We know that privacy is important to you. Your privacy is important to us too. This Notice explains how Quest Diagnostics and its affiliates (“Quest”, “we”, “our”) collect information from or about you (“you” or “your”) when you visit the websites or any applications, social media networks, interactive features, and other services that link to this Notice (the “Platforms”), and how we use, maintain, protect and disclose that information.
If you are using our Platforms in connection with our HIPAA covered services, please refer to our HIPAA Notice of Privacy Practices, which describes how we use and disclose your protected health information, our legal duties with respect to your protected health information, and your rights with respect to your protected health information and how you may exercise them. In connection with HIPAA covered services, in the event of conflict between this Notice and our HIPAA Notice of Privacy Practices, our HIPAA Notice of Privacy Practices will prevail.
Information We Collect
We may collect information about you including non-personally identifiable information and/or “Personal Information,” which is information that may identify, relate to, describe, or be capable of being associated with or reasonably linked, directly or indirectly, with a particular identified or identifiable person or household.
Personal Information we might collect includes data such as the following:
Type of Information
|
Categories of Sources
|
Business or commercial purposes for collection
|
Disclosed for a Business Purpose?
|
Third parties to whom Disclosed for Business Purpose
|
Identifiers such as a real name, postal address, unique personal identifier, online identifier, Internet Protocol address, signature, email address, account name, or other similar identifiers.
|
Direct contact with users through the Platforms, phone, email, web form and social media.
|
As described below, e.g., to provide you with products and services and for internal purposes.
|
Yes
|
Service providers, marketing and promotional partners, other entities that provide a service directly to you.
|
Financial information such as credit card number or debit card number and address or other information related to a billing or payment transaction.
|
Direct contact with users through the Platforms, phone, email and social media; from subsidiaries and affiliates and third parties.
|
As described below, e.g., to provide you with products, schedule an appointment, or complete transactions, and for internal purposes.
|
Yes
|
Service providers and affiliates.
|
Professional or employment-related information.
|
Direct contact with users through the Platforms, phone, email and social media and from service providers assisting in filling open positions.
|
To process applications for potential employment and for internal employment and benefit purposes.
|
Yes
|
Service providers; where permitted or with consent, with third parties such as future employers or pursuant to legal request.
|
Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|
Platforms, cookies and other tracking technologies, third parties and affiliates such as service providers.
|
As described below, e.g., for internal and marketing purposes.
|
Yes
|
Service providers, analytics, marketing, and promotional partners. |
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, form submissions, email unsubscribes and subscribes, email engagement or advertisement.
|
Platforms.
|
As described below regarding cookies, e.g., for internal purposes and for marketing purposes, as described in our Cookie Notice .
|
Yes
|
Service providers, analytics, marketing, and promotional partners.
|
Geolocation data.
|
Platforms; e.g. to provide nearby Patient Service Center locations.
|
As described below regarding cookies, e.g., for internal, marketing, and other operational and business purposes.
|
Yes
|
Service providers, marketing and promotional partners.
|
Inferences drawn from any personal information collected to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
|
Direct contact with users through the Platforms, phone, email and social media; cookies and other tracking technologies, third parties and affiliates such as service providers.
|
As described below, in order to facilitate more targeted marketing, as well as for internal reporting and analytics purposes.
|
Yes
|
Service providers, marketing and promotional partners, third parties for operational purposes.
|
Quest employee information, including employee identification number, identifiers and address details, contact information, employment details, job location, financial or payroll related information, other potentially sensitive personal information including National or State Identification Numbers for various employment-related purposes or background checks, and dependent information for the administration of certain employee benefits or programs.
|
Direct contact with Quest employees and any third-party employee recruitment sources.
|
To conduct background checks and for other purposes in the ordinary course of employment (e.g., to facilitate onboarding processes, manage compensation, provide benefits, review performance, etc.)
|
Yes
|
Service providers, marketing and promotional partners, third parties for operational purposes
|
Sensitive personal information, including driver’s license number, national or state identification number, citizenship status, immigration status, race, national origin, religious or philosophical beliefs, sexual orientation, sex life, precise geolocation, information concerning your health, and genetic information.
|
Direct contact with users and Quest employees, or through Platforms (e.g. to provide nearby Patient Service Center locations)
|
Internal reporting and analytics purposes, for other purposes in the ordinary course of employment, and to facilitate more targeted marketing.
|
Yes
|
Service providers, analytics, marketing, and promotional partners, and third parties for operational purposes.
|
We do not consider Personal Information to include information that can no longer be used to identify a specific natural person, whether in combination with other information or otherwise. For example, de-identified or aggregated consumer information.
