Privacy Shield

This Privacy Shield Policy (“Policy”) describes how TriNetX Inc. (“TriNetX” or “Company”) participates and complies with the EU-US Privacy Shield principles regarding the collection, storage, use, processing, and transfer of certain personal information from the European Union (“EU”) and Switzerland (“Swiss”). Personal Data (“Personal Data’) means any information relating to an individual residing in the EU and Swiss that can be used to identify the individual either on its own or in the combination with other readily available data. This Policy supplements TriNetX’s Website Privacy Policy located at https://www.trinetx.com/privacy-policy/, and unless specifically defined in this Policy, the terms in this Policy have the same meaning as the TriNetX Privacy Policy.

TriNetX recognizes that the EU & Swiss governments established strict rules and regulations for the protections and handling of Personal Data, including the adequate safeguards of Personal Data transferred outside of the EU & Swiss. To provide adequate protection for certain Personal Data about website users, corporate customers, clients, suppliers, business partners, job applicants, employees, investigators, trial site personnel, and other data subjects received in the US, TriNetX complies with the EU-US- Swiss- Privacy Shield as set forth by the U.S. Department of Commerce for the collection, use, and retention of personal information transferred from both the EU & Swiss to the U.S. TriNetX certified to the U.S. Department of Commerce that it adheres to the Privacy Shield principles. Since TriNetX abides by the EU-US-Swiss Privacy Shields, TriNetX is subject to the investigatory and enforcement powers of the Federal Trade Commission. If there is any conflict between this Policy and the Privacy Shield the Privacy Shield Principles shall govern. For more information about the Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review the Company’s representation on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list

Personal Data Collection and Use
TriNetX will only process Personal Data in ways that are compatible with the original purpose for which it was collected, or for purposes the individual later authorizes. Before TriNetX uses Personal Data for a purpose that is materially different than the purpose it was collected for or later authorized, TriNetX shall provide the individual with the opportunity to remove their data or amend it. Reasonable procedures are utilized to help ensure that Personal Data is reliable for its intended use, accuracy, and completeness.

The collection of Personal Data, will be obtained with proper opt-in consent where the Privacy Shield requires, including if the TriNetX discloses Personal Data to third parties, or before the use of Personal Data for a different purpose than originally obtained or than later authorized for use by the individual.

Data Transfers to Third Parties & Third-Party Data Controllers; Limitation on Use and Disclosure
TriNetX may share Personal Data with third-party service providers or agents who process Personal Data on TriNetX’s behalf, for limited and specified purposes in relation to TriNetX’s business functions and purposes. TriNetX shall ascertain that the third parties are obligated to provide the same level of privacy protection as required by the Privacy Shield and will take reasonable and appropriate steps, including entering into written contracts, to ensure that their processing of Personal Information is in accordance with this Privacy Shield. If TriNetX transfers personal data to third parties, the third party may then be liable for any issues that arise while the personal data is within control of the third party. In addition, TriNetX will require that third parties notify TriNetX if they are unable to comply.

TriNetX may share Personal Data with third parties or data controllers not acting on its behalf. TriNetX will only share Personal Data with third parties if the individual has not opted-out of such disclosure(s), or where the individual provides affirmative express consent, if the Privacy Shield requires consent, to such disclosure. TriNetX shall ensure that there is a contract with the third parties that provides Personal Information which may only be processed for limited and specified purposes consistent with those in the Privacy Policies and this Privacy Statement.

Disclosures for National Security or Law Enforcement
TriNetX may be required to disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Security
TriNetX maintains the appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction while considering the risks involved in the processing and the nature of the personal data.

Access Rights
EU and Swiss individuals have the right to access their Personal Data and to correct, amend or delete it where it is inaccurate or has been processed in violation of this Privacy Statement, as set out in the Privacy Shield.

Questions or Complaints
In compliance with the Privacy Shield Principles, TriNetX commits to resolve complaints about the collection and use of Personal Data. EU & Swiss individuals with inquiries or complaints regarding this Policy should first contact the Company at:

TriNetX, Inc.
125 Cambridgepark Drive, Suite 500
Cambridge, MA 02140, USA
ATTN: Privacy Department
Phone: +1-857-285-6037
Email: Privacy@trinetx.com

TriNetX shall investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of individual’s Personal Data after receiving a notification of disputes and complaints.

TriNetX is committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located within the United States. If the individual does not receive timely acknowledgement of their complaint, or if TriNetX failed to address the individual’s complaint to their satisfaction, then the individual should contact JAMS or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to the individual.

Binding Arbitration
The individual may opt to select binding arbitration for the resolution of their complaint under certain circumstances, provided that the individual took the following steps: (1) raised the compliant directly with TriNetX and provided TriNetX the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority permitted by the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to the individual. For more information on binding arbitration, see U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).

Contact Information
If there are any questions about this Policy or a request to access Personal Data, please contact TriNetX at the following address:

TriNetX, Inc.
125 Cambridgepark Drive, Suite 500
Cambridge, MA 02140, USA
ATTN: Privacy Office
Phone: +1-857-285-6037
Email: Privacy@trinetx.com

Changes to This Policy
TriNetX reserves the right to amend this Policy from time to time so long as any amendments are consistent with the requirements under the U.S. Department of Commerce EU-Swiss Privacy Shield.

Effective Date: 2018-03-19