This Privacy Policy was last updated on November 11, 2021.

Historical versions (V3 02 JUL 2020; V2 29 MAY 2020; V1 20 MAY 2018) are maintained and available at either, the Florence Compliance Team’s self-audit portal, and/or by emailing


Florence Healthcare, Inc. (“Florence”, “we”, “us”, or “our”) is committed to protecting your Personal Information. The Privacy Policy describes our policies and practices regarding the collection, use, disclosure, and processing of your Personal Information. It also describes your rights and choices regarding your Personal Information.

When we receive Personal Information from prospects and customers accessing our websites,,,, OnFlorence (the “Sites”), we act as a Controller. The policy applies to any of our Sites that link to it. When we receive Personal Information (including Protected Health Information) from our customers and agents on the several variants of our website, our mobile apps and/or API services (collectively, the “Services”), we act as a (Sub-)Processor.

This Privacy Policy does not apply to information collected by us offline or through any other means, including on any other website or online service operated by us or third parties.

Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Information. By accessing the Sites or Services, you agree to this Privacy Policy. If you do not agree with our policies and practices described herein, your choice is not to use the Sites or Services. The date the policy was last updated is listed above. The policy may change from time to time (see Changes to this Policy, below). Your continued use of the Sites or Services after we made changes is deemed to be acceptance of those changes, so please check this policy periodically for updates. This Privacy Policy is incorporated into and subject to our Terms of Use.

Section 1 What Personal Information We Collect and How We Collect It

We collect information about you when you voluntarily provide it to us, when you access the Sites and use our Services, and when other sources provide it to us, as further described below.  Our Product and Development Teams consider data privacy and security interests when designing and implementing the Services we offer.  We follow a Privacy by Design (PbD) approach and framework to incorporate privacy protections into our Services.

Types of Personal Information: We generally collect the following:

  • Personal and contact details (e.g., first name, last name, email address, telephone number),
  • Employment details (e.g., company entity, office location),
  • Browsing/monitoring/tracking activities,
  • Education and skills,
  • Professional experience and affiliations,
  • Commercial information (e.g., purchasing history and preferences),
  • Social media details,
  • Sensory and electronic information (e.g., audio recordings when you attend a webinar, online meeting, or training session we sponsor)
  • Special categories (e.g., Protected Health Information (PHI)/patient health data related to clinical research studies)

Account and Profile Information: We collect certain Personal Information about you when you are invited to join a team or are otherwise authorized to access the Services, register for an account, create or modify your profile, set preferences, or sign-up through the Services. This includes if you provide us with information regarding your licensure, qualifications, certifications, employment status, or educational training history. Additionally, if you use a software (e.g., clinical trial management system) that is integrated with our Services, we collect your name and email address, along with the action performed.

  • For example, you provide your contact information and, in some cases, billing information when you register for the Services. You may also have the option of adding a display name, employer name, job title, and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select settings within the Services.

Content you provide through our Sites and Services: This includes the Services you use, where we collect and store content that you post, send, receive and share. We also collect other content that you submit to our Sites, which include our community help page, social media or social networking websites operated by us. Limited Personal Information is collected when you provide any content.

  • For example, you provide your name and email address to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities or events.

Information you provide through our support channels: The Services also include our customer support, where you may choose to submit monitoring and tracking information regarding a problem you are experiencing with a Service. (If you use our online help desk and post messages, realize that your messages are available to all participants.)

  • For example, if you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly, or otherwise engage with our support team, you will be asked to provide your contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.

Information you provide when you download our content: When you download content from our Sites or Services, we collect your information in our marketing records.

  • For example, if you download an eBook or other electronic material from our Sites or Services, we collect information such as your name, email address, company, job title, role, function, and seniority.

Information we collect automatically when you access the Sites or use the Services: We collect information about you when you visit our Sites or use our Services, including browsing our websites and taking certain actions within the Sites or Services.

  • For example, when you log into our Services, we track your name and email address to generate audit trails.

Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. We also collect information about the teams and people you work with and how you work with them, like who you collaborate with and communicate with most frequently, in addition to content-related information described above.

Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access our Sites and Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, Internet Protocol (IP) address, Uniform Resource Locators (URLs) of referring/exit pages, device identifiers, country preference, and crash data.

Like many website operators, we collect information that your browser sends whenever you visit our Sites (“Log Data”). This Log Data may include information such as your IP address, browser type, browser version, the pages of our Sites that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

We use your IP address and/or country preference in order to approximate your location to provide you with a better service experience. How much of this information we collect depends on the type and settings of the device you use to access the Sites or Services.

