Data Privacy Framework (DPF)

AWS Partnership

Data Privacy Framework

 

Overview

Precision Digital Health, Incorporated (PDH), a United States business provides a platform service in support of clinical research globally. PDH leverages real-world data from various data sources; such as, electronic health records, device data from both medical devices and wearables from our client’s data subjects, Pharmaceutical and Health Care organizations.

Our Clients are pharmaceutical/biotech companies, medical device companies and various other types of clinical research organizations.  PDH is required to comply with the United States Federal Drug and Administration (FDA) rules and regulations as well as other regulatory bodies based on the nature of the work.

PDH complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. PDH has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. PDH has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this Data Privacy Framework policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Definitions

Data Subject – The individual to whom any given Personal Data covered by this Data Privacy Framework Policy refers.

Personal Data – Information relating to an individual residing in the European Union, the United Kingdom, and Switzerland that can be used to identify that individual either on its own or in combination with other readily available data.

Sensitive Personal Data – Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, physical or mental health, or sexual life. 

Scope and Responsibilities

Precision Digital Health, Incorporated (PDH) Data Privacy Framework applies to Personal Data transferred from European Union members countries, the United Kingdom, and Switzerland to PDH’s operations in the U.S. in trust on the respective Data Privacy  Framework and does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation from the EU Directive.

Some types of Personal Data may be subject to other privacy-related requirements and policies.  For example,

  • Personal Data regarding and/or received from a client is also subject to any specific agreement with, or notice to, the client, as well as additional applicable laws and professional standards.
  • Precision Digital Health, Inc.,  Standard Operating Procedures (SOPs) and any additional Corporate Policies that targets Data Protection, Data Security and Data Integrity.

 

All designated employees of PDH have access in the U.S. to Personal Data covered by this Data Privacy  Framework Policy are responsible for conducting themselves in accordance with this Data Privacy  Framework Policy.

PDH reserves the right to disclose all information collected to the extent required by law or to respond to judicial process. 

Data Privacy Framework Principles

For EU, UK, and Swiss Individuals: Data Privacy Framework for Personal Data Processed in the United States

Notice

We notify our, customers,  and others located in the EU, UK, and Switzerland about the purposes for which we collect and use Personal Data, the types of third parties to which we disclose the information, about clients and vendors have for limiting the use and disclosure of their information, and how to contact us about our practices concerning Personal Data. 

Purpose of Collection and Use of Personal Data

PDH collects certain Personal Data such as name, email address, and telephone number. We do not collect sensitive Personal Data of , customers or  third-party vendor, such as information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or other sensitive information as defined by the Data Privacy  Framework.

  • as agent / data processor for the purpose to host it on behalf of business partners / customers and/or to provide clinical research services, consulting services, clinical research support activities, and statistical analysis of clinical studies on pharmaceutical products and/or regulatory affairs services and services to business partners / customers based on agreements executed between business partners / customers and PDH.

 

We use Personal Data of clients,  third-party vendors and others (i) to respond to their requests, (ii) to evaluate the quality of our products and services, (iii) to communicate with them about our products, services and related issues, and (iv) to comply with our legal obligations, policies and procedures.

Precision Digital Health’s (PDH) understands client’s relationship with their providers, clients, officers and employees is confidential.  During the period of agreement, PDH may receive, or may have already received, knowledge of, or access to, information which relates to the business, operations, products, or plans of PDH or of its clients and which is not known to the general public (hereinafter “Confidential Information”).  PDH will not at any time, without the express prior written consent of an authorized representative of PDH: (a) use the client data, personal data, and provider data for any purpose, (b) disclose any Confidential Information to any other person or entity, or (c) use any Confidential Information for PDH’s own benefit or the benefit of any other person or entity.  PDH shall only disclose Confidential Information to those of its employees who have a need to know the information in connection with PDH’s provision of Services.  Promptly upon the request of client or the termination of an Agreement with the client, PDH shall return to or destroy as directed by client, all Confidential Information in its possession.

Choice

If Personal Data covered by this Data Privacy FrameworkPolicy is to be used for a new purpose that is materially different for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, PDH will ensure any individual, data subject,  with an opportunity to choose whether to have their Personal Data to be used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to: [email protected]

If Sensitive Personal Data covered by this Data Privacy Framework Policy is to be used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third-party vendor, PDH will obtain the Data Subject’s explicit consent prior to such use or disclosure. 

Onward Transfer of Personal Data

We  only share Personal Data with our direct clients and  client approved third-party vendors that  have been retained contractually to perform services on their r behalf. We now require clients  to whom we disclose Personal Data and who are not subject to laws based on the EU’s General Data Protection Regulation, the UK’s Data Protection Act 2018, or the Swiss Federal Act on Data Protection, as applicable, to either (i) subscribe to the Data Privacy Framework principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Data Privacy  Framework principles. If any  party does not comply with its privacy obligations, PDH will take commercially reasonable steps to prevent or stop the use or disclosure of Personal Data. In the context of an onward transfer, PDH has responsibility for the processing of personal information it receives under the Data Privacy Framework and subsequently transfers to a third party acting as an agent on its behalf. PDH shall remain liable under the Principles if its agents that it engages to process such personal information do so in a manner inconsistent with the Principles, unless PDH proves that it is not responsible for the event giving rise to the damage.

Security

PDH takes reasonable and appropriate measures to protect Personal Data covered by this Data Privacy Framework Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data. 

Data Integrity

PDH takes reasonable steps to ensure that Personal Data collected by PDH is relevant for the purposes for which it is to be used and that the information is reliable for its intended use and is accurate, complete and current.  

Your Rights to Access, to Limit Use, and to Limit Disclosure

Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Data Privacy Framework, should direct their query to [email protected] If requested to remove data, we will respond within a reasonable timeframe.

Compelled Disclosure

PDH may be required to disclose personal information received from EEA member countries and Switzerland in reliance on the Data Privacy Framework in response to lawful requests by U.S. public authorities, including to meet national security or law enforcement requirements.

Inquiries and Complaints

In compliance with the EU-US Data Privacy Framework Principles, PDH commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles.  European Union and Swiss individuals with DPF inquiries or complaints should first contact PDH by email at [email protected].

PDH has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpfconsumers/ProcessForConsumers  for more information and to file a complaint. This service is provided free of charge to you.

If your  DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Proceduresdpf?tabset-35584=2

For EU Individuals: Your Rights under the General Data Protection Regulation

The General Data Protection Regulation (GDPR) empowers individuals the rights to control their personal data, which includes the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to portability, the right to object and the right not to be subject to a decision based solely on automated processing.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://edpb.europa.eu/about-edpb/board/members_en. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for your may depend upon obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

How to Contact Us

You may address any questions or concerns regarding our Data Privacy Framework Policy or our practices concerning Personal Data by:

Contacting us through our website: https://precisiondigitalhealth.com or

Writing to:
Precision Digital Health, Incorporated
Attention: Thomas Wells, CEO
15615 Alton Parkway
Irvine, CA  92618
USA 

U.S. Federal Trade Commission Enforcement

PDH’s participation in the EU-U.S. DPF, Swiss-U.S. DPF and the UK Extension to the EU-US DPF is subject to investigation and enforcement by the Federal Trade Commission. 

Amendment

The PDH Data Privacy Framework Notice may be amended from time-to-time in compliance with the requirements of the Data Privacy Frameworks principles. Appropriate notice will be given concerning such amendments.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Spotify
Consent to display content from Spotify
Sound Cloud
Consent to display content from Sound