Pinnacle 21 Privacy Policy

Last updated: April 9, 2019

We are committed to protecting your privacy and, for that reason, we have adopted this Privacy Policy to memorialize our data collection and disclosure practices for (1) the Pinnacle 21 website, and its related tools and services and (2) the Pinnacle 21 Enterprise and related hosted software and professional services for evaluation, management and standardization of data quality and compliance of clinical results (collectively, the “Services”). (If you are a participant in the Software Improvement Program (“SIP”) for our Pinnacle 21 Community software, information relating to our SIP data collection and disclosure practices, including our participation in the European Union-United States Privacy Shield Program, is located at https://www.pinnacle21.net/sip-privacy instead.) The Services are owned and operated by Pinnacle 21, LLC, a Delaware limited liability company (“we”, “us” or “our”). This Privacy Policy applies to information collected through the Services, as well as other information provided to us online or offline by customers or users of our Services. It also applies to clinical study data processed through the Services. However, it does not apply to information collected from our employees, contractors or vendors.

In the event of any conflict(s) between the terms of this Privacy Policy and the terms of your agreement for the Pinnacle 21 Services (including but not limited to the Pinnacle 21 Enterprise Suite Standard Terms, or their equivalent), the terms providing the data subject with a greater degree of privacy protection shall control solely to the extent of such conflict(s).

This Privacy Policy describes, among other things:

  • Personal and other information we collect about you
  • How we use your information
  • How we may share your information with third parties
  • Your choices regarding the personal information we collect about you
  • Your rights under the U.S.-E.U. Privacy Shield program

1. Consent

By accessing or using the Services and clicking "agree," "accept," or the equivalent, you consent to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services.

A) Study Participants

As further described in Section 2, below, in the course of providing and supporting the Services, Pinnacle 21 may process some limited amounts of information regarding participants in studies, including but not limited to participants in clinical trials (the “Study Participants”). By using the Services and providing Pinnacle 21 with any information regarding Study Participants, you acknowledge and agree that you have the legal right to provide Pinnacle 21 with such information, including but not limited to obtaining any legally-required consents from the Study Participants or ensuring that such consents have been given to a third party. You further acknowledge and agree that, should any Study Participants have any questions related to the use of their information, you are solely responsible for responding to such questions and providing any information as may be required by applicable law, and Pinnacle 21 will have no liability for any claims or complaints by Study Participants arising from your failure to do so.

B) European Union Residents

If you reside in a country in the European Economic Area or in Switzerland, then information we collect from you may be subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the "GDPR") and the following additional information is provided for your benefit.

If you are an employee using Pinnacle 21’s Services on behalf of your employer, then your employer is the controller of your personal data, and Pinnacle 21 is a processor. If you are not employed by, or otherwise affiliated with, an existing customer of Pinnacle 21, then Pinnacle 21 may be the controller of your information. If you are a user of Pinnacle 21 Community, then Pinnacle 21 is also a controller of your information for purposes of communicating with you regarding other Pinnacle 21 products, as further described below. Pinnacle 21’s contact information as either a processor or controller is:

Pinnacle 21, LLC
1777 Sentry Parkway West
VEVA 17, Suite 405
Blue Bell, PA 19422
Email: privacy@pinnacle21.com

If you use the Services, you acknowledge that your personal data is being processed pursuant to the following lawful bases (as further detailed below): your consent, Pinnacle 21’s and Pinnacle 21 customers’ legitimate interests, to fulfill requests made by you, and compliance with applicable law.

You further acknowledge and consent to your information that is gathered through the Services being transferred to, used in, and stored in the United States. You hereby consent to the processing of your personal data as described in this Privacy Policy, including the transfer, use, and storage of your personal data in the United States. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. You may withdraw your consent at any time by following the instructions in the Accessing/Updating/Deleting Your Personal Information section below, but this will not affect the lawfulness of processing based on consent before its withdrawal. However, if you withdraw your consent or decline to provide personal data to us, you may be unable to use the Services. You have the right to file a complaint relating to the processing of personal data with a supervisory authority.

C) Accessing/Updating/Deleting Your Personal Information

If you would like to delete, update, or access the Personal Information we have collected from you, and/or deactivate or delete your Pinnacle 21 account, you can send an email to privacy@pinnacle21.com. If you are an employee using Pinnacle 21’s Services on behalf of your employer, then you should also direct such requests to your employer. Additionally, if your Personal Information is subject to the GDPR, you may have certain additional rights, including the right of restriction of processing of personal data, and the right to object to the processing of personal data. Please send an e-mail to privacy@pinnacle21.com for more information.

D) Privacy Shield Notice for European Union Residents

We are a participant in the European Union (“EU”)–United States (“U.S.”) Privacy Shield and Swiss – U.S. Privacy Shields (collectively, the “Privacy Shields”).

