visit https://www.privacyshield.gov.; Additionally, WCG may protect your data through other legally-valid methods, including international data transfer agreements.
2.0 TRANSPARENCY/NOTICE–WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
The types of Personal Information we may collect (directly from you or from Third Party-sources) and our privacy practices depend on the nature of the relationship you have with WCG and the requirements of applicable law. We endeavor to collect information only relevant for the purposes of Processing. Below are the legal bases and some of the ways we collect information and how we use it.
WCG collects Personal Information regarding its current, prospective and former clients, customers, visitors and guests (collectively “Individuals”). The data we collect from Individuals includes information such as title, name, address, phone number, email address, user name, answer to a security question and password, government identification (driver’s license, passport), and credit card and other financial information related to payments for services or goods. We may also collect demographic information you choose to provide, such as your business or company information, professional experiences, educational background, nationality, ethnic origin, age, gender, interests, preferences and favorites.
We acquire, hold, use and Process Personal Information about Individuals for a variety of business purposes including to:
- generally manage Individual information and accounts;
- respond to questions, comments and requests;
- provide access to certain areas and features of the WCG Sites;
- ensure internal quality control;
- verify Individual identity;
- enable Individuals to register for events or participate in webinars;
- communicate about Individual account and activities on WCG’s Sites and systems, and, in WCG’s discretion, changes to any WCG policy;
- tailor content, advertisements and offers we serve to Individuals;
- process payment for products or services purchased;
- measure interest in and improve WCG websites and systems;
- develop new products, processes and services;
- notify you about offers, products and services that may be of interest to you;
- process applications and transactions;
- prevent potentially prohibited or illegal activities;
- provide services to you and our sponsors;
- for purposes disclosed at the time that Individuals provide Personal Information or otherwise with consent.
2.2 General Information Collected & Used by WCG
Depending on how you interact with WCG, we and our Third Party-service providers may also collect and use information in a variety of ways, including:
- IRBs–Institutional Review Board Members. Our IRBs are dedicated to conducting a thorough review process, utilizing expert board members who undergo rigorous regulatory training. From these board members, we may collect contact and biographical information, including name, address, email address, telephone number, date of birth, driver’s license and Social Security number; financial and other employment-related information, including financial data related to credit checks, bank details for payroll, contact information of third parties in case of an emergency, and beneficiaries under any insurance policy; and professional and educational background and experience, such as information that may be recorded on a CV or application form and language abilities.
- IRBs–Research Subject Information. When research subjects communicate with our IRBs, we obtain whatever information the research subject chooses to provide (including, e.g., name and email address), and use that information to respond to the subject’s request. Additionally, our IRBs receive information from investigators regarding unanticipated problems. We endeavor to instruct investigators to provide such records in de-identified form.
- ACI Clinical – Endpoint Adjudication and Data Monitoring Committees. ACI Clinical provides endpoint adjudication and data monitoring committees and consulting services. In providing these services, ACI Clinical may collect and store demographic information of the patient (such as race, age and gender) and Personal Information (business contact information, such as name, and phone number) of the health care providers and committee members.
- Clintrax (and Others)–Investigator Information. In order to provide our services, some of our companies (e.g., Clintrax, IRBs) may collect and store investigator, sponsor, clinical research organization (“CRO”), and institutional employee contact information, including names, addresses, phone and fax numbers and email addresses.
- Clintrax–Contract and Banking Details. To facilitate its contract negotiation and site payment service offerings, Clintrax may handle contracts containing Personal Information (such as Social Security numbers) and collect payee bank account details and contact information through such contracts or separate banking documentation forms.
- CenterWatch Patient Notification Service. Registration for CenterWatch’s Patient Notification Service, which automatically emails you as soon as a clinical trial is posted that matches criteria you specify, only requires that one provide an email address and select a therapeutic area of interest; registrants may also choose to provide their location. CenterWatch utilizes subscriber email addresses strictly for troubleshooting and web-maintenance efforts.
