PRIVACY SHIELD POLICY STATEMENT
Effective 12 September 2016
Pazien, Inc. (“the Company”) is committed to preserving personal privacy. As part of that commitment, the Company complieswith the U.S.-EU Privacy Shield Framework Principles, including the Supplemental Principles and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce (collectively, the “Principles”). Pazien, Inc. has certified that it adheres to the Principles with respect to its services and certain Personal Data (as defined below) transferred from the European Union (“EU”) and Switzerland to the Company in the United States (“U.S.”). This Policy sets forth the standards under which the Company will treat such Personal Data. To learn more about the Principles and to view Pazien, Inc.’s certifications, please visit: https://www.privacyshield.gov/ and http://www.export.gov/safeharbor/.
This Statement applies to all personal information received by the Company (or its subsidiaries) in the United States from the European Economic Area or Switzerland.
“Agent” means any third party that processes personal information pursuant to the instructions of, and solely for the benefit of, the Company, or to which the Company discloses personal information for processing on the Company’s behalf.
“Data subject” means, as to personal information, the natural person as to which such personal information relates. Under this Statement, a data subject may be an employee of the Company or may be an employee, customer or other associate of the Company’s client (provided that such customer or associate is a natural person), or may be any other natural person about which personal information is received by the Company (or its subsidiaries) in the United States from the European Economic Area or Switzerland.
“Personal information” means any information relating to an identified or identifiable natural person that is within the scope of the EU Personal Data Directive, received by the Company from the European Economic Area or Switzerland, and recorded in any form. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Personal information does not include anonymized information, aggregate information (to the extent an individual’s identity cannot reasonably be derived from such information), or information as to which the data subject (who is not a Company employee) has freely given specific, informed and unambiguous consent for transfer to the United States.
‘“Processing” of personal information means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
“Sensitive personal information” means personal information that reveals a natural person’s race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns a natural person’s sex life or health.
Purposes of Data Processing
Pazien, Inc. processes data that is transferred from the EU or Switzerland to the Company in the U.S.) for purposes ofproviding, maintaining, protecting, developing, and improving the solutions we offer to our business customers and supporting the Company’s internal business operations (e.g. billing).
Through this Privacy Shield Policy Statement, the Company notifies individuals about the purposes for which it collects their personal information, and the types of third parties to which it may disclose their personal information.
When the Company is acting as an agent processing personal information under the direction of its clients, the Company has no direct relationship with the individuals whose personal information it processes, and therefore relies on its clients to provide notice to individuals about the purposes for which it collects their personal information, and the types of third parties to which it may disclose their personal information.
As an agent processing personal information under the direction of its clients, the Company has no direct relationship with the individuals whose personal information it processes, and therefore relies on its clients to offer individuals the choice to opt out of having their personal information disclosed to a third party that is not an agent or used for a purpose other than that for which it was originally collected.
In the event the Company discloses Personal Data covered by this Policy to a non-agent third party, it will do so consistent with any notice provided to Data Subjects and any choice they have exercised regarding such disclosure. Pazien, Inc. will only disclose Personal Data to third-party agents that have given us contractual assurances that they will provide at least the same level of privacy protection as is required by this Policy and the Principles and that they will process Personal Data for limited and specific purposes consistent with any consent provided by the individual. If the Company has knowledge that a third party to which it has disclosed Personal Data covered by this Policy is processing such Personal Data in a way that is contrary to this Policy and/or the Principles, Pazien, Inc. will take reasonable steps to prevent or stop such processing. Pazien, Inc. may be liable if the third party fails to meet those obligations and we are responsible for the event giving rise to the damage. In such case, the Company is liable for damages unless it is proven that the third party is responsible for the event giving rise to the violation.
Upon an individual’s request, the Company (or its client or its designee) will offer such individual reasonable access to his or her personal information and will afford such individual a reasonable opportunity to correct, amend, or delete inaccurate information. If a Company employee would like to access personal information maintained by the Company, the employee should make a written request to his or her local human resources representative. If a non-Company data subject would like to access personal information maintained by the Company, the individual should contact the Company using the contact information set forth in the “Contact Information” section below. For security purposes, the individual may need to provide the Company with various pieces of personal information to process the request. The Company may limit or deny access to personal information, or charge a fee, where providing such access would be unreasonably burdensome or expensive under the circumstances or as otherwise permitted by the Principles.
The Company will take reasonable measures, including technical, physical, and administrative measures and training, to protect personal information from loss, misuse, and unauthorized disclosure, access, alteration, and destruction. The Company safeguards information according to established security standards and periodically assesses new technology for methods of protecting information. However, the Company cannot guarantee the security of personal information.
The Company (or its client or its designee) will take reasonable measures to ensure that personal information is relevant for its intended use, reliable for its intended use, accurate, complete, and current.
Enforcement and Dispute Resolution
The Company will conduct periodic assessments to confirm the accuracy of, and verify its adherence to, this Statement. The Company will investigate suspected infractions. Any employee that the Company determines to be in violation of this Statement will be subject to disciplinary action, which may include termination of employment.
Any questions, concerns, or complaints concerning the collection and use of personal information by the Company should contact the Company using the contact information set forth in the “Contact Information” section below. Pazien, Inc. will respond to any such inquiries or complaints within forty-five (45) days. In the event that the Company fails to respond or its response is insufficient or does not address the concern, the Company has registered with JAMS to provide independent third party dispute resolution at no cost to the complaining party. To contact JAMS and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please visit: https://www.jamsadr.com/eu-us-privacy-shield. Complaining parties may also, in absence of a resolution by Pazien, Inc. and JAMS, seek to engage in binding arbitration through the Privacy Shield Panel.
Pazien, Inc. will cooperate with the United States Federal Trade Commissions and any data protection authorities of the EU Member States (“DPAs”) and/or the Swiss Federal Data Protection and Information Commissioner (“Commissioner”) in the investigation and resolution of complaints that cannot be resolved between Pazien, Inc. and the complainant that are brought to a relevant DPA.
Pazien, Inc.’s commitments under the Principles are subject to the jurisdiction and enforcement and investigatory authority of the United States Federal Trade Commission.
The Company may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Modification of this Privacy Shield Policy Statement
This Statement may be amended from time to time with or without notice in accordance with the the Principles. Any modified statement will be posted on the Company’s Web Site.
Questions, concerns, or complaints concerning the collection and use of personal information by the Company pursuant to this Statement should be directed by mail or electronic mail to the following address:
Legal Dept., Pazien, Inc.
375 Elliot St., Suite 130K
Newton, MA 02464
Telephone: (617) 300-8169