Cancer Screening

Our proprietary miRNA technology detects cancer at its earliest, most treatable stages. With minimally invasive test and accurate insights, our tests enable patients to act sooner.

A pioneering blood test for the early detection of gastric (stomach) cancer.

LUNGClear

A minimally invasive blood test designed to identify lung cancer at an early stage.

Cancer Treatment Selection

We leverage advanced Next-Generation Sequencing (NGS) technology to empower patients in personalised cancer treatment selection.

APEX Tissue

A Targeted 50-Gene
Profiling Test

COMPASS Tissue

A Comprehensive 1021-Gene
Profiling Test

Privacy Policy

This Data Protection Policy (the “Policy”) applies to the collection, use, and disclosure of an individual’s Personal Data (hereinafter defined) by Design and Default, arising from goods and/or services offered by Mirxes Holding Pte. Ltd. its related corporations and affiliates, and their respective successors in title (collectively referred to as “Mirxes”).

1. General

1.1: This Policy statement provides information on the obligations and policies of Mirxes in respect of an individual’s Personal Data. Mirxes undertakes to use reasonable efforts in applying, where practicable, those principles and the processes set out herein to its operations.

1.2: Mirxes’s officers, management, and staff shall use reasonable endeavors to safeguard the confidentiality of all Personal Data collected, stored, disclosed or used for or on behalf of Mirxes. Mirxes shall also use reasonable endeavors to ensure that the collection, storage, disclosure and use of Personal Data by Mirxes is conducted appropriately and in compliance with applicable data protection laws and this Policy.

1.3: By interacting with us, submitting information to us, or signing up for any products or services offered by us, you agree and consent to Mirxes as well as to its respective representatives and/or agents (“Representatives”) (collectively referred to herein as “Mirxes”, “us”, “we” or “our”) collecting, using, disclosing and sharing amongst themselves your Personal Data, and disclosing such Personal Data to Mirxes’s authorized service providers and relevant third parties in the manner set forth in this Policy.

1.4: This Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which we may have at law to collect, use or disclose your Personal Data.

1.5: For the purposes of this Policy, in line with the provisions under the Singapore Personal Data Protection Act 2012 (No. 26 of 2012) (the “Act”), “Personal Data” shall mean data, whether true or not, about an individual customer who can be identified from that data; or from that data and other information which an organization has or is likely to have access. Such Personal Data shall also refer to that which is already in the possession of Mirxes or that which shall be collected by Mirxes in future.

1.6: Sensitive Personal Data
Where Mirxes collects, uses or discloses any category of Personal Data deemed to be sensitive including but not limited to health information, biometric data or Personal Data relating to children, Mirxes will implement enhanced protection measures to safeguard such data in accordance with applicable laws, including the Personal Data Protection Act 2012 (No. 26 of 2012) (“PDPA”) and relevant advisory guidelines.

Mirxes will:

- - collect and use such sensitive data only with explicit consent from the individual or, in the case of minors, parental or legal guardian consent, unless otherwise permitted under the PDPA.
  - Clearly notify individuals of the purpose for which such data is collected, used or disclosed.
  - Adopt appropriate technical and organizational controls (including access restrictions, encryption and secure data storage protocols) to ensure such data is safeguarded.
  - Limit access to such data to authorized personnel only and ensure they are subject to strict confidentiality undertakings.
  - Ensure that third-party service providers handling sensitive data on Mirxes’s behalf are contractually bound to similar data protection obligations.

In accordance with PDPC guidance, Mirxes exercises additional caution when handling Personal Data of individuals under the age of 13, including implementing age verification processes and obtaining verifiable consent from a parent or guardian where necessary.

In the event of a data incident or breach involving sensitive data, Mirxes will assess its impact promptly and comply with notification obligations under the PDPA where there is reason to believe that the incident may cause significant harm or affect more than a prescribed number of individuals.

2. Contacting the Data Protection Officer

2.1: Where you legitimately request access to and/or correction of Personal Data relating to you that is in the possession or control of Mirxes, Mirxes shall, subject to the provisions of the PDPA, provide access to, or make the appropriate correction to, your Personal Data within thirty (30) calendar days from the date of receipt of your request, in accordance with Mirxes’s standard operating procedures.

If Mirxes is unable to respond within thirty (30) days, you will be notified in writing of the reason for the delay and informed of the estimated time frame within which Mirxes is able to respond.

Where permitted under the PDPA, Mirxes reserves the right to impose a reasonable administrative fee for the processing of any access request. If applicable, Mirxes shall inform you of such fee and the basis for it prior to processing your request.

2.2: To submit a request for access or correction, opt-out, raise a query or lodge a complaint regarding the application of this Policy or the PDPA, you may contact our Data Protection Officer (the “DPO”) via any of the following channels:

- - Email: privacy@mirxes.com
  - Telephone: (+65) 6816 2931
  - Mailing Address: 2 Tukang Innovation Grove, #09-02, #05-01, #08-01 JTC MedTech Hub, Singapore 618305

Mirxes is committed to safeguarding your Personal Data and to responding to your queries and requests efficiently and in compliance with applicable law.

2.3: If your Personal Data has been provided to us by a third party (e.g. through a referral mechanism), you should direct any requests, queries or complaints relating to such data to the individual who submitted the data to us.

2.4: By submitting the Personal Data of another individual to Mirxes, you represent and warrant that you have notified that individual of the purposes for which the data was provided and obtained their valid consent in accordance with the requirements of the PDPA.

2.5: If you do not wish for Mirxes to use your Personal Data for any of the purposes outlined in Clauses 2 to 3.4, or if you wish to opt out of receiving promotional or marketing communications from Mirxes, you may do so by sending a clearly worded request to the DPO using the contact details provided in Clause 2.2. Your request will be acknowledged and processed within thirty (30) days. If additional time is required, you will be notified with an explanation and estimated time frame. Please note that opting out may affect our ability to provide certain services or fulfill existing obligations, and any legal or contractual consequences may continue to apply.

3. Statement of Practices

Types of Personal Data Collected:

3.1: As part of its day-to-day activity, Mirxes may collect from you, through various means, including via our websites, smart phone applications, marketing events such as road shows, clinical studies, research collaborations, wearable medical devices and any forms or technologies used by Mirxes from time to time, some or all of the following types of Personal Data:

(A) Personal Identifiers:

- - Name (first and surname);
  - Date of Birth
  - Gender
  - National identification numbers (e.g. NRIC, passport number)
  - Photographs and images

(B) Contact & Demographic Information:

- - Postal Address;
  - Phone number (including mobile, office and fax numbers);
  - Email address;
  - Emergency contact details

(C) Financial Data:

- - Bank account information
  - Credit/debit card details;
  - Billing or insurance information

(D) Digital & Behavioral Data:

- - IP addresses
  - Device identifiers and cookies
  - Application and website usage data
  - Website browsing history

(E) Health and Medical Data:

- - Medical and health records
  - Diagnosis and treatment information
  - Participation in clinical studies and corresponding consent documentation
  - Genomic, genetic or biometric data (e.g. fingerprints, facial scans, voiceprints)
  - Adverse event and safety reports
  - Data collected from wearable devices or sensors (e.g. heart rate, activity levels)

(F) Geo-location & Environmental Data:

- - Real-time and historical geo-location data (collected via applications, devices or other technologies)
  - Environmental context information (such as proximity-based data from beacons or similar devices)

(G) Professional Data:

- - Occupation, job title and employer
  - Professional qualifications and certifications

(H) Research and Scientific Data:

- - Biospecimen identifiers (e.g. sample codes for tissue, blood or DNA)
  - Research participant testimonials and survey responses
  - Scientific or research study data

(I) Other Sensitive Data (where collected and permitted under law)

- - Racial or ethnic origin
  - Religious or philosophical beliefs (only where relevant for research or required by law).

