SAFE-BioPharma RAS Privacy Policy

Similar documents
Privacy Statement. What Personal Information We Collect. Australia

1. TYPES OF INFORMATION WE COLLECT.

2. A Note about Children. We do not intentionally gather Personal Data from visitors who are under the age of 13.

PRIVACY POLICY. What Information Is Collected

GUESTBOOK REWARDS, INC. Privacy Policy

Privacy Policy. February, 2015 Page: 1

AlixPartners, LLP. General Data Protection Statement

LATISYS SAFE HARBOR POLICY

Privacy Policy for Data Collected by Blue State Digital s Clients

Privacy Policy Last Modified: April 3,

Privacy Policy for Data Collected by Blue State Digital

Program, you consent to the data practices described in this Privacy Policy.

The privacy of DataLogic CRM, Inc. s customers and affiliates is important to us. Therefore:

Privacy Policy. Effective Date: November 20, 2014

Web Sites Covered This policy covers NASBA.org and all other NASBA affiliated sites that link to this policy.

Neutralus Certification Practices Statement

Privacy Policy documents for

Verified Volunteers. A division of SterlingBackcheck. Privacy Policy. Last Updated: November 5, 2014

PREPLY PRIVACY POLICY

CPA Global North America LLC SAFE HARBOR PRIVACY POLICY. Introduction

PRIVACY POLICY. Mil y Un Consejos Network. Mil y Un Consejos Network ( Company or we or us or our ) respects the privacy of

tell you about products and services and provide information to our third party marketing partners, subject to this policy;

Privacy Policy & Terms of Use Effective: 12/13/2011. Terms and Conditions. Changes in this Privacy Policy. Internet Privacy & Security

SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014

RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015

Vyve Broadband Website Privacy Policy. What Information About Me Is Collected and Stored?

Certification Practice Statement

Privacy Policy Version 1.0, 1 st of May 2016

Maximum Global Business Online Privacy Statement

This Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE

TELSTRA RSS CA Subscriber Agreement (SA)

Comeet Privacy Policy

Data Processing Agreement for Oracle Cloud Services

DailyMailz may collect and process the following personal information about you:

ING Public Key Infrastructure Technical Certificate Policy

Service Line Warranties of Canada PRIVACY STATEMENT

Zubi Advertising Privacy Policy

CW Government Travel Inc. Data Protection and Privacy Policy

Privacy at Staples and Coastwide Laboratories. Customer Personal Information Privacy Policy (Effective Date: October 20, 2009)

Class 3 Registration Authority Charter

Introduction PriorFX LTD Right to Privacy Information

University of Liverpool Online Programmes - Privacy Policy for Visitors and Students

Website Privacy Policy Statement

Transnet Registration Authority Charter

Office 365 Data Processing Agreement with Model Clauses

Privacy Policy 1. GENERAL

PRIVACY POLICY. The effective date of this Privacy Policy is December 15, Last Updated September 29, Overview

YOUR PRIVACY IS IMPORTANT TO SANDERSONS ARCHIVING SOLUTIONS LIMITED

Elo Touch Solutions Privacy Policy

Eskom Registration Authority Charter

If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us.

ESTRO PRIVACY AND DATA SECURITY NOTICE

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy.

Carlson Hotels, Inc. Privacy Policy Your Privacy Rights

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

Ericsson Group Certificate Value Statement

Please read the information below to learn more about our data collection policies and practices.

AIG INSURANCE COMPANY OF CANADA Privacy Principles

Website Privacy Policy

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES

The U.S.-EU Safe Harbor Guide to Self-Certification

Online Privacy and Security Statement

Rise Broadband Networks, Inc. Privacy Policy and Customer California Privacy Rights. Effective date: January, 2016

Iowa Student Loan Online Privacy Statement

PRIVACY POLICY. Introduction

Website Privacy Policy Statement York Rd Lutherville, MD We may be reached via at

GlobalSign Subscriber Agreement for DocumentSign Digital ID for Adobe Certified Document Services (CDS)

INTRODUCTION We respect your privacy and are committed to protecting it through our compliance with this privacy policy.

