Verily Privacy Policy

Thank you for reviewing this Privacy Policy, which applies to the products and services (collectively, the "Services") that you may receive from Verily Life Sciences LLC ("Verily," "we" or "us"), an Alphabet company, and our controlled affiliates. Verily values and is committed to protecting the privacy and security of your information gathered through the Services.

Please read this Privacy Policy carefully. We want you to understand what data we collect from you when you use the Services, and how we use and disclose such data. Using our Services is voluntary, and by accessing or using the Services, you acknowledge that: (i) you have read and understand this Privacy Policy; (ii) you understand that your access to and use of the Services are subject to this Privacy Policy and the related Terms of Service; and (iii) you understand Verily's practices regarding collection, use and disclosure of your data as described in this Privacy Policy.

This Privacy Policy includes the following information:

Introduction

We offer a range of Services in support of our mission to make the world's health data useful so that people enjoy healthier lives. Our Services may include things like websites that we operate, apps and web-based platforms, and devices, including connected devices.

In addition to this Privacy Policy, specific privacy practices with respect to certain Services may apply. As applicable, supplemental privacy policies will be included with such Services. Your use of such Services is subject to both this Privacy Policy and any supplemental terms that may apply.

Information We Collect from You

When you use the Services, certain types of data may be collected from you, including: (1) Non-Personal Information; and (2) Personally Identifiable Information. For more detailed information on personal information from children, please refer to the "Children and Parents" section below.

Non-Personal Information

We may automatically collect certain data regarding your use of or access to the Services, such as: the type of device you use to access the Services; the date and time you access the Services; the type of web browser you use to access the Services; and the sections within the Services that you access. Such information (collectively, "Non-Personal Information") may be collected through cookies. For more detailed information on cookies, please refer to the "Use of Cookies" section below.

Personally Identifiable Information

You may be able to view and download content through certain Services (or portions thereof) that are accessible to the general public without disclosing any information that, either alone or in combination with other information, can be used to uniquely identify, contact or locate you (collectively, "Personally Identifiable Information" or "PII"). However, certain Services (or portions thereof) may only be accessible by creating an account, providing third-party user credentials (e.g., your Google account) for authentication or otherwise disclosing certain PII. By providing such information, you acknowledge that you understand our collection and use of it, as described in this Privacy Policy.

In some circumstances, Verily may also collect information about you from trusted partners, including marketing partners who provide us with information about potential customers of our Services, and security partners who provide us with information to protect against abuse.

Use of Cookies

Cookies are small bits of data cached or stored on your computer or smartphone based on Internet activity. We may use cookies to monitor individual activity in aggregate to improve the Services and provide features that are tailored to your needs. Most web browsers automatically accept cookies, but you can usually change your settings to prevent this. If you disable cookies, your ability to use some features of the Services may be limited. We may also use session cookies when you use the Services; session cookies are active only during the period you are logged into the Services, and are removed when you leave.

Children and Parents

Use of the Services is not offered to children, as defined by applicable law. If you are a child, you may not use the Services. We do not intend to collect or store any personal information from children.

How We Use and Disclose Information Collected

Generally, we may use and disclose the information that we collect for our business purposes, including operation of the Services, as well as development of new products and services. Such use and disclosure of information may vary with respect to the type of information collected, including: (1) Non-Personal Information; and (2) Personally Identifiable Information.

Non-Personal Information Use and Disclosure

We use Non-Personal Information collected through the Services to monitor the performance and effectiveness of the Services, to help personalize your experience, for statistical and research purposes and for improving the functionality of the Services. This information may also be used for administrative purposes including, without limitation, to troubleshoot and resolve problems with the Services and to protect Verily, the Services and our users. We may rely on third-party partners to collect and analyze Non-Personal Information based on our instructions and subject to appropriate privacy and security measures.