Server and data center service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.

Cookies and Other Tracking Technologies: Cookies are pieces of information stored directly on the device you are using. Cookies allow us to collect information such as browser type, time spent on the Sites, pages visited, language preferences, and other anonymous traffic data. Florence and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. The categories of cookies are:

  • Strictly Necessary Cookies:You cannot opt out of these cookies, which are essential for the provision of the Sites and any requested Services.
  • Performance Cookies:These cookies provide statistical information on site usage, such as web analytics.
  • Functional Cookies:These cookies allow the provision of enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
  • Targeting/Advertising Cookies:These cookies are used to create profiles or personalize content to serve you online targeted advertisements that we think are most relevant to you.

You can control and/or opt out of these cookies and tracking technologies as described below in the section, “Controlling your Information and Your Rights.”

Section 2 How We May Use the Personal Information We Collect

To provide the Sites and Services and personalize your experience: We may use information about you to provide the Sites and Services to you, including authenticating you when you log in, providing customer support, and operating and maintaining the Sites and Services. We may use your email domain to infer your affiliation with a particular organization or industry to personalize the content and experience you receive on our websites. Where you use multiple Services, we combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Service while searching from another or to present relevant product information as you travel across our Sites and Services.

For research and development: We may use collective learnings about how people use our Sites and Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns, and areas for integration and improvement of the Sites and Services. In some cases, we apply these learnings across our Sites and Services to improve and develop similar features or to better integrate the services you use. We may even contact you to participate in an optional focus group or other type of discovery session to help us learn about product enhancements.

To communicate with you about the Sites or Services: We may use your contact information to send transactional communications via email and within the Services regarding your use of the Services. We also may send you email notifications when you or others interact with you on the Services and send you communications as you onboard to a particular Service. These communications are necessary to ensure that you can access and use those Services you request. You cannot opt out of these transactional communications.

To communicate with you regarding updates and status notifications about the Services: We may use your contact information to send informational updates with you via email and within the Services. This includes information regarding software updates, release notes, and status notifications. You can opt out of these communications.

To share training and educational materials: We may use your contact information to share with you training and educational materials. We try to tailor these to your areas of interest. You can opt out of these communications.

To market, promote, and drive engagement with the Sites and Services: We may use your contact information and information about how you use the Sites and Services to send promotional communications that may be of specific interest to you, including by email and by displaying advertisements on other companies’ websites and applications, as well as on platforms like Facebook and Google. These communications are aimed at improving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers, promotions, and contests.

You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding Services you request or use.

Customer support: We may use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Sites and Services.

Where we are acting as a Processor, we will use your Personal Information as directed by the relevant Controller for your information. We maintain appropriate technical and organizational measures to protect your Personal Information. Additionally, we will assist in requests to exercise your rights as described in the section below, “Controlling Your Information and Your Rights.”

Section 3 How We May Disclose Personal Information

We may disclose your Personal Information for the following categories of business purposes:

  • To our third-party service providers who provide services such as information technology and related infrastructure provision, cloud storage, messaging and voice services, email delivery, data analytics, marketing analytics, auditing, software development maintenance, quality control and assurance, customer support, and other services. These service providers are legally obligated to ensure the confidentiality of Personal Information and implement appropriate security measures.
  • To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business or assets (including in connection with any bankruptcy or similar proceedings).
  • As we believe to be necessary or appropriate: under applicable law; to comply with legal process; to respond to requests from public and government authorities; to enforce our terms and conditions; to protect our operations; to protect our rights, privacy, safety, or property, and/or that of you or others; and to allow us to pursue available remedies or limit the damages that we may sustain.

Where we are acting as a Processor, we may disclose your Personal Information to third parties (e.g., approved sub-processors) to fulfill our contractual obligations with our Controller-Customers. We may also disclose Personal Information to third party service providers (e.g., processors) when we are acting as Controller.

Please note that we do not sell your Personal Information to third parties.

Section 4 Legal Basis

Our legal basis for collecting Personal Information are: (i) your consent; (ii) where we need the Personal Information for performance of a contract or requested service; or (ii) where the collection and use is in our or another’s legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the Personal Information in question. If we collect your Personal Information with your consent, you may withdraw your consent at any time as provided below. You understand and agree that we may collect, use, disclose, and otherwise process the Personal Information you provide even if you are located outside the United States.

