Last updated: September 26, 2016
- Personal and other information we collect about you
- How we use your information
- How we may share your information with third parties
- Your choices regarding the personal information we collect about you
- Your rights under the U.S.-E.U. Privacy Shield program
2. Collection of Your Personal and Other Information
When you use our Services, we collect Personal Information. By “Personal Information” we mean information that can identify an individual, such as:
- Business addresses,
- Email addresses,
- Username and password,
- Phone numbers,
- Study-assigned identification numbers, and
- Any identifying information that may be submitted by our clients for a clinical study.
You may always choose not to provide Personal Information, but this may prevent you from receiving certain Services.
The Services do not require, and we instruct our clients not to submit, Personal Information about study participants. However, the content of all submissions is determined by our clients, and some Personal Information about study participants may be submitted by clients without our knowledge. If a client does upload Personal Information about study participants, as discussed below, incidental fragments may be stored.
In order to increase security, the Services do not store any Personal Information except email address, username and password for each user, nor is study data retained in storage by the Services (except possibly for incidental fragments that are determined to be invalid during validation or that are part of the dataset key).
We also collect non-Personal Information, that is, information that does not personally identify an individual. The non-Personal Information we collect includes how you interact with the Services, information generally collected or “logged” by Internet websites or Internet services when accessed or used by users, and information about your web browser or device accessing or using the Services.
Examples of the non-Personal Information we collect are:
- Your Internet Protocol (IP) address,
- Information about your operating system and browser, such as its maker or version
- The pages of our website that you viewed during a visit or the features of our software that you use
- What information or content you view, hover over or click on
- The referring web page
- Language preferences
- The city and state in which you are located (but not your precise geographic location),
- Unique Identifiers, meaning arbitrary codes or series of characters we create to identify unique users without Personal Information, and
- Incidental fragments of study data that are determined to be invalid during the validation process.
3. Use of Your Information
We use the information we collect to:
- Assist us in providing the Services,
- Set up accounts,
- Improve our operations,
- Process transactions (credit card or other payment account information will only be used for this purpose),
- Provide customer service,
- Provide you with newsletters, RSS feeds, and/or other communications or services which you have signed up for or otherwise agreed to receive,
- Send account- or transaction-related communications, such as welcome letters or notifications,
- Create de-identified user metrics,
- Perform research and analysis aimed at improving our products and services, and
- Manage our systems.
4. Disclosure of Your Information
We will not disclose your Personal Information to third parties except as described below. We also will not sell or disclose your Personal Information to third parties for their own marketing purposes unless you have explicitly and affirmatively granted us permission to do so.
We will disclose Personal Information to provide the Services, which will be apparent when you use or access Pinnacle 21 or when you authorize or instruct us to do so. In a manner consistent with our obligations under the US-EU Privacy Shield Program, we may also disclose Personal Information to companies, agents, contractors, service providers or others engaged to perform functions on our behalf (such as processing of payments, provision of data storage, hosting of our website, marketing of our products and services, conducting audits, and performing web analytics).
In a manner consistent with our obligations under the US-EU Privacy Shield Program, we may also disclose your Personal Information to third parties when we believe, in good faith and in our sole discretion, that such disclosure is reasonably necessary to (a) enforce or apply the terms and conditions of the Services, including investigation of potential violations thereof, (b) comply with legal or regulatory requirements or an enforceable governmental request, (c) protect the rights, property or safety of us, our users or other third parties, (d) prevent a crime or protect national security, or (e) detect, prevent or otherwise address fraud, security or technical issues.
Finally, we reserve the right to transfer information (including your Personal Information) to a third party in the event of a sale, merger, or transfer of all or substantially all of the assets of our company relating to Pinnacle 21, or in the unlikely event of a bankruptcy, liquidation or receivership of our business. You will be notified via email or prominent notice on our website for 30 days of any such change in ownership or control of your Personal Information.
Lastly, we may also disclose non-Personal Information, de-identified and anonymously aggregated with information about our other users, to our clients, business partners, merchants, advertisers, investors, potential buyers and other third parties if we deem such disclosure, in our sole discretion, to have sound business reasons or justifications.
5. Transparency and Choice
When you use our Services or are a participant in a clinical study conducted using our Services, we make good faith efforts to provide you with access to your Personal Information and either to correct this data if it is inaccurate or to delete such data at your request, in either case if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backups), or for which access is not otherwise required. In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.
Please e-mail us at firstname.lastname@example.org with any questions, if you need assistance accessing or changing your Personal Information, or if you would like to have your Personal Information deleted. Please be aware that if you delete your Personal Information, you may not be able to continue to use Pinnacle 21 or the Services. Also, even if you request that we delete your Personal Information, we may need to retain certain information for a limited period of time to satisfy our legal, audit and/or dispute resolution requirements.
We do not use, or allow third party advertising networks to use, information about web browsing activity collected through the Services for targeted or behavioral advertising. We support the development and implementation of a standard "do not track" browser feature that provides customers with control over the collection and use of information about their web-browsing activities. Once a standardized "do not track" feature is released, we intend to adhere to the browser settings accordingly.
You can opt out of receiving marketing e-mails from us by clicking on the “unsubscribe” link in the e-mails. Please note that it may take up to ten (10) business days for your opt-out request to be processed. Also, even if you opt out of marketing e-mails, we may continue to send you certain account-related e-mails, such as notices about your account and confirmations of transactions you have requested.
We do not knowingly collect Personal Information from users under 18 years of age. We do not authorize users under 18 years of age to use the Services or Pinnacle 21. If we learn that we have collected Personal Information from a person under the age of 18, we will delete that data from our systems.
7. Information Security
We utilize reasonable information security measures to safeguard your Personal Information. For example, we utilize Secure Socket Layer (SSL) encryption technology when sensitive data is transmitted over the Internet, and use firewalls to help prevent external access into our network. Unfortunately, however, no data transmission over the Internet and no method of data storage can be guaranteed to be 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its security.
We restrict access to Personal Information to our employees, contractors, service providers and agents who need to know that information in order to operate, develop or improve our Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
8. Third Party Websites.
Please note that the Services may link or integrate with third party sites, services or apps. We are not responsible for the privacy or security policies or practices or the content of such third parties. Accordingly, we encourage you to review the privacy and security policies and terms of service of those third parties so that you understand how those websites collect, use, share and protect your information.
9. Changes to this Policy
10. Privacy Shield Notice for European Union Residents
Pinnacle 21, LLC
Attention: Privacy Complaints
531 Plymouth Road
Plymouth Meeting, PA 19462
We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to the American Arbitration Association, a non-profit alternative dispute resolution provider located in the United States. If you do not receive a response to your complaint from us within forty-five (45) days, or if your complaint is not satisfactorily addressed, please visit http://info.adr.org/safeharbor for more information and to file a complaint.
Please note that if your complaint is not resolved through the above channels, you may have the right, under certain limited conditions, to invoke binding arbitration before the Privacy Shield Panel to be created by the US Department of Commerce and the European Commission.
We are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (“FTC”) with respect to its compliance with the EU-US Privacy Shield.
Pinnacle 21, LLC
531 Plymouth Road
Plymouth Meeting, PA 19462