When we receive Personal Information from prospects and customers accessing our websites, florencehc.com, or theflorenceeffect.com (the “Sites”), we act as a Controller. The policy applies to any of our Sites that link to it. When we receive Personal Information (including Protected Health Information) from our customers and agents on the several variants of our website researchbinders.com, our mobile apps and/or API services (collectively, the “Services”), we act as a Processor.
What Personal Information We Collect and How We Collect It
We collect information about you when you voluntarily provide it to us, when you access the Sites and use our Services, and when other sources provide it to us, as further described below. Our Product and Development Teams consider data privacy and security interests when designing and implementing the Services we offer. We follow a Privacy by Design (PbD) approach and framework to incorporate privacy protections into our Services.
Types of Personal Information: We generally collect the following:
- Personal and contact details (e.g., first name, last name, email address, telephone number),
- Employment details (e.g., company entity, office location),
- Browsing/monitoring/tracking activities,
- Education and skills,
- Professional experience and affiliations,
- Commercial information (e.g., purchasing history and preferences),
- Social media details,
- Sensory and electronic information (e.g., audio recordings when you attend a webinar, online meeting, or training session we sponsor)
- Special categories (e.g., Protected Health Information (PHI)/patient health data related to clinical research studies)
Account and Profile Information: We collect certain Personal Information about you when you are invited to join a team, register for an account, create or modify your profile, set preferences, or sign-up through the Services. This includes if you provide us with information regarding your licensure, qualifications, certifications, employment status, or educational training history. Additionally, if you use a software (e.g., clinical trial management system) that is integrated with our Services, we collect your name and email address, along with the action performed.
- For example, you provide your contact information and, in some cases, billing information when you register for the Services. You may also have the option of adding a display name, employer name, job title, and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select settings within the Services.
Content you provide through our Sites and Services: This includes the Services you use, where we collect and store content that you post, send, receive and share. We also collect other content that you submit to our Sites, which include our community help page, social media or social networking websites operated by us. Limited Personal Information is collected when you provide any content.
- For example, you provide your name and email address to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities or events.
Information you provide through our support channels: The Services also include our customer support, where you may choose to submit monitoring and tracking information regarding a problem you are experiencing with a Service. (If you use our online help desk and post messages, realize that your messages are available to all participants.)
- For example, if you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly, or otherwise engage with our support team, you will be asked to provide your contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Information you provide when you download our content: When you download content from our Sites or Services, we collect your information in our marketing records.
- For example, if you download an eBook or other electronic material from our Sites or Services, we collect information such as your name, email address, company, job title, role, function, and seniority.
Information we collect automatically when you access the Sites or use the Services: We collect information about you when you visit our Sites or use our Services, including browsing our websites and taking certain actions within the Sites or Services.
- For example, when you log into our Services, we track your name and email address to generate audit trails.
Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. We also collect information about the teams and people you work with and how you work with them, like who you collaborate with and communicate with most frequently, in addition to content-related information described above.
Device and Connection Information: We collect information about your computer, phone, tablet, or other devices you use to access our Sites and Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, Internet Protocol (IP) address, Uniform Resource Locators (URLs) of referring/exit pages, device identifiers, country preference, and crash data.
Like many website operators, we collect information that your browser sends whenever you visit our Sites (“Log Data”). This Log Data may include information such as your IP address, browser type, browser version, the pages of our Sites that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
We use your IP address and/or country preference in order to approximate your location to provide you with a better service experience. How much of this information we collect depends on the type and settings of the device you use to access the Sites or Services.
Server and data center service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.
- Strictly Necessary Cookies:You cannot opt out of these cookies, which are essential for the provision of the Sites and any requested Services.
- Performance Cookies:These cookies provide statistical information on site usage, such as web analytics.
- Functional Cookies:These cookies allow the provision of enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
- Targeting/Advertising Cookies:These cookies are used to create profiles or personalize content to serve you online targeted advertisements that we think are most relevant to you.
You can control and/or opt out of these cookies and tracking technologies as described below in the section, “Controlling your Information and Your Rights.”
How We May Use the Personal Information We Collect
To provide the Sites and Services and personalize your experience: We may use information about you to provide the Sites and Services to you, including authenticating you when you log in, providing customer support, and operating and maintaining the Sites and Services. We may use your email domain to infer your affiliation with a particular organization or industry to personalize the content and experience you receive on our websites. Where you use multiple Services, we combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Service while searching from another or to present relevant product information as you travel across our Sites and Services.
For research and development: We may use collective learnings about how people use our Sites and Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns, and areas for integration and improvement of the Sites and Services. In some cases, we apply these learnings across our Sites and Services to improve and develop similar features or to better integrate the services you use. We may even contact you to participate in an optional focus group or other type of discovery session to help us learn about product enhancements.
To communicate with you about the Sites or Services: We may use your contact information to send transactional communications via email and within the Services regarding your use of the Services. We also may send you email notifications when you or others interact with you on the Services and send you communications as you onboard to a particular Service. These communications are necessary to ensure that you can access and use those Services you request. You cannot opt out of these transactional communications.
To communicate with you regarding updates and status notifications about the Services: We may use your contact information to send informational updates with you via email and within the Services. This includes information regarding software updates, release notes, and status notifications. You can opt out of these communications.
To share training and educational materials: We may use your contact information to share with you training and educational materials. We try to tailor these to your areas of interest. You can opt out of these communications.
To market, promote, and drive engagement with the Sites and Services: We may use your contact information and information about how you use the Sites and Services to send promotional communications that may be of specific interest to you, including by email and by displaying advertisements on other companies’ websites and applications, as well as on platforms like Facebook and Google. These communications are aimed at improving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers, promotions, and contests.
You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding Services you request or use.
Customer support: We may use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Sites and Services.
Where we are acting as a Processor, we will use your Personal Information as directed by the relevant Controller for your information. We maintain appropriate technical and organizational measures to protect your Personal Information. Additionally, we will assist in requests to exercise your rights as described in the section below, “Controlling Your Information and Your Rights.”
How We May Disclose Personal Information
We may disclose your Personal Information for the following categories of business purposes:
- To our third-party service providers who provide services such as information technology and related infrastructure provision, cloud storage, messaging and voice services, email delivery, data analytics, marketing analytics, auditing, software development maintenance, quality control and assurance, customer support, and other services. These service providers are legally obligated to ensure the confidentiality of Personal Information and implement appropriate security measures.
- To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business or assets (including in connection with any bankruptcy or similar proceedings).
- As we believe to be necessary or appropriate: under applicable law; to comply with legal process; to respond to requests from public and government authorities; to enforce our terms and conditions; to protect our operations; to protect our rights, privacy, safety, or property, and/or that of you or others; and to allow us to pursue available remedies or limit the damages that we may sustain.
Where we are acting as a Processor, we may disclose your Personal Information to third parties (e.g., approved sub-processors) to fulfill our contractual obligations with our Controller-customers. We may also disclose Personal Information to third party service providers (e.g., processors) when we are acting as Controller.
Please note that we do not sell your Personal Information to third parties.
Our legal basis for collecting Personal Information are: (i) your consent; (ii) where we need the Personal Information for performance of a contract or requested service; or (ii) where the collection and use is in our or another’s legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the Personal Information in question. If we collect your Personal Information with your consent, you may withdraw your consent at any time as provided below. You understand and agree that we may collect, use, disclose, and otherwise process the Personal Information you provide even if you are located outside the United States.
End User and Organizational Use
Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g., your employer), that organization is the administrator of the Services and is the Controller responsible for the accounts and/or Service websites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.
Administrators are able to:
- require you to reset your account password or signing personal identification number (PIN);
- restrict, suspend, or terminate your access to the Services;
- access information in and about your account;
- access or retain information stored as part of your account;
- install or uninstall third-party apps or other integrations
In some cases, administrators can also:
- change the email address(es) associated with your account login or notifications;
- change your information, including profile information;
- restrict your ability to edit, restrict, modify, or delete information
Even if the Services are not currently administered for you by an administrator, if you use an email address provided by an organization (e.g., your work email address) to access the Services, then the owner of the domain associated with your email address (e.g., your employer) may assert administrative control over your account and use of the Services at a later date. Once an administrator asserts control over your account or use of the Services, you will no longer be able to change the email address associated with your account without administrator approval.