Pinnacle 21, LLC complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Pinnacle 21, LLC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

The types of data we are collecting under the Privacy Shields, the purposes for which each such type of data is being collected and used, and the types of third parties to which we may disclose such information (and the purposes of such disclosure) are set forth in this Privacy Policy.

You have rights, as set forth in this Privacy Policy, to access, edit and have deleted your Personal Information. The choices and means offered you for limiting use and disclosure of your Personal Information are set forth in this Privacy Policy.

Notwithstanding any language to the contrary in this Privacy Policy, in cases of onward transfer to third parties of personal information of EU individuals received pursuant to the Privacy Shields, we are potentially liable.

In compliance with the Privacy Shield Principles, we commit to work to resolve complaints about your privacy and our collection or use of your Personal Information. European Union individuals with inquiries or complaints regarding this Privacy Policy should first contact us at:

Pinnacle 21, LLC
Attention: Privacy Complaints
1777 Sentry Parkway West
VEVA 17, Suite 405
Blue Bell, PA 19422
Email: privacy@pinnacle21.com

We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to the American Arbitration Association, a non-profit alternative dispute resolution provider located in the United States. If you do not receive a response to your complaint from us within forty-five (45) days, or if your complaint is not satisfactorily addressed, please visit http://go.adr.org/privacyshield.html for more information and to file a complaint.

Please note that if your complaint is not resolved through the above channels, you may have the right, under certain limited conditions, to invoke binding arbitration before the Privacy Shield Panel to be created by the US Department of Commerce and the European Commission.

We are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (“FTC”) with respect to its compliance with the Privacy Shields.

2. Collection of Your Personal and Other Information

When you use our Services, we collect Personal Information. By “Personal Information” we mean information that can identify an individual, such as:

  • Names,
  • Business addresses,
  • Email addresses,
  • Username and password,
  • Phone numbers,
  • Your IP address,
  • Study-assigned identification numbers, and
  • Any identifying information that may be submitted by our clients for a clinical study.

You may always choose not to provide Personal Information, but this may prevent you from receiving certain Services.

The Services do not require, and we instruct our clients not to submit, Personal Information about Study Participants. However, the content of all submissions is determined by our clients, and some Personal Information about Study Participants may be submitted by clients without our knowledge. If a client does upload Personal Information about Study Participants, as discussed below, incidental fragments may be stored.

In order to increase security, the Services do not store any Personal Information except email address, username and password for each user, nor is study data retained in storage by the Services (except possibly for incidental fragments that are determined to be invalid during validation or that are part of the dataset key).

We also collect non-Personal Information, that is, information that does not personally identify an individual. The non-Personal Information we collect includes how you interact with the Services, information generally collected or “logged” by Internet websites or Internet services when accessed or used by users, and information about your web browser or device accessing or using the Services.

Examples of the non-Personal Information we collect are:

  • Information about your operating system and browser, such as its maker or version
  • The pages of our website that you viewed during a visit or the features of our software that you use
  • What information or content you view, hover over or click on
  • The referring web page
  • Language preferences
  • The city and state in which you are located (but not your precise geographic location),
  • Unique Identifiers, meaning arbitrary codes or series of characters we create to identify unique users without Personal Information, and
  • Incidental fragments of study data that are determined to be invalid during the validation process.

We will not use non-Personal Information to try to identify you, and if we associate any non-Personal Information with information that personally identifies you, then we will treat it as Personal Information. As discussed in more detail below, we sometimes use cookies and other automatic information gathering technologies to gather non-Personal Information.

Information collected by the Services may be collected by us or one of our service providers, but in either case, this Privacy Policy will govern the collection, use and sharing of the information.

3. Use of Your Information

We use the information we collect to:

  • Assist us in providing the Services,
  • Set up accounts,
  • Improve our operations,
  • Process transactions (credit card or other payment account information will only be used for this purpose),
  • Provide customer service,
  • Provide you with newsletters, RSS feeds, and/or other communications or services which you have signed up for or otherwise agreed to receive,
  • Send account- or transaction-related communications, such as welcome letters or notifications,
  • Create de-identified user metrics,
  • Perform research and analysis aimed at improving our products and services,
  • If you are a Pinnacle 21 Community user, send you information regarding other Pinnacle 21 products and services, and
  • Manage our systems.

We will only use your Personal Information in the way we specified when it was collected (including as described in this Privacy Policy).

4. Disclosure of Your Information

We will not disclose your Personal Information to third parties except as described below. We also will not sell or disclose your Personal Information to third parties for their own marketing purposes unless you have explicitly and affirmatively granted us permission to do so.

