Safe Harbor Privacy Statement
TRIALSCOPE, INC. UNITED STATES-EUROPEAN UNION-SWITZERLAND SAFE HARBOR PRIVACY STATEMENT
TrialScope, Inc. (the “Company”) is a corporation incorporated under the laws of the State of Delaware in the United States of America. The Company has its principal place of business located at 3 Second Street, Harborside Plaza 10 – Third Floor, Jersey City, New Jersey 07311. This statement sets forth the privacy standards that the Company utilizes to collect, retain, and use personal information obtained from individuals located within the European Union (“EU”), the European Economic Area (“EEA”) (hereinafter, EU and EEA collectively, the “EU”) and Switzerland. This statement (“Safe Harbor Statement”) is published in accordance with the requirements set forth in the framework adopted between the European Commission, the Swiss Federal Data Protection and Information Commission (“Swiss Commission”) and the United States (“US”) Department of Commerce establishing the EU-US and US-Swiss Safe Harbor for data privacy and security standards. It is the Company’s policy to respect, and protect, personally identifiable information from individuals in the EU or Switzerland as set forth in this Safe Harbor Statement.
The Company complies with the Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. The Company also complies with the US-Swiss Safe Harbor Framework as agreed upon by the US Department of Commerce and the Information Commissioner of Switzerland. The Company has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view the Company’s certification, please visit http://www.export.gov/
The Company collects and organizes data to assist organizations to publish clinical trial information. Accordingly, the Company does collect, receive or store data including Data (as defined below) from its customers pertaining to individuals within the customers’ organizations who use the systems provided by TrialScope.
What Is Safe Harbor?
Safe Harbor is a framework allowing entities in the US to voluntarily certify that they will maintain certain privacy practices consistent with the EU-US and US-Swiss Safe Harbor. Companies that certify indicate that they have developed, and will follow, data privacy and security standards for personal information received from the EU and Switzerland that have been jointly accepted by the European Commission, the Swiss Federal Data Protection and Information Commission, and the US Department of Commerce, allowing for the transfer of such personal information to the US. The Company has certified to Safe Harbor. For more information about Safe Harbor please visit http://export.gov/
What Is the Scope of this Statement?
“Data” means Personal Data (as defined below) and Sensitive Data (as defined below) collectively which is received from, or about, persons located within the EU or Switzerland.
“Personal Data” means information received from, or about, persons located in the EU or Switzerland that relates to an identified or identifiable individual, including information that can be linked to an identified or identifiable individual. Personal Data may also include “Sensitive Data.” Personal Data can include information supplied to us by you, or which is received from other sources.
“Sensitive Data” is a subset of Personal Data that is information from, or about, persons located in the EU or Switzerland relating to medical or health status; racial or ethnic background; political opinions, religious or philosophical beliefs, trade union membership, information relating to sex life or sexual orientation, and information relating to actual or alleged criminal history. Sensitive Data also includes any information that you (or the person/entity from which the information was obtained) advise(s) us that the Data is sensitive and the Data is treated as sensitive.
“Transfer” or “Transferred” includes communicating, disclosing, or accessing by electronic or other means, whether at the premises where the information is physically located, by remote access, or otherwise.
“We,” “our,” or “us” (whether or not capitalized) means TrialScope, Inc.
“You,” and “your” (whether or not capitalized) means the individual accessing the Website.
General: US Safe Harbor establishes several privacy principles that an entity in the US must adopt and follow in order to obtain, and maintain, Safe Harbor certified status (the “Principles”). The Principles have been formed by documents and Frequently Asked Questions (FAQ) and responses to those FAQ, exchanged between the European Commission, the Swiss Commission and the US Department of Commerce. The FAQs to which this Safe Harbor Statement refer are the FAQs set forth in the Safe Harbor framework. The Principles, and the Company’s publication of adherence to those Principles, are set forth as follows:
Notice: If you are asked to submit Data to us, we will advise you of the types of Data we may collect about you, the purposes for which we collect and use your Data, and the types of third-parties to which we may disclose your Data. Notice will be provided in clear and conspicuous language at the time of collection, or as soon thereafter as is practicable before disclosing it to a third-party. We will also advise you of any new uses for which we may collect and use your Data as soon thereafter as is practicable. Depending upon the type of Data which you are asked to submit, we may advise you in different ways, including electronically if you are asked to submit information via e-mail or through a website or portal of ours. We will also advise you how to contact us with any inquires or complaints about the collection, use, or handling of your Data.
