Endogenex Application Privacy Policy
All terms are subject to revision or replacement at any time
1.0 Overview
This procedure serves as a template for a privacy policy/privacy notice primarily for website usage.
2.0 Privacy Notice
Endogenex, Inc. (hereinafter also referred as: “Endogenex”, “we”, “us” or “our) is conducting business within multiple geographies including the United States, the United Kingdom, the European Union (EU) and the European Economic Area (EEA). Endogenex understands the importance of privacy to our customers, visitors, suppliers, business partners, employees and other individuals (hereinafter also referred as: “you” or the “user” or the “data subject”). We are committed to protecting and respecting your privacy.
This privacy policy (“Policy”) applies only to information collected through the website on which it is posted. It does not apply to third-party platforms or to other Endogenex-operated websites or other Endogenex-operated platforms on which it is not posted. It also does not apply to information collected through other channels, such as over the phone or in person, or as part of a clinical study.
Some of the information we collect through this Site may be “personal data” as defined below, collected when you visit or use this website.
This Policy may be supplemented or amended from time to time by additional privacy notices (“Privacy Notices”), provided at the time we collect your information. For example, certain pages of this Site may contain Privacy Notices providing more details about the information we collect on those particular pages, why we need that information, and choices you may have about the ways we use that information. In other cases, specific Privacy Notices may be required to comply with the privacy laws of one of the countries, provinces, or states in which we do business.
If you have a disability, you may request access to this Policy in an alternative format by contacting info@Endogenex.com or 763.251.6820.
3.0 Your Consent
By using this Site, you are consenting to the collection, use, disclosure, and transfer of your information as described in this Policy (and any Privacy Notices that apply to you). If you do not consent to the collection, use, disclosure and transfer of your information as described in this Policy (and any Privacy Notices that apply to you), you may not use this Site. If you have questions about this Policy, or any Privacy Notice, please contact us using the information provided below.
You may revoke your consent for the collection, use, disclosure, and transfer of your information as described in this Policy (and any Privacy Notices that apply to you) by contacting us directly.
4.0 Complete agreement
This Policy is part of the Terms of Use that govern your use of this Site. A link to our Terms of Use is provided on this Site.
Except as written in any other disclaimers, policies, or other notices on this Site, this Policy and the Terms of Use are the complete agreement between you and Endogenex with respect to your use of this Site.
5.0 Changes to this Policy
Endogenex reserves the right to update or modify this Policy and any Privacy Notice, at any time and without prior notice, by posting the revised version of the Policy or Privacy Notice on this Site. These changes will only apply to the information we collect after we have posted the revised Policy or Privacy Notice on this Site.
Your use of this Site following any such change constitutes your agreement that all information collected from or about you after the revised Policy is posted will be subject to the terms of the revised Policy. You may access the current version of this Policy at any time by clicking on the link for privacy information on the public areas of this Site.
6.0 Information We Collect
Personal Data means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal Data You Manually Provide.
Endogenex collects the information you manually provide (using your keyboard, mouse, or touchpad) when you use this Site, for example, we collect the information you provide if you choose to complete a pre-screening questionnaire entitled, “Am I a Candidate?” or similar questionnaire, contact us with questions, or otherwise interact with this Site. Some of the information you may choose to manually provide will be Personal Data including but not limited to:
- Contact data: such as name, title, address, phone number, mailing address, and email.
- Other identifiers: such as device ID or serial number, various types of personal health information (e.g., health insurance information, medical information, and the like), online identifiers, and other similar identifiers.
- Communication data submitted by you: such as questions and feedback.
- Demographic data: such as language, age, and gender.
- Marketing preferences: such as e-mail subscription and frequency preferences.
Information Automatically Collected
Endogenex collects information that is sent to us automatically by your web browser or mobile device. This information includes but is not limited to:
- Product use and application data (including date and time of your visit)
- IP address
- The browser you are using (including name and version)
- Your location and other geographic data
- The website you came from and the website you visit after leaving
- Pages viewed on the Site
- Links clicked on the Site
- Time spent on a particular page of the Site or the Site as a whole
- Site data used to facilitate the use of the Site such as login and technical data
The information we receive may depend on your browser or device settings. The information we receive from your web browser and device typically is not, in and of itself, personally identifiable. However, we may combine it with other information in an attempt to identify you or we may combine it with information that does identify you.
Information Collected by Cookies and Other Technologies
We use “cookies” and other technologies to collect information and support certain features of this Site. For example, we may use these technologies to:
- Collect information about the ways visitors use this Site—which pages they visit, which links they use, and how long they stay on each page
- Support the features and functionality of this Site—for example, to save you the trouble of reentering information already in our database or to prompt the settings you established on previous visits
- Personalize your experience when you use this Site; and
- Improve our marketing efforts, including through use of targeted advertising.
The information we collect using cookies and similar technologies is not, in and of itself, personally identifiable, but we may link it to Personal Data that you provide. If you do not wish to receive cookies, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. Although you are not required to accept cookies when you visit this Site, you may be unable to use all of the functionality of this Site if your browser rejects our cookies.
