EU-Swiss Privacy Shield & GDPR Supplement
Global Healthcare Compliance Solutions Inside the EU-Swiss Privacy Shield Framework
Alanda Software, LLC (“Alanda”) assists pharmaceutical and medical device manufacturers companies in addressing their regulatory healthcare compliance needs by providing automated global compliance solutions and supportive consulting services. In providing these services, Alanda may make use of individuals’ personal information (name, address and email address) provided to Alanda by its clients. Protecting this personal data is important to Alanda. Alanda respects privacy and operates within the EU-US and Swiss-US Privacy Shield Framework published by the US Department of Commerce and described at https://www.privacyshield.gov/.
Alanda generally does not collect personal information directly from individuals, nor is Alanda’s website designed to obtain or collect personal information from individuals. With respect to such personal information that Alanda does collect and receive from individuals residing in the European Union (“EU”) or Switzerland, Alanda complies with the EU-U.S. and Swiss-US Privacy Shield Framework as established by the US Department of Commerce regarding the collection, use, and retention of personal information.
In addition, clients of Alanda may use software designed and supported by Alanda to collect personal information, and may make such information available to Alanda in order for Alanda to carry out the services purchased by them. With respect to personal information from individuals residing in the EU or Switzerland that is collected by clients of Alanda using Alanda systems, Alanda systems provide disclosures and resources to comply with the EU-U.S. Privacy Shield Framework and the Swiss-US Privacy Shield Framework regarding the collection, use, and retention of personal information.
Alanda is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
Alanda Software has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. The services of BBB EU Privacy Shield are provided at no cost to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Alanda shall inform individuals about the purpose for which it collects and uses their Personal Information, the types of third parties to whom Alanda may disclose the information, how to contact Alanda with inquiries and complaints, and the choices and means Alanda offers individuals for limiting the use and disclosure of their Personal Information. Alanda shall provide such notice in two instances: (1) prior to using Personal Information for a purpose other than that for which it was originally collected by Alanda’ client, or (2) prior to disclosing Personal Information to a third party who is not the original source of the information.
Alanda shall provide individuals an opportunity to choose (or “opt-out”) whether their personal information is (a) to be disclosed to a third party, or (b) used for a purpose other than that for which it was originally collected by Alanda’ client or subsequently authorized by the individual. Such choice can be exercised by utilizing the contact information outlined below. Alanda shall not disclose an individual’s sensitive Personal Information, or use it for a purpose other than that for which it was originally collected or subsequently authorized by the individual, unless the individual expressly consents (or “opts-in”) to that use or disclosure.
Accountability for Onward Transfers
Alanda receives personal information from Clinical Research, Meeting Management and Consulting firms (Third Party/Parties) who are contracted by Alanda clients to provide transaction data which is reportable for EFPIA and government reporting purposes. Alanda may provide corrections to the name, address and email information submitted to Alanda Clients from third parties.
When disclosing personal information to a third party Alanda shall ensure that the third party is Privacy Shield certified or that the Alanda client with whom they have a contractual relationship has agreed in writing either via model clauses or through Privacy Shield certification to adhere to the principles of the EU-US and Swiss-US Privacy Shield. In cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, Alanda is potentially liable. For more information, see https://www.privacyshield.gov/EU-US-Framework.
Alanda shall take reasonable precautions to secure personal information and protect it from loss, misuse, and unauthorized access, alteration and destruction, by using physical, electronic and managerial safeguards. Alanda cannot guarantee the security of Information on or transmitted via the Internet.
Data Integrity and Purpose Limitation
Alanda shall only use personal information that is relevant to the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for those purposes, Alanda shall take reasonable steps to make sure that personal information is accurate, complete, current and reliable for its intended use.
Alanda acknowledges the right of individuals to access their personal data. Individuals may have reasonable access to their personal data to correct, amend or delete information that is inaccurate with the approval of the client company-owner of the data. Alanda may require an individual to provide acceptable proof of identity prior to granting reasonable Access Requests individuals shall be provided access by using the contact Alanda information outlined below. Alanda shall also reserve the right to restrict an individual’s access if it determines (1) the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or (2) where the rights of persons other than the individual would be violated.
Recourse, Enforcement and Liability
Individuals should provide their name, contact information, and a brief message describing their concerns. Charges incurred by the individual in calling the number provided above can be reimbursed by Alanda upon request of the individual.
Alanda is fully compliant with the EU GDPR policies on the protection of individuals with regard to processing of personal data and on the free movement of such data.
General Usage of Personal Information
The use of personal information collected through the Alanda Consummate Suite of products is for regulatory reporting of transfers of value to individuals and organizations, and to support the products or services for which we have been contracted. As per GDPR policy, usage of personal information for government mandated reporting is exempt from consent requirements. If consent is warranted, consent will be addressed by our Clients. Alanda does not sell users’ personal information or market to users maintained in our systems.
When users login to an Alanda system or visit our website, we passively capture web-based information such as Internet protocol (“IP”) address, browser type, internet service provider (“ISP”), operating system, date/time stamp, etc. in system logs. This information is used to monitor access, for audit and for security purposes only.
Alanda may collect and transfer personal information that we manage under the direction of our Clients, to the originating companies, to help us provide our service. These third-party transfers are covered by the provisions in our EU Privacy Shield Policy and in the service agreements we have with our Clients.
Alanda additionally will access customer data to support and maintain system operations or to address technical problems in connection with customer support issues. All Alanda staff have been trained on Alanda policies regarding proper management of GDPR related data.
Rights of the Data Subject
As per GDPR policy, an individual has the right to contact us to request whether we hold any personal information of said individual, and to receive a report of this information. An individual also has the right to request the correction, modification or deletion of such personal information.
VeraSafe has been appointed as Alanda’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in addition to the Alanda GDPR representative, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article27-representative
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
VeraSafe Netherlands BV
Keizersgracht 391 A
1016 EJ AmsterdamThe
Requests made to Alanda to access, change or delete personal information will be addressed within 15 business days. To request this information please contact us at email@example.com. Please note we may continue to retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Controller and Processor
Alanda operates in the role of a GDPR Data Processor. We collect and process information under the direction of our business Clients who act in the capacity of Data Controllers. Acting on behalf of our Clients, we have no direct relationship with the individuals whose personal information we process.
Security of Personal Data
Alanda adheres to generally accepted best practices to protect personal information submitted to us, both during transmission and once it is received. In the event of a breach Alanda agrees to notify the appropriate authorities and affected users. You may contact us at firstname.lastname@example.org if you have any questions about the security of your personal information.
International Transfer of Information