Effective January 1, 2016.
EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor Compliance
Medmeme, LLC is a participant in the U.S. Department of Commerce’s EU-U.S. Privacy Shield and has certified that we adhere to the EU-U.S. Privacy Shield Principles. Medmeme, LLC is subject to the investigatory and enforcement powers of the Federal Trade Commission. For more information about the EU-U.S. Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov
This Policy applies to all personal information received by Medmeme, LLC in the United States from the EEA in any format, including electronic, paper or verbal. Medmeme respects individual privacy and values the confidence of its customers, employees, business partners and others. Medmeme does not collect, use and disclose personal information. Medmeme does not use any third party agencies to collect personal information. All information collected by Medmeme comes from credible public sources available in public domain on the internet. Not only does Medmeme comply with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices.
For purposes of this Policy, the following definitions shall apply:
“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, Medmeme or to which Medmeme discloses personal information for use on Medmeme’s behalf.
“Medmeme” means its successors, subsidiaries, divisions
“Personal information” means any information or set of information that identifies or could be used by or on behalf of Medmeme to identify an individual. Personal information does not include information that is encoded or
“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, views or activities, that concerns health or sex life, information about social security benefits, or information on criminal or administrative proceedings and sanctions other than in the context of pending proceedings. In addition, Medmeme will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
The privacy principles in this Policy have been developed based on the Privacy Shield Principles.
- Medmeme does not collect private information
- Medmeme does not intentionally collect information from under 13’s
- Medmeme does not conduct any internet financial transactions
- Any Private information that is collected unintentionally is deleted from
Medmeme’sdatabases as soon as such information is discovered through internal data audit.
- Any user information collected by Medmeme will remain in
NOTICE: In case Medmeme
Where Medmeme receives personal information from its subsidiaries, affiliates or other entities in the EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
CHOICE: Medmeme will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For sensitive personal information, Medmeme will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Medmeme will provide individuals with reasonable mechanisms to exercise their choices.
DATA INTEGRITY: Medmeme will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Medmeme will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
TRANSFERS TO AGENTS: In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Medmeme, LLC remains liable
Medmeme will obtain assurances from its agents that they will safeguard personal information consistently with this Policy. Examples of appropriate assurances that may be provided by agents include: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Privacy Shield Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), being subject to Swiss Federal Act on Data Protection, Privacy Shield certification by the agent, or being subject to another European Commission or Swiss FDPIC adequacy finding (e.g., companies located in Canada). Where Medmeme has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, Medmeme will take reasonable steps to prevent or stop the use or disclosure
ACCESS AND CORRECTION: Upon request, Medmeme will grant individuals reasonable access to personal information that it holds about them. In addition, Medmeme will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
SECURITY: Medmeme will take reasonable precautions to protect personal information in its possession from loss, misuse
ENFORCEMENT: Medmeme will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Medmeme determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.
DISPUTE RESOLUTION: Any questions or concerns regarding the use or disclosure of personal information should be directed to the Medmeme Privacy Office at the address given below. Medmeme will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the principles contained in this Policy. For complaints that cannot be resolved between Medmeme and the complainant, Medmeme has agreed to participate in the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the Privacy
- for disputes involving all personal information received by Medmeme from Switzerland, Medmeme has agreed and to cooperate with the Swiss FDPIC;
- for disputes involving employment-related personal information received by Medmeme from the EEA, Medmeme has agreed to cooperate with the data protection authorities in the EEA and to participate in the dispute resolution procedures of the panel established by the European data protection authorities;
- for disputes involving all other personal information received by Medmeme from the EEA, Medmeme has agreed to eTRUST dispute resolution. Individuals who submit a question or concern to Medmeme and who do not receive
acknowledgmentfrom Medmeme of the inquiry or who think their question or concern has not been satisfactorily addressed should then contact the eTRUST Privacy Shield Dispute Resolution Program on the Internet, by mail or by fax. Inquiries by mail or fax should identify Medmeme as the company to which a concern or question has been submitted, and include a description of the privacy concern, the name of the individual submitting the inquiry, and whether eTRUST may share the details of the inquiry with Medmeme. eTRUST will act as a liaison to Medmeme to resolve these disputes.
- Fax: 1-212-725-5993
- Mail: Medmeme LLC, 501 7th Avenue, Suite 508, New York, NY 10018
- If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, you can also submit your complaint to Privacy Trust, an independent third party. Visit https://www.privacytrust.com/drs/medmeme to file a complaint.
- Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
LIMITATION ON APPLICATION OF PRINCIPLES
Adherence by Medmeme to these Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.
Questions or comments regarding this Policy should be submitted to the Medmeme Corporate Office by mail as follows:
501 7th Avenue, Suite 508
New York, NY 10018
Attn: Data Privacy Officer/Privacy Shield
This Policy explains how Medmeme collects, holds, uses and discloses Personal Information, including Personal Information.
To demonstrate our commitment to the protection of Personal Information, including Personal Information transferred out of the European Economic Area (“EEA”) and Switzerland for the performance of our services and business operations, we adhere to the Privacy Shield Principles and are certified to the EU-U.S. Privacy Shield Framework (“Privacy Shield”), as set forth by the U.S. Department of Commerce and the Federal Trade Commission. Further details of the Privacy Shield and the Privacy Shield Principles can be found on the website at https://www.privacyshield.gov. We also use model contractual clauses and other mechanisms approved by the European Union and Switzerland, respectively, for transfers of Personal Information from the EEA and Switzerland.
* * *
SCOPE: This Policy applies to all Personal Information of Individuals, either in electronic or paper format, received by Medmeme, including Personal Information of Company Personnel, healthcare professionals, clinical investigators, and users.
DEFINITIONS: For purposes of this Policy, the following definitions shall apply:
“Agent” means any third party that uses Personal Information provided to it by Medmeme to perform tasks on behalf of and/or under the instructions of Medmeme or to which Medmeme discloses Personal Information for use on its behalf.
“European Economic Area” (EEA) means for the purposes of this Policy all countries within the European Union (EU) and Iceland, Liechtenstein, Norway.
“Individual” means any natural person.
“Personal Information” means any information or set of information about an identified or identifiable individual, including, but not limited to: (a) first name or initial and last name; (b) home or other physical address; (c) telephone number; (d) email address or online identifier associated with the individual; (e) Social Security number or other similar identifier; or (f) any other information relating to an individual that is combined with any of the above. The term “Personal Information” does not include non-identified information or information that is reported in the aggregate (provided that such aggregated information is not identifiable to a natural person).
“Personnel” includes, but is not limited to, any employee (permanent or temporary), director, officer, contractor, worker, temporary worker, job applicant,
“Privacy Shield Principles” collectively means the seven (7) privacy principles, as well as the supplemental privacy principles and the associated guidance details of which can be found at https://www.privacyshield.gov.
“Medmeme” means any entity that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with Medmeme, LLC. For purposes of this definition, “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such entity, whether through the ownership of voting securities, by contract or otherwise.
“Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data where processed to uniquely identify a person, any information that concerns medical or health conditions or sex life, or information relating to the commission of a criminal offense.
Where Medmeme collects Personal Information directly from Individuals, it will explain the purposes for which it collects and uses Personal Information about the Individuals, the types of third parties to which Medmeme discloses that information, and the choices and means, if any, Medmeme offers Individuals options for limiting the use and disclosure of Personal Information about them. This explanation will be provided as soon as practicable and, in any event, before Medmeme discloses the Personal Information or uses such information for a purpose materially different than that for which it was originally collected or processed.
Types of Personal Information collected, Purposes of Collection and Uses of Personal Information:
Research Studies-Related Information clinical investigators or other study personnel, and other consultants, contractors, managers, and agents (who are natural persons) of the study sponsor and its corporate affiliates, business partners and third-party service providers. Such data is collected for creating analytical reports.
Human Resources-Related Information. For Individuals who are Personnel, we will process Personal Information to carry out and support our human resources functions and activities, including but not limited to, employment opportunities, Personnel recruitment and onboarding, administration of Personnel participation in benefits, compensation and human resources plans and programs, management of Personnel performance, and implementation, investigation and reporting on compliance and discipline procedures and matters. Medmeme may provide Personal Information to Agents to support Medmeme in
Customers and Program Participant Information. For Individuals sharing Personal Information with Medmeme in order to inquire about or otherwise make use of our services or purchase, receive or seek information, including about any health care products and services, opportunities to participate in clinical research, we will use such Personal Information in order to provide the requested information, products, and/or services. Such uses may include processing requested transactions, improving the quality of our services, sending communications about the products and services available through Medmeme, and enabling our business partners and Agents to perform certain activities on our behalf.