Section 5 End User and Organizational Use

Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g., your employer), that organization is the Administrator of the Services and is the Controller responsible for the accounts and/or Service websites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.

Administrators are able to:

  • require you to reset your account password or signing personal identification number (PIN);
  • restrict, suspend, or terminate your access to the Services;
  • access information in and about your account;
  • access or retain information stored as part of your account;
  • install or uninstall third-party apps or other integrations

In some cases, administrators can also:

  • change the email address(es) associated with your account login or notifications;
  • change your information, including profile information;
  • restrict your ability to edit, restrict, modify, or delete information

Even if the Services are not currently administered for you by an Administrator, if you use an email address provided by an organization (e.g., your work email address) to access the Services, then the owner of the domain associated with your email address (e.g., your employer) may assert administrative control over your account and use of the Services at a later date. Once an Administrator asserts control over your account or use of the Services, you will no longer be able to change the email address associated with your account without Administrator approval.

In conjunction with a study, an organization may authorize certain end users to access the Services (such as eConsent) although they are not affiliated with or directly controlled by the organization (“Services Users”). These end users may include patients, trial subjects, other trial participants, medical professionals, and hospital, clinic or trial site administrators or executives involved with a study. In these instances, the organization acts as the Administrator for these accounts and is typically the Controller and Florence is the Processor for any Personal Information that these end users may make available on the Services. These end users’ access to the Services is governed by Florence’s Terms of Use, available at:

Section 6 HIPAA Covered Entities and Business Associate Agreement

TO HIPAA COVERED ENTITIES: To the extent that Florence is a “Business Associate” under HIPAA, and is collecting, receiving, using, disclosing, storing or maintaining PHI from a Covered Entity without patient authorization, Florence and Covered Entity shall both be subject to the terms of the “Business Associate Agreement” located at either, the Florence Compliance Team’s self-audit portal, and/or by emailing and fully incorporated into this Privacy Policy. The parties agree that in the event the parties have entered into a fully executed BAA prior to your registration and subsequent use of the Services/Florence Platform, or execute any future BAA, such fully signed and executed BAA shall supersede the terms of the BAA incorporated into this Privacy Policy.

Where legally required, we may request to execute a separate Business Associate Agreement (BAA) with you that supersedes this provision. Florence’s BAA pre-signed by us can be accessed and downloaded for execution at either, the Florence Compliance Team’s self-audit portal, and/or by emailing

Section 7 Controlling Your Information and Your Rights

The choices and means for limiting the use and disclosure of your personal data are described below.

If Florence has any of your Personal Information, you may have specific rights, such as:

  1. Right to Know and/or be Informed to know how we collect and the purposes that we collect your information.
  2. Right of Access to know if your personal data have been (and/or are being) processed and also request a copy of your information.
  3. Rights to Rectification and Erasure to correct inaccurate personal data, request to have incomplete data, and/or to be forgotten and have your data erased.
  4. Rights to Opt-Out, Object and/or Restrict Processing to discontinue the processing of your information.
  5. Right to Data Portability to receive your information in a structured, electronic format that is machine and human-readable.
  6. Rights Regarding Automated Decision Making (and Profiling) to our use of your information (including for marketing purposes).

How can I exercise my rights?
If you wish to contact us to exercise rights in respect of the processing by us of your personal data, you can always contact us at:

If you are a study participant (including minors): In general, study participants (including minors) are to contact their research team directly instead of contacting Florence; in the event that a study participant (including a minor) contacts Florence directly, Florence will adhere to any customer-specific contractual obligations on fulfilling such data subject request.

If you are based in the EU, EEA, and/or the UK: Please feel free to contact our Data Protection Representative, DataRep, which has locations in each of the 27 EU countries, the UK, and Norway and Iceland in the EEA; they can be contacted in one of the following ways:

Florence DataRep Logo for EU Florence DataRep Logo for UK

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:

Residents of California, the European Economic Area, and Switzerland may have additional rights regarding their Personal Information, which are described below.

Additional choices:

  • Cookies: You have the ability to opt-out of certain cookies by going to the Cookie Preferences of your browser. You can find out more information about how to change your browser cookie settings at If you choose to disable cookies, please note that you may not be able to sign in or use some of the interactive features offered on our Sites or Services.
  • Google Analytics: We use Google Analytics to help us manage and improve the Sites and Services. Google provides a Browser Add-On that allows you to opt-out by downloading and installing the add-on for your web browser. This is available here
  • Marketing or Promotional Communications: You can opt-out of our marketing or promotional email communications by using the “Unsubscribe” feature at the bottom of each email from us or by requesting to opt out by emailing us at Please note that you cannot opt out of receiving transactions communications from us regarding Services you request or use.
  • Online Targeted Advertising: If you are interested in more information about online targeted advertising and your choices to prevent us and third parties from delivering online targeted ads to you.

