US Micron, LLC Privacy Policy
US Micron is Part of The Micron Group
Data Privacy Framework Privacy Policy
US Micron, LLC (“USM”) is committed to protecting your privacy. This
privacy policy (the “Policy”) sets out the privacy principles which
USM follows with respect to transfers of personal data from the
European Union (EU), Switzerland, and the United Kingdom (and
Gibraltar) (UK) to the United States including personal data relating
to employees, customers, business partners as well as the personal
information of healthcare professionals and clinical study
participants where USM is providing services to its customers as a
Clinical Research Organization.
Data Privacy Framework
USM complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF),
the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy
Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of
Commerce. USM has certified to the U.S. Department of Commerce that it
adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF
Principles) with regard to the processing of personal data received
from the European Union in reliance on the EU-U.S. DPF and from the
United Kingdom (and Gibraltar) in reliance on the UK Extension to the
EU-U.S. DPF. USM has certified to the U.S. Department of Commerce that
it adheres to the Swiss-U.S. Data Privacy Framework Principles
(Swiss-U.S. DPF Principles) with regard to the processing of personal
data received from Switzerland in reliance on the Swiss-U.S. DPF. If
there is any conflict between the terms in this privacy policy and the
EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the
Principles shall govern. To learn more about the Data Privacy
Framework (DPF) program, and to view our certification, please visit
https://www.dataprivacyframework.gov/
.
Scope
This Policy applies to all personal information, whether in electronic
or paper format, received by USM in the United States from the EU, the
United Kingdom, and Switzerland and outlines our general policy for
the implementation of the Principles.
Definitions
For the purposes of the Policy, the following definitions shall apply:
“Agent” means any third-party processing
personal information on behalf of, and under the instruction of USM.
“European Union” or “EU” means for the purposes
of this Policy all countries within the European Economic Area (EEA).
“Personal data” and “personal information”
means data about an identified or identifiable individual that are within
the scope of the Directive, received by USM in the United States from the
European Union, and recorded in any form. It does not include personal
information that has been anonymized or that is publicly available, that
has not been combined with non-public personal information.
“Processing” of personal data means any
operation or set of operations which is performed upon personal data, whether
or not by automated means, such as collection, recording, organization,
storage, adaptation or alteration, retrieval, consultation, use, disclosure
or dissemination, and erasure or destruction.
“Sensitive personal information” means personal
information that reveals race, ethnic origin, political opinions, religious
or philosophical beliefs, trade union membership, or information that concerns
health or sex life. In addition, USM will treat as sensitive, any information
received from a third party where that third party treats and identifies
the information as sensitive.
Privacy principles
The privacy principles in this Policy are in accordance with the
principles set out in the EU-US DPF and the UK Extension to the
EU-U.S. DPF and the Swiss-US DPF.
Notice
Where USM collects personal information directly from individuals in
the EU, the UK, or Switzerland, it will inform them about the purposes
for which it collects and uses personal information about them, the
types of non-agent third parties to which USM discloses that
information, and the choices and means, if any, that USM offers
individuals for limiting the use and disclosure of their personal
information. Notice will be provided in clear and conspicuous language
when individuals are first asked to provide personal information to
USM, or as soon as practical thereafter, and in any event before USM
uses the information for a purpose other than that for which it was
originally collected.
Where USM receives personal information from its subsidiaries,
affiliates or other entities in the EU, the UK, or Switzerland, it
will use such information in accordance with the notices provided by
such entities and the choices made by the individuals to who such
personal information relates.
During the conduct of its operations, USM may collect and process
personal information relating to:
-
Study participants, clinical research investigators and their staff
as well as medical and healthcare professionals. The collection of
personal information such as contact information, qualifications,
debarment status and account information is to facilitate the proper
conduct of research studies and to carry out other study related
services. Information collected may be transferred to the Sponsor of
a study, business partners, USM affiliates, and third-party service
providers performing study-related duties and may furthermore be
transferred to regulatory authorities;
-
Customers, vendors and consultants. USM keeps contact information,
account numbers and information relating to billing, together with
other information which may be necessary for the daily operation
of USM's services including conducting customer, product and
service surveys, direct marketing of products and services,
handling customer complaints and enquiries, making disclosure
under the requirements of any law applicable, any other directly
related matters;
-
Human resources data such as curriculum vitae, contract information,
residential address, date of birth, gender, government
identification number, account information, qualifications and
training records, debarment status, performance reviews, which is
processed to support USM's human resources functions and activities
including the administration of employee benefits, compensation,
management of employee performance, business planning, disciplinary
procedures including the investigation and reporting of complaints
and for compliance with legal obligations, policies and procedures
-
Prospective study participants, prospective investigators and
users of USM applications and websites who make enquiries
regarding USM services may be asked to provide personal
information in order to provide the requested information,
products or services. Personal information provided may be used
for the processing of requested transactions, improving the
quality of our services, sending communications about our products
and services, enabling our business partners and service providers
to perform certain activities on our behalf and complying with our
legal obligations, policies and procedures.
USM may use the personal information it collects to comply with
our legal obligations, policies and procedures and for internal
administrative purposes.
Personal information collected and/or processed may be disclosed
to a particular study sponsor, third party service provider,
business partner and/or where required, regulators. USM may not
need to furnish notice where processing is necessary to respond to
a government inquiry, is required or authorized by applicable
laws, court orders or government regulations, or is necessary to
protect USM's legal interests and providing notice would interfere
with the above requirements.
Note on Clinical Trial Subject Data: Under the Data Privacy
Framework, key-coded data is not considered protected Personal
Data if the company does not receive the key. It is USM’s policy
to only receive key-coded clinical subject data. In the event that
USM comes in contact with un-redacted clinical trial Personal
Data, USM will adhere to the Principles with respect to the
Processing of such Personal Data.
Choice
USM offers individuals the opportunity to choose (opt out) whether
their personal information is (i) to be disclosed to a third party or
(ii) to be used for a purpose that is materially different from the
purpose(s) for which it was originally collected or subsequently
authorized by the individuals. Individuals will be provided with
clear, conspicuous, and readily available mechanisms to exercise their
choice.
For sensitive information, USM will obtain affirmative express consent
(opt in) from individuals if such information is to be (i) disclosed
to a third party or (ii) used for a purpose other than those for which
it was originally collected or subsequently authorized by the
individuals through the exercise of opt-in choice. In addition, USM
will treat as sensitive any personal information received from a third
party where the third party identifies and treats it as sensitive.
Accountability for onward transfer
Transfers of personal information to a third party acting as a
controller are covered by the provisions of this Policy regarding
Notice and Choice Principles. USM holds contracts with the third-party
controllers that provide that such data may only be processed for
limited and specified purposes consistent with the consent provided by
the individual and that the recipient will provide the same level of
protection as the Principles and will notify USM if it makes a
determination that it can no longer meet this obligation. The contract
shall provide that when such a determination is made the third-party
controller ceases processing or takes other reasonable and appropriate
steps to remediate.
When transferring personal information to a third party acting as an
Agent, USM: (i) transfers such data only for limited and specified
purposes; (ii) has ascertained that the agent is obligated to provide
at least the same level of privacy protection as is required by the
Principles; (iii) takes reasonable and appropriate steps to ensure
that the agent effectively processes the personal information
transferred in a manner consistent with the USM's obligations under
the Principles; (iv) requires the agent to notify USM if it makes a
determination that it can no longer meet its obligation to provide the
same level of protection as is required by the Principles; (v) upon
notice, including under (iv), USM will take reasonable and appropriate
steps to stop and remediate unauthorized processing; and (vi) will
provide a summary or a representative copy of the relevant privacy
provisions of its contract with that agent to the Department of
Commerce upon request.
USM is potentially liable in cases of onward transfer to third parties
of data of EU, UK, or Swiss individuals received pursuant to the Data
Privacy Framework.
Security
USM takes reasonable precautions to protect personal information from
loss, misuse and unauthorized access, disclosure, alteration, and
destruction.
Data integrity and purpose limitation
USM uses personal information only in ways that are compatible with
the purposes for which it was collected or subsequently authorized by
the individual. USM takes reasonable steps to ensure that personal
information is reliable for its intended use, accurate, complete, and
current. USM will only collect and store Personal Information that is
relevant to fulfill the purpose and will retain such information no
longer than appropriate to fulfill the purpose.
Access and correction
Upon request, USM will grant individuals reasonable access to the
personal information it holds about them. In addition, USM will take
reasonable steps to permit individuals to correct, amend, or delete
information that is demonstrated to be inaccurate or has been
processed in violation of the Principles.
Verification
USM will use a self-assessment verification approach and conduct
compliance audits of its applicable privacy practices to verify
adherence to this policy. USM's employees receive ongoing privacy
awareness training on USM's privacy principles and practices.
Recourse, enforcement, and liability
Any complaints or concerns regarding the use or disclosure of personal
information transferred from the EU, the United Kingdom, or
Switzerland to the US should in the first instance be directed to the
USM Data Protection Officer at the email address given below. USM will
investigate and attempt to resolve complaints in accordance with the
Data Privacy Framework Principles within 45 days of receiving a
complaint. Complaints that cannot be resolved internally will be
referred to the applicable EU Data Protection Authorities, the Swiss
Federal Data Protection and Information Commissioner (FDPIC), and the
UK Information Commissioner's Office (ICO) and the Gibraltar
Regulatory Authority (GRA) to address complaints and provide
appropriate recourse, which will be provided free of charge to the
individual. USM is committed to following the determination and advice
of these authorities. Under certain circumstances, an individual may
choose to invoke binding arbitration to resolve any disputes that have
not been resolved by other means.
USM complies with the Data Privacy Framework Principles and is subject
to the investigatory and enforcement powers of the Federal Trade
Commission.
Any employee that USM determines is in violation of this policy will
be subject to disciplinary action.
Limitation on scope of principles
Adherence by USM to this policy may be limited to the extent required
to meet legal, governmental, or national security obligations,
including requirements to cooperate with law enforcement.
Changes to this policy
This policy may be amended from time to time, consistent with the
requirements of applicable laws and regulations. The revisions will
take effect on the date of publication of the amended policy, as
stated.
Contact information
Questions, complaints, or comments related to this policy, data
processing or data collection should be submitted to the USM Data
Protection Officer: