Data Privacy at Greenphire Inc.
The Information We Collect
The personal data we collect about you (i.e., information which identifies you or from which you are identifiable) can be provided by you for several different reasons which are described below:
1. You have registered to receive information. The type of information that you can register to receive includes, for example:
- Thought leadership (Articles, white papers, blogs), news (press releases and industry articles) and even information including trade show presentations.
- Information in connection with your registration or your use of the Site or our products or services
- Responses to your inquiries, comments, and suggestions
- Invites to participate in brief surveys
- Information in connection with the completion of any other transaction, you may perform
Each time you receive an automated email alert, you have the option of canceling your registration and removing your email address from our database by simply clicking on the unsubscribe link at the bottom of each email alert message.
The personal data collected when you register to receive this information on an automated, “alerts” basis may include your name, title, company name, address, contact telephone numbers, and email address.
2. You may opt to provide us information about yourself if you are interested in an employment opportunity at Greenphire. The information requested from you will be based on your area of interest.
3. You can register to request customized information or support assistance. This information is generally collected on “Contact Us” forms where you can ask questions or request information. The personal data you provide on these forms may include your name, title, company name, address, contact telephone numbers, and email address. The purpose of this processing is so that we can respond to your questions or enquiry.
4. Greenphire may also collect information as a processor from or on behalf of our clients and business partners in the delivery of our core business services. Personal data collected may include subject ID or name, date of birth, and address. Additional data may be collected based on need of study or election of patient including, for example: social security number, email, phone number, bank account details. We collect this data for the purpose of fulfilling the services for which we have been contracted. If you are a client or business partner, it is your responsibility to ensure that all personal data provided to Greenphire by or on your behalf is collected in compliance with all applicable law (including without limitation, data protection and privacy laws), including as required, providing the data subjects with information notices and obtaining their valid consent, approval and/or authorization.
5. Greenphire automatically collects information about your use of the Site through data collection tools such as cookies (see section on Cookies below for further information). Please note that our website does not respond to “Do Not Track” signals from your browser.
The Way We Use Information
If your personal data was provided to us by or on behalf of one of our clients, we will only use your personal data to provide the service for which our client has engaged us.
Where Greenphire has otherwise been provided with your personal data we will use your personal data to the extent necessary where in our legitimate interests:
- to manage and maintain our relationship with you and for ongoing customer service;
- to provide support and to respond to your requests and enquiries;
- to personalize your visit to the Website and to assist you while you use the Website;
- to improve the Website by helping us understand who uses the Website;
- to protect the security and integrity of our Website and correct technical problems and malfunctions;
- to monitor, maintain and improve the processes, information and data, technology and communications solutions and services we use;
- to protect our rights and property and the rights and property of others or to take precautions against liability;
- for fraud prevention and detection and to comply with applicable laws, regulations or codes of practice;
- to the extent required or permitted by law, including in response to a court order, subpoena, search warrant, law or regulation, as applicable;
- to share such personal data with third parties that acquire or are interested in acquiring all or part of our assets or shares, or that succeeds us in carrying on our business.
Greenphire will also use your personal data to contact you to tell you about product and/or services offered by us as well as other promotions and surveys, which we believe may interest you unless you advise us that you do not wish to receive marketing or market research communications from us. If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent.
Sharing Your Information
Greenphire provides your personal data to third parties such as:
- clients for whom we work,
- bank affiliates to conduct due diligence,
- vendors to provide us with services (i.e. payment card processing, reimbursement or payment, direct deposit, travel, 1099 services),
- competent authorities, courts and bodies in response to a court order, summons or subpoena, regulatory requests, or as permitted or required by law when we reasonably believe it is necessary or appropriate to investigate, prevent or take action against illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person, or
- any third party that acquires, or is interested in acquiring, all or part of our assets or shares, or that succeeds us in carrying on all or part of our business.
Our Commitment to Data Security
The personal data you provide is stored in a secure electronic database that has access limited to only those who need to know your information. Greenphire employs reasonable precautions to prevent your personal data from loss, misuse, unauthorized access, disclosure, alteration or destruction. We also take all necessary steps to ensure your information is reliable for its intended use, accurate, complete and current. This is achieved by storing your information in a secure electronic database that has physical, electronic and supervisory procedures in place to protect your information. Greenphire also has a corporate policy in place that requires all personnel not to disclose personal data to any third party that is not entitled to have that information.
Retention of Information
We store the information you provide about yourself in a secure database in order to provide you with the information, products, and/or services you request or that Greenphire has been contracted to provide. The criteria used to determine the retention periods include: (i) how long the personal data is needed to provide the services and operate the business; (ii) the type of personal data collected; and (iii) whether we are subject to a legal, contractual or similar obligation to retain the data (e.g., a client contract – where we are acting as a processor, mandatory data retention laws, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes).
Retention Period for ClinCard/eClinicalGPS/Travel Services:
Greenphire will retain: (a) transactional ClinCard data for at least 7 years from study close out, if no balance is available on the card and subject is not associated with any active cards; and (b) all eClinicalGPS transactional data for 2 years from study closeout. Travel profiles are deleted six months after Greenphire closes out the travel with our travel partners.
You can control and/or delete cookies as you wish. You may be able to modify your browser preferences to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose not to accept some or all cookies, certain Website features may not function properly. For example, you may not be able to use those functions of the Website that require registration. For details, see https://aboutcookies.org/ or contact us using the contact information below on “How to Contact Greenphire”.
The following is the tracking technologies details around each of the Tracker/Cookies used either on our marketing website (greenphire.com) or within our applications and what they are used for.