Consistent with the Principles, we may not be in a position to be able to provide you with notice prior to disclosing your Data under certain limited circumstances such as, if we have to respond to a subpoena or other legal process, if disclosure is allowed under law, or if we need to disclose such information for other legitimate purposes which might include preventing fraud, protecting the Data, and/or guarding against or defending any potential liability.
Choice: With respect to Personal Data, we will offer you the opportunity to decide whether your Personal Data should be disclosed to a third-party, or if your Personal Data is to be used for a purpose incompatible with the purpose for which it was originally collected. With respect to Personal Data, we will provide at least “opt-out” notice. “Opt-out” means that when you are advised of the types of Personal Data, proposed use, and types of parties to whom it may be disclosed, if you do not affirmatively take some action indicating that you do not wish us to collect, use, or disclose your Personal Data, we will deem your inaction an implicit consent to collect, use, and/or disclose your Personal Data.
In the event that the Data is, or includes, Sensitive Data, you will be given the ability to explicitly choose whether the Sensitive Data may be disclosed to a third-party, or if the Sensitive Data is to be used for a purpose incompatible with the purpose for which it was originally collected by explicit opt-in choice. “Opt-in” choice means that when you are advised of the types of Sensitive Data, proposed use, and types of parties to which it may be disclosed, if you do not affirmatively take some action indicating that you specifically consent to allow us to collect, use, or disclose your Sensitive Data, then you will not have consented to the collection, use, or disclosure of your Sensitive Data for a purpose other than those for which it was first collected or subsequently authorized by you. The opt-in notice for Sensitive Data may be limited to the extent allowed under FAQ 1 of the EU-US Safe Harbor as set forth at http://export.gov/
We will advise you with clear conspicuous, readily available, and affordable mechanisms to exercise your choice.
Onward Transfer: We will only Transfer Data of EU and Swiss individuals to third-parties if the third-parties: (a) have provided satisfactory assurances that they will adhere to privacy practices providing at least the same level of privacy protection as set forth in this statement; (b) are subject to EU or Swiss data privacy laws or the data protection laws of another country which EU data protection authorities or the Swiss Commission have deemed provide “adequate” data privacy protections; or, (c) have certified to the Safe Harbor program. If we have knowledge that a party to which we transfer information is using or sharing the Data in a way contrary to the principles set forth in this statement, we will take reasonable steps to attempt to stop or prevent the processing, use or sharing of that Data.
Security: We take reasonable precautions to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. To the extent that we have any Sensitive Data, we will take greater care to protect the Sensitive Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Data Integrity: The Data we collect will be necessary for, and related to, the purposes for which it has been collected. We will not process Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual concerned. We will take reasonable steps to ensure that the Data is reliable, accurate, complete, and current for its intended use.
Access: We will provide you with reasonable access to your Data so that you may review what information we may have about you. You may request corrections, deletions, or additions as may be reasonably appropriate, except where the burden or expense of providing access would be disproportionate to the risks to your privacy, or where the rights of other persons would be violated. There may be other times when we may limit, or prevent, your access to your Data as described in FAQ 8 of the EU-US Safe Harbor, which you may review at http://export.gov/
Enforcement: We have established mechanisms to verify our ongoing compliance with these Principles. We encourage any person who has questions or complaints about our privacy practices under this statement to contact us at the contact information set forth below. We will seek to investigate any claims, address any concerns, and resolve any disputes made concerning the handling of Data in connection with the Principles of this Safe Harbor Statement. We will take steps to remedy any breaches of the Principles of this Safe Harbor Statement.
TrialScope Inc. participates in the US – EU Safe Harbor framework and the US – Swiss Safe Harbor as set forth by the United States Department of Commerce. As part of our participation in the safe harbor, we have agreed to TRUSTe dispute resolution for disputes relating to our compliance with the Safe Harbor Privacy Framework. If you have any complaints regarding our compliance with the Safe Harbor you should first contact us (as provided above). If contacting us does not resolve your complaint, you may raise your complaint with TRUSTe. Please click here for fax and postal mail information.
TRUSTe’s Dispute Resolution process is only available in English. For Human resources data we have agreed to cooperate with Data Protection Authorities.
Limitation on Scope of Principles:
Our adherence to these principles may be limited to the extent required to meet legal, governmental, national security, or public interest obligations.
Questions or comments about this statement, or any requests for access, or complaints, whether or not applying to the Company, should be submitted to the following address:
Harborside Financial Center
Plaza Five, Suite 2900
Jersey City, NJ 07311
Attn: Privacy Officer Alan Buckley