- CenterWatch Clinical Trial Listings and Profile Pages. At the bottom of most trial listings, Research Center Profiles, and Industry Provider Profiles on CenterWatch’s website, you will find a submit template/form to submit a confidential posting to the company or individual you are contacting. The message will never go to any CenterWatch staff member. Furthermore, CenterWatch cannot access or retrieve any message that you submit using these forms; nor are we responsible for any of these messages. However, all messages will indicate to the receiver that the transmission originated at CenterWatch.com. The company or individual you contact will only receive the information that you provide in the form including, e.g., name, address, phone number, fax, email address, company (Profile Page forms only), and confidential message. To withhold information, simply leave the field blank.
- CenterWatch–JobWatch User Information. Registrants for JobWatch, a source for clinical research jobs and career resources offered by CenterWatch, must provide only their email address, which may be used by member companies to find qualified job applicants. CenterWatch has access to subscriber email addresses and utilizes them for trouble-shooting and web-maintenance efforts. At times, CenterWatch may use this list to inform subscribers of a new service JobWatch is offering or a new product CenterWatch is introducing that may assist them in their career search. If you receive updates that you do not wish to receive, please contact us at firstname.lastname@example.org.
- FDAnews–Subscriber and Client Data Collected. As a leading provider of domestic and international regulatory, legislative and business news and information for industries regulated by the U.S. Food and Drug Administration, FDAnews offers a variety of products and services, many of which may involve the collection and use of Personal Information from subscribers and clients. Examples include:
- Free eNewsletters. FDAnews offers three free daily and weekly eNewsletters to subscribers. FDAnews has access to subscriber email addresses and utilizes them to send eNewsletters and other marketing material as well as for trouble-shooting and web-maintenance efforts.
- Subscription eNewsletters, Books, Whitepapers and Webinars. Personal Information from clients who purchase subscription eNewsletters, books, whitepapers and webinars may include name, job title, company name, phone number, mailing address and credit card and other financial information related to payments for services or goods. Payment and other Personal information will be collected by service providers to effectuate your order and may be stored for purposes of future orders. FDAnews has access to subscriber and client email addresses and utilizes them to send eNewsletters and other marketing material as well as for trouble-shooting and web-maintenance efforts.
- FDAnews–Conference Details.
- Registration. Registrants for FDAnews-sponsored conferences must provide Personal Information including name, job title, company name, phone number, email address and mailing address and credit card and other financial information related to conference registration.
- Registration Lists. FDAnews may provide requesting conference sponsors with a one-time marketing exception to contact registrants.
- ePS Products and Services–Patient, Provider, Trial Manager and Client Data Collected. As a leading provider of e-clinical solutions, ePS offers a variety of products and services to enhance clinical trial operations, many of which may involve the collection and use of Personal Information from patients, health care providers (“providers”), clinical trial managers and clients. Examples include:
- Wellness Programs. In order to assist participants enrolled in clinical trials that have a lifestyle (weight watching) component, ePS provides access to a dietician and, as part of that process, collects profile information from program participants that includes weight and behavior information; and
- Clinical Trial Portal. Personal Information from patients, providers, clinical trial managers and clients may also be stored in our ePS Clinical Trial Portal – a tool used to manage and track study-related content, tasks, activities, completion and communications between sponsors, site personnel and vendors involved in a study.
- iConnect. ePS iConnect is a patient recruitment service which allows you to search for and initiate contact with clinical trials.
- To the extent Third Parties collect Personal Information of patients, ePS seeks to ensure that such Third Parties provide adequate privacy notices to the Data Subjects.
- KMR Group – Clinical Benchmark Data. As a global leader in the area of biopharmaceutical benchmarking in Research & Development, KMR offers peerless data on topics ranging from discovery to project cost analysis, enrollment performance, and R&D productivity. Through our workbooks and interactions with our clients and users, we collect and store non-identifiable and aggregated trial and R&D data, as well as Personal Information (such as business contact information) about our clients.
- Metrics Champion Consortium (MCC). MCC develops metrics and collects survey data on clinical trial performance. Through interactions with our clients and users, we collect and store non-identifiable aggregrated trial and R&D data, as well as Personal Information (such as business contact information) about our clients.
- MedAvante-ProPhase – Patient and Clinical Trial Data Collected. As global providers of specialty solutions in clinical trials, MedAvante – ProPhase endeavor to optimize the selection, use, and analysis of behavioral and physical endpoints to mitigate trial risk and maximize the likelihood of study success. Through collaboration with sponsors, CROs and sites, we may collect or Process information about clinical experts, regional clinical leads, reviewers and patients. Examples include:
- Electronic Capture of Assessments– (“eCOA” and “Virgil”). MedAvante – ProPhase’s proprietary solutions, eCOA, and Virgil, use a variety of modalities (e.g., tablet, handheld devices, and handwritten notes) to capture clinical outcome data, including audio, video and observational data, in a 21 CFR Part 11 compliant environment. Data collected may include Protected Health Information (such as treatment and assessment dates, patient initials and/or dates of birth) and/or other Personal Information of Data Subjects (such as patient gender, medical diagnosis or other biographical information).
- Independent Clinical Assessments– MedAvante – ProPhase’s global clinicians perform remote clinical assessments, capturing patient and clinical trial-related data, potentially including similar Personal Information and/or Protected Health Information.
- MedAvante-ProPhase – Rater Services. MedAvante – ProPhase’s also enhances clinical trial operations by offering Rater Services, including (i) Rater Certification, through which they offer documented participation in training programs, scale-specific scoring proficiency and applied skills training; and (ii) Ratings Quality Assurance (Audio/Video Monitoring) Services, through which expert clinicians provide raters with feedback on their ongoing performance as well as review of endpoint data (e.g., diagnostic adjudication, patient selection, endpoint adjudication and quality monitoring). These Rater Services can involve sensitive discussions between providers and patients, including potentially Personal Information. Importantly, MedAvante – ProPhase endeavors when possible to anonymize the videos by removing facial features.
- ThreeWire – Patient Recruitment, Enrolment and Retention Services. ThreeWire provides clinical trial recruitment and direct-to-patient marketing services to help pharmaceutical, medical device and biotech companies achieve their patient recruitment, enrolment and retention goals (collectively, the “Services”). Through onsite clinical trial recruitment efforts conducted with healthcare facilities and direct-to-patient marketing campaigns, ThreeWire accesses and stores relevant patient Personal Information to (i) assess the suitability of potential patients for clinical trials or physician services, (ii) contact, schedule and/or enrol pre-qualified patient referrals with study sites and (iii) other related recruitment, enrolment and retention Services. The patient Personal Information collected and utilized may include name, phone number, email address, mailing address, diagnosis and other contact information. ThreeWire also collects contact Personal Information (e.g., name, email address, phone number and/or other) of staff members of the healthcare facilities with whom they work and of trials sites for which patients are being recruited.
- Vigilare International – Patient Support and Drug Safety Reporting. Vigilare provides pharmacovigilance solutions, including consulting, contact center operations, and risk management services. In providing the patient support and drug safety reporting services, Vigilare may collect and store Personal Information (such as name, phone number, email address and mailing address) from the reporter/patient and Protected Health Information (such as treatment and medical record) of the patient, as well as demographic information of the patient (such as race, age and gender) and Personal Information (business contact information, such as name, and phone number) of the health care provider.
- WCG – Pseudonymous Data. Including as discussed below in § 2.8.3, WCG may use and share your anonymized or aggregated information within the WCG family of companies or with Third Parties for public health, research, analytics and any other legally permissible purposes.
2.3 Information We Collect Automatically
We may collect certain information automatically through our services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, mobile advertising identifiers, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the services, and other actions taken through use of the Services.
2.4 Other Ways WCG May Use Personal Data
We acquire, hold, use, and Process Personal Information based on the legal grounds and for the legitimate business purposes outlined in this Policy, including:
- To Provide Products, Services, or Information Requested: WCG may use information about you to fulfill requests for Services or information, including information about potential or future Services, includingto:
- Generally manage Individual information and accounts;
- Respond to questions, comments, and other requests;
- Provide access to certain areas, functionalities, and features of WCG’s Services;
- Allow you to register for events.
