Effective on: June 6, 2022

Privacy Policy

Introduction and Scope

EVERSANA INTOUCH (“EVERSANA INTOUCH”, “we”, “us”, “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Policy (the “Policy”) addresses data subjects whose Personal Data we may receive from our customers through our public website (the “Website”) and the other information systems we use to market and sell our services (collectively, with the Website, “the Sales & Marketing Systems”).

Please read this Policy to learn what EVERSANA INTOUCH is doing with your Personal Data, how we protect it, and the privacy rights you may have under the General Data Protection Regulation (“GDPR”), the United Kingdom’s General Data Protection Regulation (“UK GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”), and the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”) (collectively, “Applicable Laws”).

This Policy does not apply to Personal Data we collect by other means, such as Personal Data of clinical trials participants we process in the course of providing life sciences services (the “Services”) to our customers, or the Personal Data of our employees.

Controllership

Within the scope of this Policy, EVERSANA INTOUCH acts as a data controller for the Personal Data we process.

What is Personal Data?

“Personal Data” is information that, either alone or in combination with other information, identifies you. Examples of Personal Data include, among others, name and email address. When we combine Personal Data with other information, we treat the combined information as Personal Information.

Processing of Personal Data

Depending on whether you are a current or prospective customer, a website visitor, or a current or prospective business partner (for example, a supplier), we may process various types of Personal Data, as described in the below Table.  The Table below also shows you how and why we collect Personal Data and the categories of third parties with whom we share Personal Data.

Basis of Processing

We may process your Personal Data on the basis of:

  • the need to perform a contract with you or to take steps at your request prior to entering into a contract;
  • our legitimate interests, such as our interest in marketing and selling our Services;
  • sending information at your request;
  • protecting our rights or our property;
  • for recruiting and human resources administration purposes;
  • the need to comply with the law; or
  • any other ground, as required or permitted by law.

Where we receive your Personal Data as part of providing our Services to you based on a contract, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.

What Personal Data We Collect, How We Receive Personal Data, and How We Use Your Personal Data

The Table below describes the categories of Personal Data we have collected about you in the last twelve months and how we obtained that Personal Data.

The CCPA requires us to categorize the Personal Data we collect into groups. Many of the categories are not collected in every situation, and some of the Personal Data is only collected at the direction of our customers through our Sales & Marketing Systems.

Categories of Personal Data We Collect, Process, or Store How We Obtain Your Personal Data How We Use Your Personal Data

Identifiers:
Name, alias, postal address, email address, and similar identifiers.

Customer Records Information:
Name, telephone number, address, email address and other similar customer records information.

Professional or Employment-Related Information:
Employment, employment history, information about your employer (such as the name, address and contact details of your employer) and other similar employment-related information.

Usage Information:
Internet protocol address, referring URLs (e.g., the site you visited before coming to the Website), number of clicks and how you interact with links on the Website, domain names associated with your internet service provider, pages viewed, and other such information.

We may receive your Personal Data when:

  • you provide it directly to us through our Website;
  • you provide it directly to us at an event or conference;
  • you provide it to us through emails we send to you;
  • you provide it to us while participating in a webinar we host or sponsor;
  • we collect your information from publicly available platforms such as LinkedIn;
  • our customers (including their employees, contractors, and other representatives of the company) provide it to us;
  • we receive it from other companies within our corporate group;
  • our service providers provide it to us;
  • we purchase lists of individuals who might be interested in becoming customers of ours; or
  • when a friend of yours or one of our partners or customers refers you to our Services by providing your Personal Data to us.

We may process your Personal Data for the purposes of:

  • marketing and selling our Services to you;
  • enabling the use of our Services;
  • responding to your requests or questions; and
  • sending you email marketing communications about our business which we think may interest you.

Sharing Personal Data with Third Parties

We may share Personal Data with our subsidiaries and affiliates, as well as with our service providers, who process Personal Data on our behalf, and who agree to use the Personal Data only to assist us in providing support and infrastructure for our Sales & Marketing Systems, providing our Services, or as required by law.

We do not sell your Personal Data to third parties.

Please review the below Table to see the categories of Personal Data that we have disclosed, in the last twelve months, to third parties for our own operational business purposes and the categories of recipients of that Personal Data.

Category of Personal Data Categories of Third Parties to Which We Disclose Personal Data for Business Purposes.

Identifiers

Customer Records Information

Professional or Employment-Related Information

Our service providers may provide:

  • application hosting services;
  • cloud storage services;
  • virus scanning services;
  • human resource services;
  • social media services;
  • email software;
  • content management system (CMS) software;
  • customer resource management (CRM) software;
  • marketing automation software;
  • webinar software;
  • data analytics software; and
  • email marketing software.

International Transfers of Personal Data

Personal Data in the European Union and the United Kingdom is protected by data protection laws; however, other countries may not necessarily protect your Personal Data in the same way, or in such a way that prevents their courts, law enforcement, and national security authorities from accessing it. Data protection laws in these regions regulate how your Personal Data may be transferred to third parties located in other regions.

Some of these third parties may be located outside of the European Union, the European Economic Area, the United Kingdom, or Canada. In some cases, the European Commission and the United Kingdom may not have determined that the countries’ data protection laws provide a level of protection equivalent to European Union law and the law of the United Kingdom. We will only transfer your Personal Data to third parties in these countries when there are appropriate safeguards in place, such as the European Commission approved standard contractual clauses, and any standard contractual clauses approved by the United Kingdom. These may include the European Commission-approved standard contractual data protection clauses.

Other Disclosure of Your Personal Data

We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal business purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

Cookies

A “cookie” is a small file stored on your device that contains information about your device. We may use cookies to provide basic relevant ads, website functionality, authentication (session management), usage analytics (web analytics), and to remember your settings, and generally improve our websites and Services.

We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our Services are first-party cookies, since they are placed directly by us. Other parties, such as Google, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.

If you would prefer not to accept cookies, you can change the setup of your browser to reject all or some cookies. Note, if you reject certain cookies, you may not be able to use all of our Services’ features. For more information, please visit https://www.aboutcookies.org/.

You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/. Please note that our Services do not have the capability to respond to “Do Not Track” signals received from web browsers.

Data Integrity & Security

We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. This includes unauthorized access, disclosure, alteration, or destruction.

Data Retention

When the purposes of processing are satisfied and no lawful basis of processing remains, we will delete your Personal Data.

Access, Review, Objection to Processing, and Portability

If we process your Personal Data, you may have the right to request access to, and the opportunity to update, correct, or delete such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability, which is the right to ask to have your Personal Data exported in a machine-readable format.

To submit these requests or raise any other questions, please contact us by using the information in the “Contact Us” section below.

Security of Your Personal Data

We have implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.

Risk of Harm

Whenever Personal Data is collected and processed, there is always a slight risk that the Personal Data may be breached, misused, or otherwise result in harm to you. However, we take several measures to ensure that this risk is mitigated as much as possible. These measures include limiting the Personal Data about you that we collect and process to solely what is necessary, not collecting sensitive Personal Data about you unless we clearly explain to you that we are and obtain your explicit consent beforehand, and implementing appropriate security measures, as described in this Policy.

Your Privacy Rights

You have specific rights regarding your Personal Data collected and processed by us. Please note that you can only exercise these rights with respect to Personal Data that we process about you when we act as a data controller or as a “business” under the CCPA. This is when EVERSANA INTOUCH decides why and how your Personal Data will be processed, rather than our customers making those decisions.

To exercise your rights with respect to information processed by us on behalf of one of our customers, please read the privacy policies of our customers. If you wish to make your request directly to us, please provide to us the name of our customers who submitted your data to us or let us know that you are uncertain about which of our customers submitted your data to us. Because we may only act upon instructions from our customers, we will refer your request to the relevant customer, and will support them as needed in responding to your request within a reasonable timeframe.

We may need to confirm your identity in order to process your request. A request can also be made on behalf of your child or ward (who is under the age of 18 years).

In this section, we first describe your privacy rights and then we explain how you can exercise those rights.

Right to Know What Happens to Your Personal Data

This is called the “right to be informed”. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things.

We are informing you of how we process your Personal Data with this Privacy Policy.

Right to Know What Personal Data We Have About You

This is called the “right of access”. This right allows you to ask for full details of the Personal Data we hold on you.

You have the right to obtain from us confirmation as to whether or not we process Personal Data concerning you, and, where that is the case, a copy of or access to your Personal Data and certain related information.

Once we confirm your identity (or the identity of your authorized agent) who made the request, we will disclose to you:

  • The categories of Personal Data we have collected about you;
  • The categories of sources of the Personal Data we have collected about you;
  • The business and commercial purposes for which we process your Personal Data;
  • Where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period;
  • The categories of third parties with whom we share that Personal Data;
  • The specific pieces of Personal Data we collected about you (this is also called a data portability request);
  • If we rely on legitimate interests as a lawful basis to process your Personal Data, the legitimate interests pursued by us or by a third party; and
  • The appropriate safeguards for transferring data from the EU to a third country, if applicable.

The CCPA does not allow us to disclose Social Security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers.  We can inform you that we have this information generally, but we may not provide the specific numbers, passwords, etc., to you for security and legal reasons.

Right to Change Your Personal Data

This is called the “right to rectification”. It gives you the right to ask us to correct, without undue delay, anything that you think is wrong with the Personal Data we have on file about you, and to complete any incomplete Personal Data.

If your account settings do not allow you to change it, please contact us and we will do our best to change the Personal Data for you.

Right to Delete Your Personal Data

This is called the right to erasure, right to deletion or the “right to be forgotten”. This right means you can ask for your Personal Data to be deleted.

Sometimes we can delete your information, but other times it is just not possible, like when the law tells us we cannot do that. If that’s the case, we will consider if we can limit how we use it.

There are certain occasions where we cannot fulfill a deletion request under Applicable Laws, and may deny your request, such as if we or our service providers need to retain the Personal Data to:

  • Complete the transaction for which we collected the Personal Data;
  • Provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  • Enable solely internal uses reasonably aligned with your expectations based on your relationship with us;
  • Comply with a legal obligation, including, but not limited to, obligations from the California Electronic Communications Privacy Act; or
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Right to Ask Us to Change How We Process Your Personal Data

This is called the “right to restrict processing”. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain occasions, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.

Right to Ask Us to Stop Using Your Personal Data

This is called the “right to object”. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). Also, you have the right to object at any time to the processing of your Personal Data for direct marketing purposes.

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

Right to Port or Move Your Personal Data

This is known as the “right to data portability” and enables you to ask for and download Personal Data about you that you have given us or that you have generated by virtue of the use of our services, so that you can:

  • Move it;
  • Copy it;
  • Keep it for yourself; or
  • Transfer it to another organization.

We will provide your Personal Data in a structured, commonly used and machine-readable format. When you request electronically to know what data we have about you, we will provide you a copy in electronic format.

Right Related to Automated Decision Making

We sometimes use computers to study your Personal Data. We might use this Personal Data, so we know how you use our Services. For decisions that may seriously impact you, you have the “right not to be subject to automatic decision-making, including profiling”. But in those cases, we will always explain to you when we might do this, why it is happening, and the effect.

Right to Withdraw Your Consent

Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful.

If you have given consent for your details to be shared with a third party, and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

Right Not to Be Discriminated Against for Exercising Your Privacy Rights

We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Right to Lodge a Complaint with a Supervisory Authority

If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states and the United Kingdom.

How Can You Exercise Your Privacy Rights?

To exercise any of the rights described above, please submit a request by either:

  • Calling us at 913.317.9700;
  • Contacting us by email at privacy@eversana.com; or
  • Writing to us at:
    • EVERSANA INTOUCH
      7045 College Boulevard, #300
      Overland Park, KS 66211
      USA

What are Authorized Agents?

You may appoint an authorized agent to exercise your rights on your behalf. You should appoint such agent via written permission or a power of attorney pursuant to Probate Code sections 4000 to 4465 (if you reside in the State of California) or the applicable rules for authorizing somebody else to exercise your rights in your country of residence.

To verify that your authorized agent acts on your behalf, we will ask for this written permission from your agent or for the power of attorney. In case you provided your authorized agent with a written permission, we will require that you also verify your identity.

How We Will Verify Your Identity

Bear in mind that to evaluate your privacy rights requests, we need to be sure it was you who made the request. We will verify your identity via the following methods:

  • we will send you an email requesting that you confirm certain personal data that we have in our records; OR
  • we will call you at the number you provided when you submitted a request relating to your privacy rights and will request that you confirm certain personal data that we have in our records.

To carry out the verification, we may ask you for information you provided to us previously, such as your contact number, email address, date of birth, your zip code, or the date that you last received a call/communication from us.

Please note that you may only make a consumer request to know or a data portability request twice within a 12-month period.

How and When We Will Respond to Your Requests

We will confirm the receipt of your request within ten (10) days and, in that communication, we will also describe our identity verification process and when you should expect a response, except when we have already granted or denied the request.

Please allow us up to 30 days to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option.

Consider that we will only cover the twelve-month period preceding the moment we receive the request in any disclosures we provide you with.

If we cannot satisfy your request, we will also explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.

In most cases, we will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination, and we will provide you with a cost estimate before completing your request.

Privacy of Children

We do not knowingly collect the Personal Data of children under the age of 18 in the context of our Sales & Marketing Systems. In the event that we learn that we have collected Personal Information from a child without parental consent, we will promptly take steps to delete that information.

Changes to this Policy

We may modify or update this Privacy Policy from time to time, so please review it periodically.  If we make any material change to this Policy, we will post the revised Policy to this web page. We will also update the “Effective” date. By continuing to use our Services after we post any of these changes, you accept the modified Policy.

Contact Us

If you have any questions about this Policy or our processing of your Personal Data, please write to us by email at privacy@eversana.com or by postal mail at:

  • Calling us at 913.317.9700;
  • Contacting us by email at privacy@eversana.com; or
  • Writing to us at:
    • EVERSANA INTOUCH
      7045 College Boulevard, #300
      Overland Park, KS 66211
      USA

Please allow up to four weeks for us to reply.

European Union Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd
Unit 3D North Point House
New Mallow Road
Cork T23AT2P
Ireland
VeraSafe Czech Republic s.r.o.
Klimentská 46
Prague 1
11002
Czech Republic

Data Protection Officer

We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:

VeraSafe
22 Essex Way #8203
Essex, VT 05451 USA
Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/