Invivoscribe Data Privacy Framework Privacy Policy

Invivoscribe Data Privacy Framework Privacy Policy

It is not necessary to reveal your identity or any personal information to visit our website.

It is not necessary to reveal your identity or any personal information to visit our website.

Invivoscribe, Inc. and all its US subsidiaries, LabPMM LLC and Genection Inc. (collectively called “IVS”) comply with the EU-US Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF and the Swiss-US Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. IVS has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.   IVS has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.

This privacy policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This privacy policy applies to all personal information subject to the DPF received by IVS whether in electronic, paper or verbal format.

The Federal Trade Commission (FTC) has jurisdiction over IVS’s compliance with the EU-U.S. DPF and the UK Extension to the US-U.S. DPF, and the Swiss-U.S. DPF.

Definitions

“Personal Information” or “Information” means information that (1) is transferred from the EU, UK, or Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

Privacy Principles

Notice

IVS shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which IVS discloses or may disclose that Information. IVS shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to IVS, or as soon as practicable thereafter, and in any event before IVS uses or discloses the Information for a purpose other than for which it was originally collected.

Information We Collect

We collect various types of information from you, including information you voluntarily provide us and information we get from your use of our Site or Products. For instance, in order to access certain portions of the Site, order Products, or even use some Products you may be required to first register with us. You may be asked to provide your contact information (e.g., name, institution/company, address, phone number, email, username, etc.). Information we collect about your use of our Site or Products may, for example, include:

  • The Internet Protocol (“IP”) address of your Internet Service Provider.
  • The content you access.
  • The functions, products, or services you use on the Site or Products.
  • Your computer’s operating system.
  • Up-time and other usage statistics about the Site or Products.
  • Location information.
  • Your computer’s unique identifier (e.g., CPU serial number).
  • Web browser used.
  • The date and time of your visit to the Site or use of the Product.

How Information is Collected

Some of this information is collected through your voluntary submissions of information. Some of this information is collected through the use of cookies, which may be placed onto your computer. Some of this information is collected through other technologies (e.g., Google Analytics, WalkMe, Adobe Analytics, Mixpanel, New Relic, fullstory). The Site or other Products may also use cookies to store user-provided information during your sessions. You can usually set your browser to reject cookies or to alert you before one is placed, if you prefer, but this may mean that you cannot use all features of the Site or the Products.

How We Use the Information We Collect

We may use the information collected:

  • To improve the Site, the Products, including any applications, products, services, and software available through them.
  • To improve the customer experience.
  • For marketing purposes.
  • To store your interests and preferences in order to customize your use of the Site or Products.
  • To communicate with you (such as for product support and billing issues).
  • To verify compliance with the terms of use, license, subscription agreement or other agreement governing the use of the Site, the Product, or other of our products or services (“Terms of Use”).
  • To authenticate users.
  • To improve our products and services.
  • To compile and analyze trends.
  • To carry out transactions in connection with you.
  • We also may aggregate the collected information with information from other customers and users of the Site, Products, or other products and services for analysis such as to determine user and performance trends. Generally, any such aggregation will involve de-identified or anonymous data.

Employee Information

We collect Employee information from prospective and present Employees only for legitimate business purposes, including (1) the management and operations of our company, its functions and activities, (2) Employee communications, including Employee surveys, (3) maintaining a global directory, (4) carrying out obligations under employment contracts and employment, tax and benefits laws, and in connection with other working relationships or arrangements, (5) development and training programs, (6) recruiting and hiring job applicants, (7) assessing qualifications and performance, (8) performing background checks and verifying references, (9) managing Employee performance, (10) determining Employee compensation or payment, (11) managing the Employee termination process, and (12) other general human resources purposes.  Our European Union Employees, at the time of their employment, are notified in detail how their Personal Information will be used. Employee information on health, performance evaluations, and disciplinary actions and other sensitive Employee matters, whether it is stored manually or electronically, is accessible by other IVS Employees only if necessary with respect to legitimate human resource functions or issues.  IVS will obtain affirmative consent from an Employee before using such Employee’s Personal Information for any purpose other than described above. Employees may decline to provide this consent, and Employees may withdraw their consent at any time.

For legitimate human resources purposes, Employees may choose to voluntarily disclose Personal Information about family members. If our Employees choose to do this, their family member’s Personal Information shall be treated, for the purposes of this Policy, the same as an Employee’s Personal Information. Employee Personal Information is never sold, leased, or rented to any third party. Employee Personal Information will never be disclosed to third parties except as follows: (1) to those retained by IVS as agents or service providers for the purposes set forth in the paragraph above, (2) where required pursuant to an applicable law, governmental or judicial order, law or regulation, or to protect the rights or property of IVS, (3) where authorized in writing by the Employee, and (4) where the Employee voluntarily provides Personal Information and the context makes it clear that such information will be provided to a third party.

Where personal data is transferred from the EU to the US in the context of the employment relationship, we will cooperate in investigations by and to comply with the advice of the competent EU Authorities.

Choice

IVS will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party and (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, IVS will give individuals the opportunity to affirmatively or explicitly (opt in) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. IVS shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.

If you wish to choose to opt out please contact us at [email protected]

Onward Transfers

Except as otherwise provided herein, IVS discloses Personal Data only to Third Parties who reasonably need to know such data only for the scope of the initial transaction and not for other purposes. Such recipients must agree to abide by confidentiality obligations.

If IVS may provide Personal Data to Third Parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions. For example, IVS may store such Personal Data in the facilities operated by Third Parties. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by IVS and they must agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy;

IVS also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure. Please be aware that IVS may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. IVS is liable for appropriate onward transfers of personal data to third parties.

Data Security

IVS shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. IVS has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. IVS cannot guarantee the security of Information on or transmitted via the Internet.

Data Integrity

IVS shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, IVS shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.

Right of Access

IVS shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. For all your requests related to rights around your personal information, please contact [email protected]

Compliance

IVS uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns with compliance using the procedure set out below and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of the EU-U.S. DPF, or Swiss-U.S. DPF. We will post any revised policy on this website.

Privacy Complaints by European Union, UK and Swiss Individuals

In compliance with the Data Privacy Framework Principles, IVS commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact IVS by email at [email protected].

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, IVS commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

IVS has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit  www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

Last Updated: May 7, 2024