Privacy Policy

AcostaGroup Privacy Policy (The “Policy”):

ACOSTAGROUP dba ChrisAcosta.com (also referred to as “Company”, “we” or “our”) respects the relationships we have with our customers and respects the privacy of all individuals whose Personal Information may be processed by ACOSTAGROUP in the performance of our services and our business operations. This Privacy Policy supplements our Privacy Shield policy, to apply around the world.  This Policy explains how ACOSTAGROUP collects, holds, uses and discloses Personal Information, including Personal Information of our personnel, consumers, customers, suppliers, vendors, and business partners.  ACOSTAGROUP intends that this corporate privacy policy and our implementing standard practices and procedures will support timely compliance with all international privacy laws and regulations around the world.

To demonstrate our commitment to the protection of Personal Information, including Personal Information transferred out of the European Economic Area (“EEA”) and Switzerland for the performance of our services and business operations, we adhere to the Privacy Shield Principles and are certified to the EU-U.S. Privacy Shield Framework (“Privacy Shield”), as set forth by the U.S. Department of Commerce and the Federal Trade Commission. Further details of the Privacy Shield and the Privacy Shield Principles can be found on the website at https://www.privacyshield.gov. We also use model contractual clauses and other mechanisms approved by the European Union and Switzerland, respectively, for transfers of Personal Information from the EEA and Switzerland. 

 

* * *

SCOPE: This Policy applies to all Personal Information of Individuals, either in electronic or paper format, received by ACOSTAGROUP, including Personal Information of Company Personnel, consumers, customers, suppliers, vendors, and business partners.

 

DEFINITIONS: For purposes of this Policy, the following definitions shall apply:

  • “Agent” means any third party that uses Personal Information provided to it by ACOSTAGROUP to perform tasks on behalf of and/or under the instructions of ACOSTAGROUP or to which ACOSTAGROUP discloses Personal Information for use on its behalf.
  • “European Economic Area” (EEA) means for the purposes of this Policy all countries within the European Union (EU) and Iceland, Liechtenstein, Norway.
  • “Individual” means any natural person.
  • “Personal Information” means any information or set of information about an identified or identifiable individual, including, but not limited to: (a) first name or initial and last name; (b) home or other physical address; (c) telephone number; (d) email address or online identifier associated with the individual; (e) Social Security number or other similar identifier; or (f) any other information relating to an individual that is combined with any of the above. The term “Personal Information” does not include non-identified information or information that is reported in the aggregate (provided that such aggregated information is not identifiable to a natural person).
  • “Personnel” includes, but is not limited to, any employee (permanent or temporary), director, officer, contractor, worker, temporary worker, job applicant, retiree of ACOSTAGROUP and any and all of their respective dependents.
  • “Privacy Shield Principles” collectively means the seven (7) privacy principles, as well as the supplemental privacy principles and the associated guidance details of which can be found at https://www.privacyshield.gov.
  • “ACOSTAGROUP” means any entity that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with ACOSTAGROUP, Inc.  For purposes of this definition, “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such entity, whether through the ownership of voting securities, by contract or otherwise.

“Sensitive Personal Information” means Personal Information that reveals or is processed to uniquely identify a person: 

  • All government-issued identification numbers (including US Social Security numbers, EU Social Security numbers, Canadian Social Insurance numbers, driver’s license numbers, and passport numbers);
  • All financial account numbers (bank account numbers, credit card numbers, and other information if that information would permit access to a financial account); 
  • Individual medical records, biomedical specimens, and biometric information, including any information on any worker or consumer’s health, disability, disease or product interests;
  • Reports of individual background checks;
  • Data elements revealing race, ethnicity, national origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data where processed to uniquely identify a person, any information that concerns medical or health conditions or sex life, or information relating to the commission of a criminal offense sex life or sexual orientation, and information relating to the commission of a criminal offense. 

NOTICE

Where ACOSTAGROUP collects Personal Information directly from Individuals, it will explain the purposes for which it collects and uses Personal Information about the Individuals, the types of third parties to which ACOSTAGROUP discloses that information, and the choices and means, if any, ACOSTAGROUP offers Individuals options for limiting the use and disclosure of Personal Information about them. This explanation will be provided as soon as practicable and, in any event, before ACOSTAGROUP discloses the Personal Information or uses such information for a purpose materially different than that for which it was originally collected or processed. ACOSTAGROUP also will provide any additional information required by law for a specific context, product or service.  In general, with exceptions and other lawful bases that may be relevant for any specific product or service notice, ACOSTAGROUP processes personal data for its legitimate interests consistent with applicable law. Where an ACOSTAGROUP entity receives Personal Information from another ACOSTAGROUP entity or other entities, including when acting as a CRO processing Personal Information under the direction of a customer, it will use such information in accordance with the notices provided by such entities and the choices made by the Individuals to whom such Personal Information relates. 

