Privacy Policy
Twist Bioscience Corporation (“we” or “Twist”) operates the website www.TwistBioscience.com (together with any associated or successor sites of Twist, collectively the “Site”) to provide information about our company, products and services and to offer certain related services. This Site includes the portal used by customers to order and purchase our synthesized DNA products as well as manage their accounts and access certain reports, tools and related functionality as may be provided by Twist from time to time (“Order System”). In this Privacy Policy, “Personal Information” means any information relating to an identified or identifiable individual.
Twist has prepared this Privacy Policy to describe our collection, use, disclosure, processing and protection policies and set out the rights you have in this respect.
The Site is controlled and operated from the United States, and is directed only to individuals who are 18 years or older.
- PERSONAL INFORMATION WE COLLECT
- Information Provided by You
- If you register and use our portal. We may collect Personal Information, such as your name, phone number, mobile phone number, email address, user name, password, IP address, company or organization, country, and your preferred way of communication, when you register through our portal or update your information on your account.
- If you make a purchase or request products or services. We may collect your name, email address, shipping and billing address, phone number, order number, IP address, and information on the payment (including bank account details) and the purchase or requests.
- If you sign up for promotional emails. If you sign up for our mailing list, we will collect your email address you submit (business or private), name, company, industry, product interest, marketing campaign information such as your reaction to our marketing, whether you open our marketing emails or click the links contained in these emails.
- If you communicate with us. We may also collect your name, email address and other contact details you provide, IP address and any communications content between you and us.
- Information Collected via Automated Means
As you use our Site, we may collect passive information in our log-files and through the use of cookies and other technologies. Please see below under “How We Use Cookies and Other Tracking Technology” for more information. - Information from Third Parties
We may combine Personal Information that you submit on or through the Site with information that we collect from and about you from other sources, offline and online including the following- Social networks. Social networks when you reference our company or grant permission to Twist to access your data on one or more of these services. For example, if you interact with us through a social media site or third-party service, such as when you like, follow, or share Twist content on Facebook, Twitter, or other sites, we may receive information from the social network, including your profile information, picture, user ID associated with your social media account, and any other information you permit the social network to share with third parties. The data we receive from these third-party sites is dependent upon that third party’s policies and your privacy settings on that third-party site. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Site or service.
- Third party service providers and partners. Third party advertising network providers, advertisers, marketing partners, clients or other partners with which we offer co-branded services, sell or distribute our products, or engage in joint marketing activities and other services to serve advertisements. We may receive your name and contact details (including work and personal email address, country, state and ZIP code), information on your company, position, industry and product interests.
- Public sources. Publicly-available sources such as open government databases or other data in the public domain. Such as name, position, contact details, company, industry. We may also in particular screen your contact details, shipping address and name against governmental prohibition or sanctions lists for biosecurity purposes in accordance with the 2010 Department of Health and Human Services published guidance to synthetic DNA manufacturers and the International Gene Synthesis Consortium Protocol, either of which may be updated or amended from time to time.
- Customers, vendors and partners. We may obtain Personal Information of employees of customers, vendors and partners via our customer, vendor and partner relationships, for example, when we meet on trade shows and other events. This will in particular include professional contact details and information on the industry and country.
- Payment Processor. We may use third-party payment services to process payments made through the Site. If you wish to make a payment through the Site, your Personal Information may be collected by such a third-party payment service provider and not by us, and thus will be subject to the third-party’s privacy policy rather than this Privacy Policy.
- Information Provided by You
- HOW WE MAY USE PERSONAL INFORMATION.
- We use Personal Information to do the following:
- Provide the products and services that you request on the Site as well as customer support.
- Send you administrative information, including information regarding the Site and changes to our terms, conditions and policies.
- Personalize your experience on the Site by presenting content tailored to you.
- Send you updates, messages and information about our products and services, including marketing communications. Where required under applicable law, we obtain consent to send you marketing communications.
- For our business purposes, such as data analysis, audits, developing or improving our products and services, enhancing the Site, identifying usage trends, and determining the effectiveness of promotional campaigns. For example, we may use this data to determine which parts of our Site are of most interest to users, which parts are of least interest, and to modify the Site accordingly. We may also use your Personal Information to conduct fraud monitoring and prevention, create financial statements and identify potential cyber security threats.
