AG Mednet, Inc. Privacy Policy

1.   Introduction

AG Mednet, Inc. (“AGM”), a Delaware corporation headquartered in the United States, respects the privacy of customers, employees, business partners, and other individuals with whom it interacts. AGM treats Personal Information (as defined in Section 2 below) in accordance with applicable legal requirements.

This AG Mednet, Inc. Privacy Policy (“Privacy Policy”) describes AGM’s collection, use and processing of Personal Information, including through its website and its commercially available products and services (“Services”). This Privacy Policy applies to the Personal Information of website visitors, customers and prospective customers and their representatives, suppliers and business partners and other parties impacted by the use of Services.

AGM has designated a Privacy Officer and a Security Officer who are responsible for privacy policies and procedures, compliance and related issues. AGM limits access to Personal Information to those employees, contractors or other third-parties who have a business need for that information. Access is reviewed as job duties or other responsibilities change. AGM employees, contractors or other third-parties with access to Personal Information are responsible for adhering to this Privacy Policy.

AGM complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred to the United States from the European Union (“EU”), the United Kingdom (“UK”) and Switzerland in reliance on Privacy Shield. Please see Section 7 of this Policy for additional information regarding Privacy Shield.

 

2.  Definition of Personal Information

As used in this Privacy Policy, “Personal Information” is any information relating to an individual that can be used to identify that individual either on its own or with other readily available data. Personal Information does not include information that is publicly available or has been encoded, encrypted, de-identified, or anonymized in accordance with applicable legal requirements.

 

3.  Collection of Personal Information

AGM collects Personal Information to operate effectively and efficiently and to deliver its Services to its customers. Personal Information collected by AGM includes, but is not limited to:

  • Name and contact information. First and last name, email address, postal address, phone number, and other similar data.
  • Credentials. Username, passwords, password hints, and similar security information used for authentication and account access.
  • Transactional data. Services ordered, support questions and emails, financial details, and payment methods.
  • Company data. Company name, size, location for and individual role within the company.
  • IP information. IP address and information that may be derived from IP address.

In addition, AGM collects information from website visitors through the use of cookies, which are small text files that contain a string of characters and uniquely identify a browser on a device connected to the Internet. AGM uses cookies to collect online information such as IP address, browser type, device details and behavioral information (pages viewed, etc.). Website visitors can set their computer to provide a warning each time a cookie is sent or turn off all cookies through their web browser (e.g., Internet Explorer, Chrome, or Firefox). Visitors are advised to check their browser’s HELP menu to learn the correct way to manage these preferences.

AGM does not collect identifiable health information or protected health information (“PHI”) as defined by the Health Insurance Portability and Accountability Act (“HIPAA”). AGM’s Clinical Trial System (“CTS”) includes features to properly de-identify images (prior to leaving the customer’s or other sender’s workstation) and enforce de-identification workflows according to protocol requirements. If notified by the customer that data retained by AGM contains Personal information, including PHI, AGM will work with the customer to remove such data from its database and to alter the de-identification workflow as required by the customer to eliminate future occurrences. Information collected by the CTS is limited to subject identification number, clinical site identification number, and de-identified patient health information.

 

4.  Use and Disclosure of Personal Information

AGM uses Personal Information to establish and manage its relationship with its clients and to perform any related functions, including providing Services and related communications.

For example, AGM may use Personal Information to:

  • Provide and improve its Services through business operations, such as Customer Support.
  • Communicate and deliver functionality and support.
  • Market its Services.
  • Support clinical research of its customers.
  • Manage security.
  • Comply with applicable laws and regulations

Certain Personal Information will be reported to government and regulatory authorities where required by law and for tax or other purposes. Personal Information may also be released to external parties as required or permitted by employment or other statutes and regulations, or by legal process, as well as to parties to whom individuals expressly authorize AGM to release their Personal Information. AGM will not sell any Personal Information to any third party other than in connection with the sale or transfer of all, or substantially all of AGM’s business or assets, or in connection with a merger, consolidation, or other reorganization.

AGM may be forced to disclose Personal Information when compelled by a lawful request made by a recognized public authority or where required to meet national security and or law enforcement requirements. AGM is subject to the investigatory and enforcement powers of the Federal Trade Commission and the Food and Drug Administration.

