iSchemaView, Inc. acknowledges current data protection laws in the European Union ("EU") under the General Data Protection Regulation (GDPR) and adopts the Privacy Shield framework as policy governing Personal Data which may be transferred to or from iSchemaView operations, affiliates, agents, third party distributors, patients, customers, healthcare providers in the EU, including Switzerland, to iSchemaView operations in the United States ("U.S."). This Privacy Policy establishes the framework for treating personal data.

iSchemaView adopts the EU-U.S. Privacy Shield Framework administered by the U.S. Department of Commerce and applies the framework of Principles of all Personal Data received from the EU (and Switzerland) in reliance on the Privacy Shield. iSchemaView’s participation in Privacy Shield is subject to investigation and enforcement by the Federal Trade Commission.

iSchemaView agrees to the principles of the GDPR which applies to all EU Member States as it applies to the collection of personal data and to any processing that takes place prior to the transfer to the United States. The Privacy Shield Principles apply to the data once they have been transferred to the United States.  As a company involved in the Medical Device industry, iSchemaView shall ensure all data used for research, shall be anonymized when appropriate and protected as stipulated in Privacy Shield Principle 14.

A full list of companies enjoined in the Privacy Shield Framework may be found at the U.S. Department of Commerce’s website at https://www.privacyshield.gov.

DEFINITIONS

"Data Subject" means the individual to whom any given EU Personal Data covered by this Policy.

"EU Personal Data" or "Personal Data" means any information relating to an individual residing in the EU (or Switzerland) that can be used to identify that individual either on its own or in combination with other readily available data (e.g., the individual’s name, title, work location, home address, date of birth, compensation, benefits, or family members).

"Sensitive Personal Data" means Personal Data regarding any of the following:

  • Health or medical condition;
  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Sex life; or
  • Criminal convictions or indictments.

SCOPE AND RESPONSIBILITY

This Policy applies to the transfer, collection, use, and disclosure in the U.S. of all EU Personal Data from countries in the EU (and Switzerland) to iSchemaView in the U.S. Where iSchemaView acts solely as an agent processing EU Personal Data under the direction of a third party, iSchemaView has no direct relationship with the Data Subjects whose Personal Data it processes, and for such Personal Data, iSchemaView instead may rely on such third parties to comply with the European legal requirements underlying the Privacy Shield Principles.

There are two primary activities where EU Personal Data may be acquired: During the operation and use of Software as Medical Device application; and through a website visit.

iSchemaView employees, contractors or third-party entities who may have access to such EU Personal Data in the U.S. during the course of allowed business purposes are responsible for adhering to this policy. Adherence by iSchemaView to this Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations, but EU Personal Data shall not be collected, used, or disclosed in a manner contrary to this policy without the prior written permission of iSchemaView’s executive management.

Failure of iSchemaView employees, contractors, and third-party entities to comply with this Policy may result in disciplinary action up to and including termination.

PRIVACY SHIELD PRINCIPLES

iSchemaView has adopted the U.S. Department of Commerce’s Privacy Shield Principles, as set forth below, with respect to the EU Personal Data described in the "SCOPE AND RESPONSIBILITY" section of this Policy that is transferred from ISchemaView operations in the EU (or Switzerland) to ISchemaView operations in the U.S.

Notice – iSchemaView is principally a third-party in receipt of data from operations of medical device solutions which has been anonymized through agreement with first-party entities in the delivery of health care solutions to patients. As a third-party with anonymized data, no specific sensitive personal data is passed to iSchemaView.

Notice – Under Privacy Shield Principle 14, iSchemaView as a medical device company, “does not have to apply the Privacy Shield Principles with respect to the Notice, Choice, Accountability for Onward Transfer, and Access Principles in its product safety and efficacy monitoring activities, including the reporting of adverse events and the tracking of patients/subjects using certain medicines or medical devices, to the extent that adherence to the Principles interferes with compliance with regulatory requirements.  This is true both with respect to reports by, for example, health care providers to pharmaceutical and medical device companies, and with respect to reports by pharmaceutical and medical device companies to government agencies like the Food and Drug Administration.”

Notice – iSchemaView takes steps so that Data Subjects covered by this Policy are notified about the types of Personal Data it collects about them, the purposes for which it uses such Personal Data, the types of third parties to which it discloses such Personal Data, the choices and means that it offers for limiting its use and disclosure of such Personal Data, and how Data Subjects can contact ISchemaView with any inquiries or complaints. Notice is provided in clear and conspicuous language at the time of collection or as soon as practicable thereafter; before iSchemaView uses or discloses Personal Data for a purpose other than that for which it was originally collected, and through this Policy.

Principally, in the use of Software as a Medical Device applications, iSchemaView is the recipient of anonymized data from first party entities.

In the course of EU citizen’s visiting www.iSchemaView.com; or www.iRAPID.com personal data may be captured:

First party obtained data may be used by iSchemaView for:

  1. Compliance as required by law, or as permitted by law;
  2. The delivery of current and future products and services;
  3. Our everyday business operations such as:
    • product safety and product complaint reporting;
    • patient assistance;
    • communicating information about diseases, products and services, or via e-mail, direct mail and other channels;
    • business and marketing research; and
    • auditing our programs and resources for compliance and security purposes; and
iSchemaView may disclose Personal Data to the following types of third parties:
  • To third parties that are designated by the Data Subject or customer to which the Personal Data pertains for purposes of providing health care treatment (including training and service)
  • Study partners with uses defined under Privacy Shield Principle 14;
  • As required by law, including disclosure in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements.