Information Collected by Third-Party Cookies
In addition to the cookies Endogenex delivers to your computer or mobile device through this Site, certain third parties (Tracking and Performance Cookies) may deliver cookies to you for a variety of reasons. For example, we may use a web analytics tool that helps us understand how visitors engage with our Sites.
Other third parties may deliver cookies to your computer or mobile device for the purpose of tracking your online behaviors over time and across nonaffiliated websites and/or delivering targeted advertisements either on this Site or on other websites.
You have choices about the collection of information by third parties on our Sites. For example, if you don’t want information about your visit to this Site sent to Google Analytics, you may download an Opt-out Browser Add-on by clicking here. Similarly, to opt-out of cookies used for interest-based advertising by similar services globally, click here or here.
You will be directed to an industry-developed website that contains mechanisms for choosing whether each listed entity may collect and use data for online behavioral advertising purposes. It may be that some of the third parties that collect interest-based information on this Site do not participate in the industry-developed opt-out website, in which case the best way to avoid third-party tracking of your online behaviors may be through your browser settings and deletion of cookies. Please note that the industry-developed opt-out mechanisms are device and browser specific. If you wish to opt-out from having interest-based information collected by participating entities across all devices and browsers, you need take the steps outlined above from each device and browser.
7.0 Our Legal Basis for Processing Personal Data
We may process the Personal Data we collect/receive under the following legal bases:
- Consent. In some cases, we will only process your information where you have given your consent. For example, if you sign up for email communications, provide your phone number for phone communication, or where you may be providing special categories of personal data. Please note that we may have a different legal basis for processing (e.g., legitimate interest) so that consent is not needed. When our use and sharing is not readily apparent when you provide your information, we will provide additional information at the time we collect the information regarding our purposes and use of the information.
- Legitimate interest. We can process your personal data if (i) we have a genuine and legitimate reason; and (ii) are not harming any of your rights and interests. We will use your personal data in order to help us provide you with our services and to give you the most appropriate information, products and services and to provide you with the best experience when dealing with us. Whenever we process your personal data for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection law.
- To fulfill our obligations to you under a contract. If you purchase a product from us, we may process your personal data in order to fulfill our contract with you.
- As required by law. Where we are required to comply with our legal obligations, or to establish and defend our legal rights, or to prevent and detect crimes such as fraud.
8.0 How We Use Your Information
We may use the information we collect through this Site for various purposes, including but not limited to:
- To provide you with access to this Site.
- To respond to your requests.
- To personalize your access to our Site.
- To develop records (including records of your Personal Data).
- To contact you with pertinent information about products, clinical trials, or important safety information, and about products and services of ours and of others.
- For analytical purposes and to research, develop, and improve programs, products, services, and content.
- To remove your personal identifiers. Once we have de-identified information, it is considered non-Personal Data and we may treat it like other non-Personal Data.
- To enforce this Policy and other rules about your use of this Site.
- To protect someone’s health, safety, or welfare.
- To protect our rights or property.
- To comply with a law or regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
9.0 How We Share Your Information
With Third–Party Vendors
Endogenex shares information collected through this Site with third-party vendors who act for us or on our behalf. For example, we may use third-party vendors to design and operate this Site; to conduct surveys and clinical studies; and to help us with our promotional efforts. These third-party vendors may need information about you to perform their functions on our behalf. In general, we require our third-party service providers and vendors to restrict their use of any personally identifiable information received through our Site to the intended purposes.
With Third-Party Social Media Platforms
We may also use third-party social media platforms to offer you interest-based ads. To offer such ads, we may convert your email address into a unique value which can be matched by platform vendors with a user on their platform. Although we do not provide any Personal Data to these platform vendors, they may gain insights about individuals who respond to the ads we serve.
For the Purpose of Determining your Eligibility for a Clinical Study
If you choose to provide information through our Site to see if you qualify to participate in a clinical study, we may share your information with business partners or potential study center(s) so that they may contact you to see if you are a suitable candidate for one of our clinical studies. We require such business partners or potential study centers to restrict their use of any personally identifiable information received through our Site to the intended purposes.
In Aggregate or De-Identified Form
We use information collected through this Site to create a compiled, aggregate view of usage patterns. We may share aggregate information with third parties for various purposes including so they can better understand our user base. We may also share with third parties information about how particular individuals use this Site, but only on a de-identified basis (“Individualized Data”). Individualized Data is not personally identifiable, but it does reflect the usage patterns of a particular Site user, as opposed to Site users collectively. For clarity, we may use and share aggregated or de-identified data without restriction.
As Part of a Business Transfer
Your information may be transferred to successor organization if, for example, we transfer the ownership or operation of this Site to another organization or if we merge with another organization or liquidate our assets. If such a transfer occurs, the successor organization’s use of your information will still be subject to this Policy and the privacy preferences you have expressed to us.