(J) Children’s Data:

- - Where Mirxes collects personal data from minors (under 18 years), such collection will only be conducted with verifiable parental or legal guardian consent. Enhanced protection measures will be applied, and all handling will comply with applicable legal standards for children’s data.

Mirxes is committed to regularly reviewing and updating this list to reflect all current and emerging data collection technologies and practices. Any significant changes will be communicated to relevant individuals in accordance with applicable laws and this Policy.

Use of Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our websites to enhance your user experience, analyze site traffic and support certain functionalities. These cookies may be set by us or by third-party service providers acting on our behalf.

Cookies themselves do not collect personally identifiable information. However, if you have previously provided us with your Personal Data (e.g. through forms or user registration), cookies may be linked to such information for the purposes of providing you with a more customized browsing experience.

Cookie Consent and Management

In accordance with applicable laws, including the Personal Data Protection Act 2012 (PDPA) and relevant international standards such as the EU General Data Protection Regulation (GDPR), we implement a cookie banner or notice mechanism that requests explicit consent before the use of any non-essential cookies (such as marketing or analytics cookies).

You may accept or reject different categories of cookies via our cookie banner or through your browser settings. Most web browsers are set by default to accept cookies, but you can modify your browser settings to decline cookies or alert you when a cookie is being sent. Please note that disabling certain types of cookies may affect the functionality and user experience of our website.

Types of Cookies We Use

To help you make informed choices, we categorize cookies as follows:

- - Strictly Necessary Cookies: Essential for the operation of the website. These cannot be switched off.
  - Functional Cookies: Enable enhanced functionality and personalization.
  - Analytical/Performance Cookies: Collect anonymous information on how visitors use the site to help us improve performance.
  - Marketing/Targeting Cookies: Used to deliver content or advertisements more relevant to you and your interests.

For more information, please refer to our full Cookie Policy available on our website. This Policy may be updated from time to time to reflect changes in our use of cookies and tracking technologies.

Purpose of Collection of Personal Data

3.2: The Personal Data outlined in Clause 3.1 is collected for specific purposes that are deemed necessary and non-excessive, including but not limited to: processing your application to determine eligibility for discounts, privileges, benefits or for other clearly related purposes; conducting market research and analysis; direct marketing via voice calls; text messages; email; direct mail and facsimile messages; payment and/or credit control purposes; notifying you of changes to our policies or services that may affect you; responding to queries and feedback; managing or terminating an employment relationship when you work for Mirxes, identification and informing you of new developments, services and promotions by Mirxes or its associated third parties.

Mirxes endeavors to collect and retain only the Personal Data that is necessary for the specified purposes of its collection and will not use such data for any purpose other than that for which it was originally collected. Personal Data is retained only for as long as necessary to fulfil its intended purpose or as required by applicable laws. For health and medical data, including laboratory results and diagnostic images, we adhere to the Ministry of Health’s guidelines and statutory retention requirements in Singapore. Once these obligations are met, we will securely dispose of or anonymize the data in accordance with industry standards and our internal Personal Data Protection Policy. If Mirxes intends to use Personal Data for a new purpose not previously identified or consented to, we will obtain fresh, informed and explicit consent prior to such use.

For direct marketing communications, you will be provided with a clear and easy mechanism to opt out at any time, in compliance with the Singapore Personal Data Protection Act (PDPA) and Do Not Call (DNC) provisions.

All Personal Data collected by Mirxes shall be accessible only to specifically designated individuals or parties who require such access strictly on a need-to-know basis and solely for fulfilling the specific, necessary purposes for which the data was collected. Mirxes will implement appropriate safeguards and access controls to protect your Personal Data against unauthorized access, use or disclosure.

Disclosure of Personal Data To Third Parties

3.3: To facilitate the purposes outlined above, Mirxes may, from time to time, disclose your Personal Data to its related corporations and affiliates, where such disclosure is necessary for the performance of their respective functions.