Personal Information may also be made available to third parties providing relevant services under contract, such as auditors and compliance managers, background verification, legal and IT hosting and maintenance providers, among others). AGM will maintain appropriate contractual, security and privacy measures with such third parties including how they hold and maintain any Personal Information that is provided to them.

 

5.  Protection of Personal Information

AGM is committed to taking reasonable steps to ensure that Personal Information is secure. In order to prevent unauthorized loss, alternation, destruction, access, use or disclosure of Personal Information, AGM maintains reasonable physical, administrative and technical safeguards, including but not limited to the following:

  • Systems require user-identification and password protection.
  • Firewall protection and security software are in place. Patches and updates are performed regularly, including (but not limited to) operating system updates, malware, and anti-virus.
  • Secure disposable of storage media.
  • Encryption is deployed (where applicable).
  • Contractual agreements with third parties are implemented for the responsibility and physical protection of Personal Information.
  • Training is provided to all AGM personnel.

 

6. Options for Personal Information

Individuals whose Personal Information has been collected by AGM have the right to access that data for review, modification or deletion.

Access to review, modify and or delete your Personal Information or otherwise manage the use and disclosure of Personal Information (“opt-out”) may be initiated by contacting AGM as provided below in Section 9 of this Policy.

Even after it has processed your request for a change or deletion, AGM may retain certain residual information in the backup and/or archival copies of AGM’s database for audit purposes, for its customers’ protection, and to comply with laws or regulations. For example, AGM will retain certain audit trail information for at least as long as is required for the subject electronic records, and it will be available for agency review and copying.

Within AGM’s CTS, AGM does not monitor the content of images on the network for Personal Information. If notified by the customer that data retained by AGM contains Personal information, AGM will work with the customer to remove such data from its database and to alter the de-identification workflow as required by the customer to eliminate future occurrences.

 

7.  Privacy Shield

    • Overview

AGM complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union (“EU”), the United Kingdom (“UK”) and Switzerland to the United States in reliance on Privacy Shield. AGM has certified that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles will govern. To learn more about the Privacy Shield program, and to view the AGM certification page, please visit https://www.privacyshield.gov/

In certain situations, AGM may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, AGM is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.

AGM’s accountability for Personal Information that it receives in the United States under Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, AGM remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process Personal Information on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless AGM proves that it is not responsible for the event giving rise to the damage.

In instances in which AGM receives Personal Information in providing Services to its clients, such clients are responsible for providing appropriate notice to (and obtaining any necessary consent from) the individuals whose Personal Information is transferred to the US.

    • Individual Rights

Pursuant to the Privacy Shield Frameworks, individuals in the EU, UK, and Switzerland have the right to obtain confirmation of whether AGM maintains Personal Information relating to such individuals in the United States, and to correct, amend or delete that information. If an individual requests that AGM remove data, AGM will respond within a reasonable timeframe.

AGM will provide an individual opt-out choice, or opt-in for sensitive data in accordance with Privacy Shield Principles before sharing the individual’s data with third parties other than its agents, or before AGM uses it for a purpose other than which it was originally collected or subsequently authorized.

In compliance with the Privacy Shield Principles, AGM commits to resolve complaints about EU, UK and Swiss individual’s privacy and AGM’s collection or use of Personal Information transferred to the United States pursuant to Privacy Shield.

All complaints or requests to remove or limit the use of and disclosure of Personal Information transferred to the United States pursuant to Privacy Shield should be sent to the Privacy Officer at the address provided in Section 9 below:

AGM has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. Individuals who do not receive timely acknowledgment of a complaint, or if a complaint is not satisfactorily addressed, should visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge.

If a Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, individuals may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

 

8.  Changes to this Policy

This Privacy Policy is revised effective on 18 February 2020 and is posted on AGM’s website (https://agmednet.com/privacy-policy/). AGM may amend this Privacy Policy from time-to-time to meet changing business needs or to comply with legal requirements. AGM will provide appropriate notice of any such amendments.

 

9.  Contact Us

Individuals with questions or complaints regarding this privacy policy should contact AGM via mail or email:

Privacy Officer

AG Mednet, Inc.
The Pilot House, Lewis Wharf
Boston, MA 02110

Email: dataprotection@agmednet.com