In addition, iSchemaView collects, uses, and discloses Personal Data collected from users of iSchemaView’s public website.

Website Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

  • See what data we have about you, if any
  • Change/correct any data we have about you
  • Have us delete any data we have about you
  • Express any concern you have about our use of your data
  • Security

    We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

    Wherever we collect sensitive information, that information is encrypted and transmitted to us in a secure way.

    While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

    Updates

    Our Privacy Policy may change from time to time and all updates will be posted on this page. If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at (650) 388-9767 ext. 5 or by email: dpo@ischemaview.com.

    Cookies

    We use “cookies” on this site. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site.

    Sharing

    We share aggregated demographic information with our partners. This is not linked to any personal information that can identify any individual person.

    We partner with another party to provide specific services. When the user signs up for these services, we will share names, or other contact information that is necessary for the third party to provide these services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services.

    Links

    This web site contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.

    Choice

    In the event EU Personal Data covered by this Policy is to be used for a new purpose that is materially different from the purpose(s) for which the Personal Data was originally collected or subsequently authorized, or is to be transferred to the control of a third party, Data Subjects are given, when feasible and appropriate, an opportunity to choose (opt-out) whether to have their Personal Data so used or transferred. In the event that Sensitive Personal Data is used for a new purpose or transferred to the control of a third party, the Data Subject’s explicit consent (opt-in) will be obtained prior to such use or transfer of the Sensitive Personal Data.

    Accountability for Onward Transfer

    Accountability for Onward Transfer (transfers to affiliates and/or other third parties) – In the event iSchemaView transfers EU Personal Data covered by this Policy to an affiliate or other third party, it will do so consistent with any notice provided to Data Subjects and any consent they have given. iSchemaView will transfer Personal Data to such third parties only if the transfer is for limited and specified purposes and the third party will provide at least the same level of privacy protection as is required by this Policy and the Privacy Shield Principles. When iSchemaView has knowledge that a third party is using or sharing Personal Data in a way that is contrary to this Policy, iSchemaView will take reasonable steps to prevent or stop such use or sharing.

    With respect to transfers to its agents, iISchemaView remains responsible under the Privacy Shield Principles if an agent processes Personal Data in a manner inconsistent with the Principles, except where ISchemaView is not responsible for the event giving rise to the damage.

    Access

    Data Subjects whose Personal Data is covered by this Policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data if they can demonstrate that it is inaccurate or incomplete (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated).

    Security

    iSchemaView takes reasonable precautions to protect EU Personal Data covered by this Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

    Data Integrity and Purpose Limitation

    EU Personal Data covered by this Policy that is collected, processed, and maintained by ISchemaView shall be kept and used for its intended purpose. ISchemaView takes reasonable steps to ensure that the Personal Data is used for its intended purpose(s), and is accurate, complete, and current.

    Recourse, Enforcement, and Liability

    To ensure compliance with these Privacy Shield Principles, iSchemaView will:

    • In the investigation and resolution of complaints that cannot be resolved between iSchemaView and the complainant, cooperate with and comply with the dispute resolutions mechanisms of:
      • For HR Personal Data, a panel established by the EU Data Protection Authorities ("DPAs"); and
      • For non-HR Personal Data, the Better Business Bureau’s ("BBB") EU Privacy Shield Dispute Resolution Procedure, which is based in the U.S.;
    • Periodically review and verify its compliance with the Privacy Shield Principles; and
    • Remedy issues arising out of any failure to comply with the Privacy Shield Principles.

    iSchemaView acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants, and thereafter transfers of Personal Data will not be allowed unless iSchemaView otherwise complies with EU data protection law.

    ENFORCEMENT AND DISPUTE RESOLUTION

    Any inquiries or complaints regarding this Policy or the collection, use, disclosure, or transfer of Personal Data should be directed to the Data Privacy Officer of iSchemaView Inc., which may be contacted at 433 Park Point Drive, Suite 220, Golden, CO 80401. iSchemaView will investigate and attempt to resolve complaints in accordance with the Privacy Shield Principles. In the event an inquiry or complaint cannot be resolved between ISchemaView and a Data Subject, the Data Subject may contact an independent recourse mechanism to provide appropriate recourse free of charge:

    • For inquiries or complaints regarding HR Personal Data, the DPA of the EU Member State where the Data Subject works, which can refer the complaint to the DPA panel; or
    • For inquiries or complaints regarding non-HR Personal Data, the BBB EU Privacy Shield Dispute Resolution Procedure (contact information is available at http://www.bbb.org/EU-privacy-shield/for-eu-consumers).

    Should a complaint remain fully or partially unresolved after a review by iSchemaView and the applicable independent recourse mechanism, Data Subjects may be able to, under certain conditions, seek binding arbitration before the Privacy Shield Panel. For more information, please visit www.privacyshield.gov.

    CHANGES TO THIS POLICY

    This Policy may be amended from time to time consistent with the requirements of the Privacy Shield Principles. Appropriate notice will be given concerning such amendments.

    Effective: 11/26/2018