Effective from Date:18-Nov-2020
Introduction and Scope
Techsol Life Sciences and our subsidiary, SciMax Global LLC, (collectively, “Techsol”, “we”, “us”, “our”) take the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Notice (the “Notice”) addresses data subjects whose Personal Data we process in the MedInquirer web application and our hosted instances of the Oracle Argus application (“Web Apps”), and our MedInquirer mobile applications for iOS and Android (together with the Web Apps, the “Services”).
In the context of this Notice, Techsol acts as a data processor for the Personal Data we process.
Categories of Personal Data
We may process the following types of Personal Data:
- Biographical information such as your first and last name
- Contact information such as your physical address, e-mail address, fax and phone number
- Employment information, such as your job title and the organization you work for
- Health data, such as medical history and medical event information
How We Receive Personal Data
We may receive your Personal Data when:
- when you submit your data by phone, e-mail, fax, mail, service desk, or a web form or
- when our customers, such as pharmaceutical companies, provide them to us
Basis of Processing
Within the scope of this Privacy Notice, Techsol, acting as a data processor, processes Personal Data based on the documented instructions of the relevant data controllers.
Purposes of Processing
We process Personal Data for the purposes of:
- Providing medical information management services to our customers
- Enabling the use of our Services
- Responding to inquiries, and/or other requests or questions
Data Retention Periods
When the purposes of processing are satisfied, we will delete your personal data within a maximum of six months.
Sharing Personal Data with Third Parties
We share Personal Data with our subsidiaries and affiliates, as well as third parties to perform certain services on our behalf. We may share your Personal Data with these third parties solely to enable them to perform the services for us.
Such third parties include those providing:
- internet hosting
- IT system management
- service desk solutions
We will require that these third parties maintain at least the same level of confidentiality and data protection that we maintain for such Personal Data.
Our service providers may be located outside of the United States, the European Union (“EU”) or the European Economic Area (“EEA”). However, we will require that these third parties maintain at least the same level of confidentiality and data protection that we maintain for your Personal Data. Techsol remains liable for the protection of Personal Data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Also, in some cases, the European Commission may not have determined that the third-countries’ data protection laws provide a level of protection equivalent to EU law. The list of countries that the European Commission has deemed that offer an adequate level of data protection is available here. We will only transfer Personal Data of EU data subjects to third parties outside of these countries when there are appropriate safeguards in place. These safeguards include the European Commission’s standard contractual data protection clauses for the transfer of Personal Data to third countries, as approved by, and available directly from the European Commission (the “SCCs”).
Other Disclosure of Your Personal Data
We may disclose your Personal Data:
- To the respective regulatory authorities, upon the instruction of the data controller, with regard to reports of adverse events
- To the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders
- If we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change or our subsidiaries or affiliates only if necessary for business and operational purposes
We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data, about our Services users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
Data Integrity & Security
Techsol has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
Access & Review
If you are a data subject about whom we store Personal Data, you may have the right to request access to, and the opportunity to update, correct, or delete such Personal Data. You may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent that you have previously provided for your Personal Data to be shared with third parties, except as required by law. You also have the right to opt out if your Personal Data is used for any purpose that is materially different from, but nevertheless compatible with the purpose(s) for which it was originally collected or subsequently authorized by you. To submit such requests, please contact the party that has provided your Personal Data to us. If you have provided your Personal Data to us directly or if you want to raise any other questions related to the way we process your Personal Data, please contact us using the information in the Contact Us section of this Notice.
Our Services are not directed at, or intended for use by, children under the age of 13. We do not knowingly process the Personal Data of anyone under 18. Children should always get permission from a parent or guardian before sending Personal Data over the Internet. If you believe your child may have provided us with their Personal Data, you can contact us using the information in the Contact Us section of this Notice and we will delete that Personal Data.
Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective” date above to reflect the date on which the new Notice became effective.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
With respect to Personal Data in the scope of this Notice, Techsol complies with the EU-U.S. and Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”), as adopted and set forth by the U.S. Department of Commerce regarding the processing of Personal Data transferred from the EU, EEA or Switzerland to the United States. Techsol commits to adhere to and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Techsol does not currently use the Privacy Shield as its data transfer mechanism from the EU, EEA, or Switzerland and relies on the SCCs as its primary data transfer mechanism for such Personal Data.
Data Transfer Mechanism
Techsol Life Sciences uses the SCCs as its primary data transfer mechanism for transferring Personal Data from the EEA and SCCs are formally integrated into our agreements with third parties.
In addition, Techsol regularly reviews and confirms its compliance with the most-up-to-date guidance and obligations on valid data transfers under applicable privacy laws. If we find it necessary to update the data transfer mechanism used, we will update this Policy accordingly.
VeraSafe Privacy Program
Techsol Life Sciences is a member of the VeraSafe Privacy Program, meaning that with respect to Personal Data processed in the scope of this Notice, VeraSafe has assessed Techsol’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Where a privacy complaint or dispute cannot be resolved through Techsol’s internal processes, Techsol has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
If your dispute or complaint can’t be resolved by Techsol Life Sciences, nor through the dispute resolution program established by VeraSafe, you may have the right to require that Techsol Life Sciences enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
Techsol Life Sciences is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
If you have any questions about this Notice or our processing of your Personal Data, please contact our Data Protection Officer, Richard Lipman, by email at firstname.lastname@example.org, by phone at +1 609-454-5730, or by postal mail at:
Attn: Richard Lipman, DPO
101 College Road East,
Princeton NJ 08540
Please allow up to four weeks for us to reply.