The Privacy Policy explains how GRAIL, Inc. (“GRAIL” or “we”) may collect, use, disclose, and secure information we obtain from your visit to the Summit Study website (the “Service”). By accessing the Service, you consent to the practices and terms of this Privacy Policy. This Privacy Policy applies only in relation to GRAIL’s use of Personal Information in relation to the Summit Study Website (“Site”). For more information about how we collect Personal Information outside of the context of the Summit Study, please see our Grail Privacy Policy. If you enroll in the Summit Study, you will be provided a separate notice that describes how information obtained about you for purposes of the Summit Study is collected, used, disclosed, and secured.

Information we collect

“Personal Information” means any information that can be used to identify you, directly or indirectly, as an individual person. In connection with the Service, we collect:

  • Information obtained from cookies automatically, such as anonymous usage statistics by using cookies, server logs, and other similar technology as you use the Service.
  • GRAIL is the controller of this information.

How we collect Personal Information

We automatically collect certain data from users who visit the Service that may be identifiable through the use of cookies or other data collection tools on the Service that record certain usage information, such as the number and frequency of visitors to the Service. Please see our Cookies Policy below to learn about how we use cookies on the Site and your choices in relation to the use of cookies.

How we use your information

We use information about you for various purposes, including to:

  • Provide, maintain and improve the Service.

How we share your information

Within GRAIL. We share your Personal Information within GRAIL for the purposes set forth above.
Business Partners and Service Providers. We may share Personal Information with our business partners participating in the Summit Study, and with our third-party vendors and service providers, to comply with legal obligations, to protect and defend our rights and property, and with your permission. We do not rent, sell, or share Personal Information about you with other people or non-affiliated companies for their direct marketing purposes, unless we have your permission. We may share any information we receive with vendors and service providers we use to help us provide and improve the Service. For example, we may disclose information to the service providers that help host the Service.

Regulatory, Legal Process, Safety and Terms Enforcement. We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; comply with the law; or protect your, our, or others’ rights, property, or safety.

Business Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of GRAIL assets, or transition of service to another provider, your information may be disclosed in connection with the negotiation of such transaction, and/or sold or transferred as part of such a transaction as permitted by law and/or contract. We cannot control how such entities may use or disclose such information.

Children’s privacy

We do not knowingly collect, maintain, or use Personal Information from children under 13 years of age, and no part of the Service is directed to children under the age of 13. If you learn that your child has provided us with Personal Information without your consent, you may alert us as described in the “Contact us” section below. If we learn that we have collected any Personal Information from children under 13, we will promptly take steps to delete such information and terminate the child’s account.

Links to other websites

The Service may contain links to websites and digital services operated by third parties. This Privacy Policy does not apply to such websites and services. We recommend that you read the appropriate website’s or digital services’ Privacy Policy to become familiar with those terms, some or all of which may differ from the ones reflected here.

The Service may include features like buttons and widgets hosted by other companies. Some of these features collect Personal Information or other information such as IP addresses and your actions on the Service. This Privacy Policy does not apply to the practices of such third parties. We encourage you to review the privacy policies of those third parties to learn about their personal information and privacy practices.

Changes to our Privacy Policy

We will post adjustments to the Privacy Policy on this web page, and the revised version will be effective when it is posted. From time to time, we may desire to use Personal Information for uses not previously disclosed in our Privacy Policy. If our practices change regarding previously collected Personal Information in a way that would be materially less restrictive than stated in the version of this Privacy Policy in effect at the time we collected the information, we will make reasonable efforts to provide notice of any such uses to the extent such notice may be required by law.

Legal basis for processing

We may process Personal Information subject to our own legitimate interests, such as to operate, evaluate, and improve our business, including supporting the Summit Study; or to facilitate a sale of assets or merger or acquisition.

Data retention

We retain Personal Information for a reasonable period of time as is necessary to accomplish the purposes set forth in this Privacy Policy, unless a longer period is required under applicable law or is needed to resolve disputes or to protect our legal rights.

