Privacy Policy

Effective as of 2 September 2023

Purpose
The purpose of this document is to define Medrio’s policy requirements and our commitment to protecting the privacy of your information.

Scope
Medrio complies with the requirements of the California Consumer Privacy Act (CCPA), both the UK and EU General Data Protection Regulation (GDPR), as well as the requirements of the Health Insurance Portability and Accountability Act (HIPAA) in those instances where Medrio acts as a Business Associate with respect to HIPAA. Medrio is a certified member of the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce, Medrio annually certifies adherence to the Data Privacy Framework principles with the Department of Commerce.

With respect to Personal Data received or transferred pursuant to the Data Privacy Framework, Medrio acknowledges that as a certified Data Privacy Framework member, Medrio is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Information We Collect and How We Use It:
Medrio collects information from individuals who access Medrio’s website (“Visitors”) and individuals who use the Medrio software service (“Customers”).

When a visitor or customer requests additional information about Medrio, contacts Medrio via the website, or registers to use Medrio’s service, Medrio may require you to provide us with contact information such as name, company name, title, address, phone number and email address. When purchasing our services, Medrio may also request financial qualification and billing information, such as billing name and address, credit card number, and the number of users within the organization expected to use the Medrio software service.

Medrio uses the information that we collect to perform the services requested. For example, if you complete a web contact form, Medrio will use the information provided to contact you about your interest in our service.

Medrio may also use the information collected for marketing or other legitimate business purposes. For example, we may use the collected information to contact you to discuss your interest in Medrio, the services that Medrio provides, and to send information regarding Medrio or partners, such as promotions and events.

All financial and billing information Medrio collects is used solely to check the qualifications of prospective customers and to bill for services. This billing information is not used for marketing o r promotional purposes.

Medrio may also collect information regarding your interaction with Medrio’s website and software service. For example, Medrio may use technologies, such as cookies (described below), to collect information about the pages you view, the links you click and other actions you take on Medrio sites and services.

Additionally, Medrio also collects certain standard information that your browser sends to every website you visit, such as your IP address, access times and referring website addresses. This information is primarily used to help diagnose technical problems, for administrative purposes, to compile nonidentifying aggregate statistics about site usage and to improve the quality ofMedrio’s website and services.

Medrio complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Medrio has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Medrio has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https ://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, Medrio commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF. The Data Privacy Framework provides the option for certain individuals to invoke binding arbitration to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by

  • Delivering notice to Medrio
  • Following the procedures and subject to conditions set forth in Annex I of Principles.

Click here to read about what data we collect during the application process and your rights.

Selling of Personal or Personally Identifiable Information – PROHIBITED
Any personal information collected, whether it is part of a category identified above or any unknown category of information, is not sold to a third party. Personal information is not sold, traded, or given away in any manner that would result in a direct violation of the laws and regulations to which Medrio complies.

Medrio Cookies
When interacting with the Medrio website or software service, Medrio may use cookies to help make your experience easy and meaningful. “Cookies” are a technology employed by many other websites and are small data files stored on your computer.

Standing alone, cookies do not identify you personally; They merely recognize your browser. Unless you choose to identify yourself to Medrio, either by responding to a promotional offer, completing a contact or interest form, or registering for an account, you remain anonymous to Medrio.

Medrio uses session cookies containing encrypted information enabling the system to identify you uniquely while you are logged into the Medrio software service. This information allows Medrio to process your online transactions and requests. Session cookies are required in order to use the Medrio software service and confirm your identity after you’ve logged in.

Medrio may also use persistent cookies to identify you as a Medrio customer or prior Medrio website visitor (whichever the case may be). Medrio is especially careful about the security and confidentiality of the information stored in persistent cookies. For example, Medrio does not store account numbers or passwords in persistent cookies. Users can disable their web browsers’ ability to accept cookies and will be able to browse Medrio’s website but without the ability to use our software service successfully.

Third Party Cookies
Medrio may engage third parties to track and analyze non-personal/personally identifiable usage and volume statistical information from visitors to our website or service for marketing and administrative purposes. Such third parties may use cookies to help track visitor behavior. Such cookies will not be used to associate individual website visitors to any personally identifiable information. All data collected by such third parties on behalf of Medrio is used only to provide information on site usage and is not shared with any other third parties.

Third Party Sites
Pages within Medrio’s website and software service may contain links to other websites. Medrio is not responsible for the privacy practices or the content of these other websites. When visiting these sites, you will need to check the policy of these other web sites to understand their policies. When accessing a linked site, you may be disclosing your private information. It is your responsibility to keep such information private and confidential.

