Effective from Date: 19-Oct-2023
Introduction and Scope
Techsol Corporation, doing business as Techsol Life Sciences and our subsidiary, SciMax Global LLC, (collectively, “Techsol”, “we”, “us”, “our”) take the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Notice (the “Notice”) addresses data subjects whose Personal Data we process in the SciMax MI (and related) web applications and our hosted instances of the Oracle Argus application (“Web Apps”), and our SciMax MI mobile applications for iOS and Android (together with the Web Apps, the “Services”).
Controllership
In the context of this Notice, Techsol acts as a data processor for the Personal Data we process.
Categories of Personal Data
We may process the following types of Personal Data:
- Biographical information such as your first and last name
- Contact information such as your physical address, e-mail address, fax and phone number
- Employment information, such as your job title and the organization you work for
- Health data, such as medical history and medical event information
How We Receive Personal Data
We may receive your Personal Data when:
- when you submit your data by phone, e-mail, fax, mail, service desk, or a web form or
- when our customers, such as pharmaceutical companies, provide them to us
Cookies
A “cookie” is a small file stored on your hard drive that contains information about your computer. By showing how and when visitors use the Web Apps, cookies help us save user preferences and track user trends and patterns. We use session cookies, which are cookies that are deleted when you leave our Web Apps and persistent cookies, which are cookies that remain after you leave our Web Apps so that you are recognized when you return. Further information on our use of cookies is set out in our Cookie Policy (click to access).
The use of cookies is industry standard, so your browser may be set to accept cookies. If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. For more information, please visit https://www.aboutcookies.org. Note, if you reject certain cookies, you may not be able to access all of the features of our Web Apps.
Basis of Processing
Within the scope of this Privacy Notice, Techsol, acting as a data processor, processes Personal Data based on the documented instructions of the relevant data controllers.
Purposes of Processing
We process Personal Data for the purposes of:
- Providing medical information management services to our customers
- Enabling the use of our Services
- Responding to inquiries, and/or other requests or questions
Data Retention Periods
When the purposes of processing are satisfied, we will delete your personal data within a maximum of six months.
Sharing Personal Data with Third Parties
We share Personal Data with our subsidiaries and affiliates, as well as third parties to perform certain services on our behalf. We may share your Personal Data with these third parties solely to enable them to perform the services for us.
Such third parties include those providing:
- internet hosting
- IT system management
- service desk solutions
We will require that these third parties maintain at least the same level of confidentiality and data protection that we maintain for such Personal Data.
Our service providers may be located outside of the United States, the European Union (“EU”) or the European Economic Area (“EEA”). However, we will require that these third parties maintain at least the same level of confidentiality and data protection that we maintain for your Personal Data. Techsol remains liable for the protection of Personal Data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Also, in some cases, the European Commission may not have determined that the third-countries’ data protection laws provide a level of protection equivalent to EU law. The list of countries that the European Commission has deemed that offer an adequate level of data protection is available here. We will only transfer Personal Data of EU data subjects to third parties outside of these countries when there are appropriate safeguards in place. These safeguards include complying with EU-U.S. Data Privacy Framework and implementing the European Commission’s standard contractual data protection clauses for the transfer of Personal Data to third countries, as approved by, and available directly from the European Commission (the “SCCs”).
Other Disclosure of Your Personal Data
We may disclose your Personal Data:
- To the respective regulatory authorities, upon the instruction of the data controller, with regard to reports of adverse events
- To the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to in response to subpoenas, search warrants, or court orders.
- If wesell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change or our subsidiaries or affiliates only if necessary for business and operational purposes.
We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data, about our Services users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
Data Integrity & Security
Techsol has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
Access & Review
If you are a data subject about whom we store Personal Data, you may have the right to request access to, and the opportunity to update, correct, or delete such Personal Data. You may also have the right to limit the use and disclosure of Personal Data. You may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent that you have previously provided for your Personal Data to be shared with third parties, except as required by law. You also have the right to opt out if your Personal Data is used for any purpose that is materially different from, but nevertheless compatible with the purpose(s) for which it was originally collected or subsequently authorized by you. To submit such requests, please contact the party that has provided your Personal Data to us. If you have provided your Personal Data to us directly or if you want to raise any other questions related to the way we process your Personal Data, please contacts using the information in the Contact Us section of this Notice.
Children’s Privacy
Our Services are not directed at, or intended for use by, children under the age of 13. We do not knowingly process the Personal Data of anyone under 18. Children should always get permission from a parent or guardian before sending Personal Data over the Internet. If you believe your child may have provided us with their Personal Data, you can contact us using the information in the Contact Us section of this Notice and we will delete that Personal Data.
Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective” date above to reflect the date on which the new Notice became effective.
EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework
With respect to personal information processed in the scope of this Notice, Techsol, and its subsidiaries, complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Techsol has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Techsol has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
Under the Data Privacy Framework, we identify SciMax Global, LLC, a U.S. subsidiary of Techsol, as a “Covered Entity”.
VeraSafe Privacy Program
Techsol is a member of the VeraSafe Privacy Program, meaning that with respect to Personal Data processed in the scope of this Notice, VeraSafe has assessed Techsol’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain ahigh standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Dispute Resolution
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Techsol commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the VeraSafe Data Privacy Framework Dispute Resolution Procedure, an alternative dispute resolution provider based in the United States and the European Union.
If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/.
Binding Arbitration
If your dispute or complaint can’t be resolved by Techsol, nor through the dispute resolution program established by VeraSafe, you may have the right to require that Techsol enter into binding arbitration with you pursuant to the Data Privacy Framework’s Recourse, Enforcement and Liability Principle and Annex I of the Data Privacy Framework.
Regulatory Oversight
Techsol is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Contact Us
If you have any questions about this Notice or our processing of your Personal Data, please contact our Data Protection Officer, Richard Lipman, by email at dpo@techsollifesciences.com, by phone at +1 609-454-5730, or by postal mail at:
Techsol
Attn: Richard Lipman, DPO
101 College Road East,
Princeton NJ 08540
USA
Please allow up to four weeks for us to reply.
European Union Representative
We have appointed VeraSafe as our representative in the European Union for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of personal information. To contact VeraSafe, please use this contact form: www.verasafe.com/public-resources/contact-data-protection-representative.
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road, Cork T23AT2P
Ireland
United Kingdom Representative
We have appointed VeraSafe as our representative in the United Kingdom for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of personal information. To contact VeraSafe, please use this contact form: www.verasafe.com/public-resources/contact-data-protection-representative.
Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom