nPhase’s Notice of Certification Under the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, nPhase is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Data processed and purposes of data processing: nPhase provides an online platform and applications for our customers to operate aspects of their businesses, including the collection, processing and storage of clinical and operational data for the planning, conduct and optimization of clinical trials.
nPhase’s customers decide what data to submit to our platform or applications, which may include information about their authorized users, employees, and clinical trial patients. nPhase processes this data as instructed by our customers, and does not control or own its customer’s personal data. Our customer instructions may include processing or using personal data for purposes of providing or developing the nPhase platform, applications and services, preventing or addressing service or technical problems, responding to support issues, responding to our Customer’s instructions, or as may be required by law.
Third-party access to personal data and liability: nPhase only discloses personal data as instructed by our customers. In some cases, we may use third-party providers to assist us in providing or developing our platform or applications to our customers, such as to offer support to our customers and their authorized users and employees and to provide technical or operational support such as data hosting, transmission, and storage. These providers may access, process, or store personal data in the course of providing their services to nPhase. nPhase maintains contracts with these providers restricting their access, use and disclosure of personal data in compliance with our Privacy Shield obligations. nPhase may be liable if these third parties fail to meet those obligations and we are responsible for the event giving rise to the damage.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to *protected email*. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to *protected email*.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
nPhase also receives some personal data from our business customers in reliance on other data transfer compliance mechanisms, including data processing agreements based on the European Union Standard Contractual Clauses.
nPhase’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, nPhase remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless nPhase proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, nPhase commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact nPhase by email at *protected email* or via post at:
Attn: Chief Privacy Officer
533 2nd Street, Suite 500
Encinitas, CA 92024
Attn: Chief Privacy Officer
Kemp House, 152-160 City Road
London, EC1V 2NX
nPhase has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
Human Resources Complaints: nPhase has committed to refer unresolved human resources privacy complaints to the European Union Data Protection Authorities (DPA’s) or Swiss Federal Data Protection and Information Commissioner (FDPIC), respectively. EU individuals wishing to locate the appropriate DPA should refer to https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm Swiss individuals wishing to locate their FDPIC office should refer to https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction