For the purposes of this Policy:
“EEA” means the European Economic Area;
“Envision”/“we”/“us”/“our” means the following US corporate entities within the Envision Pharma Group:
“Personal Information” means any information or a set of information that identifies or is used by or on behalf of Envision Pharma Group to identify an individual;
“Sensitive Personal Information” means Personal Information consisting of information as to racial or ethnic origin; political opinions, religious or philosophical beliefs, or trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Envision Pharma Group respects individual privacy and is committed to maintaining the privacy and security of the Personal Information of its clients, employees, business partners, and others with whom we interact. This policy applies to the US corporate entities within the Envision Pharma Group as listed above. This policy sets forth the privacy principles that Envision currently follows with respect to transfers of Personal Information from the EEA and Switzerland to the United States.
Envision Pharma Group complies with the principles of the EU-US and Swiss-US Privacy Shield Framework regarding the transfer of Personal Information from the EEA, UK or Switzerland to the United States and has certified to the Department of Commerce that it adheres to the Privacy Shield principles. To view our certification, please visit https://www.privacyshield.gov.
This Privacy Shield Policy should be read in conjunction with our Privacy Notice and Cookies Notice. In particular, reference should be made to the following sections of our Privacy Notice as these describe generally how we deal with Personal Information:
Envision commits to subject to the Privacy Shields’ Seven Principles all Personal Information received by it in the United States from the EEA and Switzerland in reliance on the respective Privacy Shield framework. Such principles are set out below.
In addition to this policy and our Privacy Notice, we may need to explain specific privacy practices in more detail at other times. In such circumstances, we will develop and provide separate privacy notices to:
(1) disclose the purpose for collecting and using the Personal Information;
(2) describe the identity and contact details of the entity collecting the relevant Personal Information;
(3) the circumstances under which the collection of Personal Information is being made and the purposes for which it is being collected;
(4) describe the types of entities to whom disclosures may be made and the countries in which they are based;
(5) describe the choices and means, if any, offered by Envision to individuals to limit the use and disclosure of such Personal Information; and
(6) provide contact information to individuals where their inquiries or complaints can be addressed. Such notice will be provided at the time when individuals are first asked to provide Personal Information or as soon as practicable.
Envision will offer individuals the opportunity to opt-out of further uses or disclosures when their Personal Information will be disclosed to a non-agent third-party or in connection with a purpose other than the purposes for which it was originally collected or authorized by the individual. If the use or disclosure involves Sensitive Personal Information, Envision will afford individuals the opportunity to explicitly opt-in to such use or disclosure when the Sensitive Personal Information would be disclosed to a non-agent third-party or in connection with a purpose other than the purposes for which it was originally collected or authorized by the individual.
Envision will use Personal Information in its possession only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Envision will take reasonable steps to ensure that Personal Information is reliable for its intended use; and is accurate, complete and current.
Envision may share Personal Information within Envision’s affiliates for our legitimate business purposes (which may include responding to requests for information or proposals regarding our services; recruitment purposes; and client relationship management).
We use a limited number of third party providers to assist us in providing the services to our clients. These third party providers perform services such event planning services; technical medical communications support; information technology infrastructure and services; data back-up and restoration; disaster recovery and business continuity planning.
We may also disclose Personal Information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.
Envision will obtain adequate assurances from such relevant parties that they will safeguard Personal Information in a manner consistent with this policy. Envision may be liable if such parties do not adhere to such obligations unless we prove that we are not responsible for the event giving rise to the relevant damage.
In addition, we may release Personal Information to third parties: (1) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena, court order or lawful requests by public authorities, including regarding national security or law enforcement purposes; or (2) in special cases, such as in response to a physical threat, to protect property, or defend or assert legal rights. In the event that we are legally compelled to disclose Personal Information to a third party, we will attempt to notify the relevant individual unless doing so would violate the law or court order.
Envision will grant individuals reasonable access to Personal Information that it holds about them, unless such access would compromise the purpose for which it was collected. Envision will take reasonable steps to assist individuals with correcting, amending or deleting Personal Information that is determined to be inaccurate or incomplete. The foregoing shall not apply where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question (but only to the extent legally permissible); where the rights of persons other than the individual would be violated; or where otherwise permitted under applicable law.
Envision will take reasonable and appropriate measures to protect Personal Information in its possession from loss, misuse, interference, unauthorized access, disclosure, alteration and destruction.
Envision will verify its adherence to this policy by conducting routine compliance audits of its relevant privacy practices. Envision will take appropriate disciplinary action, consistent with applicable laws, against any Envision employee who willfully violates or seeks to circumvent this policy or its Privacy Notice or who takes an action to compromise the integrity or safety of Personal Information.
Any questions or concerns from EU, UK and Swiss individuals regarding the use or disclosure of Personal Information should be directed to the address given below (under “Contact Information”). Envision will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this policy (including responding to the individual within 45 days).
For complaints regarding the EU-US or Swiss-US Privacy Shield principles that cannot be resolved between Envision and the complainant, Envision has agreed to participate in the dispute resolution procedures of JAMS ( https://www.jamsadr.com/eu-us-privacy-shield). If these procedures do not resolve any complaint or dispute, a binding arbitration option will be available as explained in the Privacy Shield principles.
Regarding the EU-US and Swiss-US Privacy Shield arrangements, Envision is subject to the investigatory and enforcement powers of the US Federal Trade Commission.
Adherence by Envision to these principles may be limited to the extent:
(1) required to respond to a legal or ethical obligation;
(2) expressly permitted by an applicable law, rule or regulation, such as processing data specifically requested by government agencies for the purpose of medical safety;
(3) to the extent necessary to meet national security, public interest or law enforcement obligations; or
(4) to the extent that Envision has limited or no control over the actions of its clients regarding use of Personal Information that they have collected.
Our Data Protection Officer can assist with any questions regarding this policy and can be contacted at either of the following:
Envision Pharma Group
FAO: The Data Protection Officer
5 North Street
Envision Pharma Group may revise or update this policy from time to time.
Last updated 20 April 2021