Personally Identifiable Information Use and Disclosure

PII collected may be used for a variety of purposes, such as responding to requests for information, creation of user accounts, and processing and fulfillment of orders, as applicable. We may disclose your PII to:

(i) our affiliates in your local jurisdiction, or other locations as necessary or appropriate, to assist us with responding to requests for information, to process and fulfill orders, and to provide other activities contemplated by the Services; and

(ii) business partners or service providers we use to perform site hosting, analytics, and other information technology and support functions on our behalf, and such activities are performed based on our instructions and in compliance with appropriate privacy and security measures.

Where permitted, your PII may also be used to create de-identified data sets.

We may share personal information with companies, organizations or individuals outside of Verily, for purposes not specified elsewhere in this Privacy Policy, when we have your consent to do so. We require explicit "opt-in" consent for the sharing of certain sensitive personal information.

Additional Disclosures

In addition to the activities described above, we may share personal information with companies, organizations or individuals outside of Verily if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to: (1) meet any applicable law, regulation, legal process or enforceable governmental request; (2) enforce applicable Terms of Service, including investigation of potential violations; (3) detect, prevent or otherwise address fraud, security or technical issues; or (4) protect against harm to the rights, property or safety of Verily, our users or the public, as required or permitted by law.

Access to Your Information

We aim to provide you with access to your personal information gathered through the Services. In some circumstances you may have the right to review or request your personal information, or request that it be updated or deleted, by contacting us using the method below under the caption "Contact Us." However, to the extent permitted by law, we may reject requests that are unreasonably repetitive, unduly burdensome, risk the privacy of others, or would be very impractical to honor.

To the extent practicable, where we can provide our users with information access and correction through the Services, we will do so for free, except where it would require a disproportionate effort. We aim to protect information gathered through the Services from accidental or malicious destruction.

Do Not Track Signals

Do Not Track ("DNT") is a privacy preference that visitors can set in their web browsers. When a visitor turns on DNT, the browser sends a message to websites requesting that they don't track the visitor. At this time, we do not respond to these signals. We do not change our practices, described elsewhere in this Privacy Policy, in response to DNT browser settings or signals.

Linked Third-Party Sites

We may provide links to other third-party websites through the Services solely as a convenience to you. However, such linking does not mean, and should not be interpreted to mean, that Verily endorses, is affiliated with or makes any representations concerning such third-party websites. Verily neither reviews, nor controls, nor is responsible for these third-party sites or any content therein. If you decide to access any of the third-party sites linked through the Services, you do so entirely at your own risk. Verily shall not be liable for any consequences arising from use of any third-party websites to which the Services link.

Information Security

We work hard to prevent unauthorized accessing, alteration, disclosure, or destruction of the information we hold. We have many data security safeguards in place, and we regularly review our security practices to proactively guard against unauthorized access.

We strive to maintain the security of your information by using appropriate measures designed to protect our systems. However, we cannot guarantee the security of any information that is disclosed online. Consequently, we do not insure or warrant the security of any information you transmit, and you do so at your own risk.

Data Retention and Deletion

We collect data when you use our Services. What we collect, why we collect it, and how you can manage your information are described in this Privacy Policy. This section describes why we hold onto different types of data for different periods of time.

For some data, you can request deletion whenever you like, some data is deleted automatically, and some data we retain for longer periods of time when necessary. When data is deleted, we follow internal policies and procedures to make sure that your data is safely and completely removed from our servers or retained only in anonymized form.

Data Retained Until You Request Deletion: As noted in this Privacy Policy (in the "Access to Your Information" section above and the "European Requirements" section below), you may have the right to request deletion of your information. In certain circumstances, we may provide you with tools or other features within our Services that enable you to directly manage your information, including deletion of your information. In any event, you can always submit a deletion request by contacting us using the method below under the caption "Contact Us."

Data That Expires After a Specific Period of Time: In some cases, we store data for a predetermined period of time. For each type of data, we set retention timeframes based on the reason for its collection. Where applicable, we also take steps to anonymize certain data within set time periods.

