Effective from Date:02-Dec-2019
Introduction and Scope
SCIMAX Global (collectively, “SCIMAX”, “we”, “us”, “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Notice (the “Notice”) addresses data subjects whose Personal Data we process in the MedInquirer web application and our MedInquirer mobile applications for iOS and Android (together with the Web Apps, the “Services”).
In the context of this Notice, SCIMAX acts as a data processor for the Personal Data we process.
Categories of Personal Data
We may process the following types of Personal Data:
- Biographical information such as your first and last name
- Contact information such as your physical address, e-mail address, fax and phone number
- Employment information, such as your job title and the organization you work for
- Health data, such as medical history and medical event information
How We Receive Personal Data
We may receive your Personal Data when:
- when you submit your data by phone, e-mail, fax, mail, service desk, or a web form or
- when our customers, such as pharmaceutical companies, provide them to us
A “cookie” is a small file stored on your hard drive that contains information about your computer. By showing how and when visitors use the Web Apps, cookies help us save user preferences and track user trends and patterns. We use session cookies, which are cookies that are deleted when you leave our Web Apps and persistent cookies, which are cookies that remain after you leave our Web Apps so that you are recognized when you return.
Basis of Processing
Within the scope of this Privacy Notice, SCIMAX, acting as a data processor, processes Personal Data based on the documented instructions of the relevant data controllers.
Purposes of Processing
We process Personal Data for the purposes of:
- Providing medical information management services to our customers
- Enabling the use of our Services
- Responding to inquiries, and/or other requests or questions
Data Retention Periods
When the purposes of processing are satisfied, we will delete your personal data within a maximum of six months.
Sharing Personal Data with Third Parties
We may use third parties to perform certain services on our behalf. We may share your Personal Data with these third parties solely to enable them to perform the services for us.
Such third parties include those providing:
- internet hosting
- IT system management
- service desk solutions
We will require that these third parties maintain at least the same level of confidentiality and data protection that we maintain for such Personal Data.
Our service providers may be located outside of the United States; however, we will require that these third parties maintain at least the same level of confidentiality and data protection that we maintain for your Personal Data. SCIMAX remains liable for the protection of Personal Data that we transfer to our service providers within the scope of our Privacy Shield certification, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Other Disclosure of Your Personal Data
We may disclose your Personal Data:
- To the respective regulatory authorities, upon the instruction of the data controller, with regard to reports of adverse events
- To the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders
- If we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change or
- to our subsidiaries or affiliates only if necessary for business and operational purposes
We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data, about our Services users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
Data Integrity & Security
SCIMAX has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
Access & Review
If you are a data subject about whom we store Personal Data, you may have the right to request access to, and the opportunity to update, correct, or delete such Personal Data. You may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent that you have previously provided for your Personal Data to be shared with third parties, except as required by law. You also have the right to opt out if your Personal Data is used for any purpose that is materially different from, but nevertheless compatible with the purpose(s) for which it was originally collected or subsequently authorized by you. To submit such requests, please contact the party that has provided your Personal Data to us. If you have provided your Personal Data to us directly or if you want to raise any other questions related to the way we process your Personal Data, please contact us using the information in the Contact Us section of this Notice.
Our Services are not directed at, or intended for use by, children under the age of 13. We do not knowingly process the Personal Data of anyone under 18. Children should always get permission from a parent or guardian before sending Personal Data over the Internet. If you believe your child may have provided us with their Personal Data, you can contact us using the information in the Contact Us section of this Notice and we will delete that Personal Data.
Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective” date above to reflect the date on which the new Notice became effective.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
With respect to Personal Data in the scope of this Notice, SCIMAX complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”), as adopted and set forth by the U.S. Department of Commerce regarding the processing of Personal Data. SCIMAX commits to adhere to and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
VeraSafe Privacy Program
SCIMAX Global is a member of the VeraSafe Privacy Program, meaning that with respect to Personal Data processed in the scope of this Notice, VeraSafe has assessed SCIMAX’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Where a privacy complaint or dispute cannot be resolved through SCIMAX’s internal processes, SCIMAX has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
If your dispute or complaint can’t be resolved by SCIMAX, nor through the dispute resolution program established by VeraSafe, you may have the right to require that SCIMAX Global enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
SCIMAX is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
If you have any questions about this Notice or our processing of your Personal Data, please contact our Data Protection Officer, Richard Lipman, by email at firstname.lastname@example.org, by phone at +1 609-454-5730, or by postal mail at:
SCIMAX Global – A Subsidiary of Techsol Corporation
Attn: Richard Lipman, DPO
101 College Road East,
Princeton NJ 08540
Please allow up to four weeks for us to reply.