Types of Personal Information collected, Purposes of Collection and Uses of Personal Information:

  • Human Resources-Related Information. For Individuals who are Personnel, we will process Personal Information to carry out and support our human resources functions and activities, including but not limited to, employment opportunities, Personnel recruitment and onboarding, administration of Personnel participation in benefits, compensation and human resources plans and programs, management of Personnel performance, and implementation, investigation and reporting on compliance and discipline procedures and matters. ACOSTAGROUP may provide Personal Information to Agents to support ACOSTAGROUP in performance of these human resources-related activities.
  • Customers and Program Participant Information. For Individuals sharing Personal Information with ACOSTAGROUP in order to inquire about or otherwise make use of our services or purchase, receive or seek information, including about any health care products and services, opportunities to participate in clinical research, health care education and patient support programs which may be available through ACOSTAGROUP, we will use such Personal Information in order to provide the requested information, products, and/or services. Such uses may include processing requested transactions, improving the quality of our services, sending communications about the products and services available through ACOSTAGROUP, and enabling our business partners and Agents to perform certain activities on our behalf.

ACOSTAGROUP may also use the Personal Information collected above to comply with our legal and regulatory obligations, policies and procedures, and for internal administrative purposes.

CHOICE

ACOSTAGROUP may offer Individuals the opportunity to choose whether their Personal Information is (a) to be disclosed to a third party, or (b) to be used for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the Individual.

ACOSTAGROUP will not process Sensitive Personal Information about Individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the Individual unless the Individual explicitly consents to the processing (“opt-in”), or as required or permitted, or where not prohibited by law or regulation.

In some cases, even if an Individual opts-out of disclosures of their Personal Information, ACOSTAGROUP may still disclose such Personal Information (i) if required to do so by law, (ii) if disclosure is required to be made to law enforcement authorities, or (iii) if we believe disclosure is necessary or appropriate to prevent physical harm to an individual or financial loss or in connection with an investigation of suspected or actual illegal activity. ACOSTAGROUP also may transfer Personal Information when a material event concerning its business operation(s), assets or shares, such as purchase, disposal, merger, joint venture or acquisition, is proposed or occurs. In such an event, ACOSTAGROUP will endeavor to direct the transferee to use Personal Information in a manner that is consistent with this Policy. ACOSTAGROUP will provide Individuals with reasonable mechanisms to exercise their choices to the extent required by applicable law.

ACCOUNTABILITY FOR ONWARD TRANSFER

In the performance of our services and business operations, Personal Information we collect or receive may be stored or transferred internationally throughout our worldwide organization and to our service providers or agents, including for hosting our databases or provision of data processing services, in accordance with applicable data privacy laws.  Transfers to third parties are covered by the provisions in this Policy regarding notice and choice. 

ACOSTAGROUP may also share an Individual’s Personal Information with Agents in connection with services that these individuals or entities perform for, or with, ACOSTAGROUP. ACOSTAGROUP may, for example, provide an Individual’s Personal Information to Agents for hosting our databases, for data processing services, or to send to that Individual the information that he or she requested.

ACOSTAGROUP may transfer Personal Information for specified, limited purposes, to an Agent and will endeavor to obtain assurances that such Agent provides at least the same level of privacy protection as is required by the Privacy Shield Principles (where applicable) and this Policy and will notify ACOSTAGROUP if it makes a determination it can no longer meet this obligation.

Where ACOSTAGROUP knows that any third party to whom it has provided Personal Information is using or disclosing Personal Information in a manner contrary to this Policy, ACOSTAGROUP will take reasonable steps to prevent or stop the use or disclosure. With respect to such onward transfers to Agents, and to the extent ACOSTAGROUP is responsible for the event, ACOSTAGROUP shall remain liable should its Agents process Personal Information in a manner inconsistent with the Privacy Shield Principles (where applicable) and this Policy.