We may face any threat of legal claim and in that case, we may need to apply a “legal hold” that retains information beyond our typical retention period. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

Rights with respect to the Personal Information

Under the European Union’s General Data Protection Regulation, in certain circumstances, a European Economic Area (EEA)-resident data subject has certain individual rights with respect to the Personal Information that we hold about them. In particular, you may have the right to:

  • Request access to any data held about you;
  • Ask to have inaccurate data amended;
  • Request data held about you to be erased, provided the data are not required by us to perform a contract, protect our rights, interests or those of a third party, defend against a legal claim or to comply with applicable laws or regulations;
  • Prevent or restrict processing of data that is no longer required; and
  • Request transfer of appropriate data to a third party if technically feasible.

Additionally, in the circumstances when you may have provided your consent to the collection, processing, and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for that specific purpose at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes to which you originally agreed, unless we have another legitimate basis for doing so in law.
To exercise any of these rights, please contact us using the contact details set out under the “Contact us” heading below. If you are a resident of the EEA, you are also entitled to direct any complaints in relation to our processing of your Personal Information to your national or local data protection supervisory authority.

Transfer of Personal Information outside of the EEA

We will process your Personal Information in the United States, which does not provide the same level of data protection as the EEA. Where your Personal Information is processed by us or third parties outside of the EEA, we will ensure that appropriate safeguards are in place to adequately protect your Personal Information, to the extent required by applicable law, if the recipients are not located in a country with adequate data protection (as determined by the European Commission). Such safeguards may include the execution of standard contractual clauses; EU-US Privacy Shield framework; consent of the individual to whom the Personal Information pertains; or other safeguards permitted by applicable EEA requirements.

Contact us

If you would like to request that we update or correct any information that you have provided to us through your use of the Service or otherwise, or if you have questions regarding this Privacy Policy, please contact us at the following address or email address.

Contact Information:
GRAIL, Inc.
Attn: Privacy
1525 O’Brien Drive
Menlo Park, California 94025
privacy@grail.com

Cookies Policy

Our use of cookies

We use cookies and related data collection technologies (“cookies”) to provide services, gather information when users navigate through the Service to enhance and personalize the experience, to understand usage patterns, and to improve the Service.

A cookie is a string of information, including a unique reference code, that a website stores on a visitor’s computer when visiting a website and that the visitor’s browser provides to the website each time the visitor returns. A number of cookies we use will last only for the duration of your web session and expire when you close the browser. Other cookies last longer and are used to recognize your computer when you return to the Service.

The cookies you receive from the Service are served by GRAIL. However, some cookies served by us use code provided by a third party delivering analytical services on our behalf. We and our service providers use the following categories of cookies:

  • Essential Cookies: These cookies are strictly necessary to provide you with features available through the Service and to use some of their features, such as contact forms. Because these cookies are strictly necessary to deliver the Service, you cannot refuse them without affecting how the Service functions.
  • Performance and Functionality Cookies: These cookies are used to enhance the performance and functionality of the Service but are non-essential to its use. However, without these cookies, certain functionality of the Service may become unavailable.

Managing cookies

Most web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can review your Internet browser settings, typically under the sections “Help” or “Internet Options”, to exercise choices you have for certain cookies.

Please note that by blocking or deleting cookies used on the Service, you may not be able to take full advantage of the Service.

You can also learn more about how to manage all cookies across different types of browsers by visiting www.allaboutcookies.org. The site includes additional information on cookies.

To learn more about the use of cookies by Google for analytics and to exercise choice regarding those cookies, please visit the Google Analytics Opt-out Browser Add-on.

Please note that new services using cookies may be added to the Service from time to time. Accordingly, this Cookies Policy is subject to occasional revision. We will notify you of changes by posting the new Cookies Policy on the Service. Such changes to the Cookies Policy will become effective when posted. Please review this Cookies Policy periodically and become aware of any modifications.

Start typing and press Enter to search

This is a legacy site for the SUMMIT Study which ended on 25 May 2023.

Publication of the key research on the benefits of lung screening is expected in autumn 2023.