3.4: Without limiting any of the foregoing, Mirxes may also disclose your Personal Data to the following third parties:

- - Regulators and Law Enforcement Agencies: For compliance with legal obligations, to respond to valid and proportionate requests or where required by law.
  - Legal and Professional Advisers (eg. lawyers; auditors): For obtaining legal, audit or professional advice, or in connection with legal proceedings.
  - Third Party Service Providers and Consultants: This includes but is not limited to contract research organizations (CROs), laboratory service providers, IT and cloud service providers, marketing agencies, data hosting providers and customer support vendors. These third parties may be engaged to deliver services on behalf of Mirxes, such as processing payments, supporting marketing or analytics activities or maintaining systems. Prior to disclosing any Personal Data to such third party service providers, whether located in Singapore or overseas, Mirxes will conduct a due diligence assessment to ensure that the recipient is capable of safeguarding the Personal Data in a manner that is comparable to the standards set out under the Singapore Personal Data Protection Act 2012 (PDPA). This assessment includes a review of the provider’s data protection policies, security measures and compliance history. Mirxes will not engage any provider that fails to meet these standards.
  - Financial Institutions (eg. Banks, credit, debit card companies): For processing payments or credit arrangements;
  - Potential Buyers or Investors: In the event of a potential or actual merger, acquisition, sale of business or assets or investment evaluation, with prior notice and, where required by law, your consent, before any Personal Data is transferred.
  - Agent or Subcontractor: Acting on Mirxes’s behalf to provide services essential to Mirxes’s operations in biotechnology research, development, manufacturing or commercialization.

For each category, Mirxes will specify the relevant purpose at the point of data collection or notification, as applicable, and assess third parties for their ability to observe confidentiality and use the data solely for the stated purpose.

Contractual Safeguards for Third Parties

All third-party service providers, agents, consultants or subcontractors who are provided access to Personal Data will be contractually required to:

- - comply with strict confidentiality obligations and data protection standards equivalent to those required by applicable data protection laws,
  - use the Personal Data only for the legitimate, specified purposes for which it was disclosed,
  - implement appropriate technical and organizational measures to ensure data security and prevent unauthorized access, use or disclosure.
  - immediate notification to Mirxes in the event of any data breach or security incident affecting Personal Data.

3.5: Mirxes may disclose your Personal Data to the abovementioned parties under the following circumstances:

- - Where required by applicable laws or regulations;
  - in connection with any ongoing or prospective legal proceedings;
  - to establish, exercise or defend Mirxes’s legal rights;
  - to a purchaser or prospective purchaser of any business or asset that Mirxes is selling or considering selling;
  - to any person or entity engaged by Mirxes to process Personal Data on its behalf;
  - to third party service providers engaged by Mirxes;
  - to any third party acquiring Mirxes, its business or any part thereof;
  - with your consent; or
  - for disaster recovery purposes.

Where consent for the collection, use or disclosure of Personal Data cannot be obtained, and such collection, use or disclosure is necessary for the vital interests of the individual, the legitimate interests of Mirxes, or otherwise permitted under the Personal Data Protection Act 2012 (“PDPA”), Mirxes shall rely on the exceptions provided under the First and Second Schedules of the PDPA or as required or authorized under any other written law.

Optional Provision of Personal Data

3.6: In certain instances, you may be requested to provide additional Personal Data to help Mirxes enhance its products and services or to provide you with more relevant and personalized information. This type of Personal Data is optional unless a requested service or product expressly requires specific information to be provided. Where the provision of such data is optional, your decision not to provide the requested information may limit the ability of Mirxes to offer personalized healthcare, research participation or tailored communications. Examples of optional Personal Data include, but are not limited to:

- - your age;
  - gender;
  - salary range and employment details;
  - education and profession;
  - hobbies and leisure activities;
  - other related products and services subscribed to; and
  - family and household

Where Mirxes requests such data, the request will specify whether the information is optional or mandatory, the purpose for its collection and the potential impact of withholding the data. All optional Personal Data collected will be used strictly for the stated purposes, ensuring compliance with the principles of specificity, necessity and non-excessiveness under the PDPA.