Medmeme may also use the Personal Information collected above to comply with our legal and regulatory obligations, policies and procedures, and for internal administrative purposes.
Medmeme may offer Individuals the opportunity to choose whether their Personal Information is (a) to be disclosed to a third party, or (b) to be used for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the Individual.
Medmeme will not process Sensitive Personal Information about Individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the Individual unless the Individual explicitly consents to the processing (“opt-in”), or as required or permitted, or where not prohibited by law or regulation.
In some cases, even if an Individual opts-out of disclosures of their Personal Information, Medmeme may still disclose such Personal Information (i) if required to do so by law, (ii) if disclosure is required to be made to law enforcement authorities, or (iii) if we believe disclosure is necessary or appropriate to prevent physical harm to an individual or financial loss or in connection with an investigation of suspected or actual illegal activity. Medmeme also may transfer Personal Information when a material event concerning its business operation(s), assets or shares, such as purchase, disposal, merger, joint venture or acquisition, is proposed or occurs. In such an event, Medmeme will endeavor to direct the transferee to use Personal Information in a manner that is consistent with this Policy. Medmeme will provide Individuals with reasonable mechanisms to exercise their choices to the extent required by applicable law.
ACCOUNTABILITY FOR ONWARD TRANSFER
In the performance of our services and business operations, Personal Information we collect or receive may be stored or transferred internationally throughout our worldwide organization and to our service providers or agents, including for hosting our databases or provision of data processing services, in accordance with applicable data privacy laws. Transfers to third parties are covered by the provisions in this Policy regarding notice and choice.
Medmeme may also share an Individual’s Personal Information with Agents in connection with services that these individuals or entities perform for, or with Medmeme. Medmeme may, for example, provide an Individual’s Personal Information to Agents for hosting our databases, for data processing services, or to send to that Individual the information that he or she requested.
Medmeme may transfer Personal Information for specified, limited purposes, to an Agent and will endeavor to obtain assurances that such Agent provides at least the same level of privacy protection as is required by the Privacy Shield Principles (where applicable) and this Policy and will notify Medmeme if it makes a determination it can no longer meet this obligation.
Where Medmeme knows that any third party to whom it has provided Personal Information is using or disclosing Personal Information in a manner contrary to this Policy, Medmeme will take reasonable steps to prevent or stop the use or disclosure. With respect to such onward transfers to Agents, and to the extent Medmeme is responsible for the event, Medmeme shall remain liable should its Agents process Personal Information in a manner inconsistent with the Privacy Shield Principles (where applicable) and this Policy.
Medmeme will employ reasonable and appropriate technical, administrative and physical safeguards designed to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration
DATA INTEGRITY AND PURPOSE LIMITATION
Medmeme endeavors to use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the Individual. Medmeme will take reasonable steps designed to ensure that only Personal Information that is relevant to its intended use, accurate, complete, current, and otherwise reliable in relation to the purposes for which the information was obtained is used by Medmeme for as long as Medmeme retains possession of such information.
Under laws in certain countries in which we operate, individuals have a right to access Personal Information about themselves, and to amend, correct or delete Personal Information that is inaccurate, incomplete or outdated. Medmeme will, on request, provide an Individual with confirmation regarding whether Medmeme is processing Personal Information about them, consistent with applicable law. In addition, upon request of an Individual, Medmeme may take reasonable steps to correct, amend, or delete their Personal Information that is found to be inaccurate, incomplete or processed in a manner non-compliant with this Policy or applicable law, except where the burden or expense of providing access would be disproportionate to the risks to that Individual’s privacy, where the rights of persons other than the Individual would be violated or where doing so is otherwise consistent with applicable law. Unless prohibited by applicable law, Medmeme reserves the right to charge a reasonable fee to cover costs for providing copies of Personal Information requested by Individuals.
Medmeme encourages Individuals covered by this Policy to raise questions about the processing of Personal Information about them by contacting Medmeme through the contact information provided below. Any Personnel that Medmeme determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment, where applicable.
Any questions or concerns regarding the use or disclosure of Personal Information should also be directed to Medmeme through the contact information given below. Medmeme will undertake reasonable efforts to investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy.