Information Retained for Extended Time Periods for Limited Purposes: Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. Reasons we might retain some data for longer periods of time include:

  • Security, fraud & abuse prevention
  • Financial record-keeping
  • Complying with legal or regulatory requirements
  • Ensuring the continuity of our Services
  • Direct communications with Verily

We try to ensure that our Services protect information from accidental or malicious deletion. Because of this, there may be delays between when something is deleted and when copies are deleted from our active and backup systems. For our active systems, this process generally takes around two months from the time of deletion; however, data can remain on backup systems for up to six months.

Cross-Border Transfer of Information

Unless otherwise specified, we may process the information collected through the Services on a server located outside the country where you live. However, we will handle your personal information in accordance with this Privacy Policy regardless of where your personal information is stored or processed.

When we transfer personal information from the European Economic Area and Switzerland to other countries, including to the United States, we use a variety of legal means to help ensure the data is appropriately protected. As described in our Privacy Shield certification, Verily Life Sciences LLC complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information in the United States from European Union member countries and Switzerland, respectively ("European Personal Information"). Verily has certified its commitment to subject to the Privacy Shield Principles all such European Personal Information received from the EU and Switzerland in reliance on Privacy Shield. We shall remain responsible for European Personal Information that we share under the Onward Transfer Principle with third parties for processing on our behalf, as described under the caption "How We Use and Disclose Information Collected." Learn more about the Privacy Shield program here.

If you have an inquiry regarding our privacy practices in relation to our Privacy Shield certification, we encourage you to contact us. Verily is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). You may also file a complaint free of charge with your local data protection authority and we will work with them to resolve your complaint. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.

Compliance and Cooperation with Regulatory Authorities

We regularly review our compliance with this Privacy Policy. 
We also adhere to several self-regulatory frameworks, including the EU-US and Swiss-US Privacy Shield Frameworks. When we receive formal written complaints, we will contact the person who made the complaint to follow-up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

European Requirements

If European Union (EU) data protection law applies to the processing of your information, you may contact us in order to exercise your rights to request access to, update, remove and restrict the processing of your information. You also have the right to object to the processing of your information or export your information to another service.

We process your information for the purposes described in this Privacy Policy, based on the following legal grounds:

With Your Consent: We ask for your agreement to process your information for specific purposes and you have the right to withdraw your consent at any time.

When We're Pursuing Legitimate Interests: We process your information for our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. This means that we process your information for things like:

  • Providing, maintaining and improving our Services to meet the needs of our users
  • Developing new products and features that are useful to our users
  • Understanding how people use our Services to ensure and improve the performance of our Services
  • Customizing our Services to provide you with a better user experience
  • Marketing to inform users about our Services
  • Detecting, preventing or otherwise addressing fraud, abuse, security or technical issues with our Services
  • Protecting against harm to the rights, property or safety of Verily, our users or the public, as required or permitted by law
  • Performing research that improves our Services for our users and benefits the public
  • Fulfilling obligations to our partners
  • Enforcing legal claims, including investigation of potential violations of applicable Terms of Service

When We're Providing Services

We process your data to provide Services you've asked for under contract. We may also process your data in the course of providing Services to our business partners, to which you may have provided your data; such processing is performed at the direction of our business partners.

When We're Complying with Legal Obligations

We'll process your data when we have a legal obligation to do so, for example, if we're responding to legal process or an enforceable government request.

If you have questions, you can contact Verily and our data protection officer. You can also contact your local data protection authority if you have concerns regarding your rights under local law.

Changes to Our Privacy Policy

From time to time, we may update and post revisions to this Privacy Policy. Any changes will be effective immediately upon the posting of the revised Privacy Policy. We encourage you to review this page periodically for the latest information on our privacy practices. This Privacy Policy was updated as of the effective date listed below.

If Verily is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

Contact Us

If you have any questions or concerns regarding the information gathered through the Services, or would like to submit a request related to your information (including requests to review, update or delete your information), please let us know.

Privacy Policy Last Updated: May 24, 2018