Privacy Shield Policy
These entities are collectively referred to hereinafter as “Precision”, “we”, “our” or “us”.
Precision complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union member countries and Switzerland to the United States, respectively. Precision has certified that it adheres to the Privacy Shield Principles. If there is any conflict between this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certifications, please visit www.privacyshield.gov.
Precision is committed to protecting the privacy of your Personal Information (as defined below). We respect individual privacy and value the trust of our customers and employees, consumers, patients, health care providers, business partners and others who provide their Personal Information to us. This Policy sets forth the privacy principles that Precision follows with respect to transfers of personal information from the European Union and Switzerland to the United States, and is intended to give you confidence in the privacy and security of your Personal Information when accessing the available pages on any of the following Precision websites (collectively, the “Site”):
The Site provides you with information about Precision and our services and products. Precision collects data to operate effectively and provide you the best experiences with our services and products.
COMPLIANCE WITH PRIVACY SHIELD PRINCIPLES
The EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework were designed by the U.S. Department of Commerce, and the European Commission and the Swiss Administration, respectively, to enable U.S. companies to satisfy the requirement under European Union and Swiss law that adequate protection be given to personal information transferred from the EU and Switzerland to the U.S.
We recognize that the European Community has established a data protection regime which applies to the European Economic Area (“EEA”) and that Switzerland has also established a data protection regime which applies to Switzerland that restricts companies in the EEA/Switzerland in transferring personal data about individuals in the EEA/Switzerland to the U.S., unless there is “adequate protection” for such personal data when it is received in the U.S. To create such “adequate protection,” Precision adheres to the Privacy Shield Framework published by U.S. Department of Commerce (“Privacy Shield Principles”) with respect to personal data about individuals in the EEA/Switzerland that we receive from our affiliates, customers and other business partners. Precision’s Privacy Shield Certifications also extend to data that we receive directly through Precision’s publicly accessible Site via secure form submission.
ADHERENCE TO SEVEN PRIVACY SHIELD PRINCIPLES
The privacy principles in this Policy have been developed based on the EU-U.S. Privacy Shield Principles and Swiss-U.S. Privacy Shield Principles.
NOTICE: Where Precision collects Personal Information (as defined below) directly from individuals in the EEA/Switzerland, we will inform them about the purposes for which we collect and use personal information about them, the types of Third Parties to which we disclose that information, the choices and means, if any, we offer individuals for limiting the use and disclosure of personal information about them, and how to contact us. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Precision, or as soon as practicable thereafter, but in any event before Precision uses or discloses the information for a purpose other than that for which it was originally collected.
Where Precision receives Personal Information from its subsidiaries, affiliates or other entities in the EEA/Switzerland, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such Personal Information relates.
“Personal Information” means any information or set of information that identifies or could be used to identify an individual, received by Precision in the U.S. from the EU, EEA or Switzerland. Personal Information collected by the Site may include name, address, contact numbers, e-mail address, but may include other information when needed (for example, to provide a requested service, where an employment opportunity is being processed or where a health professional is interested in participating in a clinical trial). Personal Information does not include information that is anonymized or data that is reported in aggregate such that an individual cannot be identified.
“Sensitive Information” is Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of the individual, and, for Personal Information transferred from Switzerland only, ideological views or activities, information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.
“Third Party” or “Third Parties” does not include third parties that are acting as an agent to perform task(s) on behalf of and under the instructions of Precision.
An “agent” is a third party acting as an agent to perform a task or tasks on behalf of and under the instructions of Precision.
CHOICE: You may elect not to have your Personal Information either (a) disclosed to a Third Party, or (b) used for a purpose other than the purpose for which it was originally collected or subsequently authorized by you. In the event you wish to restrict your Personal Information from any such disclosure or use, please contact us at firstname.lastname@example.org to review your request.
Precision will not provide “choice” when disclosure is made to an agent to perform tasks on behalf of and under the instructions of Precision. Precision shall always enter into a contract with such an agent to protect the confidentiality and security of your Personal Information.
Precision will obtain the express consent (opt in) from individuals if Sensitive Information is to be: (a) disclosed to a Third Party; or (b) used for a purpose other than those for which it was originally collected or subsequently authorized by the individuals through the exercise of opt-in choice. Precision will treat as sensitive any Personal Information received from a Third Party that identifies and treats it as sensitive.
You may have an opportunity to elect to receive recurring informational/promotional e-mail from us. Our email correspondence will include instructions on how to update certain Personal Information and how to unsubscribe from our emails. Please follow the instructions in the emails to opt-out of an email. We will unsubscribe you from that newsletter or other programs within thirty business days.
ACCOUNTABILITY FOR ONWARD TRANSFERS TO THIRD PARTIES: Precision is responsible for Personal Information in our possession or custody, including Personal Information that we may transfer to Third Parties for processing, including storage.
In the event we transfer Personal Information covered by this Policy to a Third Party acting as a controller, we will do so consistent with any notice provided to you and any consent you have given, and only if the Third Party has given us contractual assurances that it will (i) process the Personal Information for limited and specified purposes consistent with any consent provided by you, (ii) provide at least the same level of protection as is required by the Privacy Shield Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Information or take other reasonable and appropriate steps to remediate if it makes such a determination. If Precision has knowledge that a Third Party acting as a controller is processing Personal Information covered by this Policy in a way that is contrary to the Privacy Shield Principles, Precision will take reasonable steps to prevent or stop such processing.
In connection with the purposes described in the “Notice” Section above, Precision may transfer your Personal Information to other companies within the Precision group of companies or to agents such as external service providers. In cases of onward transfers to our third party agents, Precision will limit the Personal Information shared to the minimum amount necessary for the agent to deliver the requested product or service, and will obtain assurances from third party business partners (agents) that they will safeguard Personal Information consistent with this Policy (for example, a contract obligating the agent to provide at least the same level of protection as is required by the Privacy Shield Principles). Where Precision has knowledge that an agent is using or disclosing personal information in a manner contrary to the Policy, Precision will take reasonable and appropriate steps to prevent or stop the use or disclosure and remediate unauthorized processing.
Precision remains responsible and liable under the Privacy Shield Principles if a third-party business partner (agent) uses or discloses Personal Information in a manner inconsistent with the Privacy Shield Principles, unless Precision proves that we are not responsible for the event giving rise to the damage.
SECURITY: Precision take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
DATA INTEGRITY AND PURPOSE LIMITATION: Precision will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.
Precision takes reasonable and appropriate measures to retain Personal Information only for as long as there is a legitimate legal or business need, which may include those that reasonably serve compliance and legal considerations, auditing, security and fraud prevention, preserving or defending Precision’s legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection. Precision will adhere to the Privacy Shield Principles for as long as it retains the Personal Information transferred in reliance on the Privacy Shield.
ACCESS AND CORRECTION: Upon request, Precision will grant individuals reasonable access to Personal Information that it holds about them. In addition, we will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. Requests for access, correction, amendment, or deletion should be sent to email@example.com.
VERIFICATION: Precision will use a self-assessment verification approach and conduct compliance audits of its applicable privacy practices to verify adherence to this Policy. Precision acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.
DISPUTE RESOLUTION AND ENFORCEMENT: In compliance with the Privacy Shield Principles, Precision commits to resolve complaints about your privacy and our collection or use of your Personal Information. Data subjects with inquiries or complaints regarding this Policy should first contact Precision by sending the inquiry or complaint to the address listed below or to: firstname.lastname@example.org.
We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Information within 45 days of receiving your complaint. Any complaints or concerns that cannot be resolved internally will be referred to JAMS Privacy Shield Program, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit http://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS Privacy Shield Program are provided at no cost to you.
Precision has also committed to cooperate with the panel established by the EU data protection authorities (“DPAs”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to any unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship, to address complaints and provide appropriate recourse, which will be provided free of charge to the data subjects. Precision is committed to following the determination and advice of these authorities. Under certain circumstances detailed in the Privacy Shield, data subjects may choose to invoke binding arbitration to resolve any disputes that have not been resolved by other means. For more information on binding arbitration, see U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).
Precision participation in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Any employee that Precision determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
LIMITATION ON APPLICATION OF PRINCIPLES: Adherence by Precision to these Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet legal, governmental or national security obligations, including requirements to cooperate with law enforcement; and (c) to the extent expressly permitted by an applicable law, rule or regulation.
CONTACT INFORMATION: Questions or comments regarding this Policy should be submitted to
Precision’s Privacy Office by mail to:
Precision Medicine Group, LLC
Attn: Privacy Office
2 Bethesda Metro Center, Suite 850
Bethesda, MD 20814
or by e-mail to Precision’s Privacy Office: email@example.com
EU-U.S. PRIVACY SHIELD POLICY EFFECTIVE DATE: 9/8/2016
SWISS-U.S. PRIVACY SHIELD POLICY EFFECTIVE DATE: pending
PRECISION PRIVACY SHIELD POLICY: updated November 2017