3.7: Under certain circumstances, telephone calls made to any of Mirxes’s related corporations and affiliates including order or service hotlines and inquiry telephone numbers may be recorded for purposes such as quality control, performance appraisal, and staff management and development. By agreeing to this Policy, you provide your informed consent to the collection, use and disclosure of Personal Data derived from such recordings. This consent covers the use of the recordings for record-keeping, responding to your enquiries or transactions, as well as for quality assurance and staff training purposes.

4. Transfer of Personal Data Overseas

Your Personal Data may be processed by Mirxes, its affiliates, agents and third parties providing services to Mirxes, in jurisdictions outside of Singapore.

It may also be stored on external servers located overseas or in countries outside your country of residence. In the course of doing business, we may share your Personal Data with and among our related corporations and affiliates, and third-party service providers located in jurisdictions such as the United States, United Kingdom, India and China among others.

- - To ensure equivalent protection of your Personal Data as provided under Singapore’s Personal Data Protection Act (PDPA), Mirxes implements measures such as: The use of legally binding contractual arrangements, including data transfer agreements and standard contractual clauses (model clauses),
  - Conducting risk assessments of the destination countries’ data protection laws
  - Ensuring third parties adhere to adequate data protection standards and obligations

Mirxes will only transfer your Personal Data overseas in compliance with the Singapore PDPA and applicable data protection laws of the destination countries. We remain committed to taking reasonable steps to safeguard your Personal Data against unauthorized access, disclosure or misuse in all jurisdictions where it is processed or stored.

5. Accuracy of Personal Data

Where possible, Mirxes will validate the Personal Data provided using generally accepted practices and guidelines. This includes the use of check sum verification on certain numeric fields such as account numbers or credit card numbers. In some cases, Mirxes may validate the data against pre-existing data held by Mirxes. For certain types of Personal Data, such as personal identifiers or proof of address, Mirxes may require original documentation before the data can be used.

To assist in ensuring the accuracy of your Personal Data, please promptly inform us of any updates by sending a clearly worded request to the DPO at the email address provided in Section 2.2.

Identity Verification: To protect your Personal Data, Mirxes will only disclose or correct your Personal Data after conducting reasonable identity verification checks. We limit the information requested during these checks to the minimum necessary to confirm your identity.

Correction and Deletion: You have the right to request correction of inaccurate Personal Data held by Mirxes. In addition, where permitted by law, you may also request deletion of your Personal Data. Mirxes will consider such requests in accordance with applicable laws and our company policies.

Fees: Mirxes may charge a reasonable fee for handling requests that are repeated, manifestly unfounded or excessive. Otherwise, requests will generally be handled free of charge.

6. Protection of Personal Data

Mirxes uses commercially reasonable physical, managerial, and technical safeguards to protect the confidentiality, integrity and security of your Personal Data. Access to your Personal Data is strictly limited to authorized personnel within Mirxes, or as otherwise specified in this Policy and will not be knowingly disclosed to any third party outside Mirxes, except to you or as permitted by applicable law.

However, please be aware that no method of transmission or storage over the internet or electronic systems is completely secure. While Mirxes strives to protect your Personal Data, we cannot guarantee or warrant the absolute security of any information you transmit to Mirxes. You acknowledge and accept that any information sent to Mirxes is done so at your own risk.

Specifically, Mirxes does not warrant that your Personal Data will never be accessed, altered, collected, copied, destroyed, disposed of, disclosed or modified through breaches of our physical, technical, or managerial safeguards, despite our best efforts to prevent such incidents.