Additionally, the following types of information are not considered Personal Information:
- publicly available information from government records; or
- information excluded from the applicable data privacy law’s scope, including but not limited to PHI covered by HIPAA, information derived from PHI that is de-identified in accordance with HIPAA, and personal information we handle in our capacity as a service provider to a business.
If we combine non-personally identifiable information with Personal Information, we will treat such information appropriately, but not all rights may apply to the non-personally identifiable information portion.
How We Use Personal Information That We Collect for Business or Commercial Purposes
We may use your Personal Information:
- to fulfill the purposes for which the information was provided (e.g., to provide a service or perform on a contract); to identify you in order to respond to requests, provide services or products, personalize information we provide to you, or otherwise as described below;
- to communicate with you about your account or our relationship, such as making announcements about the Platforms or our privacy policies and terms;
- to send push notifications and other information through our Platforms;
- to design, improve and administer our Platforms;
- to improve our products and services;
- to recruit and evaluate job applicants and candidates for employment and to conduct background checks;
- to engage in the ordinary course of employment (e.g., facilitate onboarding processes, manage compensation, provide benefits, review performance, etc.) and for other internal human resources purposes;
- to audit and measure user interaction with our Platforms, so we can improve the relevancy or effectiveness of our content and messaging;
- to develop and carry out marketing, advertising and analytics;
- to provide texts or emails containing information about our products or services, or events or news, that may be of interest to recipients, as permitted by law;
- to deliver content and products or services relevant to your interests, including targeted ads on third party sites;
- to detect security incidents or monitor for fraudulent or illegal activity;
- to enable security measures (such as, to protect our Platforms, customers, employees and business partners);
- debugging to identify and repair errors;
- to protect our rights and to protect your safety or the safety of others;
- to investigate fraud or respond to government inquiries;
- to complete corporate transactions (from time to time, we sell, buy, merge or otherwise reorganize our businesses, and these corporate restructurings may involve disclosure of Personal Information to prospective or actual purchasers, or the receipt of it from sellers);
- to comply with laws, regulations or other legal process; or
- otherwise use your Personal Information with your consent.
We may also use your Personal Information to:
- provide you with the services and products you request or that have been ordered and/or requested by your healthcare provider;
- process or collect payments for our services; or
- respond to your questions and otherwise provide support you request.
We may use Precise Location Data from your device in accordance with the device’s consent process on some of our Platforms to help us improve your user experience and provide information that is relevant to you, such as nearby Patient Service Center locations.
When you choose to print or email one of your results from within the MyQuest application, the result file is temporarily stored on your mobile device to aid in more efficient delivery of your result. The result file will be deleted from your mobile device storage once the action of printing or emailing is complete.
How Long We Retain Your Personal Information
Quest Diagnostics retains your Personal Information only for as long as is necessary for our legitimate business purposes. We will retain and use your Personal Information to the extent necessary to comply with our legal, accounting, or reporting obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. Additionally, we may continue to store your Personal Information contained in our standard back-ups. This applies to all categories of Personal Information in use by us.
Selling Personal Information or Disclosing of Personal Information for Targeted Advertising
We do not sell Personal Information. We may disclose the following categories of Personal Information to the categories of third parties listed below for the purpose of targeted or cross-context advertising (under California law, this is called “Sharing”):
Type of Information
|
Disclosed for Targeted Advertising?
|
Third parties to whom Disclosed for Targeted Advertising
|
Business or commercial purposes for Disclosing for Targeted Advertising
|
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
|
Yes
|
Marketing and promotional third parties such as advertising and social networks.
|
For marketing our products and services to you, and promoting career opportunities.
|
Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|
Yes
|
Marketing and promotional third parties such as advertising and social networks.
|
For marketing our products and services to you, and promoting career opportunities.
|
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
|
Yes
|
Marketing and promotional third parties such as advertising and social networks.
|
For marketing our products and services to you, and promoting career opportunities.
|
Geolocation data.
|
Yes
|
Marketing and promotional third parties such as advertising and social networks.
