In connection with a study, an organization may authorize certain users to access the Services, including users who are not affiliated with or directly controlled by the organization. These authorized users may include patients, trial subjects, other trial participants, medical professionals, and hospital, clinic or trial site administrators or executives involved with a study. In these situations, the organization acts as the administrator for these accounts and any Personal Information that such authorized users may make available in connection with the Services. These authorized users’ access to the Services is governed by Florence’s Terms and Conditions.
Study participants who access Florence’s products, including eBinders™, eTMF, SiteLink™, ePrinter, eConsent, and any other Florence software or tools made available to authorized users, will have minimal Personal Information collected to enable our customer-driven workflows and contractual obligations. This Personal Information will not to be used for any other purpose nor disclosed to any third parties that would use such information for their own purposes.
What Personal Information We Collect and How We Collect It
We collect information about you when you voluntarily provide it to us, when you access the Sites or Services, and when third parties provide it to us. We follow a Privacy by Design approach to incorporate privacy protections into our Services. This means that our Product and Development Teams consider data privacy and security when designing and implementing the Services we offer.
Types of Personal Information: “Personal Information” is information that identifies an individual or relates to an identifiable individual. We may collect some or all of the following:
- Personal and contact details (e.g., first name, last name, email address, telephone number)
- Employment details (e.g., company entity, office location)
- Browsing/monitoring/tracking activities
- Education and skills
- Professional experience and affiliations
- Commercial information (e.g., purchasing history and preferences)
- Social media details
- Sensory and electronic information (e.g., audio recordings when you attend a webinar, online meeting, or training session that we sponsor)
- Special categories (e.g., patient health data related to clinical research studies).
Account and profile information: We collect certain Personal Information about you when you are invited to join a team or are otherwise authorized to access the Services, register for an account, create or modify your profile, set preferences, or sign up through the Services. This Personal Information may include your licensure, qualifications, certifications, employment status, or educational training history. Additionally, if you use software (e.g., clinical trial management system) that is integrated with our Services, we collect your name and email address along with the action performed. For example, you provide your contact information and, in some cases, billing information when you register for the Services. You also may have the option of adding a display name, employer name, job title, and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select settings within the Services.
Content you provide through our Sites and Services: We may collect and store content that you post, send, receive and share. We also collect other content that you submit to our Sites, including our community help page and social media or social networking websites operated by us. Limited Personal Information is collected when you provide any content. For example, you provide your name and email address to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities or events.
Information you provide through our support channels: You may choose to submit monitoring and tracking information regarding a problem you are experiencing with a Service to our customer support team. For example, if you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly, or otherwise engage with our support team, you will be asked to provide your contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue. Note that if you use our online help desk and post messages, your messages are available to all participants.
Information you provide when you download our content: When you download content from our Sites or Services, we collect your information in our marketing records. For example, if you download an eBook or other electronic material from our Sites or Services, we collect information such as your name, email address, company, job title, role, function, and seniority.
Information we collect automatically when you access the Sites or Services: We collect information about you when you visit our Sites or use our Services, including browsing our websites and taking certain actions within the Sites or Services. For example, when you log into our Services, we track your name and email address to generate audit trails.
Your use of the Services: We keep track of certain information about you when you interact with any of our Services. We also collect information about the teams and other people you work with and how you work with them, such as who you collaborate and communicate with most frequently, in addition to content-related information as described above.
Device and Connection Information: We collect information about the computer, phone, tablet, or other devices you use to access our Sites and Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, Internet Protocol (IP) address, Uniform Resource Locators (URLs) of referring/exit pages, device identifiers, country preference, and crash data.
Like many website operators, we collect information that your browser sends whenever you visit our Sites (“Log Data”). This Log Data may include information such as your IP address, browser type, browser version, the pages of our Sites that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
We use your IP address and/or country preference in order to approximate your location to provide you with a better service experience. How much of this information we collect depends on the type and settings of the device you use to access the Sites or Services.
Server and data center service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.
- Strictly necessary cookies:You cannot opt out of these cookies, which are essential for the provision of the Sites and any requested Services.
- Performance cookies:These cookies provide statistical information on site usage, such as web analytics.
- Functional cookies:These cookies allow the provision of enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
- Targeting/advertising cookies:These cookies are used to create profiles or personalize content to provide you with online targeted advertisements that we think are most relevant to you.
You must opt in to all but strictly necessary cookies and you can control these cookies and tracking technologies, as described below.
How We May Use the Personal Information We Collect
To provide the Sites and Services: We may use Personal Information to provide the Sites and Services to you, including authenticating you when you log in, providing customer support, and operating and maintaining the Sites and Services.
To personalize your experience: We may use your email domain to infer your affiliation with a particular organization or industry in order to personalize the content and experience you receive on our Sites. If you use multiple Services, we combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Service while searching from another or to present relevant product information as you navigate across our Sites and Services.
For research and development: We may use collective learning about how people use our Sites and Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns, and areas for integration and improvement of the Sites and Services. In some cases, we apply the lessons learned across our Sites and Services to improve and develop similar features or to better integrate the Services you use. We may contact you to participate in an optional focus group or other type of discovery session to help us evaluate possible product enhancements.
To communicate with you about the Sites or Services: We may use your contact information to send transactional communications via email and within the Services regarding your use of the Services. We also may send you email notifications when you or others interact with the Services and send you communications as you onboard to a particular Service. These communications are necessary to ensure that you can access and use those Services you request. You cannot opt out of these transactional communications.