- Administrative Purposes: WCG may use Personal Information about you for its administrative purposes, including to:
- Measure interest in WCG’s Services;
- Develop new products and Services;
- Ensure internal quality control;
- Verify Individual identity;
- Communicate about Individual accounts and activities on WCG’s Services and systems, and, in WCG’s discretion, changes to any WCG policy;
- Process payment for products or services purchased;
- Process applications and transactions;
- Comply with regulatory requirements;
- Prevent potentially prohibited or illegal activities;
- Enforce our Terms of Service.
- Marketing WCG Services: WCG may use Personal Information to provide you with materials about offers, products, and Services that may be of interest, including new content or Services. WCG may provide you with these materials by phone, postal mail, facsimile, or email, as permitted by applicable law. Such uses include:
- To tailor content, advertisements, and offers;
- To notify you about offers, products, and services that may be of interest to you;
- To provide Services to you and our sponsors;
- For other purposes disclosed at the time that Individuals provide Personal Information; or
- Otherwise with your consent.
You may contact us at any time to opt out of the use of your Personal Information for marketing purposes, as further described below.
- Research and Development: WCG may use Personal Information to create non-identifiable information that we may use alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our existing products and services or develop new products andServices.
- Information Submitted Via Services. You agree that WCG is free to use the content of any communications submitted by you via the Services, including any ideas, inventions, concepts, techniques, or know-how disclosedtherein, for any purpose including developing, manufacturing, and/or marketing goods or Services. WCG will not release your name or otherwise publicize the fact that you submitted materials or other informationto us unless: (a) you grant us permission to do so; (b) we firstsend notice to you that the materials or other information you submit to a particular part of a Service will be published or otherwise used with yourname on it; or (c) we are required to do so by law.
- Information Anonymized or Aggregated. Including as discussed below, WCG may use and share anonymized or aggregated information within the WCG group of companies or with Third Parties for public health, research, analytics, or any other legally permissible purpose.
- Other Uses. WCG may use Personal Information for other purposes disclosed to you at the time you provide Personal Information or with your consent.
2.5 Human Resources Data
WCG collects Personal Information from current, prospective and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number, financial information related to credit checks, bank details for payroll, information that may be recorded on a CV or application form, language abilities, contact information of third parties in case of an emergency and beneficiaries under any insurance policy. We may also collect Sensitive Human Resources Data such as details of health and disability, including mental health, medical leave, and maternity leave.
We acquire, hold, use and Process Human Resources-related Personal Information for a variety of business purposes including:
- workflow management, assigning, managing and administering projects;
- Human Resources administration and communication;
- payroll and the provision of benefits;
- compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
- job grading activities;
- performance and employee development management;
- organizational development and succession planning;
- benefits and personnel administration;
- absence management;
- helpdesk and IT support services;
- regulatory compliance;
- internal and/or external or governmental compliance investigations;
- internal or external audits;
- litigation evaluation, prosecution and defense;
- diversity and inclusion initiatives;
- restructuring and relocation;
- emergency contacts and services;
- Employee safety, including monitoring compliance with safety regulations by confirming Employees are not speeding or otherwise violating traffic laws;
- compliance with statutory requirements;
- Processing of employee expenses and travel charges; and
- acquisitions, divestitures and integrations.
2.6 Social Media and Internet-Based Advertising
Generally, online social media resources are interactive tools that enable Data Subjects to collaborate and share information with others. Social media resources include, but are not limited to, social networks, discussion boards, bulletin boards, blogs, wikis, and referral functions to share web site content and tools with a friend or colleague. WCG may collect Personal Information to enable Data Subjects to use online social media resources. We may also enable you to use these social media resources to post or share Personal Information with others. If you use an online social media resource offered by a third party (“Third Party SMR”) through WCG, you acknowledge that WCG may be able to access any information you make public through such Third Party SMR (such as your username, comments, posts, and contacts) and other information your privacy settings on such Third-Party SMR permit WCG to access.