RezScore SM Privacy Policy

Certification Practice Statement (ANZ PKI)

Revelian Pty Ltd ABN Privacy Policy Effective 1 September 2014

Mid Carolina CU Internet Online Banking Services Terms and Conditions

ChangeIt Privacy Policy - Canada

myra Online Terms and Conditions

At Cambrian, Your Privacy is Our Priority. Regardless of how you deal with us on the phone, online, or in person we have strict security measures

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

How We Use Your Personal Information On An Afinion International Ab And Afion International And Afinion Afion Afion

PRIVACY POLICY. Last updated February 2, 2009 INTRODUCTION

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Our collection of information

Doug Kerr Insurance Consultants P/L ABN AFSL Tel: Fax:

privacy Requirements of Lanyon Services

VES Privacy Policy Effective Date: June 25, 2015

Measurabl, Inc. Attn: Measurabl Support 1014 W Washington St, San Diego CA,

Privacy Policy. Definitions

H&R Block Digital Tax Preparation, Online, and Mobile Application Privacy Practices and Principles

The Anti-Corruption Compliance Platform

Clevertar Privacy Policy

CERTIMETIERSARTISANAT and ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS

Abilities Centre collects personal information for the following purposes:

ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS

Privacy Policy. If you have questions or complaints regarding our Privacy Policy or practices, please see Contact Us. Introduction

Privacy Policy. Peeptrade LLC ( Company or We ) respect your privacy and are committed to protecting it through our compliance with this policy.

Vodafone Group Certification Authority Test House Subscriber Agreement

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

IF YOU CHOOSE NOT TO ACCEPT THIS AGREEMENT, WHICH INCLUDES THE CERTIFICATE POLICY, THEN CLICK THE "DECLINE" BUTTON BELOW.

All references to "Internet Banking" reflect the CU Online services offered by FORUM Credit Union.

Privacy Policy - LuxTNT.com

PRIVACY POLICY The type of web browser and operating system you have used:

Transcription:

SAFE HARBOR SAFE-BioPharma Association is certified compliant with the US Department of Commerce and European Union Safe Harbor requirements for the protection of personal data. SAFE-BioPharma s privacy policy complies with the EU s Safe Harbor Principles. Safe Harbor Certification recognizes that SAFE-BioPharma s privacy and data security policies provide "adequate protection" for personal data from its European clients as required by the European Union's Data Protection Directive. It also enables SAFE-BioPharma to transfer personal data outside the E.U., expediting the flow of information between European clients and the United States.

SAFE-BioPharma RAS Privacy Policy This statement discloses the privacy practices for the SAFE-BioPharma Association ( SAFE- BioPharma ) Registration Authority System ( RAS ) web site and describes: what personally identifiable information is collected; what organization is collecting the information; how the information is used how the information is disclosed to third parties; what choices are available to you regarding collection, use and distribution of the information; how to correct, update or delete personally identifiable information; how you can register complaints or file a dispute; what kind of security procedures are in place to protect the loss, misuse or alteration of information under the company s control; and our compliance with the EU privacy principles using EC approved Standard Contractual Clauses for the Protection of PII as defined in EC Decision 2001_497_EC. Definitions A Certification Authority is trustworthy institution that certifies public keys, i. e. issues certificates. Chosen Security TC TrustCenter and Trans Sped are examples of a CA. Personally identifiable information is information that would allow someone to identify or contact you, including, for example, your full name, address, telephone number or email address. A Registration Authority is an entity that is responsible for identification and authentication of certificate subjects, but that does not sign or issue certificates, i. e., an RA is delegated certain tasks on behalf of a CA. An Identity Provider/Credential Service Provider (IdP/CSP) is a legal entity that contracts with the SAFE-BioPharma Association to follow the SAFE-BioPharma Standard to ensure the issuance and life cycle maintenance of a verified identity credential that meets the requirements of this document. Issuers may offer PKI and/or non-pki identity credentials.

Your Role may be any of the following: Applicant, System Administrator; Registration Agent; Trusted Agent; Subscriber, Notary; Requestor; or Approver. This Privacy Policy is incorporated into and subject to the agreement(s) applicable to you in your Role(s) within the SAFE-BioPharma RAS (the Subscriber Agreement(s) ) and you agree to be bound by the terms and conditions of any such Subscriber Agreement. This policy only addresses our activities from our servers. Other sites (including those that we link to and third party sites or services with whom we partner to provide our products and/or services) may have their own policies, which we do not control, and thus are not addressed by this policy. However, any IdP/CSP that is certified by or cross-certified with the SAFE-BioPharma Trust Framework or the SAFE-BioPharma Bridge Certification Authority is obligated to operate under a privacy policy that complies with this privacy policy. SAFE-BioPharma complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. SAFE-BioPharma has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view SAFE-BioPharma s certification, please visit http://www.export.gov/safeharbor/ (1) What Personally Identifiable Information Is Collected. You may be required to provide certain personal information to us when you: (a) apply for our products or services; (b) communicate with us by sending email messages, submitting data via online forms or via any other method; or (c) sign up to receive newsletters or other announcements about our products or services. Although you are required to provide information that may include your bank or credit card account numbers, social security number, passport number, driver s license number, or other similar identification numbers during the application process for digital credentials, that data is collected for the sole purpose of verifying your identity and will not be shared (unless otherwise permitted by this agreement) with any third party unless they are directly involved in: (i) processing or verifying such information; (ii) providing services on your behalf; or (iii) issuing digital credentials to you. We may also receive personal information from your employer as well as from partners, subsidiaries, or third parties that assist us in providing and/or maintaining our products and services. Furthermore, in the event of a complaint or inquiry regarding your use of our services, we may receive personally identifiable information about you from third parties who may communicate information to us about you in relation to that complaint or inquiry. (2) What Organization Is Collecting the Information. Although the RAS web site is operated by a third party service provider, it is owned by SAFE- BioPharma. Any data collected on the RAS web site is maintained on SAFE-BioPharma s 2.

behalf for SAFE-BioPharma s exclusive use in accordance with the terms of this Privacy Policy. Our mailing address is 1 Bridge Plaza, Suite 275, Fort Lee, NJ 07024, our telephone number is 1-800-555-SAFE-BioPharma, and our customer service email address is support@safebiopharma.org. As noted in Section 1 of this document, your personal information may be collected by third parties and provided to SAFE-BioPharma to facilitate the enrollment process. To the extent that your information is aggregated by or otherwise forwarded to SAFE- BioPharma by a third party, that organization s privacy policy shall govern its use of your data. Our servers automatically collect information about which sites users visit and which pages are viewed within the RAS web site, but in these instances, we do not obtain personally identifiable information about you. We may use a feature of your browser called a cookie to assign a User ID that automatically identifies your computer when you visit the site. Cookies are small pieces of information stored on your hard drive, not on our site. Cookies used on our site will not contain any additional personal information and will make your use of our products and services more convenient. You are always free to decline our cookies if your browser permits, but some parts of our site may not work properly if you do. (3) How Your Information Is Used The purpose of creating and verifying digital credentials is to establish a system by which recipients of communications (e.g., authentication events, digital signatures) created using those credentials can verify the identity of the initiating party. In order to ensure that the SAFE- BioPharma RAS functions as intended, we will publish, to your digital credential, some of your personal information, which may include: your e-mail address, your name, the name of your organization, specific information requested by a relying party (e.g., your role in your organization, medical license data), if a PKI credential, your Public Key, the serial number on your credentials, the status of your credentials, and/or the date your credentials expire. To correctly create your PKI credential certain information, your name and your company e-mail address must be transferred to and used by the certification authority - Chosen Security in Hamburg, Germany and Trans Sped in Bucharest, Romania. Additionally, to meet the requirements of Romanian law we must transfer your name, date of birth and city of birth to Trans Sped which is located in Bucharest, Romania and is under EC jurisdiction. In some cases, we use your personally identifiable information to provide information to you, such as to send newsletters that you have requested or to alert you to changes in our systems that may affect your use of our products or services. We may also use your personal information to contact you (directly or through organizations with which you are affiliated) regarding the renewal of your credentials, or to offer additional or upgraded products or services to you. We may also use your personally identifiable data as part of identity assertions used in authentication events. In these cases, ONLY the specific data required by the relying party will be included. We may also use your information on an aggregated basis to do such things as operate our site and enhance it to optimize the user experience. 3.

(4) How Information Is Disclosed to Third Parties. Your personally identifiable information will ONLY be disclosed to third parties that are directly involved in managing your digital identity credential. These include Verizon Business which operates the RAS under contract to SAFE-BioPharma and is our delegated Registration Agent, the Certification Authorities (CAs) (Chosen Security and Trans Sped) and Identity Providers which generate your digital credentials and, for US citizens who use the on-line antecedent identity verification process, the third party identity verification source (Lexis Nexis). We do not sell or otherwise share your email address, your name, or other personal information to mass marketers. However, on particular pages where we ask for your personally identifiable information, we may explicitly tell you that the data we are collecting on that page will be shared with third parties, in which case those disclosures shall override anything to the contrary in this policy. We will never share your information with a third party who does not agree to maintain the confidentiality of that information using reasonable security measures as required under the provisions of the EU Standard Contractual Clauses for the Protection of PII as defined in EC Decision 2001_497_EC, and you will be given an opportunity to opt out before your data is shared with a third party for any purpose that is not directly related to providing service or support to SAFE-BioPharma in operating the RAS. The data collected is required to verify your identity to the extent required to support issuance of a digital identity certificate, and as noted, is shared ONLY with contracted third parties which provide the services necessary, under contract, to verify your identity, and manage the life cycle of your digital identity certificate. As such, SAFE-BioPharma offers each Applicant for a certificate the option to opt out of providing this information, during the identity verification process, prior to commitment of any personally identifiable information to any database. If the Applicant opts to voluntarily provide the requested information the data is processed as noted above. If you choose to opt out and not provide the information, your data is immediately deleted and is not retained within the RAS. Processing for your digital identity credential ceases and the Approver is notified If SAFE-BioPharma sells, buys, merges with or is acquired by another entity, your personal information may be disclosed to that entity to the extent necessary to permit that entity to provide and maintain the products and services offered to you by SAFE-BioPharma. By agreeing to our Subscriber Agreement, you consent to any retention and use of your personal information by such an entity for the purpose of ensuring the continued availability of the products and services that are currently offered by SAFE-BioPharma. (5) Controlling the Collection, Use and Distribution of Your Information. You can control the content of your personal information by following the instructions stated below in Section 6. Please note that if you provide any information directly to parties who provide service to our web site or any other sites you encounter on the Internet (even if these sites are branded with our branding), different rules may apply to their use or disclosure of the personal information you 4.