|
For marketing our products and services to you, and promoting career opportunities.
|
Inferences drawn from any personal information collected to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
|
Yes
|
Marketing and promotional third parties such as advertising and social networks.
|
For marketing our products and services to you, and promoting career opportunities.
|
No text message opt-in status information will be shared with or sold to third parties/affiliates for their own marketing/promotional purposes. Text messaging originator opt-in data and consent information will not be shared with any third parties, including affiliate or business partners. We also use and disclose your information pursuant to a subpoena, court order or other legal process, to establish or exercise our legal rights, or defend against legal claims. The opt-in is not transferable to another party involved in the process.
Cookie Notice
Our websites, like almost all other websites, use cookies and other technologies to make the website work as you expect and to collect and share information. Please see our Cookie Notice for more information.
Keeping Your Information Secure
Quest Diagnostics has adopted physical, technical and administrative measures that are designed to prevent unauthorized access or disclosure, maintain data accuracy, and ensure appropriate use of Personal Information. We cannot, however, ensure or warrant the security of information. No security measures are infallible.
How can you help protect your information?
If you are using a Quest Diagnostics Platform for which you registered and chose a password, you should not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also, remember to sign out of the Quest Diagnostics Platform and close your browser window when you have finished your work.
Please note that unencrypted email is not a secure method of transmission, as information in such emails may be accessed and viewed by others while in transit to us. For this reason, we prefer that you not communicate confidential or sensitive information to us via regular unencrypted email. We will, however, honor patient requests for communications through unencrypted email.
Links to Other Sites
Our Platforms may be accessed from or contain links to other websites that we do not own or operate. If you access those links, you will leave our Platforms. Quest does not control those third party websites or their privacy practices, which may differ from ours. We do not endorse or make any representations about third-party sites, including about the content or security of those sites. The information you choose to provide to or that is collected by these third parties is not covered by this Notice.
Children's Privacy
We do not knowingly collect information from children (as defined by COPPA) and we do not target our Platforms to children. If we learn that we have collected any information from children, we will delete it. For more information about the Children’s Online Privacy Protection Act (“COPPA”), which applies to websites that direct their services to children under the age of thirteen (13), please visit the Federal Trade Commission’s website https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions.
Additional Rights of Individuals in Certain Jurisdictions
Depending on where you live, you may have certain rights with respect to Personal Information that we have collected and used under certain circumstances, which may include the following:
- The Right to Know About Personal Information Collected, Disclosed, or Sold.
Residents of certain U.S. states have the right to request that Quest disclose what Personal Information it collects, uses, discloses, and sells. This is called the “Right to Know”. Under the Right to Know, you can request a listing of the categories of Personal Information we have collected about you, the categories of sources from which that information is collected, how we use the information (e.g., our business or commercial purposes for collecting Personal Information), categories of other individuals and business with whom we share Personal Information (or, for residents of Oregon, the specific third parties (other than individuals) to whom we have disclosed Personal Information), and the specific pieces of Personal Information that we have collected about you. For further details about this information, please visit the Information We Collect section above.
If you are a resident of a state that confers this right and would like to request to access your information, you may visit your state’s section below.
When you make a request under your Right to Know, you can expect the following:
a) We will verify your identity. You will need to provide us with certain information such as your name, email address, physical address, or other information, as relevant, so that we can verify that you are who you say you are. Which information may depend on the type and sensitivity of information requested.
b) We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
c) We will respond to your request within 45 days. If necessary, we may need additional time to respond, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
d) In certain cases, a Request to Know may be denied. For example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone’s security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.
2. The Right to Access and Receive your Specific Personal Information
Residents of certain U.S. states have the right to request that Quest provide a portable copy of the Personal Information it collects, uses, discloses, and sells. You can request a listing of the types of Personal Information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share Personal Information, and the specific pieces of Personal Information that we have collected about you. For further details about this information, please visit the Information We Collect section above.
If you are a resident of a state that confers this right and would like to request a portable copy of your information, you may visit your state’s section below.
When you request a portable copy of your information, you can expect the following:
a) We will verify your identity. You will need to provide us with certain information such as your name, email address, physical address, or other information, as relevant, so that we can verify that you are who you say you are. Which information may depend on the type and sensitivity of information requested.
b) We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
c) We will respond to your request within 45 days. If necessary, we may need additional time to respond, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
d) In certain cases, a Request to Access may be denied. For example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone’s security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.