2.7 Information from Third-Party Sources
WCG may collect information about you from Third-Party sources to supplement information provided by you. This supplemental information allows us to verify information that you have provided to WCG and to enhance our ability to provide you with information about our business, products and services. WCG’s agreements with these Third Party-sources typically limit how the Company may use this supplemental information.
2.8 Direct Mail, Email and Outbound Telemarketing
Individuals who provide us with Personal Information, or whose Personal Information we obtain from Third Parties, may receive periodic emails, newsletters, mailings or phone calls from us with information on WCG or our business partners’ products and services or upcoming special offers/events we believe may be of interest. We offer the option to decline these communications at no cost to the individual by following the instructions in Section 3 below.
2.9 Research/Survey Solicitations
From time to time, WCG may perform research (online and offline) via surveys. We may engage Third Party-service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve Individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Sites, various types of communications, advertising campaigns and/or promotional activities. If an Individual participates in a survey, the information given will be used along with that of other study participants. We may share anonymous individual and aggregate data for research and analysis purposes.
2.10 All Internet Users – Cookies, Pixel Tags, Web Beacons and Aggregate Information
Like many other websites, WCG or its business partners may employ a cookie, or small piece of computer code that enables Web servers to “identify” visitors, each time an Individual initiates a session on the Company’s Sites. A cookie is set in order to identify Data Subjects; tailor our Sites to you; measure and research the effectiveness of our Sites’ features, offerings and advertisements; and authenticate users for registered services. Cookies can only access Personal Information that you have provided on our Sites and cannot be accessed by other sites. We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some our Sites, and to develop website content. This analytics data is not tied to any Personal Information. At any time, visitors may choose to opt-out of Google Analytics tracking with the Google Analytics opt-out browser add-on found at www.tools.google.com/dlpage/gaoptout. Data Subjects also have the ability to delete cookie files from their own hard drive at any time by clicking on the Privacy or History tab typically found on the Settings or Options menu in your internet browser. However, please also be advised that cookies may be necessary to provide access to much of the content and many of the features of WCG’s Sites.
2.10.2 Pixel Tags/Web Beacons
WCG may use “pixel tags,” also known as “web beacons,” which are small graphic files that allow us to monitor the use of our Sites. A pixel tag can collect information such as the Internet Protocol (“IP”) address of the computer that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time the page containing the pixel tag was viewed; the browser type and language; the device type; geographic location; and the identification number of any cookie on the computer previously placed by that server. When corresponding with you via HTML capable email, we or our Third Party-service providers may use “format sensing” technology, which allows pixel tags to let us know whether you received and opened our email.
2.10.3 Anonymous and Aggregated Information
Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Sites. Anonymized or aggregated information is not Personal Information, and WCG may use such information in a number of ways, including research, internal analysis, analytics and any other legally permissible purposes. We may share this information within WCG and with Third Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
2.11 Mobile Computing
3.0 3.0 Choice/Modalities to Opt Out
Where you have consented to WCG’s Processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and opt out by following the instructions in this Section 3. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out.
Prior to disclosing Sensitive Data to a Third Party or Processing Sensitive Data for a purpose other than its original purpose or the purpose authorized subsequently by the Data Subject, WCG will endeavor to obtain each Data Subject’s explicit consent (opt-in). Where consent of the Data Subject for the Processing of Personal Information is otherwise required by law or contract, WCG will comply with the law or contract.
3.2 Email and Telephone Communications
An “Unsubscribe” button will be provided at the top or bottom of each email communications sent by WCG so that you can opt-out. However, we will continue to send transaction-related emails regarding products or services you have requested.
Additionally, those registered for CenterWatch’s Patient Notification Service who no longer wish to receive updates may contact email@example.com or follow the unsubscribe instructions at http://www.centerwatch.com/clinical-trials/pns/.
We maintain telephone “do not call” lists and “do not mail” lists as mandated by law. We process requests to be placed on do not mail, do not phone and do not contact lists within 60 days after receipt, or such shorter time as may be required by law.
3.3 Human Resources Data
With regard to Personal Information that WCG receives in connection with the employment relationship, WCG
will use such Personal Information only for employment-related purposes as more fully described in
section 2.3 above. If WCG intends to use this Personal Information for any other purpose, the
Company will provide the Data Subject with an opportunity to opt-out of such uses.
3.4 “Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in
certain web browsers. DNT is a way for users to inform websites and services that
they do not want certain information about their webpage visits collected over time
and across websites or online services. WCG does not recognize or respond to
browser-initiated DNT signals.
3.5 Advertising Choices
3.6 Compliance with the Digital Advertising Alliance
Should WCG engage in interest-based advertising, it will endeavor to comply with the cross-industry Self-Regulatory Program for Online Behavioral Advertising as managed by the Digital Advertising Alliance (DAA) (http://aboutads.info). As part of this service, WCG’s online advertisements may sometimes be delivered with icons that help Individuals understand how their data are being used and provide choice options to Individuals that want more control. The list of our advertising partners may be updated from time to time. To opt-out of internet-based advertising by all DAA-participating companies, please visit http://www.aboutads.info/choices/.
4.0 Onward Transfer
4.1 Information We Share
We may disclose information about you: (i) if we are required to do so by law, court order or legal process; (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (iii) under the discovery process in litigation; (iv) to enforce WCG policies or contracts; (v) to collect amounts owed to WCG; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) in the good faith believe that disclosure is otherwise necessary or advisable. In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Sites. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
4.2 Data Transfers
All Personal Information sent or collected via or by WCG may be stored anywhere in the world, including but not limited to, in the United States, in the cloud, our servers, the servers of our affiliates or the servers of our service providers. By providing information to WCG, you consent to the storage of your Personal Information in these locations.
5.0 Rights of Access, Rectification, Erasure and Restriction
The security of all Personal Information provided to WCG is important to us, and WCG takes reasonable steps designed to protect your Personal Information. Unfortunately, no data transmission over the Internet or storage of information can be guaranteed to be 100% secure. As a result, while WCG strives to protect your Personal Information, we cannot ensure or warrant the security of any information you transmit to WCG, and you do so at your own risk.
8.0 Redress / Compliance and Accountability
WIRB Copernicus Group, Inc.
Attn: David Forster, Chief Compliance Officer
1019 39th Avenue SE
Puyallup, WA 98374
Phone: (360) 252-2428
9.0 Other Rights and Important Information
9.1 Information Regarding Children
Due to the nature of WCG’s business, services and benefits are not marketed to minors. WCG does not knowingly solicit or collect Personal Information from children under the age of 13. If we learn that we have collected Personal Information from a child under the age of 13, we will promptly delete that information.
9.2 California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. WCG does not share Personal Information with third parties for their own marketing purposes.
9.3 Links to Third-Party Websites
“Agent” means any third party that processes Personal Information pursuant to the instructions of, and solely for, WCG or to which WCG discloses Personal Information for use on its behalf.
“Data Subject” is an identified or identifiable natural person.
“Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker or retiree of WCG or its subsidiaries worldwide.
“Personal Information” is any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Privacy Shield Principles” collectively means the seven (7) privacy principles as described in the Privacy Shield: (1) notice, (2) choice, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access, and (7) recourse, enforcement and liability. Additionally, it includes the sixteen (16) supplemental principles described in the Privacy Shield: (1) sensitive data, (2) journalistic exceptions, (3) secondary liability, (4) performing due diligence and conducting audits, (5) the role of the data protection authorities, (6) self-certification, (7) verification, (8) access, (9) human resources data, (10) obligatory contracts for onward transfers, (11) dispute resolution and enforcement, (12) choice – timing of opt-out, (13) travel information, (14) pharmaceutical and medical products, (15) public record and publicly available information, and (16) access requests by public authorities.
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Protected Health Information” is a subset of Personal Information and has the meaning set out in the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”), and in particular at 45 C.F.R. § 160.103, as it may be amended from time to time.
“Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding EU-residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the individual’s sex life; or (8) information relating to the commission of a criminal offense.
“Third Party” is any natural or legal person, public authority, agency or body other than the Data Subject, WCG or WCG’s agents.