CANFIELD PRIVACY STATEMENT
Canfield Scientific, Inc. (Canfield) is committed to protecting the privacy of individuals whom we conduct business with all over the globe. In order to conduct global business in an increasingly electronic economy, it is often necessary to collect Personal Information about our partners and customers.
This Policy has been developed to inform you why we collect your Personal Information, as well as how we use and protect it. If you receive services from Canfield and are located in the European Economic Area (EEA) and Switzerland, please also view Canfield EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield policy.
COLLECTION OF YOUR PERSONAL INFORMATION
When providing services to you, Canfield may request Personal Information from you. These requests may include your name, email address, company name, and/or telephone number. Your response to these inquiries is strictly voluntary as Canfield uses this information to customize your experience on our website, alert you to products and services that can assist you in your business, promote site registration, and facilitate your order processing.
Additional information about you may be collected if the services provided by Canfield require collection and use of such information.
Please Note: If the information collected about you contains your Protected Health Information (PHI), Canfield will handle this information in compliance with HIPAA and HITECH Regulations (including those that protect the rights of minors) as they pertain to the services being provided.
USE OF YOUR PERSONAL INFORMATION
You can visit our website without divulging any Personal Information. However, there are areas of the site that require Personal Information to complete their customization functions; functions that may not be available to those choosing not to provide the information requested.
DISCLOSURE TO THIRD PARTIES
In cases where Canfield believes your business interests will be served, Canfield may share your information (excluding account, credit card, and ordering information) with Canfield distributors who can alert you to new products and services to improve your competitive edge. If you receive unwanted marketing materials from any of our distributors, please let them know that you wish to be removed from their contact lists.
Personal information may be disclosed by Canfield to judicial or other government agencies subject to warrants, subpoenas, or other governmental orders in accordance with applicable law.
COLLECTING DOMAIN INFORMATION
Canfield collects domain information as part of its analysis of the use of its website. This data enables us to become more familiar with which customers visit our site, how often they visit, and what parts of the site they visit most often. Canfield uses this information to improve its web-based offerings. This information is collected automatically and requires no action on your part.
Canfield also uses web cookies on this site. The type of information we collect includes the pages visited, files downloaded, type of browser used, etc. This information helps us to learn what pages are most attractive to our visitors, which of our products most interests our customers, and what kinds of offers our customers like to see.
Cookies cannot read data off your hard drive. Your web browser may allow you to be notified when you are receiving a cookie, giving you the choice to accept it or not. By not accepting cookies, some pages may not fully function and you may not be able to access certain information on this site.
PROTECTING OUR CUSTOMERS
Protecting and securing your Personal Information is Canfield's top priority. We prevent unauthorized access by a secure firewall and through the use of a security infrastructure to protect the integrity and privacy of your information. We also keep your Personal Information secure by encrypting any transfers of your Personal Information.
At Canfield, only authorized personnel will have access to your Personal Information when it pertains to their job responsibilities.
Canfield seeks to use reasonable organizational, technical, and administrative measures to protect your Personal Information, but you should be aware that any electronic means of communication may carry some level of risk and that no data transmission or storage system can be guaranteed as 100% secure.
CANFIELD PRIVACY CONTACT INFORMATION
If you have any questions regarding your privacy, please contact us at:
DPO@canfieldsci.com or at the mailing address below:
Attn: Data Protection Officer
Canfield Scientific, Inc.
4 Wood Hollow Road
Parsippany, NJ 07054
United States of America
Canfield Scientific, Inc. (Canfield) is an American based company that performs services and sells imaging software products globally. As a result, Canfield may be exposed to and receive personal data transferred from the European Economic Area (EEA) and Switzerland.
Canfield has self-certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks and complies with the principles of these frameworks.
As you may know, data transfers to the countries outside the EU are deemed not to have an “adequate level of data protection.” For American based companies, one of the best mechanisms for providing such adequate data protection is the EU-U.S. and Swiss-U.S. Privacy Shield program run by the U.S. Department of Commerce.
EU-U.S. and Swiss-U.S. Privacy Shield is a self-regulatory mechanism under which U.S. based companies can voluntarily agree to abide by a set of principles negotiated between the United States government and the European Commission. Transfers made to a Privacy Shield certified company in the United States are deemed as having an adequate level of data protection.
For more information about the EU-U.S. Swiss-U.S. Privacy Shield Framework please visit, http://www.privacyshield.gov
CANFIELD AS A DATA PROCESSOR
When participating in clinical trials and offering services to its clients Canfield acts as a Data Processor as defined in the General Data Protection Regulation (GDPR). This means that Canfield does not make independent decisions regarding personal data received from EEA and Switzerland, nor owns or controls such personal data, and as such only processes it under instructions from the Data Controllers.
Canfield processes personal data for clinical trials (such as photographs, dates when photographs were taken, data subject coded identifiers which may include some of the following: initials, year of birth, etc.). Where possible, Canfield only receives pseudonymized data from EU and Switzerland. Pseudonymization is a type of processing of personal data in a way that the data can no longer be attributed to a specific subject without the use of additional information.
Canfield processes personal data (such as name, address, email addresses, IP address of computer, login time and day, pages viewed in electronic form from its customers in the EEA and Switzerland (e.g.,institutions, physicians, aesthetic, and retail establishments, etc.).
DATA PROTECTION OFFICER (DPO)
Canfield has appointed a Data Protection Officer (DPO), who is responsible for matters relating to privacy and data protection at Canfield. If you have any questions about collection or storage of your personal data the DPO can be reached out at:
4 Wood Hollow Road, Parsippany, NJ 07054
Under Privacy Shield, Canfield recognizes its adherence to the Privacy Principles (Principles) as follows:
NOTICE / TRANSPARENCY / ACCESS / RECTIFICATION
Every data subject has the right to know about the purpose(s) for which their personal data is being collected, what personal data about them is collected, whom they can contact to inquire about their data, and how to file a complaint if necessary.