- As we believe appropriate (a) to comply with applicable law and legal processes including complying with subpoenas; (b) to enforce our terms and conditions; (c) to protect our operations or those of our affiliates; (d) to protect our rights, privacy, safety or, or that of our affiliates, you or others; (e) to comply with biosecurity requirements or (f) to allow us to pursue available remedies or limit the damages that we may sustain (these goals, collectively, the “Compliance Purposes”).
- To aggregate information collected from the Site (including anonymization of Personal Information)
- Manage our customer, vendor and partner relationships.
- If you are in the European Economic Area (“EEA”), we only process your Personal Information for the above purposes when we have a valid legal ground for the processing, namely the following:
- Consent.We may collect, process, use, or share and otherwise process your Personal Information by obtaining your consent. You are free to deny your consent and the denial will have no negative consequences for you. You are also free to withdraw your consent at any time with effect for the future. If you have granted us consent to use your Personal Information, we will use it only for the purposes to which you have consented. Please note that to the extent our processing is based on your consent and you withdraw it, we may no longer be able to provide the service or parts of the service relating thereto. Cases where we seek your consent include for example, when we seek to obtain your consent for our uses of cookies or similar technologies, or to send you marketing communications.
- Performance of our contract or in preparation for a contract with you. We need your Personal Information for the performance of the contract or in preparation for a contract with you, namely to provide you with services and products requested by you, or to respond to your inquiries, to provide customer support, for invoicing and payment follow up.
- Legal Obligation. We use your Personal Information to comply with legal obligation to process your Personal Information (e.g., retain certain information according to tax or commercial laws).
- Legitimate interest. We may use your Personal Information if we or a third party have a legitimate interest in using your Personal Information. In particular, we have a legitimate interest in using your Personal Information to ensure and improve the safety, security, and performance of our Site, anonymize Personal Information and carry out data analyses, administer the services, evaluate and review our business performance, conduct fraud monitoring and prevention, develop new products, determine the effectiveness of our promotional campaigns, identify usage trends, create financial statements, identify potential cyber security threats, personalize your experience on the Site by presenting products and offers tailored to you, manage our customer, vendor and partner relationship, conduct marketing activities where we do not rely on consent and improve our services, as well as for Compliance Purposes.
- We use Personal Information to do the following:
- HOW WE USE COOKIES AND OTHER TRACKING TECHNOLOGY.
When you visit our Site, read our emails, or otherwise engage with us, we may collect Personal Information about you via automated means, such as cookies, web beacons and similar technologies (collectively, “tracking technology”).- What kind of technologies are used. We use a variety of other tracking technologies. Cookies are small text files which are placed on your device (such as computer or smart phone) when you visit our Site. Cookies store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie has been placed, as well as information about the age of the cookie and a random alphanumeric identifier, the so-called cookie-ID. They help to recognize the device and make any pre-settings immediately available. Web beacons are small graphical images that may be included on our Sites and typically work in conjunction with cookies to identify our users and user behavior. An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on. The code is temporarily downloaded onto your computer or device from our web server or a third-party service provider, is active only while you are connected to the Site, and is deactivated or deleted thereafter. Flash cookies are pieces of data that websites which use Adobe Flash may store on a user's computer or device. Third parties with whom we partner to provide certain features on our Sites or to display advertising based upon your web browsing activity use Flash cookies. We will also inform you of the use of cookies and similar technologies via so-called cookie banners and seek to obtain consent in this respect if required by law.
- What information we collect. In this context, we may collect certain information about you, such as browser and device information (e.g., device type, screen resolution, operating system version, and Internet browser type and version), actions taken on the Site (such as links you click on the Site, webpages you view on the Site, downloads), IP address and traffic patterns (such as referring URL, length of time you visit our Site, information on how you move through the Site). To the extent tracking technology is embedded in emails, we may also collect information on the interaction with the email (e.g. if you opened the email or used a link). We may also collect information about how you use and interact with the Site. For example, we may collect server log files, usage reports for tracking the total number of visitors to our website, the number of visitors to each page of our website, IP addresses, and the domain names of our users' Internet Service Providers.
- Purposes of use. We use this information to facilitate your ongoing access to and use of the Site, present you with more tailored information about our products and services, collect and store information about your use of the Site, determine usage levels, activity, and trends for the Site, understand more about the demographics of our users and conduct further data analysis, diagnose server problems, and operate and maintain the Site. We may also work with third-party partners to employ technologies, including the application of statistical modeling tools, which allow us to recognize and contact you across multiple devices. We and our third-party partners also use this information to make the advertisements you see online more relevant to your interests (including advertisement you see regarding our products on other websites), as well as to provide advertising-related services such as reporting, attribution, analytics, and market research. With your consent, we may also share your personal data (including hashed e-mail addresses) to enable that targeted advertising can be displayed on third party websites. However, in that case we will make sure that your personal data will not be used for other purposes or sold to anyone. We use or may use the data collected through tracking technologies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the Site; (b) provide custom, personalized content and information, including targeted content and advertising; (c) recognize and contact you across multiple devices; (d) provide and monitor the effectiveness of our Site; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Site; (f) diagnose or fix technology problems; and (g) otherwise to plan for and enhance our Site and service. We may also receive aggregated reports based on such data to analyze the use of our Site and understand the needs of our customers.
- Legal basis for the EU. The legal bases for such processing in the EU are consent, legitimate business interest and performance of contract.
- How to avoid tracking technology and consequences of avoidance. If you prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please check your browser and browser settings to determine where cookies are stored and whether and how they can be deleted. The help portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable most cookies altogether. Please note that doing so may negatively impact your experience using the Site, as some features, functionalities and services or portions on our Site may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. Deleting cookies does not delete Local Storage Objects (LSOs) such as Flash objects and HTML5. You can learn more about Flash objects — including how to manage privacy and storage settings for Flash cookies — on Adobe’s website or by clicking here. If you choose to delete Flash objects from our Sites, then you may not be able to access and use all or part of the Sites or benefit from the information and services offered. You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our email and performed certain functions with it. You can also avoid tracking technology by not consenting to the use of tracking technology when asked for consent in cookie banners. You may also withdraw the consent at any time with effect for the future by clicking here. Please note that doing so may negatively impact your experience using the Site, as some features and services on our Site may not work properly. Please note that this does not opt you out from being served ads in general.
You will continue to receive generic ads. - Do not track. Our Site does not respond to browser-based do-not-track signals.
- Google Analytics. Twist Site uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies to help the website analyze how users use the Site. The information generated by the cookie, if opted into, about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. We use Google Analytics to recognize you and link the devices you use when you visit our Site on your browser or mobile device, log in to your account on our Site, or otherwise engage with us. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to us. Thus, Google Analytics allows us to better understand how our users interact with our Site and to tailor our advertisements and content to you. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's site here. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here. The IP address transmitted by your browser as part of Google Analytics is not combined with other data.
- Other third party providers. We use other tracking technology such as: Mux, Wistia, Facebook Connect, Intercom, New Relic.
- Social Media Widgets. Our Site may include social media features, such as the Facebook Like button, Twitter, or other widgets. These social media companies may recognize you and collect information about your visit to our Site, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies.
- WHEN WE MAY DISCLOSE PERSONAL INFORMATION.
We do not sell, share, or otherwise disclose Personal Information we collect about you, except as described in this Privacy Notice or otherwise disclosed to you at the time of the collection or processing as appropriate. Your Personal Information may be disclosed to:- Third-party vendors and other service providers. We may share Personal Information with our third-party vendors and other service providers who provide services such as email delivery, targeted advertising, order fulfillment, hosting, IT infrastructure, IT services, customer service, analytics providers, accounting services and other services to enable them to provide such services. We may also share your Personal Information with independent third parties such as auditors, tax consultants and lawyers. We also rely on the support of payment service providers. Any such service providers will be given limited access to Personal Information for delivering the respective service and - to the extent such service providers act on our behalf - we require these service providers by contract to only process Personal Information in accordance with our instructions and as necessary to perform their services or comply with legal requirements. These third parties include in particular our major cooperation partners: AWS and SFDC.
- The general public or other customers. If you choose to submit content to be posted on a public portion of the Site, such as when participating in our publicly available blogs, community forums, or public comments sections, such content may be accessed by Site users. WE ARE NOT RESPONSIBLE FOR THE USE OR DISCLOSURE BY OTHER SITE USERS OF ANY INFORMATION THAT YOU VOLUNTARILY SUBMIT TO PUBLIC PORTIONS OF THE SITE.
- Purchasers and third parties in connection with a business transaction. We may share your Personal Information with a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with a bankruptcy or similar proceeding).
- Other group companies. We may share Personal Information with our subsidiaries and other affiliates who are subject to this Privacy Policy or policies and practices at least as protective as those contained in this Privacy Policy, and to which it is reasonably necessary or otherwise legitimate for us to disclose your Personal Information in order to carry out the above-mentioned purposes.
- Law enforcement, regulators and other parties for legal reasons. We may share Personal Information with third parties as required by law or subpoena or if we reasonably believe that transmitting Personal Information is necessary for Compliance Purposes.
If you are in the EU, the legal basis for such processing is the performance of contract or our legitimate business interest as set out above. With regard to the Compliance Purposes, the legal basis is the compliance with legal obligations or legitimate business interest. In some cases, as indicated to you in each case, the legal basis may be consent.
- INTERNATIONAL DATA TRANSFERS
We may transfer, disclose, store and otherwise process Personal Information we collect about you to other countries, in particular the United States where our headquarters are located and where the servers that we use are located. These countries may not have the same data protection laws as the country in which you initially provided your Personal Information which means that these countries may not provide the same level of protection for Personal Information as the country from which it was transferred. When we transfer your Personal Information, we will protect that information adequately. If you are located in the EEA, we comply with applicable legal requirements to provide adequate safeguards for the transfer of Personal Information to countries other than the country where you are located. In particular, we may transfer Personal Information to countries for which adequacy decisions have been issued, use contractual protections for the transfer of Personal Information, such as the European Commission's Standard Contractual Clauses, or rely on third parties’ certification to the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks where applicable. You may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of the EEA. - DATA SECURITY AND RETENTION
We maintain administrative, technical and physical safeguards designed to protect the Personal Information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We may use third party hosting and cloud services to store and process your Personal Information on our behalf. We endeavor to select and use such services with data security in mind so that your information is subject to appropriate safeguards and protection. However, no data transmission over the Internet or data security system can be guaranteed to be 100% secure (subject to requirements under applicable law to ensure or warrant information security). We may retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. For example, we may retain sequence information you provide to us to the extent required by applicable laws and regulations. Subject to the terms of any Supply Agreements and the requirements of applicable laws and regulations, we may delete your Personal Information at any time and have no obligation to store or retain such information. We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required or permitted by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations. - YOUR RIGHTS AND CHOICES
- Your choices regarding our use and disclosure of your Personal Information for marketing purposes.
We may give you choices regarding our use of your Personal Information for our marketing and related purposes. You may opt-out from or (if applicable) withdraw your consent to receiving marketing-related messages from us either by using the unsubscribe mechanism provided in the email or by emailing us at [email protected]. If you opt-out from or (if applicable) withdraw your consent to receiving marketing-related messages from us, we may still send administrative, operational and support messages to you. If we ask you to provide consent, you are free to deny such consent without having any negative consequences. If you have consented to our use of your Personal Information for marketing-related messages, you may withdraw your consent at any time with effect for the future. - Your choices regarding cookies.
If you do not want our cookies and other tracking technology to collect information about you, please see "How to avoid tracking technology and consequences of avoidance" - How you can access, change or remove your Personal Information and posted content.
If you would like to review, correct, update, or delete your Personal Information that you have previously provided to us or content you have previously posted on the Site, you may be able to do so through your account on the Order System or other self-help functionality on our Site (to the extent the Order System or other parts of our Site allow for such functionality). Otherwise, you may contact us by emailing us at [email protected]. We will try in good faith to comply with your request if reasonable but make no commitments that we will do so, except if required under applicable law. Furthermore, we may need to retain certain information for recordkeeping purposes and for Compliance Purposes, except if such retention is not permitted under applicable law. There may also be residual information that will remain in our databases and other records that will not be removed, except if removal if required under applicable law. We are not responsible for changing, removing or suppressing information from the databases of third parties that have previously accessed your information, with the exception of any responsibility we may have under applicable law for notifying third party data recipients of any changes, removal or suppression that we carried out, if applicable. - Rights and choices in certain jurisdictions.
- EEA specific rights. To the extent we offer our services or products to customers in the EEA, you have the following rights in respect to your Personal Information that we hold:
- Right of access. The right to obtain access to your Personal Information.
- Right to rectification. The right to obtain rectification of your Personal Information without undue delay where that Personal Information is inaccurate or incomplete.
- Right to erasure. The right to obtain the erasure of your Personal Information without undue delay in certain circumstances, such as where the Personal Information is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain restriction of the processing undertaken by us on your Personal Information in certain circumstances, such as, where the accuracy of the Personal Information is contested by you, for a period of time enabling us to verify the accuracy of that Personal Information.
