TriNetX recognizes that the EU, United Kingdom and/or Swiss governments established strict rules and regulations for the protections and handling of Personal Data, including the adequate safeguards of Personal Data transferred outside of the EU, United Kingdom and/or Switzerland. To provide adequate protection for certain Personal Data for employment related purposes, as well as, website users, corporate customers, clients, suppliers, business partners, job applicants, employees, investigators, trial site personnel, and other data subjects received in the US, TriNetX complies with both the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield as set forth by the U.S. Department of Commerce for the collection, use, and retention of personal information transferred from the EU, United Kingdom and/or Switzerland to the U.S. TriNetX certified to the U.S. Department of Commerce that it adheres to the Privacy Shield principles. Since TriNetX abides by the aforementioned Privacy Shields, TriNetX is subject to the investigatory and enforcement powers of the Federal Trade Commission. If there is any conflict between this Policy and the Privacy Shield the Privacy Shield Principles shall govern. For more information about the Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review the Company’s representation on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list. TriNetX shall cooperate with the appropriate data authorities in regards to the EU- U.S. and Swiss-U.S. adherence to the Privacy Shield policies.
Personal Data Collection and Use
TriNetX will only process Personal Data in ways that are compatible with the original purpose for which it was collected, or for purposes the individual later authorizes. Before TriNetX uses Personal Data for a purpose that is materially different than the purpose it was collected for or later authorized, TriNetX shall provide the individual with the opportunity to remove their data or amend it. Reasonable procedures are utilized to help ensure that Personal Data is reliable for its intended use, accuracy, and completeness.
The collection of Personal Data, will be obtained with proper opt-in consent where the Privacy Shield requires, including if the TriNetX discloses Personal Data to third parties, or before the use of Personal Data for a different purpose than originally obtained or than later authorized for use by the individual.
Human Resources Data
TriNetX shall collect and process employment related data for employment purposes. Data collected during the employment process including personal data collected during employee recruitment are subject are subject to proper Notice and Choice principles, which require requiring a direct opt-in for use of said personal information. Where Privacy Shield and EU Member State laws conflict, EU Member State laws shall prevail. TriNetX shall limit the collection and processing of employee personal data and the personal data of potential employees’ employees’ in the United States. Changes to the country storing and processing EU personal data of employees in the to the United States are subject to separate Choice and Notice principles. Furthermore, employment opportunities shall not be restricted due to an individual’s request individuals requests for privacy and limitations.
Data Transfers to Third Parties & Third-Party Data Controllers; Limitation on Use and Disclosure
TriNetX may share Personal Data with third-party service providers or agents who process Personal Data on TriNetX’s behalf, for limited and specified purposes in relation to TriNetX’s business functions and purposes. TriNetX shall ascertain that the third parties are obligated to provide the same level of privacy protection as required by the Privacy Shield and will take reasonable and appropriate steps, including entering into written contracts, to ensure that their processing of Personal Information is in accordance with this Privacy Shield. If TriNetX transfers personal data to third parties, the third party may then be liable for any issues that arise while the personal data is within control of the third party. In addition, TriNetX will require that third parties notify TriNetX if they are unable to comply. TriNetX remains otherwise liable for third-parties who process personal data on its behalf.
TriNetX may share Personal Data with third parties or data controllers not acting on its behalf. TriNetX will only share Personal Data with third parties if the individual has not opted-out of such disclosure(s), or where the individual provides affirmative express consent, if the Privacy Shield requires consent, to such disclosure. TriNetX shall ensure that there is a contract with the third parties that provides Personal Information which may only be processed for limited and specified purposes consistent with those in the Privacy Policies and this Privacy Statement.
Disclosures for National Security or Law Enforcement
TriNetX may be required to disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
TriNetX maintains the appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction while considering the risks involved in the processing and the nature of the personal data.
Individuals from the EU, United Kingdom, and Switzerland have the right to access their Personal Data and to correct, amend, or delete it where it is inaccurate or has been processed in violation of this Privacy Statement, as set out in the Privacy Shield.
Questions or Complaints
In compliance with the Privacy Shield Principles, TriNetX commits to resolve complaints about the collection and use of Personal Data. Individuals from the EU, United Kingdom and Switzerland with inquiries or complaints regarding this Policy should first contact the Company at:
125 Cambridgepark Drive, Suite 500
Cambridge, MA 02140, USA
ATTN: Privacy Department
TriNetX shall investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of individual’s Personal Data after receiving a notification of disputes and complaints.
TriNetX is committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located within the United States. If the individual does not receive timely acknowledgement of their complaint, or if TriNetX failed to address the individual’s complaint to their satisfaction, then the individual should contact JAMS or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to the individual.
The individual may opt to select binding arbitration for the resolution of their complaint under certain circumstances, provided that the individual took the following steps: (1) raised the compliant directly with TriNetX and provided TriNetX the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority permitted by the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to the individual. For more information on binding arbitration, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Changes to This Policy
TriNetX reserves the right to amend this Policy from time to time so long as any amendments are consistent with the requirements under the U.S. Department of Commerce EU-U.S Privacy Shield and Swiss-U.S. Privacy Shield.
This policy is subject to change pending the United Kingdom leaving the European Union(“BREXIT”) and any changes made by the United Kingdom to their privacy laws.
Effective Date: 2020-04-21