Alanda Privacy Statement & GDPR

Alanda Privacy Statement

Alanda Software, LLC (“Alanda”) assists pharmaceutical and medical device manufacturers companies in addressing their regulatory healthcare compliance needs by providing automated global compliance solutions and supportive consulting services. In providing these services, Alanda may make use of individuals’ personal information (name, address and email address) provided to Alanda by its clients. Protecting this personal data is important to Alanda. As a global organization, we abide by all applicable data privacy laws focused on transparency and trust.

On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. Alanda has withdrawn its participation from both the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield programs.

In accordance with EU regulatory requirements Alanda and its clients have executed EU Standard Contractual Clauses to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.

If you have any questions regarding this notice or if you need to update, change or remove personal data that we control, you can do so by contacting [email protected] or by regular mail addressed to:

Alanda Software
391 George Street, Suite 3
New Brunswick, NJ 08901
United States

GDPR Supplement

Alanda is fully compliant with the EU GDPR policies on the protection of individuals with regard to processing of personal data and on the free movement of such data.

General Usage of Personal Information

The use of personal information collected through the Alanda Consummate Suite of products is for regulatory reporting of transfers of value to individuals and organizations, and to support the products or services for which we have been contracted. As per GDPR policy, usage of personal information for government mandated reporting is exempt from consent requirements. If consent is warranted, consent will be addressed by our clients. Alanda does not sell users’ personal information or market to users maintained in our systems.

When users login to an Alanda system or visit our website, we passively capture web-based information such as Internet protocol (“IP”) address, browser type, internet service provider (“ISP”), operating system, date/time stamp, etc. in system logs. This information is used to monitor access, for audit and for security purposes only.

Alanda may collect and transfer personal information that we manage under the direction of our clients, to the originating companies, to help us provide our service. These third-party transfers are covered by the “EU Standard Contractual Clauses” incorporated in our data processing agreements we have with our clients.

Alanda additionally will access customer data to support and maintain system operations or to address technical problems in connection with customer support issues. All Alanda staff have been trained on Alanda policies regarding proper management of GDPR related data.

Rights of the Data Subject

As per GDPR policy, an individual has the right to contact us to request whether we hold any personal information of said individual, and to receive a report of this information. An individual also has the right to request the correction, modification or deletion of such personal information.

VeraSafe has been appointed as Alanda’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to the Alanda GDPR representative, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form:  https://www.verasafe.com/privacy-services/contact-article27-representative

Alternatively, VeraSafe can be contacted at:

Matthew Joseph
Zahradníckova
1220/20A
Prague 15000
Czech Republic

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

VeraSafe Netherlands BV
Keizersgracht 555
1017 DR Amsterdam
Netherlands

Requests made to Alanda to access, change or delete personal information will be addressed within 15 business days. To request this information please contact us at [email protected]. Please note we may continue to retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Controller and Processor

Alanda operates in the role of a GDPR Data Processor. We collect and process information under the direction of our business Clients who act in the capacity of Data Controllers.  Acting on behalf of our Clients, we have no direct relationship with the individuals whose personal information we process.

Security of Personal Data

Alanda adheres to generally accepted best practices to protect personal information submitted to us, both during transmission and once it is received. In the event of a breach Alanda agrees to notify the appropriate authorities and affected users. You may contact us at [email protected] if you have any questions about the security of your personal information.

International Transfer of Information

To facilitate Alanda’s global operations, Alanda may transfer and access customers information from around the world. This Privacy Policy shall be applicable if Alanda transfers customer data to other countries.