In addition, Medmeme has agreed to cooperate with the American Arbitration Association (“AAA”) with respect to complaints of Individuals that are not Personnel of the Company and with the local data protection authorities with respect to Personnel and human resources related information consistent with applicable law. For more information and to submit a complaint to AAA, visit http://go.adr.org/privacyshield.html. Such independent dispute resolution mechanisms are available to Individuals free of charge.
CONTACT INFORMATION: Questions, comments, concerns or complaints regarding this Policy or Medmeme processing of Personal Information should be submitted to Medmeme by emailing us at firstname.lastname@example.org
RESERVATION OF RIGHTS: Medmeme reserves the right to share an Individual’s Personal Information and contracts with Agents as required or authorized by law or regulation or in response to duly authorized information requests of government authorities.
To protect your privacy, we provide this notice explaining our website data collection practices.
At Medmeme, we are strongly committed to protecting your privacy. You can navigate the majority of our Website without giving us any personal information about yourself. However, sometimes we need additional information about you in order to provide the information or services you are requesting.
Your privacy is important to us. To protect your privacy, we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used.
What information do we collect about you?
1. We may collect the following types of personally identifiable information through this Website: name, title, contact details including e-mail address, and telephone numbers. We also may collect additional information when you register to access services.
2. On some pages, you may opt to provide us information about yourself for example if you are interested in (a) an employment opportunity at Medmeme; or (b) having Medmeme participate at your event. The information requested from you will be based on your area of interest.
3. On occasion, Medmeme may request that you voluntarily participate in a survey or poll such as feedback on website content or services. Your responses will be anonymous unless you opt
4. In order to improve the design and content of our Website and to enable us to better personalize your user experience, we may collect certain technical information about our visitors when you visit our Website pages, such as the IP address or the type of browser you are using, the type of operating system you are using, and the domain name of your Internet service provider.
The way we use your information
We use your information to enable you to receive access to our products and services on-line, obtain information about our products and services and receive updates, participate in surveys or questionnaires posted on our Website, provide you with opportunities to learn about our other products, programs, or services that we believe may be of interest to you, and to enable us to respond to your requests.
Do we share your information?
We do not share personally identifiable information with unrelated third parties who are not covered by this privacy statement without your prior permission, except to the extent reasonably necessary to: (i) correct technical problems and malfunctions; (ii) protect the security and integrity of our Website; (iii) protect our rights, interests and property and the rights, interests
Our commitment to data security
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Cookies and log files
There are various ways, including one called “cookies”, which can be used to provide tailored information for you from a website. A cookie is a piece of data or file that a website can send to your browser, which may then store it on your computer system.
a) allow site visitors to personalize their experience by accessing information, products, and services relevant to their areas of interest, b) track a user session within our Website, and c) prevent duplication in voting or participation in surveys.
We receive IP addresses in the normal course of the operation of our Website. An IP address is a number assigned to you by your Internet service provider so you can access the Internet. Although we do receive IP addresses, we do not use them to identify you personally or disclose them to others.
Our commitment to children’s privacy
Protecting the privacy of the very young is especially important. For that reason, we do not intend to collect or maintain information at our Website from those we know are under 13 years of age, and no part of our Website is structured to attract anyone under 13.
The information you provide to us may be archived or stored periodically by us according to backup processes and will only be retained for as long as is required for the purposes for which it was collected.
Other third-party websites
Our Website may contain links to other third-party websites. You should carefully review the privacy policies and practices of other websites, as we cannot control or be responsible for privacy policies or practices of third-party websites that are not Medmeme’s Websites.
We would be pleased to send you information about products and services of ours and other companies in our group which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date.
Notification of changes
We keep our Privacy Statement under regular review and we will place any updates on this Web page.
How to contact us
If you wish to access, correct, update or request removal of any of your information you provided to us or if you have any questions regarding this statement or would like more information on our privacy practices, please contact us
Here you can find information related to the new data protection rules in the European Union (EU) known as the General Data Protection Regulation (GDPR) and the steps we are taking to ensure timely compliance with those rules.
GDPR at Medmeme
For Medmeme, data protection and privacy
As you may be aware, new data protection rules in the European Union (EU) known as the General Data Protection Regulation (GDPR) will be in effect as of May 25, 2018. Focused on data privacy, GDPR is the new EU legal framework for the protection of personal data. It includes several key changes to existing EU data protection law, including data breach notification, accountability
To ensure a seamless transition, we have mobilized an internal steering committee to assess the impacts on our customer offerings, including determining the necessary changes to our systems, processes
For more information, please contact us