Effective Date: May 25, 2018
Comprehend provides Services and tools that allow Clients to analyze and report on clinical data pulled from multiple, disparate data sources through a single interface. These tools and Services are not a part of Our corporate website. Comprehend serves as a data processor for Our Clients who use these tools and Services. More specifically, Comprehend does not own the information that is submitted to Us through the Services and tools. The information that is submitted through Client Services relationships will be held subject to the lawful requirements specified by the Clients.
EU – U.S. Privacy Shield: Transfer of Personal Information
Comprehend participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Comprehend is committed to subjecting all Personal Information received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List: https://www.privacyshield.gov/list
Comprehend is responsible for the processing of Personal Information it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf in accordance with Comprehend’s contractual obligations with its customers.. Comprehend complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU, including the onward transfer liability provisions.
With respect to Personal Information received or transferred pursuant to the Privacy Shield Framework, Comprehend is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Comprehend may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Processing of EU Data
Comprehend is committed to complying with GDPR with respect to all personal data received from natural persons from European Union (EU) member countries. If You are one of such persons and wish to review or delete your Personal Information obtained through Your access to and use of the Comprehend Website, or take it with You, please email us at firstname.lastname@example.org. If You wish to review or delete Your Personal Information obtained through Your access to and use of the Comprehend Services, please contact the Comprehend Client who authorized Your access and use of the Services. To learn more about the GDPR, visit the GDPR Home Page https://www.eugdpr.org/.
Comprehend is responsible for the processing of personal data it receives, under the GDPR, and may subsequently transfer such personal data to a third party acting as an agent on Comprehend’s behalf. Comprehend complies with GDPR for all onward transfers of personal data from the EU.
Collection and Use of Personal Information through Comprehend Client Services and Website
You may visit the websites of Comprehend without revealing any Personal Information. However, in some instances, Comprehend may require certain Personal Information, such as business contact information, email address, or phone number, to respond to Your inquiries or provide You with requested information.
We also collect information provided by Our Clients to provide Our Services to those Clients. This information may include Personal Information about individuals, including health information collected as part of clinical trials. Comprehend will use this information as directed by Our Clients and for service-related purposes.
Comprehend collects information under the direction of its Clients, and has no direct relationship with the individuals whose personal data it processes. If You are a customer of one of Our Clients and would no longer like to be contacted by one of Our Clients that use Our Service, please contact the Client that You interact with directly. We may transfer Personal Information to companies that help us provide Our Services. Transfers to subsequent third parties are covered by the commercial agreements with Our Clients.
If a Client adds a user to their business or enterprise account, We will ask the Client for the user’s name and email address. We will automatically send the Client’s user a one-time email inviting him or her to visit a designated site for the collection of business information. Comprehend does not store this information, except to the extent permitted by law, and will only use it for the specific reason for which it was provided. If a person believes that a Client has provided Us with Your personal information and You would like to request that it be removed from Our database, please contact us at Privacy@comprehend.com.
Because of the nature of the Services, Comprehend operates as a data processor for Our Clients. Comprehend’s Clients are the data controllers as to the personal data collected when Comprehend is performing the Services. Individuals involved in clinical studies may interact directly with Comprehend’s Clients rather than with Comprehend. Comprehend maintains only the Personal Information Our Clients have asked Comprehend to process. It is the Comprehend Clients’ responsibility to ensure that the data the Client collects can be legally collected in the country of origin. The Comprehend Client is responsible for giving its employees and customers the appropriate level of notification that Personal Information is being collected and maintained.
We may anonymize and aggregate Personal Information collected through the Websites, tools, and Services, and use it for any lawful purpose.
Comprehend may automatically receive and record certain non-Personal Information from website users and the users of its tools and Services. Comprehend may use this information to provide certain functionality, improve the tools and Services, and monitor the use of the tools and Services.
Information Sharing and Disclosure
Comprehend may disclose Personal Information to its agents and partners who assist Comprehend in providing services to Clients. We will share Personal Information for such purposes only with third parties whose privacy policies are consistent with Ours or who agree to abide by Our policies with respect to Personal Information. If You do not want us to share Your Personal Information with these companies, You may contact us at: email@example.com.