Personal Information about Study Participants will be disclosed only as permitted by our written agreements with our clients. In the event of a conflict relating to the disclosure of Study Participant information between this Privacy Policy and a client agreement, the client agreement will control with respect to such disclosure to the extent it provides the data subject with a greater degree of privacy protection.

We will disclose Personal Information to provide the Services, which will be apparent when you use or access Pinnacle 21 or when you authorize or instruct us to do so. In a manner consistent with our obligations under the US-EU Privacy Shield Program, we may also disclose Personal Information to companies, agents, contractors, service providers or others engaged to perform functions on our behalf (such as processing of payments, provision of data storage, hosting of our website, marketing of our products and services, conducting audits, and performing web analytics) (our “Service Providers”). Our Service Providers to whom we may disclose your Personal Information, are listed at https://www.pinnacle21.com/privacy/subprocessors.

In a manner consistent with our obligations under the US-EU Privacy Shield Program, we may also disclose your Personal Information to third parties when we believe, in good faith and in our sole discretion, that such disclosure is reasonably necessary to (a) enforce or apply the terms and conditions of the Services, including investigation of potential violations thereof, (b) comply with legal or regulatory requirements or an enforceable governmental request, (c) protect the rights, property or safety of us, our users or other third parties, (d) prevent a crime or protect national security, or (e) detect, prevent or otherwise address fraud, security or technical issues.

Finally, we reserve the right to transfer information (including your Personal Information) to a third party in the event of a sale, merger, or transfer of all or substantially all of the assets of our company relating to Pinnacle 21, or in the unlikely event of a bankruptcy, liquidation or receivership of our business. You will be notified via email or prominent notice on our website for 30 days of any such change in ownership or control of your Personal Information.

Lastly, we may also disclose non-Personal Information, de-identified and anonymously aggregated with information about our other users, to our clients, business partners, merchants, advertisers, investors, potential buyers and other third parties if we deem such disclosure, in our sole discretion, to have sound business reasons or justifications.

5. Transparency and Choice

When you use our Services, we make good faith efforts to provide you with access to your Personal Information and either to correct this data if it is inaccurate or to delete such data at your request, in either case if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backups), or for which access is not otherwise required. In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.

Please e-mail us at privacy@pinnacle21.com with any questions, if you need assistance accessing or changing your Personal Information, or if you would like to have your Personal Information deleted. Please be aware that if you delete your Personal Information, you may not be able to continue to use Pinnacle 21 or the Services. Also, even if you request that we delete your Personal Information, we may need to retain certain information for a limited period of time to satisfy our legal, audit and/or dispute resolution requirements.

We do not use, or allow third party advertising networks to use, information about web browsing activity collected through the Services for targeted or behavioral advertising. We support the development and implementation of a standard "do not track" browser feature that provides customers with control over the collection and use of information about their web-browsing activities. Once a standardized "do not track" feature is released, we intend to adhere to the browser settings accordingly.

You can opt out of receiving marketing e-mails from us by clicking on the “unsubscribe” link in the e-mails. Please note that it may take up to ten (10) business days for your opt-out request to be processed. Also, even if you opt out of marketing e-mails, we may continue to send you certain account-related e-mails, such as notices about your account and confirmations of transactions you have requested.

6. Children

We do not knowingly collect Personal Information from users under 18 years of age. We do not authorize users under 18 years of age to use the Services or Pinnacle 21. If we learn that we have collected Personal Information from a person under the age of 18, we will delete that data from our systems.

7. Information Security

We utilize reasonable information security measures to safeguard your Personal Information. For example, we utilize Secure Socket Layer (SSL) encryption technology when sensitive data is transmitted over the Internet, and use firewalls to help prevent external access into our network. Unfortunately, however, no data transmission over the Internet and no method of data storage can be guaranteed to be 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its security.

We restrict access to Personal Information to our employees, contractors, service providers and agents who need to know that information in order to operate, develop or improve our Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

8. Third Party Websites.

Please note that the Services may link or integrate with third party sites, services or apps. We are not responsible for the privacy or security policies or practices or the content of such third parties. Accordingly, we encourage you to review the privacy and security policies and terms of service of those third parties so that you understand how those websites collect, use, share and protect your information.

9. Changes to this Policy

We may modify or update this Privacy Policy periodically with or without prior notice by posting the updated policy on this page. You can always check the “Last Updated” date at the top of this document to see when the Privacy Policy was last changed. If we make any material changes to this Privacy Policy, we will notify you by e-mail or post a notice of the changes on our website prior to the changes becoming effective. We encourage you to check this Privacy Policy from time to time.

10. Questions

To ask questions about our Privacy Policy or to lodge a complaint, contact us at:

Pinnacle 21, LLC
1777 Sentry Parkway West
VEVA 17, Suite 405
Blue Bell, PA 19422
Email: privacy@pinnacle21.com