disclose to them. We encourage you to investigate and ask questions before disclosing information to third parties. (6) Correcting, Updating and Deleting Personal Information. You can request to review your personal information by contacting the SAFE-BioPharma Help Desk at support@safe-biopharma.org and providing your name, email address (must be the same address used when you applied for your certificate) and the information requested for review. Upon completion of your review, you may request update, change or deletion of information which does not materially affect the data required for archival in support of your credential. If you delete such information, it cannot be used by us or disclosed to third parties in the future. Even if you delete or change some personal information in our registration database, it may still be stored on other databases (including those kept for archival purposes). Although you may deactivate your digital credentials by contacting us via e-mail at support@safe-biopharma.org, note that we do not delete records related to deactivated, revoked or expired credentials, and we will maintain identification and authorization information for a minimum of 10.5 years after your credentials have expired. Thus, if a third party attempts to verify your deactivated, revoked or expired credentials in our system, that third party will be notified that, although your credentials were once valid, they have been deactivated, revoked or expired as of the relevant date. (7) Questions, inquiries, complaints and disputes If you have any inquiries, questions, or complaints related to the SAFE-BioPharma RAS Privacy Policy, or please contact: privacy@safe-biopharma.org Questions, inquiries, complaints and disputes shall be managed as indicated below: A. Questions and Inquiries The Global Regulatory Affairs and Compliance Department shall perform the research and provide a written answer to the inquiring party within five (5) workdays. B. Complaints The Global Regulatory Affairs and Compliance Department shall perform the research and provide a written answer to the inquiring party within five (5) workdays. C. Disputes Upon receipt of a potential dispute notification, the Global Regulatory Affairs and Compliance Department shall contact the International Centre for Dispute Resolution of the American Arbitration Association (AAA) to file a case per the appropriate ICDR rules. (8) Our Security Procedures. SAFE-BioPharma is committed to establishing and maintaining state of the art security controls required from Certification Authorities (CAs) and Registration Authorities (RAs) which meet EU, US, and other international standards We have established and maintain reasonable security procedures to protect the confidentiality, security and integrity of your personally identifiable information. Perfect security, however, does not exist on the Internet. 5.

Although your privacy is very important to us, due to the existing legal regulatory and security environment, we cannot fully ensure that your private communications and other personally identifiable information will not be disclosed to third parties. For example, we may be forced to disclose information to the government or third parties under certain circumstances, or third parties may unlawfully intercept or access transmissions or private communications even though they are encrypted. Additionally, in the unlikely event we need to investigate or resolve possible problems or inquiries, we can (and you authorize us to do so) disclose any information about you to private entities, law enforcement or other government officials as we, in our sole discretion, believe necessary or appropriate. (9) Compliance with US-EU Safe Harbor Privacy Principles. To the extent that the RAS website is used to collect, process or store personal data belonging to individuals located in, or employed by entities located in, the European Union ( EU Parties ), SAFE-BioPharma s handling of that data adheres to the US-EU Safe Harbor Principles ( Safe Harbor ) under the terms of the EU Standard Clauses for the Protection of PII defined in EC Decision 2001_497_EC. Although SAFE-BioPharma makes every effort to verify the accuracy of data submitted by RAS users, users are expected to update their personal information by contacting the SAFE-BioPharma Help Desk when necessary to ensure that their personal data is accurate, complete and current. SAFE-BioPharma is committed to cooperating with the International Centre for Dispute Resolution of the American Arbitration Association to resolve and remedy any disputes that arise regarding data connected to individuals located in (or employed by entities located in) Europe. We hope this policy clarifies our procedures regarding your personal information. We may amend this policy at any time by sending the amended policy to an email address that you have provided to us, or by posting the amended version on our home page. 6.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information