3. The Right to Correct Personal Information.
Residents of certain U.S. states have the right to request that Quest correct the Personal Information it collects, uses, discloses, and sells. This is called the “Right to Correct”. Under the Right to Correct, you can request a correction of any inaccurate Personal Information, and Quest will use commercially reasonable efforts to correct this information.
If you are a resident of a state that confers this right and would like to request to correct your information, you may visit your state’s section below.
When you make a request under your Right to Correct, you can expect the following:
a) We will verify your identity. You will need to provide us with certain information such as your name, email address, physical address, or other information, as relevant, so that we can verify that you are who you say you are. Which information may depend on the type and sensitivity of information requested.
b) We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
c) We will respond to your request within 45 days. If necessary, we may need additional time to respond, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
d) In certain cases, a Request to Correct may be denied. For example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone’s security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.
4. The Right to Request Deletion of Personal Information about You.
Residents of certain U.S. states have a right to request the deletion of their Personal Information collected or maintained by Quest. If you are a resident of a state that confers this right and would like to request to delete your information, you may visit your state’s section below.
When you make a request for deletion, you can expect the following:
- We will verify your identity. You will need to provide us with certain information such as your name, email address, physical address, or other information, as relevant, in order for us to verify that you are who you say you are. Which information may depend on the type and sensitivity of information that you would like to have deleted.
- We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
- We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
- In certain cases, a request for deletion may be denied, for example, if we cannot verify your identity; the law requires that we maintain the information (e.g., to comply with federal and state medical record retention requirements); or, if we need the information for internal purposes such as to continue to provide you services. If we deny your request, we will explain why we denied it, and delete any other information that is not protected from deletion.
5. The Right to Opt-Out of the Sale or Cross-Context Behavioral Advertising of Personal Information
This Section of the Notice also serves as a Notice to residents of the State of California and the Commonwealth of Virginia of their right to opt-out of the sale of Personal Information and of the use of Personal Information for certain types of advertising.
Residents of California have a right to direct businesses not to sell or share their Personal Information if the businesses otherwise would. Virginia residents have the right to direct businesses not to process their personal data for purposes of (i) targeted advertising, (ii) sale, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. Under California and Virginia law, this is known as the “right to opt out.” We do not sell your Personal Information. However, when you visit our websites, we may share information about your use of our website with our advertising and analytics partners. You can opt out of sharing or using your Personal Information for the purposes of targeted advertising, by interacting with the cookie banner that may appear at the bottom of Quest websites the first time you come to the website or the “Your Privacy Choices” link that may appear in the footer of our websites. You can also opt back into these cookies through the same link.
For more information about your right to opt-out, please see your state’s section below.
6. The Right to Limit the Use or Disclosure of Sensitive Personal Information
Residents of certain U.S. states have a right to limit the use or disclosure of sensitive Personal Information, including one’s precise geolocation and health-related information, by Quest. For more information about your right to limit the use or disclosure of sensitive Personal Information, please see your state’s section below.
7. The Right to Appeal a Business or Controller’s Refusal to Take Action
Residents of certain U.S. states have a right to appeal if the consumer’s privacy rights-related request is denied in whole or in part. For more information about your right to appeal, please see your state’s section below.
8. The Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You have a right not to receive discriminatory treatment by Quest for exercising any of your privacy rights conferred by your state’s consumer privacy laws. Quest will not discriminate against any consumer because such person exercised any of the consumer’s rights under these privacy laws, including, but not limited to:
- denying goods or services;
- charging different prices or rates for goods and services, including through the use of discounts or other benefits or imposing penalties;
- providing a different level or quality of goods or services; or
- suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
Quest may, however, charge a different price or rate, or provide a different level or quality of goods or services, if that difference is related to the value provided to you by your data.
9. Authorized Agents
Certain state residents may designate an authorized agent to make a request on your behalf. We will deny requests from agents that do not submit proof of authorization from you. To verify that an authorized agent has authority to act for you, we may require a copy of a power of attorney or require that you provide the authorized agent with written permission and verify your own identity with us.
In certain states, the authorized agent may be able to act on your behalf solely for certain rights to opt-out as described in the state-specific sections below.