Hubspot: Marketing Automation
Google Analytics: Website Analytics
DoubleClick Analytics (now part of Google): Website Analytics
LinkedIn Analytics: LinkedIn page analytics
Facebook Connect: Facebook page analytics
Typekit by Adobe: Website Fonts
ShareThis: Widget sharing
NewRelic: Application and Session activity Monitoring
Your Privacy Choices
Access or Correct Your Information. You can exercise your rights to access your information at any time by contacting either (i) the medical staff from the study or (ii) Greenphire at email@example.com. To protect your privacy and security, we will also take reasonable steps to verify your identity before updating or removing your information. Please be aware that Greenphire may not be able to comply with a request to amend or remove information that was provided by or on behalf of a client as part of our core business, however, Greenphire will assist clients in so far as is possible, in their obligation to respond to requests.
Our Commitment to Children’s Privacy
Links to Other Websites
The Website may contain links to other websites. You should carefully review the privacy policies and practices of other websites, as we cannot control or be responsible for their privacy practices.
California Privacy Rights
Under California Civil Code Section 1798.83 California residents may request certain information about our disclosure of personal data during the prior calendar year to third parties for their direct marketing purposes. We do not share your personal data with third parties or corporate affiliates for their direct marketing purposes.
European Data Protection Laws
Additional Information for Users in Europe
Greenphire as well as some of the recipients to whom we share your personal data (see above) are located in countries outside of the EEA and the UK including in the U.S., and which are not considered by the European Commission or the UK’s Information Commissioner’s Office to provide an adequate level of data protection. Transfers to Greenphire from the EEA and the UK are made under the Privacy Shield (see below for further information) which offers protections for onward transfers.
Clinical Trial Participant:
If you are a clinical trial participant, Greenphire is processing your Personal Data as a processor on the instructions of our client.
Greenphire shall assist clients in so far as is possible, in their obligation to respond to requests from data subjects exercising their rights under European data protection laws. However, as Greenphire will be processing such personal data as a processor (i.e., on the instructions of the client), to the extent an individual makes such a request (e.g. to access their personal data), such a request will in the first instance be directed to the relevant client as the controller of such personal data.
If you are not a clinical trial participant (i.e., we have not been engaged to provide payment services by your study site and/or clinical trial sponsor), we are processing your Personal Data as a controller for purposes of European data protection laws and you have the following data subject rights (which may be subject to certain limitations):
The Right to Access Your Personal Data
You can ask us to provide copies of all the personal data we hold about you – along with the reason why we have your data, who we have disclosed your data to, how long your data will be stored and information about your rights regarding our use of your data
The Right to Withdraw Consent
Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.
The Right to Object to the Use of Your Personal Data
Where we rely on our legitimate interest to process your personal data, you can object to our processing in certain cases. If the purpose of the processing is for direct marketing, your right to object is absolute.
The Right to Have Your Personal Data Corrected
You can challenge the accuracy of your personal data and have it corrected. You can update the personal data that you give us at any time by contacting us directly at firstname.lastname@example.org.
The Right to have Your Personal Data Deleted
You can ask us to delete your personal data under certain circumstances.
The Right to Data Portability
You can ask us for a copy of your personal data to be provided to you, or a third party.
All such requests should be made using the contact details set out below. We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than within one month after receipt of your request. In exceptional cases, we may extend this period by two months and we will tell you why. We may request proof of identification to verify your request. For more details in relation to your rights, including how to exercise them, please contact us using the contact details below.
You also have the right to lodge a complaint about the processing of your personal data with the data protection authority
Other Data Subject Rights
Individuals in Andorra, Argentina, Australia, California, Canada, Faroe Islands, Guernsey, Hong Kong, Israel, Isle of Man, Japan, Jersey, Mexico, New Zealand, Singapore, South Korea, Switzerland, Uruguay, and certain other jurisdictions have certain data subject rights. These rights vary but they may include the right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to processing of their personal data; and (iii) the right to data portability. Individuals may also have the right to lodge a complaint about the processing of personal data with a data protection authority.
If you make a request related to information about you, you may be required to supply a valid means of identification as a security precaution. We will process your request within the time provided by applicable law.
Greenphire EU-US, Swiss-US and UK-US Privacy Shield Statement
Greenphire complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union (“EU”), the UK and Switzerland to the United States. Greenphire has self-certified to the Department of Commerce that it adheres to the Privacy Shield Principles (the “Principles”) and commits to subject all Personal Data received from the EU, the UK and Switzerland to the Principles. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Greenphire shall remain liable under the Principles if third-party agents that it engages to process Personal Data on its behalf do so in a manner inconsistent with the Principles, unless Greenphire proves that it is not responsible for the event giving rise to the damage.
If you have any inquiries or complaints, please contact us using the contact information set out below. Under the Privacy Shield, any unresolved privacy complaints can be referred to an independent dispute resolution mechanism. We use the International Centre for Dispute Resolution®/American Arbitration Association®. If you feel that we have not satisfactorily addressed your complaint, you can visit the ICRD/AAA website at https://apps.adr.org/webfile/ for more information on how to file a complaint. In some cases, you may be able to invoke binding arbitration. With respect to personal data transferred under the Privacy Shield, Greenphire is subject to the investigatory and enforcement powers of the Federal Trade Commission.
Greenphire has further committed to cooperate with the panel established by the EU data protection authorities (DPAs), UK’s Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) regarding unresolved Privacy Shield complaints concerning data transferred from the EU, UK and Switzerland.
How to Contact Greenphire Regarding Privacy Issues
1018 W. 9th Avenue, Suite 200
King of Prussia, PA 19406
Copy to: email@example.com or Greenphire’s European Representative: firstname.lastname@example.org