Patient Data and Business Associates
In maintaining, using and affording access to protected health information as such term is defined under §160.103 of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in accordance with this Agreement, we will:
- Not use or disclose Protected Health Information (PHI) except as permitted or required by this Agreement or as required by law;
- Use appropriate safeguards and comply, where applicable, with the Security Rule with respect to electronic PHI, and to prevent the use or disclosure of such information other than as provided for by this Agreement;
- Report to you any use or disclosure of such information not provided for by this Agreement of which we become aware, including breaches of unsecured protected health information as required by §164.410 of HIPAA, and any security incident involving the information of which we become aware;
- In accordance with §§164.502(e)(1)(ii) and 164.308(b)(2) of HIPAA, as applicable, ensure that any affiliates and/or subcontractors that create, receive, maintain or transmit PHI on our behalf agree to the same restrictions, conditions, and requirements that apply to us with respect to such information; and we obtain satisfactory assurances that such affiliates and/or subcontractors will appropriately safeguard such information (it being understood, for the avoidance of doubt, that other users of the Services are not our subcontractors);
- Make available PHI to you as necessary to satisfy your obligations under §164.524 of the Privacy Rule;
- Make available PHI for amendment and incorporate any amendments to Protected Health Information in accordance with §164.526 of the Privacy Rule;
- Maintain and make available such information required to provide an accounting of disclosures in accordance with §164.528 of the Privacy Rule;
- To the extent that we are to carry out your obligations under the Privacy Rule, comply with the requirements of the Privacy Rule that apply to you in the performance of such obligations;
- Make our internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by us on your behalf, available to the Secretary of the United States Department of Health and Human Services (HHS) for purposes of determining your compliance with the Privacy Rule.
- Use protected health information to provide data aggregation services as permitted by 45 CFR 164.504(e)(2)(i)(B).
- Use protected health information for the proper management and administration of our business or to carry out our legal responsibilities.
- Agree to mitigate to the extent practicable, any harmful effect that is known to us from the use or disclosure of protected health information in a manner contrary to the obligations under HIPAA.
- Return or destroy all protected health information created by and received from you at the termination of any agreements between us.
On mutual agreement between us and you, we may execute a separate Business Associate Agreement (BAA) that supersedes this provision.
Controlling Your Information and Your Rights
The choices and means for limiting the use and disclosure of your personal data are described below.
If Florence has any of your Personal Information, you may have specific rights, such as:
- Right to Know and/or be Informed to know how we collect and the purposes that we collect your information.
- Right of Access to know if your personal data have been (and/or are being) processed and also request a copy of your information.
- Rights to Rectification and Erasure to correct inaccurate personal data, request to have incomplete data, and/or to be forgotten and have your data erased.
- Rights to Opt-Out, Object and/or Restrict Processing to discontinue the processing of your information.
- Right to Data Portability to receive your information in a structured, electronic format that is machine and human-readable.
- Rights Regarding Automated Decision Making (and Profiling) to our use of your information (including for marketing purposes).
How can I exercise my rights?
You can exercise these rights by submitting our Data Subject Access Request (DSAR) Form by either:
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.
Residents of California, the European Economic Area, and Switzerland may have additional rights regarding their Personal Information, which are described below.
- Cookies: You have the ability to opt-out of certain cookies by going to the Cookie Preferences of your browser. You can find out more information about how to change your browser cookie settings at allaboutcookies.org. If you choose to disable cookies, please note that you may not be able to sign in or use some of the interactive features offered on our Sites or Services.
- Google Analytics: We use Google Analytics to help us manage and improve the Sites and Services. Google provides a Browser Add-On that allows you to opt-out by downloading and installing the add-on for your web browser. This is available here https://tools.google.com/dlpage/gaoptout
- Marketing or Promotional Communications: You can opt-out of our marketing or promotional email communications by using the “Unsubscribe” feature at the bottom of each email from us or by requesting to opt out by emailing us at email@example.com. Please note that you cannot opt out of receiving transactions communications from us regarding Services you request or use.
- Online Targeted Advertising: If you are interested in more information about online targeted advertising and your choices to prevent us and third parties from delivering online targeted ads to you.