- Right to portability. The right to portability allows you to move or have the Personal Information moved, copy or transfer Personal Information easily from one organization to another.
- Right to object. In some cases, you have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. Furthermore, you can object to marketing activities for whatever reason whatsoever at any time.
- If you wish to exercise one of these rights, please contact us using the contact details set out in the “How to Contact Us” section below.
- Right to lodge a complaint. You also have the right to lodge a complaint with an EU data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. However, we encourage you to first reach out to us by using the contact set out at the end of this Privacy Policy so that you have an opportunity to address your concerns directly and find a solution together before you do lodge a complaint.
- Nevada specific rights. Nevada residents may opt out of the “sale” of their Personal Information, where Personal Information is exchanged for monetary consideration. We do not engage in such activity; however, if you are a Nevada resident, you may submit a request to opt out of potential future sales under Nevada law by emailing us at [email protected]. Please include sufficient information for us to identify you in your email, such as information about previous orders, or, if applicable, your account information. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.
- California specific rights. If you are a resident of the State of California, please click here for a Supplemental California Privacy Notice.
- Rights in other jurisdictions. In some other countries, you may also have the right to:
- Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time with effect for the future and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
Those rights may be limited in some circumstances by local law requirements.
You may exercise your rights by contacting us using the contact details set out in the “How to Contact Us” section below. Note, however, that if you exercise your right to object or your rights of restriction or deletion, if you decline to share certain information with us, or if you withdraw your consent to our processing of Personal Information about you, we may not be able to provide to you some of the features and functionalities of the Site.
- EEA specific rights. To the extent we offer our services or products to customers in the EEA, you have the following rights in respect to your Personal Information that we hold:
- Your choices regarding our use and disclosure of your Personal Information for marketing purposes.
- LINKS TO OTHER SERVICES AND APPLICATIONS
Our Site and its services (including the Order System) may contain links to, interoperate with, and allow you to share content to and from third party services, websites and applications. The fact that we link to a website, service or application or allow you to share content through these third parties is not an endorsement, authorization or representation that we are affiliated with that third party, nor is it an endorsement of their privacy or information security policies or practices. Other websites, services and applications follow different rules regarding the collection, storage, disclosure or processing of the personal and other information. We encourage you to read the privacy policies or statements of the other websites, services and applications you use. - LIMITATION OF LIABILITY
Even though Twist has taken reasonable commercial steps and efforts to prevent Personal Information from being accessed, used, intercepted or disclosed by unauthorized individuals in violation of this Privacy Policy, you should know and you acknowledge that Company cannot fully eliminate security risks associated with your information. Subject to the terms of any Supply Agreements, you expressly acknowledge and agree that uploading, posting, providing, storing, transmitting, sharing and/or allowing access to Personal Information and other information on, through or to the Site, and the use of the products and services on the Site, are all done at your sole risk and responsibility. You expressly acknowledge that, except to the extent expressly provided for in any Supply Agreements, Company is not liable for (i) any special, indirect, consequential, incidental or punitive damages, costs, or liabilities whatsoever arising out of or resulting from your use of the Site, including from uploading, posting, providing, storing, using, analyzing, transmitting, sharing and/or allowing access to Personal Information and other information; or (ii) any loss, disclosure or use of your Personal Information or other information. - CHANGES TO THIS PRIVACY POLICY
We may change this Privacy Policy from time to time. We will notify you of important changes, either by posting a notice on the Site, sending you an email or taking any other adequate mean to inform you. The Privacy Policy posted on the Site will say when it was last changed. - HOW TO CONTACT US If you wish to withdraw your consent, please contact us by email at [email protected] with the subject line “Consent Withdraw Request.” Please note that if you withdraw consent, we may not be able to provide or continue to provide certain services or marketing communications to you. If you have any questions about this Privacy Policy or would like to exercise any other privacy related rights, please contact us by email at [email protected], or write to the following address: Twist Bioscience Corporation, Attn: General Counsel, 681 Gateway Boulevard, South San Francisco, CA 94080, United States. Please note we will take reasonable steps to verify your identity and the authenticity of the request. With respect to deletion requests, we may need to retain certain records, for example those relating to open orders, payments, or customer service matters, for legal and accounting purposes. If you have multiple email addresses linked to your account (or you used multiple email addresses in connection with purchases) you may need to make a data deletion request with respect to each email address in order for us to fully delete your Personal Information.