Effective from Date:05-Oct-2023
Introduction and Scope
SciMax Global LLC, (“SciMax”, “we”, “us”, “our”) take the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Notice (the “Notice”) addresses data subjects whose Personal Data we process in the SciMax Medical Information (MI) web application and our hosted instances of SciMax application (“Web Apps”), and our Scimax applications for iOS and Android (together with the Web Apps, the “Services”).
Controllership
In the context of this Notice, SciMax acts as a data processor for the Personal Data we process.
Categories of Personal Data
We may process the following types of Personal Data:
- Biographical information such as your first and last name
- Contact information such as your physical address, e-mail address, fax and phone number
- Employment information, such as your job title and the organization you work for
- Health data, such as medical history and medical event information
How We Receive Personal Data
We may receive your Personal Data when:
- when you submit your data by phone, e-mail, fax, mail, service desk, or a web form or
- when our customers, such as pharmaceutical companies, provide them to us
Cookies
A “cookie” is a small file stored on your hard drive that contains information about your computer. By showing how and when visitors use the Web Apps, cookies help us save user preferences and track user trends and patterns. We use session cookies, which are cookies that are deleted when you leave our Web Apps and persistent cookies, which are cookies that remain after you leave our Web Apps so that you are recognized when you return. Further information on our use of cookies is set out in our Cookie Policy (click to access).
The use of cookies is industry standard, so your browser may be set to accept cookies. If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. For more information, please visit https://www.aboutcookies.org. Note, if you reject certain cookies, you may not be able to access all of the features of our Web Apps.
Basis of Processing
Within the scope of this Privacy Notice, SciMax, acting as a data processor, processes Personal Data based on the documented instructions of the relevant data controllers.
Purposes of Processing
We process Personal Data for the purposes of:
- Providing medical information management services to our customers
- Enabling the use of our Services
- Responding to inquiries, and/or other requests or questions
Data Retention Periods
When the purposes of processing are satisfied, we will delete your personal data within a maximum of six months.
Sharing Personal Data with Third Parties
We share Personal Data with our subsidiaries and affiliates, as well as third parties to perform certain services on our behalf. We may share your Personal Data with these third parties solely to enable them to perform the services for us.
Such third parties include those providing:
- internet hosting
- IT system management
- service desk solutions
We will require that these third parties maintain at least the same level of confidentiality and data protection that we maintain for such Personal Data.
Our service providers may be located outside of the United States, the European Union (“EU”) or the European Economic Area (“EEA”). However, we will require that these third parties maintain at least the same level of confidentiality and data protection that we maintain for your Personal Data. SciMax remains liable for the protection of Personal Data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Also, in some cases, the European Commission may not have determined that the third-countries’ data protection laws provide a level of protection equivalent to EU law. The list of countries that the European Commission has deemed that offer an adequate level of data protection is available here. We will only transfer Personal Data of EU data subjects to third parties outside of these countries when there are appropriate safeguards in place. These safeguards include the European Commission’s standard contractual data protection clauses for the transfer of Personal Data to third countries, as approved by, and available directly from the European Commission (the “SCCs”).
Other Disclosure of Your Personal Data
We may disclose your Personal Data:
- To the respective regulatory authorities, upon the instruction of the data controller, with regard to reports of adverse events
- To the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders
- If we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change or our subsidiaries or affiliates only if necessary for business and operational purposes
We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data, about our Services users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
Data Integrity & Security
SciMax has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
Access & Review
If you are a data subject about whom we store Personal Data, you may have the right to request access to, and the opportunity to update, correct, or delete such Personal Data. You may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent that you have previously provided for your Personal Data to be shared with third parties, except as required by law. You also have the right to opt out if your Personal Data is used for any purpose that is materially different from, but nevertheless compatible with the purpose(s) for which it was originally collected or subsequently authorized by you. To submit such requests, please contact the party that has provided your Personal Data to us. If you have provided your Personal Data to us directly or if you want to raise any other questions related to the way we process your Personal Data, please contact us using the information in the Contact Us section of this Notice.
Children’s Privacy
Our Services are not directed at, or intended for use by, children under the age of 13. We do not knowingly process the Personal Data of anyone under 18. Children should always get permission from a parent or guardian before sending Personal Data over the Internet. If you believe your child may have provided us with their Personal Data, you can contact us using the information in the Contact Us section of this Notice and we will delete that Personal Data.
Changes to this Notice
If we make any material change to this Notice, we will post the revised Notice to this web page and update the “Effective” date above to reflect the date on which the new Notice became effective.
EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework
With respect to Personal Data in the scope of this Notice, SciMax complies with the EU-U.S. Data Privacy Framework (and its UK Extension) and the Swiss-U.S. Data Privacy Framework (the “Data Privacy Framework”), as adopted and set forth by the U.S. Department of Commerce regarding the processing of Personal Data transferred from the EU, EEA, UK or Switzerland to the United States. SciMax commits to upholding and has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles.
SciMax’s parent company Techsol Corporation, doing business as Techsol Life Sciences and Techsol Life Sciences Private Limited, (“Techsol”) identifies SciMax as a “Covered Entity” under the Data Privacy Framework.
To learn more about the Privacy Shield, and to view SciMax’s parent company, Techsol’s certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.
VeraSafe Privacy Program
SciMax Global is a member of the VeraSafe Privacy Program, meaning that with respect to Personal Data processed in the scope of this Notice, VeraSafe has assessed SciMax’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Dispute Resolution
Where a privacy complaint or dispute cannot be resolved through SciMax’s internal processes, SciMax has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
Binding Arbitration
If your dispute or complaint can’t be resolved by SciMax Global, nor through the dispute resolution program established by VeraSafe, you may have the right to require that SciMax Global enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
Regulatory Oversight
SciMax Global is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Contact Us
If you have any questions about this Notice or our processing of your Personal Data, please contact our Data Protection Officer, Richard Lipman, by email at dpo@scimaxglobal.com, by phone at +1 609-454-5730, or by postal mail at:
SciMax
Attn: Richard Lipman, DPO
101 College Road East,
Princeton NJ 08540
USA
Please allow up to four weeks for us to reply.
European Union Representative
We have appointed VeraSafe as our representative in the European Union for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of personal information. To contact VeraSafe, please use this contact form: www.verasafe.com/privacy-services/contact-article-27-representative.
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road, Cork T23AT2P
Ireland
United Kingdom Union Representative
We have appointed VeraSafe as our representative in the United Kingdom for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of personal information. To contact VeraSafe, please use this contact form: www.verasafe.com/privacy-services/contact-article-27-representative.
Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom