I. Privacy Statement

BioSensics, LLC (referred to as “Company,” “we,” or “us”) is committed to protecting personal information. Personal information means information that is recorded in any form, is about, or pertains to a specific individual, and can be linked to that individual. BioSensics complies with all applicable national and international clinical and data privacy and security regulatory requirements. In particular, this includes a commitment to comply with the General Data Protection Regulation and EU-US Privacy Shield requirements.

II. Sources of Personal Data

In general, there are two reasons why BioSensics collects personal information:

  • We collect personal information as is needed to market, sell, and distribute our products. In this context we are acting as a Data Controller; in other words, we determine the purposes and means of the processing of that personal information. The legal basis for this processing is our legitimate business interests, namely the proper administration of our business, including management of our customer relationships and delivery of our products and services.
  • We collect personal information on behalf of our clients who are using our products and services to support human subjects research or to deliver healthcare services. In this context we are acting as a Data Processor; in other words, our client (the Data Controller) determines the purposes and means of the processing of personal information that is recorded by our products. Generally speaking, our clients fall into one of three categories a) pharmaceutical, biotechnology, or medical device companies, b) academic or research institutes, or c) hospitals or other healthcare facilities. The legal basis for this processing is consent. BioSensics will act as a Data Processor only for personal information collected according to an informed consent process that meets all legal requirements applicable to the Data Subject based on their location and/or country of residence. The relevant Data Controller must certify to BioSensics that such consent has been obtained.

For further information about these two distinct uses of personal information please refer to Sections IV and V, respectively, of the Privacy Policy.

III. Privacy Policy Principles

Whenever BioSensics collects personal information, BioSensics complies with the following Principles:

We shall inform an individual of the purpose for which we collect and use their personal information and the types of third parties to which our Company discloses or may disclose that personal information. Our Company shall provide the individual with the choice and means for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to our Company, or as soon as practicable thereafter, and in any event before our Company uses or discloses the personal information for a purpose other than for which it was originally collected. BioSensics may be required to disclose personal information in response to lawful request by public authorities, including to meet national security or law enforcement requirements.

Individuals shall have the opportunity to choose (opt out) whether their personal information is (1) to be disclosed to a non-Agent third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual by contacting our Privacy Officer via email at privacy@BioSensics.com.

Agents, vendors, and/or contractors of BioSensics may be given access to an individual’s personal information on a need to know basis for the purpose of performing services on behalf of BioSensics or providing or enabling elements of the services. All such agents, vendors, and contractors who have access to such information shall be contractually required to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for BioSensics or as otherwise required by law. BioSensics shall ensure that any third party to which personal information may be disclosed subscribes to these Principles or is subject to laws providing the same level of privacy protection as is required by the Principles and agrees in writing to provide an adequate level of privacy protection.

BioSensics may be held responsible in cases of onward transfers of personal data to third parties.

BioSensics will take reasonable steps to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure personal information from loss, misuse, unauthorized access or disclosure, alteration, or destruction. However, our Company cannot guarantee the security of personal information on or transmitted via the Internet.

BioSensics will only process personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, our Company shall take reasonable steps to ensure that personal information is accurate, complete, current and reliable for its intended use.

We acknowledge the individual’s right to access their personal information. We will allow an individual access to their personal information and allow the individual the opportunity to correct, amend, or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Individuals may contact our Privacy Officer via email at privacy@BioSensics.com to request access. In cases where BioSensics is a Data Processor, individuals must contact the Data Controller.

IV. Website and Business Operations

Scope

Section IV of the BioSensics Privacy Policy (herein referred to as “Privacy Policy” or “policy”) is specific to the www.BioSensics.com website and our processes and procedures for sales, order fulfillment, business development, and advertising. In other words, this policy applies where we are acting as a Data Controller with respect to the personal information of our website visitors, customers, and potential customers.

If you are a visitor to our website or have corresponded with us as a customer or prospective customer, then this section of the Privacy Policy applies to you. This section of the policy describes the ways we collect information from and about you, and what we do with the information, so that you may decide whether to provide information to us. By accessing our website, purchasing our products or services, or contacting us via e-mail (whether directly or through our website) you agree to this policy in addition to any other agreements we might have with you.

This section of the Privacy Policy does not apply to Data Subjects whose personal information has been collected by our products in the context of human subjects research or healthcare delivery. Section V of this policy applies to these Data Subjects.

Information we collect

The information we collect may include your personal information, such as your name, contact information, product and service selections and other things that identify you.  We collect personal information from you at several different points, including but not limited to the following:

  • when we correspond with you as a customer or prospective customer;
  • when you visit our website;
  • when you register as an end-user of our products or services and an account is created for you;
  • when you contact us for technical support; or
  • when you inquire about employment at BioSensics

How we use your personal information

Our Company may use information that we collect about you to:

  • manage your customer relationship and provide you with customer support;
  • deliver products or services that you have requested;
  • perform research about your use of, or interest in, our products or services;
  • communicate with you by e-mail, postal mail, or telephone about our products or services;
  • enforce our terms and conditions;
  • manage our business; and
  • perform functions as otherwise described to you at the time of collection.

Disclosure of your personal information to third parties

We may share your personal information with third parties only in the ways that are described below.

We may disclose your personal information (name, address, and contact information) to our suppliers or subcontractors insofar as reasonably necessary for delivering the products or services you have requested.

We may disclose your personal information to our insurers and/or professional advisers insofar as is reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Credit or debit card transactions relating to our products or services are handled by our payment services provider (Intuit). We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at https://security.intuit.com/index.php/privacy.

We may allow a potential acquirer or merger partner to review our databases, which may contain your personal information, although we would restrict their use and disclosure of this data during the diligence phase.

In addition to the specific disclosures of personal information set out in this section, we may disclose your personal information where such disclosure is necessary for compliance with a legal obligation to which we are subject, to investigate violations of our agreements or Company policies, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal information where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Use of cookies, web analytics services, and links

We do not use Cookies on our website. However, we use Google Analytics, a service for marketing analysis of our website provided by Google, Inc. Google Analytics uses cookies to allow us to see how you use our website, so we can improve your experience. Google’s ability to use and share information collected by Google Analytics about your visits to the site is restricted by the Google Analytics Terms of Use, available at: http://www.google.com/analytics/terms/us.html, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.

We may create links to other websites. We will make a reasonable effort to link only to sites that meet similar standards for maintaining each individual’s right to privacy. Many other sites that are not associated with or authorized by our Company may have links leading to our site. Our Company cannot control these links and we are not responsible for any content appearing on these sites.

Retention and deletion of your personal information

We will retain any personal information only for as long as is necessary to fulfill the business purpose for which it was collected or to comply with our legal obligations, resolve disputes, and enforce our agreements.

International transfers of your personal information

Information collected from you may be stored and processed in the United States or any other country in which our Company or agents or contractors maintain facilities, and by accessing our sites and using our services, you consent to any such transfer of information outside of your country.

Your access to and control of your personal information that we collect

Reasonable access to your personal information may be provided at no cost upon request made to our Company at the contact information provided below. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. You may exercise any of your rights in relation to your personal information by sending an e-mail to privacy@biosensics.com.

Children’s privacy

We do not knowingly attempt to solicit or receive any information from anyone under the age of 13.  If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us immediately. If you are under the age of thirteen, you must ask your parent or guardian for permission to use this website.

V. Human Subjects Research or Healthcare Delivery

Scope

Section V of the Privacy Policy applies to Data Subjects whose personal information has been collected by our products in the context of human subjects research or healthcare delivery. In this context we are acting as a Data Processor; in other words, our client (the Data Controller) determines the purposes and means of the processing of personal information that is recorded.

Information we collect

BioSensics products collect data from a user facing interface on a personal computer or mobile device and from wearable sensors (herein collectively referred to as “devices”). The exact nature of the collected personal information depends on the specific BioSensics product used and, where appropriate, the configuration of that product for a particular research study. All information collected by BioSensics products falls into one of the following categories:

  • responses to questionnaires that you (the Data Subject) may be asked to complete and that are presented via the user interface on the device;
  • information derived from measures of movement made using wearable movement sensors, which may relate to aspects of your health or wellness;
  • your name or other identifying information;
  • your contact information (e-mail, phone number, or address).

All Data Subjects are required to complete an Informed Consent Form (ICF), which must be prepared by the Data Controller, and signed by the Data Subject in the presence of the Data Controller or their assigned agent. The ICF must identify the information being collected and the reason for collection.

How we use your personal information

Information collected may be used by the Data Controller to assess certain aspects of your health and wellness. In some cases, the data from the devices may be transferred to BioSensics for processing or storage, and later transferred back to the Data Controller.

If you are a participant in a human subjects research study, upon direction from the Data Controller, BioSensics may contact you to provide technical support, remind you to wear or use the devices, or otherwise support the Data Controller in the conduct of the research study; such contact may be provided by text/short message service (SMS), e-mail, postal mail, or telephone. BioSensics may also ship products directly to you at your address for your use as a part of participation in the human subjects research study.

BioSensics uses the data being collected by the devices to assess the effectiveness of device data integration into our platform; to evaluate the quality of the data; to analyze possible associations among the data aggregated from the devices and applications; and to perform other analyses as directed by the Data Controller.

Disclosure of your personal information to third parties

We may share your personal information with third parties only in the ways that are described below.

We may disclose your personal information (name, address, and contact information) to our suppliers or subcontractors insofar as reasonably necessary for delivering the products or services the Data Controller has requested on your behalf.

We may disclose your personal information to a third-party at the instruction of the Data Controller.

Where required, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the EU-US Privacy Shield and the GDPR require and limiting their use of the data to the specified services provided on our behalf.

In addition to the specific disclosures of personal information set out in this section, we may disclose your personal information where such disclosure is necessary for compliance with a legal obligation to which we are subject, to investigate violations of our agreements or Company policies, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal information where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Data storage, retention, modification, and removal

BioSensics does not modify or delete data from our platform, unless specifically directed to do so by the Data Controller. As a Data Subject, you may have the right to request that your data be modified or removed, based on the considerations with which you agreed in the ICF you signed. Data retention periods are defined by the Data Controller. This can range from indefinite to a fixed period of time according to requirements and governing law. Regardless, based on applicable national and international regulatory requirements, the Data Controller is responsible for the long-term retention of all data collected.

Data is stored on third-party servers. Our hosting providers are contractually obligated to meet the additional requirements that apply to storing healthcare data and have appropriate industry standard certifications for maintaining the operational integrity and security of these dedicated servers.

VI. Changes to our Privacy Statement

BioSensics may amend this Privacy Statement at any time by posting a new version. It is your responsibility to review this Privacy Statement periodically as your continued use of this website or ongoing customer relationship with BioSensics represents your agreement with the then-current Privacy Statement.

VII. How to raise a concern

If you have any questions or concerns about this Privacy Statement, our privacy practices or your personal information that we have collected, please contact our Privacy Officer at: privacy@BioSensics.com.

If your concern is not satisfactorily addressed by BioSensics you may have your concern considered by an independent recourse mechanism, which is dependent on your country of residence. For EU residents please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. For US residents please visit www.ftc.gov/complaint. If your concern is not resolved through any of the above channels, under limited circumstances, a binding arbitration option may be available.

The Federal Trade Commission has jurisdiction over our compliance with the EU-US Privacy Shield Principles.

 

 

Updated: January 14, 2019