Pinnacle 21 Privacy Policy

Last updated: September 26, 2016

We are committed to protecting your privacy and, for that reason, we have adopted this Privacy Policy to memorialize our data collection and disclosure practices for (1) the Pinnacle 21 website, and its related tools and services and (2) the Pinnacle 21 Enterprise and related hosted software and professional services for evaluation, management and standardization of data quality and compliance of clinical results (collectively, the “Services”). (If you are a participant in the Software Improvement Program (“SIP”) for our Pinnacle 21 Community software, information relating to our SIP data collection and disclosure practices, including our participation in the European Union-United States Privacy Shield Program, is located at https://www.pinnacle21.net/sip-privacy instead.) The Services are owned and operated by Pinnacle 21, LLC, a Delaware limited liability company (“we”, “us” or “our”). This Privacy Policy applies to information collected through the Services, as well as other information provided to us online or offline by customers or users of our Services. It also applies to clinical study data processed through the Services. However, it does not apply to information collected from our employees, contractors or vendors.

This Privacy Policy describes, among other things:

  • Personal and other information we collect about you
  • How we use your information
  • How we may share your information with third parties
  • Your choices regarding the personal information we collect about you
  • Your rights under the U.S.-E.U. Privacy Shield program

1. Consent

By using the Services, you consent to this Privacy Policy. Additionally, by providing your consent to participate in an applicable clinical trial for which one of our clients uses our Services, you consent to the client’s transfer of your information to us as a service provider and agree that we may treat it according to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services or participate in an applicable clinical trial. Information gathered through the Services may be transferred, used, and stored in the United States or in other countries where our service providers or we are located. If you use the Services or participate in an applicable clinical trial, you agree to the transfer, use and storage of your Personal Information (as defined below) in those countries. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. You agree that all transactions relating to the Services or Pinnacle 21 are deemed to occur in the United States, where our servers are located.

2. Collection of Your Personal and Other Information

When you use our Services, we collect Personal Information. By “Personal Information” we mean information that can identify an individual, such as:

  • Names,
  • Business addresses,
  • Email addresses,
  • Username and password,
  • Phone numbers,
  • Study-assigned identification numbers, and
  • Any identifying information that may be submitted by our clients for a clinical study.

You may always choose not to provide Personal Information, but this may prevent you from receiving certain Services.

The Services do not require, and we instruct our clients not to submit, Personal Information about study participants. However, the content of all submissions is determined by our clients, and some Personal Information about study participants may be submitted by clients without our knowledge. If a client does upload Personal Information about study participants, as discussed below, incidental fragments may be stored.

In order to increase security, the Services do not store any Personal Information except email address, username and password for each user, nor is study data retained in storage by the Services (except possibly for incidental fragments that are determined to be invalid during validation or that are part of the dataset key).

We also collect non-Personal Information, that is, information that does not personally identify an individual. The non-Personal Information we collect includes how you interact with the Services, information generally collected or “logged” by Internet websites or Internet services when accessed or used by users, and information about your web browser or device accessing or using the Services.

Examples of the non-Personal Information we collect are:

  • Your Internet Protocol (IP) address,
  • Information about your operating system and browser, such as its maker or version
  • The pages of our website that you viewed during a visit or the features of our software that you use
  • What information or content you view, hover over or click on
  • The referring web page
  • Language preferences
  • The city and state in which you are located (but not your precise geographic location),
  • Unique Identifiers, meaning arbitrary codes or series of characters we create to identify unique users without Personal Information, and
  • Incidental fragments of study data that are determined to be invalid during the validation process.

We will not use non-Personal Information to try to identify you, and if we associate any non-Personal Information with information that personally identifies you, then we will treat it as Personal Information. As discussed in more detail below, we sometimes use cookies and other automatic information gathering technologies to gather non-Personal Information.

Information collected by the Services may be collected by us or one of our service providers, but in either case, this Privacy Policy will govern the collection, use and sharing of the information.

3. Use of Your Information

We use the information we collect to:

  • Assist us in providing the Services,
  • Set up accounts,
  • Improve our operations,
  • Process transactions (credit card or other payment account information will only be used for this purpose),
  • Provide customer service,
  • Provide you with newsletters, RSS feeds, and/or other communications or services which you have signed up for or otherwise agreed to receive,
  • Send account- or transaction-related communications, such as welcome letters or notifications,
  • Create de-identified user metrics,
  • Perform research and analysis aimed at improving our products and services, and
  • Manage our systems.

We will only use your Personal Information in the way we specified when it was collected (including as described in this Privacy Policy).

4. Disclosure of Your Information

We will not disclose your Personal Information to third parties except as described below. We also will not sell or disclose your Personal Information to third parties for their own marketing purposes unless you have explicitly and affirmatively granted us permission to do so.

Personal Information about study participants will be disclosed only as permitted by our written agreements with our clients. In the event of a conflict relating to the disclosure of study participant information between this Privacy Policy and a client agreement, the client agreement will control with respect to such disclosure to the extent it provides the data subject with a greater degree of privacy protection.

We will disclose Personal Information to provide the Services, which will be apparent when you use or access Pinnacle 21 or when you authorize or instruct us to do so. In a manner consistent with our obligations under the US-EU Privacy Shield Program, we may also disclose Personal Information to companies, agents, contractors, service providers or others engaged to perform functions on our behalf (such as processing of payments, provision of data storage, hosting of our website, marketing of our products and services, conducting audits, and performing web analytics).

In a manner consistent with our obligations under the US-EU Privacy Shield Program, we may also disclose your Personal Information to third parties when we believe, in good faith and in our sole discretion, that such disclosure is reasonably necessary to (a) enforce or apply the terms and conditions of the Services, including investigation of potential violations thereof, (b) comply with legal or regulatory requirements or an enforceable governmental request, (c) protect the rights, property or safety of us, our users or other third parties, (d) prevent a crime or protect national security, or (e) detect, prevent or otherwise address fraud, security or technical issues.

