and Myriad Germany have implemented appropriate measures to guarantee that the European Personal Data transferred are adequately safeguarded, e.g. by concluding EU Standard Contractual Clauses for transfer of personal data to third-countries, respectively, with the Data Recipients.

Data Security, Integrity and Access

Myriad takes reasonable precautions to protect European Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. Myriad makes reasonable efforts to keep European Personal Data reliable for its intended use, accurate, current and complete. Myriad provides European data subjects with access to their personal data with the opportunity to review and correct their personal data. European data subjects may contact the Myriad privacy contact person identified below to review their personal data. Myriad reserves the right to take reasonable steps to authenticate the identity of any individual seeking access to their Personal Data.

Other Disclosures

In the case of a legally binding order for access to the European Personal Data by an authorized public authority, Myriad may disclose European Personal Data to the extent necessary to comply with such binding order. In any such event, Myriad will use its reasonable efforts to comply with the data disclosure rules under HIPAA and seek that any disclosures of the personal data by it to any public authority are not massive, disproportionate and indiscriminate in a manner that it would go beyond what is necessary in a democratic society.

Further Information

Requests for further information regarding this Data Protection and Privacy Statement or requests for access to, or review or correction of European Personal Data should be directed to the privacy contact person(s) listed below. Additionally, if any individual who experiences an issue regarding the European Personal Data that Myriad holds about him or her that he or she cannot resolve directly with Myriad, the individual may contact the competent local data protection authority in the EU or Switzerland for further information.

Privacy Contact Persons:

Alef Völkner

Data Protection Officer
fox-on Datenschutz GmbH
Pollerhofstraße 33a
51789 Lindlar/Köln
Germany
Tel.: +49 22 66 – 90 15 920
Email:  DSB@fox-on.de

Clivetty Martinez
SVP, Chief Compliance Officer
Myriad Genetic Laboratories, Inc.
320 Wakara Way
Salt Lake City, UT 84108
USA
Tel.: +1 (801) 584-1136
Email: cmartine@myriad.com

Version September 2019