United States:

European Economic Area (EEA):

Be advised that these opt-out tools are provided by third parties, not Florence, and may not be available with respect to all online advertising that is presented to you. We do not control or operate these tools or the choices that advertisers and others provide through these tools.  Even if you opt out of receiving online targeted advertising, you may still receive generic ads.

Where the Services are administered for you by an administrator, you may need to contact your administrator to assist with your requests first. In rare cases, you may need to contact your Florence representative to exercise these rights.

In addition, you can access, update and make other changes to Personal Information in your account:

  • Access and update your information:Our Services allow you to update your profile information within your profile settings and modify content that contains information about you. For certain fields, you may need to contact your administrator.
  • Deactivate your account: If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you can deactivate your own account, that setting is available to you in your account settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact
  • Deleting your information or stopping its use: In many cases, due to International Conference on Harmonisation (ICH) Good Clinical Practice (GCP) E6(R2) rules governing auditing clinical trial processes, you will not be able to delete certain information about you from our Services once you have opted in, nor can you ask us to stop using your data in Administrator-controlled accounts. Please contact your Florence representative if you believe deleting your information would not violate these rules. When you make such requests, we may need time to investigate and facilitate your request.

Section 8 California Privacy Rights

The California Consumer Privacy Act (CCPA) gives California consumers enhanced rights with respect to their personal information that is collected by businesses. The CCPA provides California consumers with three specific rights regarding their personal information.

First, California consumers can opt out of the sale of their Personal Information. However, this option is not applicable as Florence Healthcare, Inc. does not sell your Personal Information.

Second, California consumers can request to know:

  1. What specific pieces of information a business has collected about the consumer;
  2. Categories of Personal Information it has collected about the consumer;
  3. Categories of sources from which the Personal Information is collected;
  4. Categories of Personal Information that the business sold or disclosed for a business purpose about the consumer;
  5. Categories of third parties to whom the Personal Information was sold or disclosed for a business purpose; and
  6. The business or commercial purpose for collecting or selling Personal Information.

Third, California consumers can request that a business delete Personal Information about the consumer that a business has collected from the consumer.

This Privacy Policy provides the required notices to California consumers. The categories of Personal Information we collect and disclose for business purposes in the preceding 12 months are described above. The CCPA also prohibits covered businesses from providing discriminatory treatment to California consumers if they exercise their rights under the CCPA.

To make a “Request to Know” or “Request to Delete” your personal information, please submit to us a Data Subject Access Request (DSAR) Form by either:

  • Emailing a completed and signed DSAR Form to
    • Please put either “Request to Know” or “Request to Delete” in the subject line of your email.
  • Accessing our online web form:
    • Note: Authorized agents may also complete and submit the Interactive Request Form on behalf of a California Consumer.

We will confirm receipt of your request within 10 business days. We must provide the requested information or delete your Personal Information within 45 days of receipt of your request, but we can use up to an additional 45 days if we let you know that additional time is needed.

Before responding, we must verify that the person making the request is the person about whom we have collected their Personal Information. We may ask you to provide certain, limited Personal Information, such as your name and email address to verify and match your identity with our records and systems. If you have an account with us, we may ask that you verify your identity through our account authentication process. This is also to protect against fraud. We will not retain this personal information or use it for any other purpose. Also please be advised that we need to search our records and systems only for the preceding 12 months. There may be cases where we do not have any Personal Information about you or we are not able to verify your identity for matching purposes. Deleting your Personal Information may result in the closing of your account and inability to access the Services. However, you can always re-register at any time.

(Residents of Nevada and other states may also have similar rights to request information about or delete their Personal Information. To inquire about exercising these rights, please contact us at

Section 9 Located in the United States

Florence and the Sites and Services are located and hosted in the United States (US) and governed by US law. If you are outside the United States when you visit the Sites or Services or engage in communications with us via mail, email or telephone, please be aware that your Personal Information may be transferred to, stored, and processed in the United States where we have data centers. Any information you provide to us, or that we collect through your use of the Sites or Services and will be stored, processed, and transferred within, or to, the United States. Please be aware that the United States and jurisdictions other than the one in which you are located may not provide the same level of data protection as considered adequate in your country. Note also that your Personal Information may be available to the US Government or its agencies under legal process in the United States.