European Economic Area (EEA):
Be advised that these opt-out tools are provided by third parties, not Florence, and may not be available with respect to all online advertising that is presented to you. We do not control or operate these tools or the choices that advertisers and others provide through these tools. Even if you opt out of receiving online targeted advertising, you may still receive generic ads.
Where the Services are administered for you by an administrator, you may need to contact your administrator to assist with your requests first. In rare cases, you may need to contact your Florence representative to exercise these rights.
In addition, you can access, update and make other changes to Personal Information in your account:
- Access and update your information:Our Services allow you to update your profile information within your profile settings and modify content that contains information about you. For certain fields, you may need to contact your administrator.
- Deactivate your account: If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you can deactivate your own account, that setting is available to you in your account settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact firstname.lastname@example.org.
- Deleting your information or stopping its use: In many cases, due to International Conference on Harmonisation (ICH) Good Clinical Practice (GCP) E6(R2) rules governing auditing clinical trial processes, you will not be able to delete certain information about you from our Services once you have opted in, nor can you ask us to stop using your data in Administrator-controlled accounts. Please contact your Florence representative if you believe deleting your information would not violate these rules. When you make such requests, we may need time to investigate and facilitate your request.
California Privacy Rights
The California Consumer Privacy Act (CCPA) gives California consumers enhanced rights with respect to their personal information that is collected by businesses. The CCPA provides California consumers with three specific rights regarding their personal information.
First, California consumers can opt out of the sale of their Personal Information. However, this option is not applicable as Florence Healthcare, Inc. does not sell your Personal Information.
Second, California consumers can request to know:
- What specific pieces of information a business has collected about the consumer;
- Categories of Personal Information it has collected about the consumer;
- Categories of sources from which the Personal Information is collected;
- Categories of Personal Information that the business sold or disclosed for a business purpose about the consumer;
- Categories of third parties to whom the Personal Information was sold or disclosed for a business purpose; and
- The business or commercial purpose for collecting or selling Personal Information.
Third, California consumers can request that a business delete Personal Information about the consumer that a business has collected from the consumer.
To make a “Request to Know” or “Request to Delete” your personal information, please submit to us a Data Subject Access Request (DSAR) Form by either:
We will confirm receipt of your request within 10 business days. We must provide the requested information or delete your Personal Information within 45 days of receipt of your request, but we can use up to an additional 45 days if we let you know that additional time is needed.
Before responding, we must verify that the person making the request is the person about whom we have collected their Personal Information. We may ask you to provide certain, limited Personal Information, such as your name and email address to verify and match your identity with our records and systems. If you have an account with us, we may ask that you verify your identity through our account authentication process. This is also to protect against fraud. We will not retain this personal information or use it for any other purpose. Also please be advised that we need to search our records and systems only for the preceding 12 months. There may be cases where we do not have any Personal Information about you or we are not able to verify your identity for matching purposes. Deleting your Personal Information may result in the closing of your account and inability to access the Services. However, you can always re-register at any time.
(Residents of Nevada and other states may also have similar rights to request information about or delete their Personal Information. To inquire about exercising these rights, please contact us at email@example.com).
Located in the United States
Florence and the Sites and Services are located and hosted in the United States (US) and governed by US law. If you are outside the United States when you visit the Sites or Services or engage in communications with us via mail, email or telephone, please be aware that your Personal Information may be transferred to, stored, and processed in the United States where we have data centers. Any information you provide to us, or that we collect through your use of the Sites or Services and will be stored, processed, and transferred within, or to, the United States. Please be aware that the United States and jurisdictions other than the one in which you are located may not provide the same level of data protection as considered adequate in your country. Note also that your Personal Information may be available to the US Government or its agencies under legal process in the United States.
Privacy Shield Frameworks
Pursuant to the Privacy Shield Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Florence commits to resolve complaints about your privacy and our collection or use of your Personal Information transferred to the United States pursuant to Privacy Shield. European Union (EU), the United Kingdom (UK), and Swiss individuals with Privacy Shield inquiries or complaints should first contact Florence Healthcare, Inc. at:
Florence has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you. Before you file a complaint, please review the BBB’s guidelines: https://bbbprograms.org/programs/all-programs/bbb-privacy-shield/file-a-complaint. If you determine that you meet eligibility, you can file a complaint online or via mail (details below).