To Comply with Laws and Protect Our Rights and the Rights of Others
We may disclose your information when we, in good faith, believe disclosure is appropriate to comply with the law, a court order or a subpoena. We may also disclose your information to prevent or investigate a possible crime, such as fraud or identity theft; to protect the security of this Site; to enforce or apply our online Terms of Use or other agreements; or to protect our own rights or property or the rights, property or safety of our users or others.
As Described in a Privacy Notice or Click-Through Agreement
We reserve the right to disclose your information as described in any Privacy Notice posted on a page of this Site where you provide that information. By providing your information on that page you will be consenting to the disclosure of your information as described in that privacy notice. We also reserve the right to disclose your information as described in any click–through agreement to which you have agreed.
Endogenex will not sell your information to any third parties.
10.0 How We Protect your Information
Endogenex takes reasonable precautions to provide a level of security appropriate to the sensitivity of the information we collect. Although we use reasonable measures to help protect your information against unauthorized use or disclosure, we cannot guarantee the security of information provided over the Internet or stored in our databases and will not be responsible for breaches of security beyond our reasonable control.
11.0 Transfer and Storage of your Personal Data
We may store, collect, transfer and process your Personal Data in a country other than your country of residence. The data will most likely be stored and processed in the location of world headquarters, the United States. The data protection and other laws of countries to which your information may be transferred may be different in your country. By submitting your Personal Data, you agree to any transfer, storing or processing.
Your Personal Data is transferred by us to another country only if it is required or permitted under applicable data protection law and provided that there are appropriate safeguards in place to protect your Personal Data.
12.0 Retention of Your Information
Endogenex retains the Personal Data collected on this Site as long as necessary to fulfill the purpose for which it is collected or as permitted by applicable law.
13.0 Children’s Privacy
This Website is not targeted to children under the age of 16 and we do not knowingly collect or solicit Personal Data about such children. If we discover that a child has provided us with Personal Data online through this Website, we will take delete this information as quickly as possible. If you believe we may have received Personal Data from a child under the age of 16, please contact us immediately.
14.0 Your rights (US Citizens)
You may revoke your consent for the receipt of communication that we send to you at any time by contacting us directly.
You should note that this will not affect all communications from us, for example, we are legally required to provide notices such as notification of a data breach in which case you should expect to receive a notification via email. It is important that the Personal Data we hold about you is accurate and current. Please keep let us know if your Personal Data changes.
You may make a request to access, correct, or delete your Personal Data or otherwise object to our processing of such Personal Data by contacting us directly. We will respond to reasonable requests in accordance with applicable law and subject to legal and contractual restrictions. We will not discriminate against you for exercising these rights. There may be times where we cannot grant you access to the Personal Data we hold. For example, if such disclosure would interfere with the privacy of others or if it would result in a breach of confidentiality. We will provide written explanation for our refusal to grant access.
15.0 Your Rights under the GDPR (For EU and EEA citizens)
Endogenex undertakes to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights. You have the right under this Privacy Policy, and by law if you are an EU Citizen within the EEA, to:
- Request access to your Personal Data. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly; please contact us to assist you. This also enables you to receive a copy of the Personal Data we hold about you.
- Request correction of the Personal Data that we hold about you. You have the right to have any incomplete or inaccurate information we hold about you corrected.
- Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Request erasure of your Personal Data. You have the right to ask us to delete or remove Personal Data when there is no good reason for Endogenex to continue processing it.
- Request the transfer of your Personal Data. We will provide to you, or to a third-party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw your consent. You have the right to withdraw your consent on using your Personal Data. If withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the Service.
- To file a complaint to a Supervisory Authority. You have the right to complain to a Supervisory Authority about our collection and use of your Personal Data. For more information, if you are in the European Economic Area (EEA), please contact your local Supervisory Authority in the EEA.
Exercising of Your GDPR Data Protection Rights (For EU and EEA citizens)
You may exercise your rights of access, rectification, cancellation and opposition by contacting us:
Data privacy manager contact information
Data Privacy Manager-Endogenex
13755 1st Ave North #100
Plymouth, MN 55441, USA
763.251.6820
In addition, if you have any questions regarding this policy or about our privacy practices, or need to contact us for purposes related to this Privacy Policy, please contact us as noted above.
Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.
16.0 Links to Other Websites
This Policy applies only to the Endogenex-operated websites on which it is posted. Endogenex and its affiliates may operate different websites for different purposes and in different countries, where different laws may apply. If you visit another Endogenex website, please take a moment to review the privacy policy posted on that site to learn what information may be collected through that site and how it is processed. This Site may also contain links to websites that are not operated by or on behalf of Endogenex or its affiliates. These links are provided for your reference and convenience only and do not imply any endorsement of the products sold or information provided through these websites, nor any association with their operators. Endogenex does not control these websites and is not responsible for their data practices. Any information you provide to third parties on their websites is covered under their privacy and data collection policies and is not covered by this Policy. We urge you to review the privacy policy posted on any site you visit before using the site or providing any Personal Data.
Doc. 435 Rev. B