7. Access and Correction of Personal Data

7.1: In accordance with Clause 2.1 of this Policy and the Personal Data Protection Act (PDPA) of Singapore, you have the right to:

- - Request to check whether Mirxes holds any Personal Data relating to you and, if so, obtain copies of such data; and
  - Request correction of any Personal Data relating to you that is inaccurate for the purposes for which it is being used.

7.2: Mirxes may charge a reasonable administrative fee for processing access requests under Clause 7.1. Correction requests under Clause 7.1 will generally be processed free of charge. Upon receipt of your request and payment of the requisite fee (if applicable), Mirxes will process your request within thirty (30) calendar days or otherwise notify you if additional time is required.

7.3: To protect your Personal Data and privacy, Mirxes may require proof of identity before disclosing or correcting your Personal Data. The identity verification may include providing your full name and an official identification number such as NRIC, Passport or Fin number. You are responsible for safeguarding this information and for all actions taken in response to requests made using your details.

8. Storage and Retention of Personal Data

Mirxes will, as far as reasonably practicable, delete or anonymize your Personal Data when it is no longer necessary to fulfill the purpose for which it was collected, or when it is no longer required for any legitimate business or legal purposes. Such deletion will be carried out in accordance with Mirxes’s internal procedures and any applicable agreements, ensuring the Personal Data is removed from all electronic, manual, and other filing systems.

Contacting you

To the extent that any communication channels you have provided to Mirxes with such as your telephone number or fax number are listed on the Do Not Call Registry (“DNC”), or otherwise designated as restricted, you hereby give Mirxes your clear and unambiguous consent to contact you through all of such communication means. This includes voice calls, SMS, WhatsApp, fax or other similar messaging methods, for the purposes described in Paragraph 3.2 above.

9. Change Policy

Mirxes reserves the right to amend or update any of the clauses in this Policy to comply with applicable local laws or for any other reason Mirxes considers reasonably necessary. You are encouraged to review these terms periodically. If you do not agree with any modifications, please notify us promptly specifying the terms to which you do not consent. Until such notice is received, in the event of any conflict between these terms and any additional terms, the additional terms will prevail to the extent of the inconsistency.

10. Governing Law

This Policy is governed by and shall be construed in accordance with the laws of Singapore and other applicable data protection laws in the countries where Mirxes operates.

You hereby submit to the non-exclusive jurisdiction of the courts of Singapore, including the Singapore International Commercial Court, for any disputes arising out of or in connection with this Policy. Additionally, where required, you also submit to the jurisdiction of courts in other countries where Mirxes operates.

Mirxes has appointed data protection leaders and established a network of internal Data Protection Officers (DPOs) across the various countries and regions in which it operates. These appointed personnel ensure compliance with the data protection and privacy laws applicable in each jurisdiction and oversee the protection of your Personal Data in accordance with both local laws and this Policy.

- - privacy@mirxes.com

In the event of any conflict or inconsistency between this Policy and the data protection practices or policies in a particular country or region where Mirxes operates, the following order of precedence shall apply:

- - applicable data protection laws or implementing regulations in that country;
  - data protection policies specific to that country or region, if any; and
  - this Policy.

11. Miscellaneous

11.1: This Policy applies solely to the collection and use of Personal Data by Mirxes. It does not extend to third party websites to which we provide links, including those that may be co-branded with our logo. Mirxes does not share your Personal Data with these third party sites and is not responsible for their privacy or data handling practices. We recommend that you review the privacy policies of any third-party websites before disclosing any Personal Data. Once you leave our website, you should familiarize yourself with the applicable privacy policies of such third parties.

11.2: Mirxes will not sell your Personal Data to any third party without your consent. However, we cannot be held responsible or liable for the actions or practices of third-party websites that you may access through links on or referrals from Mirxes’s website.

11.3: Mirxes’s websites are not directed at, nor intended to attract children under the age of 18 years old. Mirxes does not knowingly collect personal information from children under the age of 18 years old or request such information from them.