Sharing of Collected Customer Information
Except in the cases where Medrio explicitly states otherwise at the time information is requested, or as provided for in the Medrio Master Subscription Agreement, Medrio does not disclose to third parties any personal or personally identifiable information with others except as follows:

  • Medrio may share a user’s information with Agents who process data only on Medrio’ s behalf and for Medrio’s purposes (as used here, “Agents” are persons or companies who act on behalf of or under the direction of Medrio ).
  • Medrio may share a user’s information as required by law or in the interest of protecting or exercising Medrio’s or others’ legal rights, e.g., without limitation, in connection with requests from law enforcement officials and in connection with court proceedings.
  • Medrio may share or transfer a user’s information in connection with a prospective or actual sale, merger, transfer or other reorganization of all or parts ofMedrio’s business.
  • Medrio may share information with third parties involved in the normal operations of business, for example with contract research organizations (CROs), study sponsors, or others who are involved in study management as commonly done in our industry.
  • Medrio reserves the right to fully use and disclose any information that is not in personal/personally identifiable form (e.g., site usage statistics that do not identify a user individually by name).
  • Medrio may also use a third-party intermediary to manage the credit card processing. This intermediary is solely a link in the distribution chain, and is not permitted to store, retain, or use the information provided, except for the sole purpose of credit card processing.
  • Medrio does not share personally identifiable information to any Agent unless it first either ascertains that the Agent uses that information in a manner that is consistent with this EU/UK General Data Protection Regulation (GDPR), HIPAA, this Privacy Policy, the Swiss-U.S. Data Privacy Framework, or the California Consumer Protection Act (CCPA) or enters into a written agreement with such Agent requiring at least the same level of privacy protection.

Opt-Out / Opt-In
Medrio offers visitors and customers a means to choose how Medrio may use information provided. If, at any time after providing Medrio with information, you change your mind about receiving commercial information from Medrio or about sharing your information with third parties, send a request specifying your new choice to support@medrio.com.

Customers cannot opt-out of receiving emails from Medrio that are directly related to their use of the Medrio software service, such as email or service notifications.

Correcting and Updating Your Information
If customers need to update or change registration information, they may do so by logging into the Medrio software service and editing the user profile. To update billing information or to have information deleted, please email support@medrio.com or call+ 1.877.763.3746. Medrio will respond to your correction/update requests within 30 days or less from the date of your request. If customers determine that updates or corrections have not been addressed in a satisfactory manner, customers may always contact Medrio Compliance at dataprivacy@medrio.com.

Customer Data
Medrio does not review, share, distribute, print, or reference any such data except as provided in the Medrio Master Subscription Agreement, or as may be required by law. Individual records may at times be viewed or accessed only for the purpose of resolving a problem, support issue, or suspected violation of the Master Subscription Agreement, or as may be required by law. Customers are responsible for maintaining the confidentiality and security of their user registration and password.

Medrio’s policy regarding EU and UK GDPR is further defined within POL-007 (General Data Protection Regulation (GDPR) Compliance Policy).

Security
Medrio has commercially reasonable security measures in place to protect the integrity, availability, and confidentiality of customer data. These measures include policies, procedures, employee training, physical, and logical security controls. In addition, when accessing the Medrio software data is encrypted both in transit and at rest.

In the event that personal data is acquired by an unauthorized party, Medrio will notify the affected party of the breach by email, fax, or U.S. mail. Notice will be promptly provided, consistent with the legitimate needs of law enforcement and any measures necessary for Medrio or law enforcement to determine the scope of the breach and to assure or restore the integrity of the data system. Medrio may delay notification if a law enforcement agency determines that the notification will impede a criminal investigation.

Medrio recognizes that Data Privacy Framework principles require that Medrio remain potentially liable if any third-party processing Personal Data on our behalf fails to comply with Data Privacy Framework principles ( except to the extent we are not responsible for the event giving rise to any alleged damage). Medrio will not transfer any Personal Data to a third party without first confirming that the third-party follows the principles defined by Medrio and provides an equivalent level of protection. Medrio does not transfer Personal Data to unrelated third parties, unless lawfully directed by the data controller.

Furthermore, Medrio maintains ISO/IEC 27001 Standard certification to demonstrate our adherence to specific security requirements as outlined in LD-IT-012 (Statement of Applicability), ISMS-001 (ISMS Scope Document), In addition, Medrio defines specific requirements for regulatory requirements within LD-QS-010 (List of Legal, Regulatory and Contractual and Other Requirements)

Enforcement
Medrio commits to resolve complaints regarding our collection or use of your personal information. Individuals with inquiries or complaints regarding our policies should first contact Medrio at:

Medrio, Inc.
345 California St, Suite #600
San Francisco, CA 94104
Phone: +1.415.963.3700

Policy Updates
Medrio reserves the right to change this Privacy Policy and will provide notification of the change by posting a prominent notice on the privacy section of our website, notifying users of the change.

Reporting / Questions
Questions regarding this Privacy Policy or Medrio’s practices should be directed to the Medrio Compliance team at compliance@medrio.com or at the following physical address:

Medrio, Inc.
345 California St, Suite #600
San Francisco, CA 94104
Phone: +1.415.963.3700

Enter a topic, term or keyword below:

Subscribe to our mailing list

Sign up to have our the latest insights delivered to your inbox.