Effective: April 9, 2019
Personal Health Information: Personal information is defined as 1) any nonpublic data that 2) identifies or may identify an individual, as set forth under the Data Protective Directive 95/46/EC, the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
Individuals Utilizing our Website
The server on which the Web Site is located collects and saves only the default information customarily logged by web server software. Such information may include the date and time of your visit, the originating IP address, and the pages and images requested.
Like most Web sites, mednetsolutions.com also collects and logs information automatically and through the use of electronic web beaconing tools that may be transparent to you, such as your IP address, the name and location of your Internet Service Provider, the type and version of your browser, the length of time that you stay on mednetsolutions.com, search queries, your click-stream data, the location that referred you to mednetsolutions.com and the average number of pages viewed.
If you visit another Web site prior to browsing mednetsolutions.com, that Web site might place information within a URL, such as search queries, which may be logged by us. Your IP address is the identifier assigned to your particular computer when you access the Internet. Depending on how you connect to the Internet, your IP address may always be the same, or it may change each time you access the Internet. Note that logging your IP address does not provide us with personally identifiable information such as your name, e-mail address or home or work address.
Regarding patient security, Mednet employs the utmost of care to ensure the security of all data contained in client websites. We utilize secure socket layer (SSL) encryption on all data transmissions to and from our servers, both User ID and Password protection and a Part 11 compliant electronic signature and record locking capability. There is always some risk involved when submitting data over the Internet. We cannot guarantee that our web site is 100% safe from illegal tampering or “hacking.” Therefore, any data transmitted over the Internet may be at risk; however, once it is received at Mednet and entered our database, it is covered by the same physical and logical security protection that Mednet extends to its own confidential information.
Mednet’s Notice of Certification Under the EU-US Privacy Shield Framework and General Data Regulation Protection Compliance
Information about Mednet’s Privacy Shield certification and the Privacy Shield framework can be found here: www.privacyshield.gov
Data processed and purpose: Mednet provides an online platform and applications for our trading partners to operate aspects of their businesses, including the collection, processing and storage of clinical and operational data for the planning, conduct and optimization of clinical studies. Mednet’s trading partners decide what data to submit to our platform or applications, which may include information about their authorized users, employees, and clinical trial patients. Mednet processes this data as instructed by our trading partners and does not control or own its customer’s personal data. Mednet processing of personal data requires all data information to be encrypted both in transit and at rest. Our customer instructions may include processing or using personal data for purposes of providing or developing the Mednet platform, applications and services, preventing or addressing service or technical problems, responding to support issues, responding to our Customer’s instructions, or as may be required by law. Data retention period is 2 years post study closeout unless directed in writing by any trading partner.
Third party access to personal data: Mednet only discloses personal data as instructed by our trading partners. In some cases, we may use third-party providers to assist us in providing or developing our platform or applications to our trading partners, such as to offer support to our trading partners and their authorized users and employees and to provide technical or operational support such as data hosting, transmission, and storage. These providers may access, process, or store personal data in the course of providing their services to Mednet. Mednet maintains contracts with these providers restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations. Mednet may be liable if these third parties fail to meet those obligations and we are responsible for the event giving rise to the damage.
Right to access personal data: EU and Swiss individuals have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Privacy Shield certification, Mednet has committed to respect those rights. Individuals have the rights to accessing, correcting or deletion of data. If you wish to request access, to limit use, or to limit disclosure, please provide the name of the Mednet customer who submitted your data to our services. We will refer your request to that customer and will support them as needed in responding to your request.
What Rights Do You Have Regarding Your Personal Data?: You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email firstname.lastname@example.org. Please note that Mednet is a data processor for our trading partners the data controllers. Therefore, your Personal Data rights and requests will be confirmed with your associated data controller. In some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law. In these circumstances, we will still respond to you with such a decision. If necessary, we may also need you to provide us with additional Personal Data to verify your identity and the nature of your request.
- Access: You can request more information about your Personal Data being processed and request a copy of such Personal Data.
- Rectification: If you believe that your Personal Data being processed is incorrect or incomplete, you can request that we correct or supplement such data.
- Erasure: You can request that we erase some or all your Personal Data from our systems.
- Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time.
- Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes.
- Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
- Right to File Complaint: You have the right to lodge a complaint about our company’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Inquiries or complaints: If you are located in the EU or Switzerland and believe Mednet maintains your personal data in our platform or one of our applications within the scope of our Privacy Shield certification, you may direct any inquiries or complaints regarding our privacy practices to email@example.com or our EU Representative email firstname.lastname@example.org. Mednet will respond within 45 days. If we fail to respond within that time, or if our response does not address your concern, you may contact BBB EU PRIVACY SHIELD (“BBB”), a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus.
Please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information or to file a complaint. BBB has committed to respond to complaints and to provide appropriate recourse at no cost to you. If neither Mednet nor BBB resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel. Please visit the Privacy Shield website at www.privacyshield.gov for further information on the arbitration process.
You may also refer any inquiries or complaints by mail to:
Jesse D. Birbach
Gunderson Dettmer, Stough, Villeneuve, Franklin & Hachigian, LLP
550 Allerton Street
Redwood City, CA 94063
Phone: 650-321-2400 | Fax: 650-321-2800
email@example.com | www.gunder.com
Compelled disclosure. Mednet may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Mednet will notify our customer of any such requests unless prohibited by law.
U.S. Federal Trade Commission investigation and enforcement. Mednet’s commitments under the Privacy Shield framework are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Changes and Updates to This Policy
Mednet Corporate Headquarters
110 Cheshire Lane, Suite 300
Minnetonka, MN 55305 USA