Comprehend may otherwise disclose Personal Information when:
- We have express consent to share the Personal Information for a specified purpose;
- We are required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security, subpoenas, court orders, law enforcement requests, or such other legal process;
- We need to protect the personal safety of the users of Our systems or defend the rights or property of Comprehend; or
- We are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of the Services to another provider.
Comprehend is a global corporation with operations in several countries. We have developed global data practices designed to assure Personal Information is appropriately protected. While Our primary data centers are in the United States, We may transfer Personal Information to Comprehend offices outside of the United States now or in the future. In addition, We may employ other companies and individuals to perform functions on Our behalf. If We disclose Personal Information to a third party or to Comprehend employees outside of the United States, We will ensure that such party has agreed to abide by the GDPR requirements, or can otherwise assure adequate protection of such Personal Information. Additionally, any such third party processors will be identified in Our Data Processing Addendum. If you would like to enter into a Data Processing Addendum with Comprehend, please email firstname.lastname@example.org.
Cookies and Other Tracking Technologies
As is true of most websites, We gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on Our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
You may sign-up to receive email or newsletter or other communications from Us. If You would like to discontinue receiving this information, You may update Your email preferences by using the “Unsubscribe” link found in emails We send to You or at Your member profile on Our website or by contacting us at email@example.com.
Comprehend’s collection, use, and disclosure of information is generally governed by commercial agreements with Our business Clients. Information relied upon to provide the Services to Our business Clients is retained only for as long as We have a valid business purpose and in accordance with applicable law.
Upon request Comprehend will provide You with information about whether We hold any of Your Personal Information. You may access, correct, or request deletion of Your Personal Information by contacting us at firstname.lastname@example.org. We will respond to Your request within a reasonable timeframe.
In most cases, when Comprehend obtains Personal Information, it does so on behalf of another company, such as a Client (as an agent or data processor). Comprehend acknowledges that You may have the right to access Your personal information. Comprehend has no direct relationship with the individuals whose Personal Information it processes. To request access to, correction, amendment, or deletion of this Personal Information, an end user should contact the company to which the data was provided. If requested to remove data We will respond within a reasonable timeframe. For other inquiries, please contact us at email@example.com.
We will retain Personal Information We process on behalf of Our Clients for as long as needed to provide Services to Our Clients. Comprehend will retain this Personal Information as necessary to comply with Our legal obligations, resolve disputes, and enforce Our agreements.
Any questions, comments, or complaints about the data practices of a Client for which Comprehend processes data should be directed to that Client (including, without limitation, compliance with data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement), although Comprehend will make reasonable efforts to comply or assist with such requests. If Comprehend and its Clients are unable to resolve Your complaint, Comprehend has agreed to cooperate with the European Union Data Protection Authorities to resolve any privacy complaints related to Personal Information.
No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, We cannot ensure or warrant the security of any information You transmit to Us and You do so at Your own risk. Once We receive Your transmission, We take steps to ensure security on Our systems. Please note this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such safeguards.
Comprehend has adopted appropriate physical, electronic, and managerial procedures to safeguard and secure the Personal Information We process. Comprehend strives to protect the privacy of the Personal Information it processes, and to avoid inadvertent disclosure.
If Comprehend learns of a security system’s breach, Comprehend maintains an incident response policy that includes notifications consistent with applicable law. By internal policy, and unless in conflict with applicable law, Our notification time is 24 hours following discovery of a breach.
By using this website or providing Personal Information to Us, You agree that We can communicate with You electronically regarding security, privacy, and administrative issues relating to Your use of this website. If You have any questions about the security of Your personal information, You can contact Us at firstname.lastname@example.org.
Changes and Updates
Postal Mail Address:
2010 Broadway St.
Redwood City, CA 94063
We can be reached via e-mail at email@example.com or You can reach us by telephone at (650) 521-5449.