PRIVACY POLICY

Proxima Clinical, Inc. is committed to protecting your privacy. We offer you the opportunity to navigate our website without the commitment or obligation to supplying us any personal information about yourself or your organization. In certain instances, we need additional information about you in order to provide the information or services you are requesting.

Your privacy and protection of your information is of the utmost important to us. To protect your privacy, we provide this explanation to online information practices and the choices you can make about the way your information is collected and used.

Which people do you have data for (staff, customers, patients, physicians)?
Proxima maintains data for staff, vendors, and customers.

Which country do these people represent? European Union (EU) is considered one country.
Parties mentioned in section 4.3 may be any country in the world.

What forms of data do you have (electronic, paper, samples)?
All data is maintained electronically.

What applications manage this data?
Data is managed by cloud-based file storage applications, business management applications such as customer relationship management and financial systems.

Where is the data physically located?
The data is physically located on cloud-based file storage applications or with the vendors providing cloud-based software as a service application as identified in this Policy.  

How is the data stored? Is it encrypted and who can decrypt it?
The data stored on cloud-based file storage applications and business management applications is encrypted and can be decrypted only by staff who have access permissions to the applicable directories. Data may also be stored in some systems as certified (not editable) PDF documents.

Are you a Data Controller (owns the data) or Data Processor (processes on behalf of the Data Controller)?
Proxima is a data processor for information relating to vendors and customers. Proxima is a data controller for staff and business-related data.

Who has access to that data within and external to your company?
Proxima staff have restricted access to data, based on their roles and responsibilities. No parties outside of Proxima have access to data.

How is access to the data limited to your workforce?
Within Proxima, access to folders containing data is restricted based upon an individual’s work function and job responsibilities. Vendors and other third-party collaborators do not have access to data held within Proxima’s systems.

What do you do with that data? (Processing)?
Data related to Proxima staff, vendors and customers is used for the purpose of conducting normal business operations such as hiring, payroll, contracts, invoicing, etc.

What is your policy on sharing data with other parties?
Proxima’s policy is to only share data with parties authorized by the applicable party as agreed upon.

Who do you share that data with? (Privacy by Design)
Data is shared with parties outside of Proxima according to the party’s instructions as applicable.

How do you notify people that you have shared their data?
Parties are not notified when their information has been shared. Parties grant authorization to share their information as applicable.

How does a person obtain and revoke consent for the use of their data? (Consent)
A person can revoke consent by submitting a request in writing addressed directly to Proxima offices.

If you have non-adult data (up to 16 years old), how do you obtain and revoke consent?
Proxima does not collect non-adult data.

How does a person request changes, including deletion, to the data?
A person can request changes to, or deletion of their data by submitting a request in writing addressed directly to Proxima offices.

How does a person obtain their data (electronically not paper) from you upon request? (Right to Access, Data Portability)?  
A client can request access to their data by submitting a request in writing addressed directly to Proxima offices.

How do you notify people of this data privacy statement and how to you notify them of updates?
Proxima does not actively notify people of this data privacy statement. A copy of our privacy policy will be posted publicly to our website. Data privacy is also addressed in non-disclosure or confidentiality agreements with all customers, vendors, and staff as applicable.

When do you delete this data (forget the person) because it is no longer needed? (Right to be Forgotten)?
Data is deleted upon request or upon regulatory requirements based on the type of data and length of time required to maintain.

How do you notify persons if there is a data breech/data stolen? (Breech Notification)
Any data breech will be communicated to the applicable party by the Data Protection Officer or their designee.

How do you document the annual security review of this Data Privacy statement?
This policy and data privacy statement is subject to periodic review following the requirements set forth in our standard operating procedures regarding controlled documents. In addition, compliance with the DPS requirements is verified during internal audits.

What do you do to protect your data?
Data protection efforts and practices are governed by Proxima standard operating procedures covering areas of computer systems and security, computer systems validation and qualification, quality assurance audits, and employee training.

Who is your Data Protection Officer or equivalent?
Proxima has appointed the Vice President of Clinical Operations to serve as the Data Protection Officer.