Section 10 Privacy Shield Frameworks

Note: As a result of the Schrems II decision in July 2020, the Privacy Shield is no longer a recognized mechanism to authorize the cross-border transfer of Personal Information from the European Union (EU), the United Kingdom (UK) and/or Switzerland to the United States. Nonetheless, Florence continues to maintain its Privacy Shield self-certification but relies on other recognized mechanisms, such as the Standard Contractual Clauses (SCCs), to authorize these cross-border transfers. Additional information about the Privacy Shield Program Overview is available online at For more information on key new requirements, visit As requirements evolve, Florence will continue to ensure personal data is protected with a valid transfer mechanism for cross-border data transfers.

As noted above, Florence complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks (Privacy Shield) as administered by the U.S. Department of Commerce (DOC) regarding the collection, use, and retention of Personal Information transferred from the European Union (EU), the United Kingdom (UK) and/or Switzerland to the United States in reliance on Privacy Shield. Florence has certified to the DOC that it adheres to the Privacy Shield Principles (i.e., notice, choice, onward transfer, security, data integrity, access, and enforcement) with respect to such information. If there is any conflict between this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Through this certification, Florence is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). To learn more about the Privacy Shield program, and to view our certification, please visit

Pursuant to the Privacy Shield Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to

As a Privacy Shield Organization, Florence is responsible for the processing of Personal Information (including any Protected Health Information) it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf pursuant to the Onward Transfer Principle. These third-party agents are contractually obligated to maintain the confidentiality of your Personal Information consistent with the terms of this Privacy Policy and provide at least the same level of protection as required by the Privacy Shield Principles, as well as comply with applicable data protection laws.  Where Florence has knowledge that an agent is using or disclosing Personal Information in a manner contrary to this Privacy Policy or the Privacy Shield Principles, Florence will take reasonable steps to prevent or stop the use or disclosure. Florence remains liable for the actions of its third-party agent, unless Florence Healthcare, Inc. can show that it is not responsible for the event giving rise to the harm.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the Privacy Shield Principles, Florence commits to resolve complaints about your privacy and our collection or use of your Personal Information transferred to the United States pursuant to Privacy Shield. European Union (EU), the United Kingdom (UK), and Swiss individuals with Privacy Shield inquiries or complaints should first contact Florence Healthcare, Inc. at:

Florence has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and/or visit to file a complaint. This service is provided free of charge to you. Before you file a complaint, please review the BBB’s Procedure Rules: If you determine that you meet eligibility, you can file a complaint online or via mail (details below).

  • Submit to the BBB EU Privacy Shield:

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at

Section 11 EEA Privacy Rights

The Legal Basis for Using EEA Personal Information

For residents of the European Economic Area (EEA), we advise that your Personal Information will be transferred to and processed in the United States, which has data protection laws that are different than those in your country and may not be as protective. The United States has not sought or received a finding of “adequacy” from the European Union under Article 45 of the General Data Protection Regulation (“GDPR”). Our legal basis for collecting and using your Personal Information is to do so with your consent; where we need the Personal Information for performance of a contract or requested Service, or where the collection and use is in our or another’s legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the Personal Information in question. If we collected your Personal Information with your consent, you may withdraw your consent at any time.

Our retention of your Personal Information and any subsequent communications are based on our legitimate interest in providing you with new and potentially relevant materials based on your geography, role, or company. As always, you can elect to opt out from receiving such future communications.

To the extent that we transfer Personal Information from the EEA to a jurisdiction outside the EEA that has not been adduced by the European Commission as providing adequate data protections (such as the United States), we will ensure that such Personal Information is safeguarded through appropriate contractual terms, such as the Standard Contractual Clauses, or other approved mechanisms.

Where legally required, Florence may request to execute its separate Data Processing Agreement (DPA) with you. Florence’s DPA pre-signed by us can be accessed and downloaded for execution at either, the Florence Compliance Team’s self-audit portal, and/or by emailing

Additional Rights for EEA Residents

In addition, if you are a resident of the EEA, you have the right to:

  • Find out if we use your Personal Information, to access your Personal Information, and receive copies of your Personal Information.
  • Withdraw any express consent that you have provided to the processing of your Personal Information at any time without penalty.
  • Access your Personal Information and have it corrected or amended if it is inaccurate or incomplete. Note: where Personal Information is processed solely for clinical research, access may be restricted and/or denied. Whenever possible, Florence will honor your right to access by redacting information if your request would otherwise be restricted and/or denied.
  • Obtain a transferable copy of some of your Personal information which can be transferred to another provider when the Personal Information was processed based on your consent.
  • If you believe your Personal Information is inaccurate, no longer necessary for our business purposes, or if you object to our processing of your Personal Information, you also have the right to request that we restrict the processing of your data pending our investigation and/or verification of your claim.
  • Request your Personal Information be deleted or restricted under certain circumstances. For example, if is using your Personal Information on the basis of your consent and has no other legal basis to use such, you may request your Personal Information be deleted when you withdraw your consent.

Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.

If we ask you to provide Personal Information to us to comply with a legal requirement or enter into a contract, we will inform you of this and let you know whether providing us with your Personal Information is required and if not, the consequences of not sharing your Personal Information with us.

Similarly, if we collect and use your Personal Information in reliance on our or a third party’s legitimate interests and those interests are not already described above, we will let you know what those legitimate interests are.

We endeavor to apply suitable safeguards to protect the privacy and security of your Personal Information and to use it only consistent with your relationship with us and the practices described in this Privacy Policy.

To withdraw consent or exercise these rights, please contact us via email at:

If you are not satisfied with our response, or believe we are processing your Personal Information in violation of the law, you have the right to lodge a complaint with the Supervisory Authority (also known as Data Protection Authority) or other appropriate governmental authority in your jurisdiction. A list of Supervisory Authorities is available here:

Section 12 Third Party Links and Services

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third party operating any site or service to which the Sites or Services link. The inclusion of a link on the Sites or Services does not imply our endorsement of the linked site or service. Please note that we are not responsible for the collection, usage, and disclosure policies and practices (including the data security practices) of other organizations.

Section 13 Information Security

The security of your Personal Information is very important to us. While we strive to put in place commercially acceptable security measures to protect your Personal Information, we cannot guarantee its absolute security as no method of electronic storage or transmission over the Internet Is 100% secure. Certain areas of the Sites or Services may require the use of a user identification (ID), email address, and/or password as an additional security measure to help protect your information. Please do not provide your password to another person. We cannot be responsible for a data breach or other incident if a password is used by unauthorized persons.

HIPAA. As described above, we have taken steps to ensure compliance with HIPAA requirements for PHI, including the Security Rule with respect to electronic PHI.

Good Clinical Practice and Security for Documents. Florence’s applicable policies and practices are available in the Florence Compliance Team’s self-audit portal.

Retention. We will retain your Personal Information for the period necessary to fulfill the purposes described in this Privacy Policy unless a longer retention period is required by law. When there is no longer a legitimate need to retain your information, we will securely delete or anonymize it, or if this is not possible, securely store it until deletion is possible.

Section 14 Children and Study Participant Personal Data

The Sites and Services are generally intended to be accessed and used by adults. If we become aware that we have collected the information of minors who have accessed our Sites, we will take steps to delete it from our systems and records as appropriate.

Where we are acting as a Processor (e.g., clinical research data for pediatric studies), we may be provided Personal Information (including Protected Health Information) of children and/or study participants by our Controller-Customers via our Services. As part of their research activities, we are not in a position to delete or revise it.

Questions (including technical difficulties, support requests, and data subject requests, etc.) from children and/or study participants should be directed to the research team (e.g., clinical site and/or sponsor) and not to Florence. We will obtain appropriate consent or rely on other legitimate basis as may be required to collect and retain children’s and/or a study participant’s Personal Information for purposes of a study.

Section 15 Study Participants as Florence Services Users

Florence Products include eBinders, eISF, eTMF, eHub, ePrinter, eConsent, and/or other Florence software or tools (as applicable and made available to the end user). Study Participants who access Florence’s Products will have minimal personal information collected on them to enable our customer-driven workflows and contractual obligations. As a Processor, this personal information will not to be used for any other purpose nor disclosed to any third parties that would use such information for their own purposes.

Section 16 Changes to this Policy

Florence Healthcare, Inc. may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on the Sites and Services. You are advised to review this Privacy Policy periodically for any changes. The current version is publicly available at:; historical versions are maintained and available at either, the Florence Compliance Team’s self-audit portal, and/or by emailing

Contact Us

If you have any questions about this Privacy Policy, please contact us at

Florence Healthcare, Inc.
600 Peachtree St NE, Suite 920
Atlanta, GA 30308

To gain access to the Florence Compliance Team’s self-audit portal, contact your Account Manager.