SECURITY

ACOSTAGROUP will employ reasonable and appropriate technical, administrative and physical safeguards designed to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Personal Information ACOSTAGROUP is processing.  We have a privacy incident response program designed to promptly respond to and escalate all privacy-related questions, complaints, concerns, including any potential privacy or security incident.

DATA INTEGRITY AND PURPOSE LIMITATION

ACOSTAGROUP endeavors to use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the Individual. ACOSTAGROUP will take reasonable steps designed to ensure that only Personal Information that is relevant to its intended use, accurate, complete, current, and otherwise reliable in relation to the purposes for which the information was obtained is used by ACOSTAGROUP for as long as ACOSTAGROUP retains possession of such information. ACOSTAGROUP’s Personnel have a responsibility to assist ACOSTAGROUP in maintaining accurate, complete and current Personal Information.

ACCESS/CORRECTION

Under laws in certain countries in which we operate, individuals have a right to access Personal Information about themselves, and to amend, correct or delete Personal Information that is inaccurate, incomplete or outdated.  ACOSTAGROUP will, on request, provide an Individual with confirmation regarding whether ACOSTAGROUP is processing Personal Information about them, consistent with applicable law. In addition, upon request of an Individual, ACOSTAGROUP may take reasonable steps to correct, amend, or delete their Personal Information that is found to be inaccurate, incomplete or processed in a manner non-compliant with this Policy or applicable law, except where the burden or expense of providing access would be disproportionate to the risks to that Individual’s privacy, where the rights of persons other than the Individual would be violated or where doing so is otherwise consistent with applicable law. Unless prohibited by applicable law, ACOSTAGROUP reserves the right to charge a reasonable fee to cover costs for providing copies of Personal Information requested by Individuals. ACOSTAGROUP, when acting as a CRO, has no direct relationship with medical research subjects participating in a clinical trial and any such Individuals who seek access, or who seek to correct, amend, or delete their inaccurate Personal Information should direct his or her query to the relevant study sponsor or investigator which has transferred such Personal Information to ACOSTAGROUP for processing.

Although ACOSTAGROUP makes good faith efforts to provide Individuals with access to their Personal Information, there may be circumstances in which ACOSTAGROUP is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary. If ACOSTAGROUP determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, ACOSTAGROUP will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.

Where otherwise permitted by applicable law, you may send an e-mail to PrivacyOfficer@ACOSTAGROUP.com or use any of the methods set out in this Policy to request access to, receive (port), seek rectification, or request erasure of Personal Information held about you by ACOSTAGROUP. Such requests will be processed in line with local laws. 

RECOURSE, ENFORCEMENT AND LIABILITY

ACOSTAGROUP encourages Individuals covered by this Policy to raise questions about the processing of Personal Information about them by contacting ACOSTAGROUP through the contact information provided below. Any Personnel that ACOSTAGROUP determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment, where applicable.

Any questions or concerns regarding the use or disclosure of Personal Information should also be directed to ACOSTAGROUP through the contact information given below. ACOSTAGROUP will undertake reasonable efforts to investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy.

If you are an EU or Swiss citizen and feel that ACOSTAGROUP is not abiding by the terms of this Policy, please contact ACOSTAGROUP at the contact information provided below. If any request remains unresolved, you may contact the national data protection authority for your EU Member State.

In certain circumstances, ACOSTAGROUP has agreed to cooperate with the American Arbitration Association (“AAA”) with respect to complaints of Individuals that are not Personnel of the Company and with the local data protection authorities with respect to Personnel and human resources related information consistent with applicable law. For more information and to submit a complaint to AAA, visit http://go.adr.org/privacyshield.html. Such independent dispute resolution mechanisms are available to Individuals free of charge. 

CONTACT INFORMATION: Questions, comments, concerns or complaints regarding this Policy or ACOSTAGROUP’s processing of Personal Information should be submitted to the ACOSTAGROUP Chief Privacy Officer at PrivacyOfficer@ACOSTAGROUP.com

RESERVATION OF RIGHTS: ACOSTAGROUP reserves the right to share an Individual’s Personal Information and contracts with Agents as required or authorized by law or regulation or in response to duly authorized information requests of government authorities.

CHANGES TO THE PRIVACY POLICY: This Policy may be reviewed and amended from time to time, without advance notice, to ensure that an appropriate level of protection for Personal Information is maintained. All amendments will be posted on this website. Please check back periodically for updates to this Policy.  

ACOSTAGROUP PRIVACY POLICY EFFECTIVE DATE:  July 14, 2018

LinkedIn