On 16 July 2020 the court of Justice of the European Union declared as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. Medrio implements within its standard MSA, privacy protections that require compliance with local laws; however, customers that have or anticipate having EU participants in their trials may execute Standard Contractual Clauses as well as Data Processing Agreements to further ensure compliance with GDPR.
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. To view the GDPR in English on the official European website visit https://eur-lex.europa.eu/eli/reg/2016/679/oj. To learn more about CCPA visit the California Attorney General’s Office at https://oag.ca.gov/privacy/ccpa.
Information We Collect and How We Use It:
Medrio collects information from individuals who visit our website (“Visitors”) and individuals who use the Medrio software service (“Customers”).
When you request additional information about Medrio, contact us via our website, or register to use our service, Medrio may require you to provide us with contact information such as your name, company name, title, address, phone number and email address. When purchasing our services, we may also request financial qualification and billing information, such as billing name and address, credit card number, and the number of users within the organization who will be using the Medrio software service.
Medrio uses the information that we collect to perform the services requested. For example, if you complete a web contact form, Medrio will use the information provided to contact you about your interest in our service.
We may also use the information we collect for marketing or other legitimate business purposes. For example, we may use the collected information to contact you to discuss your interest in our company, the services that we provide, and to send information regarding our company or partners, such as promotions and events.
All financial and billing information we collect is used solely to check the qualifications of prospective customers and to bill for services. This billing information is not used for marketing or promotional purposes.
Medrio may also collect information regarding your interaction with our website and software service. For example, we may use technologies, such as cookies (described below), to collect information about the pages you view, the links you click and other actions you take on our sites and services. Additionally, we also collect certain standard information that your browser sends to every website you visit, such as your IP address, access times and referring website addresses. This information is primarily used to help diagnose technical problems, for administrative purposes, to compile non-identifying aggregate statistics about site usage and to improve the quality of our website and services.
Click here to read about what data we collect during the application process and your rights.
Selling of Personal Information Prohibited:
Any personal information collected, whether it is part of a category identified above or any unknown category of information, will not be sold to a third party. Personal information is not sold, traded, or given away in any manner that would result in a direct violation of the laws and regulations to which Medrio complies.
Standing alone, cookies do not identify you personally. They merely recognize your browser. Unless you choose to identify yourself to Medrio, either by responding to a promotional offer, completing a contact or interest form or registering for an account, you remain anonymous to Medrio.
Medrio uses session cookies containing encrypted information enabling the system to identify you uniquely while you are logged into the Medrio software service. This information allows us to process your online transactions and requests. Session cookies are required in order to use the Medrio software service and confirm your identity after you’ve logged in.
Medrio may also use persistent cookies to identify you as a Medrio customer or prior Medrio website visitor (whichever the case may be). We are especially careful about the security and confidentiality of the information stored in persistent cookies. For example, we do not store account numbers or passwords in persistent cookies. Users can disable their web browsers’ ability to accept cookies and will be able to browse our website but will not be able to use our software service successfully.
Third Party Cookies:
Third Party Sites:
Pages within Medrio’s website and software service may contain links to other websites. We are not responsible for the privacy practices or the content of these other websites. When visiting these sites, you will need to check the policy of these others web sites to understand their policies. When accessing a linked site, you may be disclosing your private information. It is your responsibility to keep such information private and confidential.
Sharing of Collected Information:
Except in the cases where we explicitly state otherwise at the time we request information, or as provided for in the Medrio, Master Subscription Agreement, Medrio does not disclose to third parties your personally identifiable information with others except as follows: We may share your information with Agents who process data only on our behalf and for our purposes (as used here, “Agents” are persons or companies who act on behalf of or under the direction of Medrio). We may share your information as required by law or in the interest of protecting or exercising our or others’ legal rights, e.g., without limitation, in connection with requests from law enforcement officials and in connection with court proceedings. We may share or transfer your information in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts of our business. We may also share information with third parties involved in the normal operations of our business, for example with contract research organizations (CROs), study sponsors, or others who are involved in study management as commonly done in our industry. We also reserve the right to fully use and disclose any information that is not in personally identifiable form (e.g., site usage statistics that do not identify you individually by name).
Medrio may also use a third-party intermediary to manage the credit card processing. This intermediary is solely a link in the distribution chain, and is not permitted to store, retain, or use the information provided, except for the sole purpose of credit card processing.
Opt-Out and Opt-In Policy:
Medrio offers its visitors and customers a means to choose how we may use information provided. If, at any time after providing us with information, you change your mind about receiving commercial information from us or about sharing your information with third parties, send a request specifying your new choice to email@example.com
Customers cannot opt-out of receiving emails from Medrio that are directly related to their use of the Medrio software service, such as email or service notifications.
Correcting & Updating Your Information:
If customers need to update or change registration information, they may do so by logging into the Medrio software service and editing the user profile. To update billing information or to have information deleted, please email firstname.lastname@example.org or call 877-763-3746. Medrio, Inc. will respond to your correction/update request within 30 days or less from the date of your request.
Medrio will not review, share, distribute, print, or reference any such data except as provided in the Medrio Master Subscription Agreement, or as may be required by law. Individual records may at times be viewed or accessed only for the purpose of resolving a problem, support issue, or suspected violation of the Master Subscription Agreement, or as may be required by law. Customers are responsible for maintaining the confidentiality and security of their user registration and password.
Medrio has commercially reasonable security measures in place to protect the integrity, availability, and confidentiality of customer data. These measures include policies, procedures, employee training, physical, and logical security controls. In addition, when accessing the Medrio software service data is encrypted in transit.
In the event that personal data is acquired by an unauthorized party, Medrio will notify the affected party of the breach by email, fax, or U.S. mail. Notice will be promptly provided, consistent with the legitimate needs of law enforcement and any measures necessary for Medrio or law enforcement to determine the scope of the breach and to assure or restore the integrity of the data system. Medrio may delay notification if a law enforcement agency determines that the notification will impede a criminal investigation.
Medrio recognizes that Privacy Shield Principles require that we remain potentially liable if any third-party processing Personal Data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). Medrio will not transfer any Personal Data to a third party without first confirming that the third-party follows the principles defined by Medrio and provide an equivalent level of protection. Medrio does not transfer Personal Data to unrelated third parties, unless lawfully directed by a client or another data controller.
Medrio commits to resolve complaints regarding our collection or use of your personal information. Individuals with inquiries or complaints regarding our policies should first contact Medrio at:
345 California St, Suite 325
San Francisco, CA 94104
Medrio has further committed to cooperate with the panel established by the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning data transferred from the EU and Switzerland at no cost to you.
EU data subjects may choose to utilize their home data protection authority and under certain conditions you may also invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
345 California St, Suite 325
San Francisco, CA 94104