Effective Date: 28 September 2021
This Policy applies to information, including personal information, collected, processed, and stored by Anju and its affiliates: MDC Partners, b.v.b.a., Anju ClinPlus LLC, Anju Sylogent LLC, Anju Zephyr Health LLC, OmniComm Systems Inc., OmniComm USA Inc., and Online Business Applications Inc.
Collectively, Anju and these affiliates may be referred to in this Policy as “Anju”, “we”, or “us”.
Anju respects the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. This includes data from its customers, sponsors, employees, clinical trial participants, healthcare professionals, researchers, data managers, physicians, regulatory affairs officers, clinical investigators, investors, business partners, and others. Anju collects, processes, and uses personal information in a manner that is consistent with the laws of countries in which the organization does business. Furthermore, data is only collected for specified, explicit and legitimate purposes detailed in initial agreements and contracts in which the data subject provides consent. Data is not further processed in a manner that is incompatible with those purposes.
DEFINITION OF PERSONAL INFORMATION
As used herein, personal information means any information that identifies, relates to, describes, references, or is reasonably capable of being associated with an identified or identifiable natural person.
SOURCES OF PERSONAL INFORMATION
We collect personal information from the following sources:
- Directly from data subjects. For example, during account registration from forms you complete, or from other data you provide directly to us.
- Indirectly from data subjects. For example, from observing your actions on our Websites.
- From third parties. For example, third party social networking providers and advertising companies, our affiliates and service providers who provide services or information to us. If you do not want us to collect information from social networks, you should review and adjust your privacy settings on those networks as desired.
- From publicly available sources. For example, online database searches.
PERSONAL INFORMATION THAT YOU PROVIDE TO ANJU
Anju may collect the following types of personal information directly from data subjects:
- Information about employees collected during the hiring process such as first name, last name, contact email, phone number, address, education, and work history.
- Personal information from customers (such as an e-mail address, system information, telephone numbers) in order to communicate with customer and to provide online technical support and troubleshooting. If any customers choose to correspond with us through electronic communication (e.g., email, online chat, or instant messaging), we may retain a copy of the electronic communication together with the customer’s email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received by mail and telephone.
- Information about users of our software systems that helps us conduct business, such as the types of products, geographic locations, and demographics.
- Transaction Information about how the user interacts with Anju, including purchases, inquiries, customer account information, and information about the use of the Anju website and applications. We collect this information when users visit our website, call us, use our applications, or otherwise contact us, such as for customer service purposes.
PERSONAL INFORMATION ANJU MAY AUTOMATICALLY COLLECT ABOUT YOU
Our websites may automatically collect certain personal information about you. By way of example, this personal information may include:
- IP address, which is the number associated with the service through which you access the Internet, such as through your ISP (Internet service provider);
- Date and time of your visit or use of our websites;
- Domain server from which you are using our websites;
- Type of computer, web browsers, search engine used, operating system, or platform you use;
- Data identifying the web pages you visited prior to and after visiting our websites;
- Your movement and activity within the website;
- Geo-location information through the use of any of our mobile applications;
- Mobile device information, including the type of device you use, operating system version, and the device identifier (or “UDID”); and
- Mobile application identification and behavior, use, and aggregated usage, performance data, and where the application was downloaded from.
- If you sign up for text messaging, cookies or other tracking devices may be used to personalize your experience (for example, to send you personalized text message offers).
We use these technologies to recognize you when you visit our websites and to optimize the functionality of our websites and services.
PERSONAL INFORMATION THAT ANJU COLLECTS FROM SOURCES OTHER THAN DATA SUBJECTS
Anju may collect the following types of personal information from sources other than the data subjects:
- Personal information that is publicly available, which may include name, contact information, job position and title, employer or organizational affiliation, educational and professional credentials, and National Provider Identifier.
We collect this information from publicly available websites and directories.
PERSONAL INFORMATION COLLECTED BY OUR CUSTOMERS AND PROCESSED BY ANJU ON BEHALF OF OUR CUSTOMERS
Anju’s customers may utilize Anju’s software or services to store personal information of data subjects. Under these circumstances, Anju’s customer is the controller of this personal information while Anju is the processor of this personal information. Any personal information that is related to the use of the Anju software products or personal data developed in specific medical or pharmaceutical research studies is the responsibility of the customer, as the controller. For information about personal information collected by Anju’s customers, you should contact those customers or refer to their publicly available privacy policies.
ANJU’S USE OF YOUR PERSONAL INFORMATION
Personal information provided by you will be used for the purposes for which it was provided, such as fulfilling a contract or processing an employment application, and for any other purposes for which you provide their consent. Anju may also use this information for its own legitimate purposes, such as monitoring the activity of users on its websites.
You may withdraw your consent to such use of your personal information by contacting our data protection officer using the contact information provided below or by utilizing the opt-out or unsubscribe links contained in our communications to you.
Anju generally does not rely upon consent as a legal basis for collecting personal data from publicly available sources or for processing personal data that we collect from these sources. Anju processes publicly available personal information where it is necessary for our legitimate interests (or those of a third party) in conducting and managing our business to provide our customers with our advertised services, including the execution and management of clinical trials. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your publicly available personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you by contacting our data protection officer.
DISCLOSURE OF YOUR PERSONAL INFORMATION TO THIRD PARTIES
We may disclose your personal information to other parties, including:
- Our affiliates
- Service providers
- Life sciences industry companies, analytics companies and other third parties with whom we have business relationships
- Government regulators
- Our legal advisors and parties involved in a legal process
- To an entity involved in the sale of our business
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or Services we provide to you
Personal data is only shared by Anju with third parties who require it for specific business purposes. Data is transferred only for the scope of purpose it was initially intended and not for any other reasons. These third parties must agree to abide by the same level of privacy protection as required by Privacy Shield principles.
Service providers may include data centers who store employee contact information such as name, email, phone number of a select group of employees as part of the approved access list. The employees in the list have limited access to the data center to provide maintenance of servers. These typically involve members of the IT department and the individuals responsible for conducting third party vendor audits.
ANJU’S APPOINTED DATA PROTECTION OFFICER
You may contact Anju’s data protection officer by email at: email@example.com or by mail at:
Anju Software, Inc.
Attention: Data Protection Officer
2101 West Commercial Blvd., Suite 3500
Fort Lauderdale, FL 33309, USA
Alternatively, if you have questions about this privacy and cookie notice, our data collection practices, or your rights, please complete this form.
As required by applicable laws, and subject to any permitted exceptions and limitations, we will comply with any verified consumer request you submit with respect to your personal information. You may exercise these rights by contacting Anju’s data protection officer. Alternatively, if you have questions about this privacy and cookie notice, our data collection practices, or your rights, please complete this form.
Rights of Individuals in Europe
Anju is the controller (as defined under the GDPR) for the processing of personal information it collects from individuals located in the EEA, Switzerland, or the U.K.
Subject to applicable law, you may be able to exercise any of the following rights in relation to your personal information:
- Right to know what information we have about you: This is known as the "right of access" and gives you the right to find out what, if any, personal information we have about you, how we process it, and to request a copy of the personal information.
- Right to correct your information: This is known as the "right of rectification" and gives you the right to ask that we correct or complete any personal information we have about you.
- Right to delete your information: This is known as the "right to erasure" or "right to be forgotten" and gives you the right to ask us to delete your personal information.
- Right to change how we use your information: This is known as the "right to restrict processing" and gives you the right to ask us to change how we use your personal information in certain circumstances, such as where you contest the accuracy of the data or object to us using it in a certain way.
- Right to move your information: This is known as the "right to data portability" and gives you the right to ask to receive your personal information from us in a structured, commonly used and machine-readable format or to have it transmitted to another controller.
- Right to stop us from using your information: This is known as the "right to object" and gives you the right to ask us to stop using your personal information when applicable.
- Rights relating to how we use your information to categorize you or make decisions about you: This is known as the "right in relation to automated decision-making and profiling": You have the right to be free from decisions we may make that are based solely on automated processing of your personal information, including profiling, if they produce a significant legal effect on you, unless such decision-making or profiling is necessary for entering into or performing a contract between you and us, or is made with your explicit consent.