- Submit to the BBB EU Privacy Shield:
BBB National Programs, Inc.
ATTN: BBB EU Privacy Shield
3033 Wilson Boulevard, Suite 600
Arlington, VA 22201
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
EEA Privacy Rights
The Legal Basis for Using EEA Personal Information
For residents of the European Economic Area (EEA), we advise that your Personal Information will be transferred to and processed in the United States, which has data protection laws that are different than those in your country and may not be as protective. The United States has not sought or received a finding of “adequacy” from the European Union under Article 45 of the General Data Protection Regulation (“GDPR”). Our legal basis for collecting and using your Personal Information is to do so with your consent; where we need the Personal Information for performance of a contract or requested Service, or where the collection and use is in our or another’s legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the Personal Information in question. If we collected your Personal Information with your consent, you may withdraw your consent at any time.
Our retention of your Personal Information and any subsequent communications are based on our legitimate interest in providing you with new and potentially relevant materials based on your geography, role, or company. As always, you can elect to opt out from receiving such future communications.
To the extent that we transfer Personal Information from the EEA to a jurisdiction outside the EEA that has not been adduced by the European Commission as providing adequate data protections (such as the United States), we will ensure that such Personal Information is safeguarded through appropriate contractual terms or other approved mechanisms.
Additional Rights for EEA Residents
In addition, if you are a resident of the EEA, you have the right to:
- Find out if we use your Personal Information, to access your Personal Information, and receive copies of your Personal Information.
- Withdraw any express consent that you have provided to the processing of your Personal Information at any time without penalty.
- Access your Personal Information and have it corrected or amended if it is inaccurate or incomplete. Note: where Personal Information is processed solely for clinical research, access may be restricted and/or denied. Whenever possible, Florence will honor your right to access by redacting information if your request would otherwise be restricted and/or denied.
- Obtain a transferable copy of some of your Personal information which can be transferred to another provider when the Personal Information was processed based on your consent.
- If you believe your Personal Information is inaccurate, no longer necessary for our business purposes, or if you object to our processing of your Personal Information, you also have the right to request that we restrict the processing of your data pending our investigation and/or verification of your claim.
- Request your Personal Information be deleted or restricted under certain circumstances. For example, if is using your Personal Information on the basis of your consent and has no other legal basis to use such, you may request your Personal Information be deleted when you withdraw your consent.
Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
If we ask you to provide Personal Information to us to comply with a legal requirement or enter into a contract, we will inform you of this and let you know whether providing us with your Personal Information is required and if not, the consequences of not sharing your Personal Information with us.
Similarly, if we collect and use your Personal Information in reliance on our or a third party’s legitimate interests and those interests are not already described above, we will let you know what those legitimate interests are.
To withdraw consent or exercise these rights, please contact us via email at:
If you are not satisfied with our response, or believe we are processing your Personal Information in violation of the law, you have the right to lodge a complaint with the Supervisory Authority (also known as Data Protection Authority) or other appropriate governmental authority in your jurisdiction. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.
Third Party Links and Services
The security of your Personal Information is very important to us. While we strive to put in place commercially acceptable security measures to protect your Personal Information, we cannot guarantee its absolute security as no method of electronic storage or transmission over the Internet Is 100% secure. Certain areas of the Sites or Services may require the use of a user identification (ID), email address, and/or password as an additional security measure to help protect your information. Please do not provide your password to another person. We cannot be responsible for a data breach or other incident if a password is used by unauthorized persons.
HIPAA. As described above, we have taken steps to ensure compliance with HIPAA requirements for PHI, including the Security Rule with respect to electronic PHI.
Good Clinical Practice and Security for Documents. Florence’s applicable policies and practices are described in our separate Compliance Summary.
The Sites and Services are to be accessed and used by adults. If we become aware that we have collected the information of minors, we will take steps to delete it from our systems and records as appropriate.
Where we are acting as a processor (e.g., clinical research data for pediatric studies), we may be provided Personal Information (including Protected Health Information) by our Controller-customers. As part of research activities, we are not in a position to delete or revise it. Questions should be directed to the research team (e.g., clinical site and/or sponsor).
Changes to this Policy
Florence Healthcare, Inc.
600 Peachtree St NE, Suite 920
Atlanta, GA 30308