Statement of Information Privacy and Privacy Policy
Medelis, Inc.
Medelis has determined that the protection of personal information is critical for our company and our clients. Accordingly, this policy has been designed and adopted effective July 15, 2010 to implement a consistent and comprehensive policy on the protection of personal information.
It is also the Company’s objective that this privacy policy will ensure compliance with all applicable international laws and regulations, including, for example, the European Union's Data Protection Directive (EUDP), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Japan's Personal Information Protection Action (PIPA), and the US Health Insurance Portability and Accountability Act (HIPAA).
The Company’s EU Safe Harbor Privacy Statement sets forth the privacy principles that it has committed to follow with respect to transfers of personal information from the European Union to the United States. Medelis adheres to the US - EU Safe Harbor Privacy Principles in connection with the transfer of all personal data from the EU to the US. The Company understands the importance of protecting information of all kinds, especially individual personal information.
For any complaint or dispute concerning the personal information of EU residents which cannot be resolved between the Company and the complainant, Medelis has engaged the Council of Better Business Bureaus, Inc. to act as a forum for unresolved privacy complaints.
Information on the Safe Harbor certification and principles can be found at the U.S. Department of Commerce's web site: http://www.export.gov/safeharbor/index.asp.
Medelis Privacy Policy
SCOPE: This Policy applies to all personal information, either in electronic or paper format, received by Medelis in the United States from the EU.
DEFINITIONS: For purposes of this Policy, the following definitions shall apply:
"Agent" means any third party that uses personal information provided to it by Medelis to perform tasks on behalf of and under the instructions of Medelis.
"Medelis" means Medelis, Inc., its successors, subsidiaries, divisions and groups in the United States.
"Personal information" means any information or set of information that identifies or could be used by or on behalf of Medelis to identify an individual. Personal information does not include information that is encoded or anonymized or publicly available information that has not been combined with non-public personal information.
"Sensitive personal information" means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. In addition, Medelis will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
PRIVACY PRINCIPLES
The privacy principles in this Policy are based on the Safe Harbor Privacy Principles.
Notice: Where Medelis collects personal information directly from individuals in the EU, it will inform them about the purposes for which it collects and uses personal information about them, the types of non-agent third parties to which Medelis discloses that information, and the choices and means, if any, Medelis offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Medelis, or as soon as practicable thereafter, and in any event before Medelis uses the information for a purpose other than that for which it was originally collected.
Choice: Medelis will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For sensitive personal information, Medelis will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
Medelis will provide individuals with reasonable mechanisms to exercise their choices.
Transfers: Medelis may share an individual's information with agents, contractors or partners of Medelis in connection with services that these individuals or entities perform for, or with, Medelis. The Company may, for example, provide an individual's personal information to agent contractors or partners for hosting our databases, for data processing services, or to send to that individual the information that he or she requested.
Medelis will obtain assurances from its agents that they will safeguard personal information consistently with this Policy.
Where Medelis knows that an agent, contractor or partner is using or disclosing personal information in a manner contrary to this Policy, the Company will take reasonable steps to prevent or stop the use or disclosure.
Security: Medelis will employ reasonable safeguards to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. For personal information subject to electronic storage or transmission, Medelis maintains an internal private, secure global network that is protected from computer virus infection and monitored for unauthorized access. Both electronic and paper based records holding personal information are maintained in access controlled facilities for which business continuity plans are required.
Data Integrity: Medelis will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. The Company will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
Access: Upon request, individuals will be provided with the personal information that Medelis holds about them. In addition, upon request, Medelis will take reasonable steps to provide individuals with a means to correct, amend, or delete information that is found to be inaccurate or incomplete. Due to regulatory, statistical, and contractual requirements, we are not able to grant direct access to research data to research participants or clinical investigators.
Enforcement: Medelis' management team has put into place internal, self-assessment procedures for periodically conducting random reviews of compliance of its relevant privacy practices to verify adherence to the company's Safe Harbor Privacy Policy.
Any employee that Medelis determines is in violation of this Safe Harbor Privacy Policy will be subject to disciplinary action up to and including termination of employment.
In compliance with the Safe Harbor Principles, Medelis commits to resolve complaints about your privacy and our collection and use of your personal information. European Union citizens with inquiries or complaints regarding this privacy policy should first contact the Director of Quality Assurance at the Company, as follows: Director of Quality Assurance, 4105 N. 20th Street, Suite 215, Phoenix Arizona 85016, via mail, or phone (602-840-1101) or fax (602-840-1102).
Medelis has further committed to refer unresolved privacy complaints under the Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU Safe Harbor, operated by the Council of Better Business Bureaus, Inc. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed by Medelis, you may contact: Council of Better Business Bureaus, Inc., BBB EU Safe Harbor, 4200 Wilson Boulevard, Suite 800, Arlington VA 22203, phone 703-276-0100.