Finally, we reserve the right to transfer information (including your Personal Information) to a third party in the event of a sale, merger, or transfer of all or substantially all of the assets of our company relating to Pinnacle 21, or in the unlikely event of a bankruptcy, liquidation or receivership of our business. You will be notified via email or prominent notice on our website for 30 days of any such change in ownership or control of your Personal Information.

Lastly, we may also disclose non-Personal Information, de-identified and anonymously aggregated with information about our other users, to our clients, business partners, merchants, advertisers, investors, potential buyers and other third parties if we deem such disclosure, in our sole discretion, to have sound business reasons or justifications.

5. Transparency and Choice

When you use our Services or are a participant in a clinical study conducted using our Services, we make good faith efforts to provide you with access to your Personal Information and either to correct this data if it is inaccurate or to delete such data at your request, in either case if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backups), or for which access is not otherwise required. In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.

Please e-mail us at privacy@pinnacle21.net with any questions, if you need assistance accessing or changing your Personal Information, or if you would like to have your Personal Information deleted. Please be aware that if you delete your Personal Information, you may not be able to continue to use Pinnacle 21 or the Services. Also, even if you request that we delete your Personal Information, we may need to retain certain information for a limited period of time to satisfy our legal, audit and/or dispute resolution requirements.

We do not use, or allow third party advertising networks to use, information about web browsing activity collected through the Services for targeted or behavioral advertising. We support the development and implementation of a standard "do not track" browser feature that provides customers with control over the collection and use of information about their web-browsing activities. Once a standardized "do not track" feature is released, we intend to adhere to the browser settings accordingly.

You can opt out of receiving marketing e-mails from us by clicking on the “unsubscribe” link in the e-mails. Please note that it may take up to ten (10) business days for your opt-out request to be processed. Also, even if you opt out of marketing e-mails, we may continue to send you certain account-related e-mails, such as notices about your account and confirmations of transactions you have requested.

6. Children

We do not knowingly collect Personal Information from users under 18 years of age. We do not authorize users under 18 years of age to use the Services or Pinnacle 21. If we learn that we have collected Personal Information from a person under the age of 18, we will delete that data from our systems.

7. Information Security

We utilize reasonable information security measures to safeguard your Personal Information. For example, we utilize Secure Socket Layer (SSL) encryption technology when sensitive data is transmitted over the Internet, and use firewalls to help prevent external access into our network. Unfortunately, however, no data transmission over the Internet and no method of data storage can be guaranteed to be 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its security.

We restrict access to Personal Information to our employees, contractors, service providers and agents who need to know that information in order to operate, develop or improve our Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

8. Third Party Websites.

Please note that the Services may link or integrate with third party sites, services or apps. We are not responsible for the privacy or security policies or practices or the content of such third parties. Accordingly, we encourage you to review the privacy and security policies and terms of service of those third parties so that you understand how those websites collect, use, share and protect your information.

9. Changes to this Policy

We may modify or update this Privacy Policy periodically with or without prior notice by posting the updated policy on this page. You can always check the “Last Updated” date at the top of this document to see when the Privacy Policy was last changed. If we make any material changes to this Privacy Policy, we will notify you by e-mail or post a notice of the changes on our website prior to the changes becoming effective. We encourage you to check this Privacy Policy from time to time. IF YOU DO NOT AGREE TO FUTURE CHANGES TO THIS PRIVACY POLICY, YOU MUST STOP USING THE SERVICES AFTER THE EFFECTIVE DATE OF SUCH CHANGES (WHICH IS THE “LAST UPDATED” DATE).

10. Privacy Shield Notice for European Union Residents

We are a participant in the European Union (“EU”)–United States (“US”) Privacy Shield. We comply with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. We have certified that we adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between this Privacy Policy and these Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.

The types of data we are collecting under the EU-US Privacy Shield, the purposes for which each such type of data is being collected and used, and the types of third parties to which we may disclose such information (and the purposes of such disclosure) are set forth above in this Privacy Policy.

You have rights, as set forth above in this Privacy Policy, to access, edit and have deleted your Personal Information. The choices and means offered you for limiting use and disclosure of your Personal Information are set forth above in this Privacy Policy.

Notwithstanding any language to the contrary in this Privacy Policy, in cases of onward transfer to third parties of personal information of EU individuals received pursuant to the EU-US Privacy Shield, we are potentially liable.

In compliance with the EU-US Privacy Shield Principles, we commit to work to resolve complaints about your privacy and our collection or use of your Personal Information. European Union individuals with inquiries or complaints regarding this Privacy Policy should first contact us at:

Pinnacle 21, LLC
Attention: Privacy Complaints
531 Plymouth Road
Suite 508
Plymouth Meeting, PA 19462
Email: privacy@pinnacle21.net

We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to the American Arbitration Association, a non-profit alternative dispute resolution provider located in the United States. If you do not receive a response to your complaint from us within forty-five (45) days, or if your complaint is not satisfactorily addressed, please visit http://info.adr.org/safeharbor for more information and to file a complaint.

Please note that if your complaint is not resolved through the above channels, you may have the right, under certain limited conditions, to invoke binding arbitration before the Privacy Shield Panel to be created by the US Department of Commerce and the European Commission.

We are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (“FTC”) with respect to its compliance with the EU-US Privacy Shield.

11. Questions

To ask questions about our Privacy Policy or to lodge a complaint, contact us at:

Pinnacle 21, LLC
531 Plymouth Road
Suite 508
Plymouth Meeting, PA 19462
Email: privacy@pinnacle21.net