AG Mednet, Inc. (“AGM”), a Delaware corporation headquartered in the United States, respects the privacy of customers, employees, business partners, and other individuals with whom it interacts. AGM treats Personal Information (as defined in Section 2 below) in accordance with applicable legal requirements.
AGM complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred to the United States from the European Union (“EU”), the United Kingdom (“UK”) and Switzerland in reliance on Privacy Shield. Please see Section 7 of this Policy for additional information regarding Privacy Shield.
AGM collects Personal Information to operate effectively and efficiently and to deliver its Services to its customers. Personal Information collected by AGM includes, but is not limited to:
AGM does not collect identifiable health information or protected health information (“PHI”) as defined by the Health Insurance Portability and Accountability Act (“HIPAA”). AGM’s Clinical Trial System (“CTS”) includes features to properly de-identify images (prior to leaving the customer’s or other sender’s workstation) and enforce de-identification workflows according to protocol requirements. If notified by the customer that data retained by AGM contains Personal information, including PHI, AGM will work with the customer to remove such data from its database and to alter the de-identification workflow as required by the customer to eliminate future occurrences. Information collected by the CTS is limited to subject identification number, clinical site identification number, and de-identified patient health information.
AGM uses Personal Information to establish and manage its relationship with its clients and to perform any related functions, including providing Services and related communications.
For example, AGM may use Personal Information to:
Certain Personal Information will be reported to government and regulatory authorities where required by law and for tax or other purposes. Personal Information may also be released to external parties as required or permitted by employment or other statutes and regulations, or by legal process, as well as to parties to whom individuals expressly authorize AGM to release their Personal Information. AGM will not sell any Personal Information to any third party other than in connection with the sale or transfer of all, or substantially all of AGM’s business or assets, or in connection with a merger, consolidation, or other reorganization.
AGM may be forced to disclose Personal Information when compelled by a lawful request made by a recognized public authority or where required to meet national security and or law enforcement requirements. AGM is subject to the investigatory and enforcement powers of the Federal Trade Commission and the Food and Drug Administration.
Personal Information may also be made available to third parties providing relevant services under contract, such as auditors and compliance managers, background verification, legal and IT hosting and maintenance providers, among others). AGM will maintain appropriate contractual, security and privacy measures with such third parties including how they hold and maintain any Personal Information that is provided to them.
AGM is committed to taking reasonable steps to ensure that Personal Information is secure. In order to prevent unauthorized loss, alternation, destruction, access, use or disclosure of Personal Information, AGM maintains reasonable physical, administrative and technical safeguards, including but not limited to the following:
Individuals whose Personal Information has been collected by AGM have the right to access that data for review, modification or deletion.
Access to review, modify and or delete your Personal Information or otherwise manage the use and disclosure of Personal Information (“opt-out”) may be initiated by contacting AGM as provided below in Section 9 of this Policy.
Even after it has processed your request for a change or deletion, AGM may retain certain residual information in the backup and/or archival copies of AGM’s database for audit purposes, for its customers’ protection, and to comply with laws or regulations. For example, AGM will retain certain audit trail information for at least as long as is required for the subject electronic records, and it will be available for agency review and copying.
Within AGM’s CTS, AGM does not monitor the content of images on the network for Personal Information. If notified by the customer that data retained by AGM contains Personal information, AGM will work with the customer to remove such data from its database and to alter the de-identification workflow as required by the customer to eliminate future occurrences.
In certain situations, AGM may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, AGM is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
AGM’s accountability for Personal Information that it receives in the United States under Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, AGM remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process Personal Information on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless AGM proves that it is not responsible for the event giving rise to the damage.
In instances in which AGM receives Personal Information in providing Services to its clients, such clients are responsible for providing appropriate notice to (and obtaining any necessary consent from) the individuals whose Personal Information is transferred to the US.
Pursuant to the Privacy Shield Frameworks, individuals in the EU, UK, and Switzerland have the right to obtain confirmation of whether AGM maintains Personal Information relating to such individuals in the United States, and to correct, amend or delete that information. If an individual requests that AGM remove data, AGM will respond within a reasonable timeframe.
AGM will provide an individual opt-out choice, or opt-in for sensitive data in accordance with Privacy Shield Principles before sharing the individual’s data with third parties other than its agents, or before AGM uses it for a purpose other than which it was originally collected or subsequently authorized.
In compliance with the Privacy Shield Principles, AGM commits to resolve complaints about EU, UK and Swiss individual’s privacy and AGM’s collection or use of Personal Information transferred to the United States pursuant to Privacy Shield.
All complaints or requests to remove or limit the use of and disclosure of Personal Information transferred to the United States pursuant to Privacy Shield should be sent to the Privacy Officer at the address provided in Section 9 below:
AGM has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. Individuals who do not receive timely acknowledgment of a complaint, or if a complaint is not satisfactorily addressed, should visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge.
If a Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, individuals may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
AG Mednet, Inc.
The Pilot House, Lewis Wharf
Boston, MA 02110