As Canfield does not directly communicate with data subjects (clinical research participants) due to the nature of the agreements with the Data Controllers, Canfield assures that Data Controllers provide the data subjects with their right of notice.
Data Controllers are responsible for providing data subjects with their rights to know what data about them is being collected, for what purposes, and to whom outside of the EEA and Switzerland it has been or will be transferred to.
It is the responsibility of the Data Controllers to obtain permission from the data subjects to transfer their personal data outside of the EEA and Switzerland.
Personal data may be disclosed by Canfield to judicial or other government agencies subject to warrants, subpoenas, or other governmental orders in accordance with applicable law.
Data subjects must be given access to the personal data that Canfield holds about them. They should also be able to correct, amend, or delete this information where it is inaccurate.
Due to processing of clinical research data, there are may be limitations for data subjects to access their data during the course of a clinical trial. This is because clinical research and its results must be protected from being jeopardized. After the clinical trial has concluded, data subjects may request to exercise their right to access their data with the Data Controllers. If Canfield receives a request from the data subjects, such request will be forwarded to the applicable Data Controller.
If your personal data needs to be corrected, please contact your Data Controller (for clinical research - Clinical Research Site/Sponsor: for services other than clinical – your Representative at the place of business).
CHOICE AND ONWARD TRANSFER
Canfield acknowledges that data subjects must be provided with the option to choose whether or not their personal data can be disclosed to third parties and used for purposes other than those for which it was collected.
It is the responsibility of the Data Controllers to provide this choice to the data subjects. This responsibility is ensured by the contractual obligations between Canfield (Data Processor) and its customers (Data Controllers) in the EEA and Switzerland.
Personal data obtained by Canfield from data subjects in the EEA and Switzerland will not be disclosed by Canfield without proper consent. If Canfield intends to use such personal data for purposes other than those for which it was intended, Canfield will obtain proper consent directly from the data subjects.
When providing services to its customers, Canfield may need to share an individual’s personal information with its subcontractors (Data Centers, Reviewers participating in Independent Panel Reviews, outside statistical services etc.). Canfield obtains assurances that its subcontractors are either Privacy Shield self-certified or can guarantee compliance with this policy and provide an adequate level of protection and security (in alignment with the Principles) with regards to personal data obtained from the EEA and Switzerland.
If data is transferred to third parties, Canfield remains liable and assures the parties have the same or higher level of data protection, or the parties participate in EU-U.S. Privacy Shield Program.
You can opt out of receiving marketing materials (right to object) by contacting Canfield distributors or by sending an e-mail to DPO@CanfieldSci.com
ERASURE AND RESTRICTION OF PROCESSING
Every data subject has a right to erasure (to be forgotten) and the right to restrict processing of their data.
As Canfield acts strictly under the instructions from the Data Controllers, all requests for erasure and rectification must be forwarded to the Data Controllers. Canfield will destroy or rectify subjects’ data when and in a manner that is directed by the Data Controllers.
Additionally, due to Regulatory and contractual requirements for clinical studies, Canfield will store subjects’ data for a period of time no less than fifteen (15) years.
Canfield will provide Data Controllers with subjects’ data it holds based on agreements between Canfield and Data Controllers. Data Subjects must contact Data Controllers to exercise their right to data portability (if applicable).
PROCESSING BASED ON CONSENT
Canfield processes personal data received from EEA and Switzerland based on the informed consent. In clinical trials, investigative sites are responsible to ensure consent is freely given, specific and unambiguous.
Canfield has put the appropriate administrative, technical, and physical safeguards in place to protect individuals’ personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. All individuals’ personal data is held in Canfield’s secure facilities with limited access rights.
Canfield will use personal data obtained from the EEA and Switzerland explicitly for the purposes such information was collected. Canfield will take reasonable steps to ensure that personal data is relevant to its intended use, accurate, complete, and current. Data collected under the EU-U.S. Privacy Shield will remain subject to these principles for as long as it is retained.
Canfield is committed to comply with this Policy and will periodically verify and confirm that it is accurate, up to date, and in compliance with the Principles. We encourage our customers who have concerns or questions regarding this Policy to contact Canfield’s DPO at DPO@CanfieldSci.com or at the mailing address below:
Attn: Data Protection Officer
Canfield Scientific, Inc.
4 Wood Hollow Road
Parsippany, NJ 07054
United States of America
Data subjects should submit complaints concerning the processing of their personal data to the applicable Data Controllers in the EEA and Switzerland responsible for collecting their information in accordance with the relevant dispute resolution mechanism.
Canfield has chosen Privacy Trust as its dispute resolution mechanism. If you have a concern or complaint about Canfield’s privacy practices, you can contact us directly, or contact Privacy Trust at the following address: http://www.privacytrust.com/drs/canfield
Privacy Trust will handle any disputes free of charge to the person raising them. Canfield will respond to all complaints within 45 days.
You may also invoke Binding Arbitration to resolve your complaint in accordance with Privacy Shield Annex I, before the Privacy Shield Panel.
You also have a right to lodge a complaint with the supervisory authority in EEA and Switzerland. A list of all EU supervisory authorities is available on the European Commission website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
Canfield is also subject to the investigatory and enforcement powers of the US FTC (Federal Trade Commission).
Canfield’s Data Protection Officer will ensure the enforcement of this Policy.
Any Canfield employee who violates this Policy will be subject to disciplinary action that could result in the termination of their employment with Canfield.
Canfield reserves the right to amend this Policy at any time to ensure its compliance with the Principles or applicable data protection regulations.
This Policy is effective as of 03-Sep-2014 and was last updated on 25 April 2018.