Privacy

Customer Privacy Policy

CANFIELD PRIVACY STATEMENT

Canfield Scientific, Inc. (Canfield) is committed to protecting the privacy of individuals whom we conduct business with all over the globe. In order to conduct global business in an increasingly electronic economy, it is often necessary to collect Personal Information about our partners and customers.

This Policy has been developed to inform you why we collect your Personal Information, as well as how we use and protect it. If you receive services from Canfield and are located in the European Economic Area (EEA) and Switzerland, please also view US-EU Privacy Shield and Swiss Safe Harbor policy.

COLLECTION OF YOUR PERSONAL INFORMATION

When providing services to you, Canfield may request Personal Information from you. These requests may include your name, email address, company name, and/or telephone number. Your response to these inquiries is strictly voluntary as Canfield uses this information to customize your experience on our website, alert you to products and services that can assist you in your business, promote site registration, and facilitate your order processing.

Additional information about you may be collected if the services provided by Canfield require collection and use of such information.

Please Note: If the information collected about you contains your Protected Health Information (PHI), Canfield will handle this information in compliance with HIPAA and HITECH Regulations (including those that protect the rights of minors) as they pertain to the services being provided.

USE OF YOUR PERSONAL INFORMATION

All information about you, including your PHI (when applicable), is collected by Canfield exclusively for the purposes outlined in this Privacy Policy.

Canfield will not sell, share, or rent information about you that is collected via the Canfield Corporate Website or provided by you using other means in any ways that are incompatible with the contract of services and this Privacy Policy.

You can visit our website without divulging any Personal Information. However, there are areas of the site that require Personal Information to complete their customization functions; functions that may not be available to those choosing not to provide the information requested.

DISCLOSURE TO THIRD PARTIES

In cases where Canfield believes your business interests will be served, Canfield may share your information (excluding account, credit card, and ordering information) with Canfield distributors who can alert you to new products and services to improve your competitive edge. If you receive unwanted marketing materials from any of our distributors, please let them know that you wish to be removed from their contact lists.

Canfield will not disclose your PHI for purposes incompatible with the contract of services and this Privacy Policy. If there is a need to use or disclose your PHI, proper authorization will be received from you in accordance with applicable Regulations.

Personal information may be disclosed by Canfield to judicial or other government agencies subject to warrants, subpoenas, or other governmental orders in accordance with applicable law.

COLLECTING DOMAIN INFORMATION

Canfield collects domain information as part of its analysis of the use of its website. This data enables us to become more familiar with which customers visit our site, how often they visit, and what parts of the site they visit most often. Canfield uses this information to improve its web-based offerings. This information is collected automatically and requires no action on your part.

Canfield also uses web cookies on this site. The type of information we collect includes the pages visited, files downloaded, type of browser used, etc. This information helps us to learn what pages are most attractive to our visitors, which of our products most interests our customers, and what kinds of offers our customers like to see.

Cookies cannot read data off your hard drive. Your web browser may allow you to be notified when you are receiving a cookie, giving you the choice to accept it or not. By not accepting cookies, some pages may not fully function and you may not be able to access certain information on this site.

PROTECTING OUR CUSTOMERS

Protecting and securing your Personal Information is Canfield's top priority. We prevent unauthorized access by a secure firewall and through the use of a security infrastructure to protect the integrity and privacy of your information. We also keep your Personal Information secure by encrypting any transfers of your Personal Information.

At Canfield, only authorized personnel will have access to your Personal Information when it pertains to their job responsibilities.

Canfield seeks to use reasonable organizational, technical, and administrative measures to protect your Personal Information, but you should be aware that any electronic means of communication may carry some level of risk and that no data transmission or storage system can be guaranteed as 100% secure.

CANFIELD PRIVACY CONTACT INFORMATION

If you have any questions regarding your privacy, please contact us at:

PrivacyOfficer@canfieldsci.com or at the mailing address below:

Attn: Privacy Officer
Canfield Scientific, Inc.
4 Wood Hollow Road
Parsippany, NJ 07054
United States of America

US-EU Privacy Shield and US-Swiss Safe Harbor Privacy Policy


PRIVACY STATEMENT

Canfield Scientific, Inc. (Canfield) is an American based company that performs services and sells imaging software products globally. As a result, Canfield may be exposed to and receive personal information transferred from the European Economic Area (EEA), and Switzerland.

Canfield has self-certified its compliance with the EU-U.S. Privacy Shield framework and the Swiss Safe Harbor framework and complies with the principles of these frameworks.

CANFIELD AS A DATA PROCESSOR

For the purposes of collecting personal information from its customers in the EEA and Switzerland Canfield acts exclusively as a Data Processor. As a Data Processor, Canfield does not make independent decisions regarding personal information, does not own or control personal information, and only processes personal information under instruction from the Data Controllers in the EEA and Switzerland.

Canfield processes personal information in electronic form from its customers in the EEA and Switzerland (e.g. institutions, physicians, aesthetic and retail establishments, etc.)

PRIVACY SHIELD

The EU Data Protection Directive restricts data transfers to those countries outside the EU that are deemed to have an "adequate level of data protection." For American based companies, one of the best mechanisms for providing such adequate data protection is the EU-U.S. Privacy Shield program run by the US Department of Commerce.

EU-U.S. Privacy Shield is a self-regulatory mechanism under which US based companies can voluntarily agree to abide by a set of principles negotiated between the United States government and the European Commission. Transfers made to a Privacy Shield certified company in the United States are deemed as having an adequate level of data protection.

For more information about the EU-U.S. Privacy Shield Framework please visit: http://www.privacyshield.gov

For more information about the US - Swiss Safe Harbor Framework, please visit: http://2016.export.gov/safeharbor/swiss/

THE SEVEN (7) PRIVACY SHIELD PRINCIPLES

Under Privacy Shield, Canfield recognizes its adherence to the seven (7) Privacy Shield Principles (Principles) as follows:

  1. NOTICE

    Canfield recognizes the Notice Principle, and agrees that every data subject has the right to know about the purposes for which their personal information is being collected, what personal data about them is collected, whom they can contact to inquire about their information, and how to file a complaint if necessary.

    As we do not directly communicate with data subjects in the EEA and Switzerland, Canfield (as per contractual agreements with the Data Controllers) assures that Data Controllers in the EEA and Switzerland provide the data subjects with the right of notice.

    Data Controllers in the EEA and Switzerland are responsible for providing data subjects with their rights to know what information about them is being collected, for what purposes, and to whom outside of the EEA and Switzerland it has been/will be transferred.

    It is the responsibility of the Data Controllers in the EEA and Switzerland to obtain permission from the data subjects to transfer their personal information outside of the EEA and Switzerland.

    Personal information may be disclosed by Canfield to judicial or other government agencies subject to warrants, subpoenas, or other governmental orders in accordance with applicable law.
  2. CHOICE

    Canfield acknowledges that data subjects must be provided with the option to choose whether or not their personal information can be disclosed to third parties and used for purposes other than those for which it was collected.

    It is the responsibility of the Data Controllers in the EEA and Switzerland to provide this choice to the data subjects. This responsibility is ensured by the contractual obligations between Canfield (Data Processor) and its customers (Data Controllers) in the EEA and Switzerland.

    Personal information obtained by Canfield from data subjects in the EEA and Switzerland will not be disclosed by Canfield without proper authorization. If Canfield intends to use such personal information for purposes other than those for which it was intended, Canfield will obtain proper authorization directly from the data subjects.
  3. ONWARD TRANSFER

    When providing services to its customers Canfield may need to share an individual's personal information with its subcontractors (data centers, Reviewers, participating in Independent Panel Reviews, outside statistical services, etc.). Canfield obtains assurances that its subcontractors are either Privacy Shield self-certified or can guarantee compliance with this policy and provide an adequate level of protection and security (in alignment with the Principles) with regards to personal information obtained from the EEA and Switzerland.
  4. ACCESS

    Data subjects must be given access to the personal information that Canfield holds about them. They should also be able to correct, amend, or delete this information where it is inaccurate.

    Since Canfield does not interact directly with data subjects, but acts strictly under instruction from its Data Controllers, it is the Data Controllers who provide data subjects with access to their data. This is part of the contractual obligations between Canfield and its Data Controllers in the EEA and Switzerland.

    In the event that Data Controllers instruct Canfield to provide information directly to data subjects, Canfield will act strictly in accordance with these instructions. This right of access is limited by the principle of reasonableness. When appropriate, Canfield may charge a fee to provide such access and can limit the number of access requests within a given period of time.

    Additionally, due to Regulatory and contractual requirements for clinical studies, Canfield is not able to grant direct access to research data for research participants. Such data will be kept for a period of time no less than fifteen (15) years.
  5. SECURITY

    Canfield has put the appropriate administrative, technical, and physical safeguards in place to protect individuals' personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. All individuals' personal information is held in Canfield's secure facilities with limited access rights.
  6. DATA INTEGRITY

    Canfield will use personal information obtained from the EEA and Switzerland explicitly for the purposes such information was collected. Canfield will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current. Data collected under the EU-U.S. Privacy Shield will remain subject to these principles for as long as it is retained.
  7. ENFORCEMENT

    Canfield is committed to comply with this Policy and will periodically verify and confirm that it is accurate, up to date, and in compliance with the Principles. We encourage our customers who have concerns regarding this Policy to contact PrivacyOfficer@CanfieldSci.com or at the mailing address below:

    Attn: Privacy Officer
    Canfield Scientific, Inc.
    4 Wood Hollow Road
    Parsippany, NJ 07054
    United States of America

    Data subjects should submit complaints concerning the processing of their Personal Information to the applicable Data Controllers in the EEA and Switzerland responsible for collecting their information in accordance with the relevant dispute resolution mechanism.

    Canfield has chosen Privacy Trust as its dispute resolution mechanism. If you have a concern or complaint about Canfield’s privacy practices, you can contact us directly, or contact Privacy Trust at the following address: http://www.privacytrust.com/drs/canfield

    Privacy Trust will handle any disputes free of charge to the person raising them. We will respond to all complaints within 45 days. You may also invoke Binding Arbitration to resolve your complaint.

    Canfield is also subject to the investigatory and enforcement powers of the US FTC (Federal Trade Commission).

    Canfield's Privacy Officer will ensure the enforcement of this Policy.

    Any Canfield employee who violates this Policy will be subject to disciplinary action that could result in the termination of their employment with Canfield.

Canfield reserves the right to amend this Policy at any time to ensure its compliance with the Principles.

This Policy is effective as of 03-Sep-2014 and was last updated on 19 August 2016.