- Right to withdraw consent: If we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This will not affect our use of your data before we received notice that you wished to withdraw your consent.
- Right to file a complaint with the supervisory authority: If you have a concern about our privacy practices, including the way we handled your personal information, you can report it to the supervisory authority that is authorized to hear those concerns in your jurisdiction, although we invite you to contact us with any concern as we would be happy to try and resolve it directly.
You may exercise these rights by contacting our data protection officer, and we will respond to your requests in the time period stated by applicable law. Alternatively, if you have questions about this privacy and cookie notice, our data collection practices, or your rights, please complete this form.
Anju does not undertake decisions based solely on automated processing or profiling of individuals that produce legal or similarly significant effects.
Anju has in place appropriate safeguards in accordance with applicable legal requirements to provide adequate protections for any personal data transferred from the EEA, Switzerland, or the UK to the United States. Anju uses and the European Commission ‘Standard Contractual Clauses’ and has incorporated them into our Data Processing Agreements as well.Additionally, Anju respects, follows, and certifies to the privacy principles as set forth by GDPR, the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Framework including the transfer of personal information in electronic, paper, or verbal formats from the member states of the European Union and Switzerland to the United States. Although the EU-US and Swiss US Privacy Shield Frameworks were invalidated in 2020 by the Court of Justice of the European Union, Anju continues to honor our obligations under our certification and adheres to the principles of the Privacy Shield.
To learn more about the Privacy Shield principles and Anju’s certification go to: https://www.privacyshield.gov/
To confirm participating organizations, you may refer to
Anju utilizes reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process and to prevent unauthorized disclosure of data.
Anju provides services internationally and receives information from all over the world. Whenever Anju is required to transfer personal information, regardless of where this occurs, Anju protects confidentiality, integrity, and availability of personal information by physical and logical security measures.
Anju takes steps through Anju’s validation process to ensure that personal information is reliable to its use, that the data is accurate, complete, and current. Anju does not process information that is incompatible with the original purposes for which it has been collected unless subsequently authorized by the individual.
In compliance with the Privacy Shield Principles, Anju commits to resolve complaints about our collection or use of your personal information.
Anju has further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution/American Arbitration Association (ICDR/AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of the ICDR/AAA are provided at no cost to you.
Anju has further committed to cooperate with the panel established by the EU Data Protection Authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
All individuals are encouraged to please forward any complaints, issues, concerns, or questions regarding the collection, the use or disclosure of personal information to firstname.lastname@example.org or to:
Anju Software, Inc.
Attention: Data Protection Officer
2101 West Commercial Blvd., Suite 3500
Fort Lauderdale, FL 33309, USA
For non-HR data transferred from the EU or Switzerland, Anju has registered with the American Arbitration Association (AAA) as an independent recourse mechanism to resolve complaints at http://go.adr.org/privacyshield.html
For HR data transferred from the EU for use in the context of the employment relationship, Anju has registered with the EU Data Protection Authorities (DPAs) as an independent recourse mechanism to resolve complaints at http://ec.europa.eu/justice/data-protection/bodies.
RETENTION AND DELETION
Anju will retain personal information for as long as the account is needed to provide products or services; as outlined in previously stated agreements at the time of collection; and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements; or to the extent permitted by law.
At the end of the retention period, Anju will delete this personal information in a manner designed to ensure that it cannot be reconstructed or read.
CHILDREN UNDER AGE 18
Anju’s sites, products, and services are not intended for and may not be used by children under the age of 18. We do not knowingly collect information from children under the age of 18 and we do not target our sites or services to children under the age of 18.
NOTIFICATION OF POLICY CHANGES
The Anju organization is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
There exists the possibility, under certain conditions, for the individual to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Anju is required to disclose personal information in response to lawful requests by public authorities, including those necessary to meet national security or law enforcement requirements.
Anju acknowledges the potential liability in cases of onward transfers to third parties of personal data of EU or Swiss individuals received pursuant to Privacy Shield.