Effective: March 27, 2020
1) Individuals visiting Mednet’s website (mednetsolutions.com)
The server on which the website is located collects and saves only the default information customarily logged by web server software. Such information may include the date and time of your visit, the originating IP address, and the pages and images requested.
Like most websites, mednetsolutions.com also collects and logs information automatically and through the use of electronic web beaconing tools that may be transparent to you, such as your IP address, the name and location of your Internet Service Provider, the type and version of your browser, the length of time that you stay on mednetsolutions.com, search queries, your click-stream data, the location that referred you to mednetsolutions.com, and the average number of pages viewed.
If you visit another website prior to browsing mednetsolutions.com, that website might place information within a URL, such as search queries, which may be logged by us. Your IP address is the identifier assigned to your computer when you access the Internet. Depending on how you connect to the Internet, your IP address may always be the same or it may change each time you access the Internet. Note that logging your IP address does not provide us with personally identifiable information such as your name, e-mail address, or home or work address
2) Individuals using Mednet’s platform or applications
Mednet employs the utmost of care to ensure the security of all data processed and contained in Mednet’s platform or applications. Mednet complies with the EU-U.S. and Swiss-U.S. Privacy Shield Framework. Mednet utilizes logical access controls (user id and password protection), full system audit trail/reporting capabilities, 21 CFR Part 11 compliant electronic signature and record locking capability, as well as transport layer security (TSL) encryption on all data transmissions to and from servers (data encryption at rest and in transit). There is always some risk involved when submitting data over the Internet. Mednet cannot guarantee that its platform or applications are 100% safe from illegal tampering or “hacking.” Therefore, any data transmitted over the Internet may be at risk; however, once it is received and entered in Mednet’s database it is covered by the same physical and logical security protection that Mednet extends to its own confidential information. Mednet manages and monitors compliance reports specific to virus scanning, intrusion detection, and general network activities.
Notice of Mednet’s certification under the EU-U.S. and Swiss-U.S. Privacy Shield Framework and General Data Protection Regulation (GDPR) Compliance
2) Data processed and purpose of processing
Mednet provides an online platform or applications for trading partners to operate aspects of their businesses including the collection, processing, and storage of clinical and operational data for the planning, conduct, and optimization of clinical studies. Mednet’s trading partners decide what data to collect, submit, and process within Mednet’s platform or applications. It is the policy of Mednet to retain data for a minimum of 2 years post study closeout unless directed in writing by Mednet’s training partners. The data collected and processed may include information about trading partners’ authorized users, employees, and clinical trial patients. Mednet processes this data as instructed by our trading partners and does not disclose, control, or own its customer’s personal data. Our customer instructions may include but are not limited to the following: processing or using personal data for purposes of providing or developing the Mednet platform or applications, preventing or addressing service or technical problems, responding to support issues, or any other customer instructions as may be required by law.
3) Third party access to personal data
Mednet only discloses personal data as instructed by our trading partners. In some cases, Mednet may use third-party suppliers or providers to assist in developing our platform or applications and/or to provide technical or operational support such as data hosting, transmission, and storage. These suppliers or providers may access, process, or store personal data in the course of providing their services to Mednet. Mednet maintains contracts with these suppliers or providers restricting their access, use, and disclosure of personal data in compliance with our Privacy Shield obligations. Mednet may be liable and responsible for the event giving rise to the damage, if these suppliers or providers fail to meet those obligations.
4) Right to access personal data
European Union, United Kingdom, and/or Switzerland individuals have rights to access, correct, delete and/or limit use or disclosure of their personal data. With Mednet’s Privacy Shield certification, we have committed to respect those rights. If you wish to exercise these rights please direct your request to email@example.com and provide the name of the Mednet customer who submits/submitted your data to our platform or applications. Mednet will refer your request to that customer and support them as needed.
5) What rights do you have regarding your personal data?
You have certain rights with respect to your personal data, including those set forth below. Please note that Mednet is a data processor for our trading partners, the data controllers. Therefore, your personal data rights and requests will be confirmed with your associated data controller. In some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law. In these circumstances, we will still respond to you with such a decision. If necessary, we may also need you to provide us with additional personal data to verify your identity and the nature of your request.
- Access: You can request more information about your personal data being processed and request a copy of such personal data.
- Rectification: If you believe that your personal data being processed is incorrect or incomplete, you can request that we correct or supplement such data.
- Erasure: You can request that we erase some or all your personal data from our platform or applications.
- Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time.
- Portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes.
- Restriction of Processing: You can ask us to restrict further processing of your personal data.
- Right to File Complaint: You have the right to lodge a complaint about our company’s practices with respect to your personal data with the supervisory authority of your country or Member State.
6) Inquiries or complaints
If you are located in the European Union, United Kingdom, or Switzerland and believe Mednet maintains your personal data in our platform or applications, within the scope of our Privacy Shield certification, you may direct any inquiries or complaints regarding our privacy practices to firstname.lastname@example.org or our EU Representative email email@example.com. Mednet will respond within 45 days. If we fail to respond within that time or if our response does not address your concern, you may contact Better Business Bureau EU Privacy Shield (“BBB EUPS”), a non-profit alternative dispute resolution provider located in the United States and operated by the BBB National Programs, Inc. (“BBB NP”).
Please visit https://bbbprograms.org/programs/bbb-privacy-shield/home for more information or to file a complaint. BBB has committed to respond to complaints and to provide appropriate recourse at no cost to you. If neither Mednet nor BBB resolves your complaint, you may have the possibility to engage in binding arbitration through the Privacy Shield Panel. Please visit the Privacy Shield website at www.privacyshield.gov for further information on the arbitration process.
You may also refer any inquiries or
complaints by mail to:
Jesse D. Birbach
Gunderson Dettmer, Stough, Villeneuve, Franklin & Hachigian, LLP
550 Allerton Street
Redwood City, CA 94063
Phone: 650-321-2400 | Fax: 650-321-2800
firstname.lastname@example.org | www.gunder.com
Compelled disclosure. Mednet may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Mednet will notify our customer of any such requests unless prohibited by law.
U.S. Federal Trade Commission investigation and enforcement. Mednet’s commitments under the Privacy Shield framework are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Changes and inquires to this policy
Mednet reserves the right to change this information, services, features and policy at any time. We will post changes to this policy in writing on Mednet’s website (mednetsolutions.com). If you have any questions regarding this policy, please direct them to email@example.com or contact us at:
Mednet Corporate Headquarters
110 Cheshire Lane, Suite 300
Minnetonka, MN 55305 USA