To communicate with you regarding updates and status notifications about the Services: We may use your contact information to send informational updates to you via email and within the Services. This includes information regarding software updates, release notes, and status notifications. You can opt out of these communications.
To share training and educational materials: We may use your contact information to share training and educational materials tailored to your areas of interest. You can opt out of these communications.
To market, promote, and drive engagement with the Sites and Services: We may use your contact information and information about how you use the Sites and Services to send promotional communications that may be of specific interest to you, including by email and by displaying advertisements on other companies’ websites and applications, as well as on platforms like Facebook and Google. These communications are aimed at improving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers, promotions, and contests. You can opt out of these communications.
To provide customer support: We may use your information to resolve technical issues you encounter, respond to your requests for assistance, analyze crash information, and repair and improve the Sites and Services.
How We May Disclose Personal Information
We may disclose your Personal Information for the following business purposes:
- To our third-party service providers who provide services such as information technology and related infrastructure, cloud storage, messaging and voice services, email delivery, data analytics, marketing analytics, auditing, software development and maintenance, quality control and assurance, customer support, and other services. These service providers are legally obligated to ensure the confidentiality of Personal Information and implement appropriate security measures.
- To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business or assets (including in connection with any bankruptcy or similar proceedings).
- As we believe to be necessary or appropriate under applicable law; to comply with legal processes; to respond to requests from public and government authorities; to enforce our terms and conditions; to protect our operations; to protect the rights, privacy, safety, or property of Florence, you or others; and to allow us to pursue available remedies or limit damages that we may sustain.
Our legal bases for collecting Personal Information are: (i) your consent; (ii) if we need the Personal Information for performance of a contract or requested service; or (iii) if the collection and use is in our or another’s legitimate interests and is not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we also may have a legal obligation to collect Personal Information. If we collect your Personal Information with your consent, you may withdraw your consent at any time as described below. You understand and agree that we may collect, use, disclose, and otherwise process the Personal Information you provide even if you are located outside the United States.
Retention of Personal Information
We will retain and use your Personal Information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to provide our services, and to enforce our agreements. When applicable, we store your Personal Information in accordance with the instructions from our data controller customers.
When there is no longer a legitimate need to retain your information, we will securely delete or anonymize it or, if this is not possible, securely store it until it can be deleted. When we delete Personal Information, it will be removed from our active servers and databases as well as the Sites, but it may remain in our archives when it is not practical or possible to delete it.
To the extent permitted by law and/or our contractual obligations, we may retain and use anonymous and aggregated information for performance reporting, benchmarking, and analytic purposes and for improving our Services.
We take reasonable technical and organizational security measures to protect your Personal Information, and we review our security procedures periodically to consider appropriate new technology and methods. However, no security system is perfect and no data transmission over the Internet can be guaranteed to be completely secure. While we strive to protect your Personal Information, we cannot guarantee the security of any information you transmit to or from our Services or Sites, and you do so at your own risk.
Certain areas of the Sites or Services may require a user identification, email address, and/or password as an additional security measure to help protect your information. Do not share your password with anyone.
Your Rights Regarding Personal Information
If Florence has any of your Personal Information, you generally have the following rights:
- Cookies: You must affirmatively accept all but strictly necessary cookies and you have the ability to opt out of other cookies by going to the cookie preferences of your browser. You can find out more information about how to change your browser cookie settings here. If you choose to disable cookies, please note that you may not be able to sign in or use some of the interactive features offered through our Sites or Services.
- Google Analytics: We use Google Analytics to help us manage and improve the Sites and Services. Google provides a browser add-on that allows you to opt out by downloading and installing the add-on for your web browser. This is available here.
- Marketing or promotional communications: You can opt out of our marketing or promotional email communications by using the “unsubscribe” feature at the bottom of the email from us or by requesting to opt out by emailing us at email@example.com.
- Access and update your information:Our Services allow you to update your profile information within your profile settings and modify content that contains information about you. For certain fields, you may need to contact your administrator.
- Deactivate your account: If you no longer wish to use our Services, you or your administrator may be able to deactivate your account. If you can deactivate your own account, that feature is available to you in your account settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact firstname.lastname@example.org.
In some cases, due to certain rules governing auditing clinical trial processes, you will not be able to delete certain information about you from our Services once you have opted in, nor can you ask us to stop using your data in administrator-controlled accounts.
If you are located in the EU, EEA or UK, you may have the following rights under the relevant EU/UK Regulations, including the General Data Protection Regulation (“GDPR”) or UK equivalent.
Access: You have the right to receive confirmation as to whether we are processing your Personal Information. If we are, you will have access to the Personal Information; we will provide you with certain details about such processing; and, in some circumstances, we will provide a copy of your personal information.
Rectification: You have the right to require us to correct any inaccurate or incomplete Personal Information.
Erasure: You have the right to request that we delete your Personal Information when (1) it is no longer necessary for the purposes for which it was collected; (2) consent has been withdrawn; (3) you have objected to the processing; (4) the Personal Information has been unlawfully processed; (5) the Personal Information must be erased for compliance with a legal obligation; or (6) the Personal Information was collected in certain circumstances in relation to the offer of information society services. However, this right is not absolute. When we delete Personal Information, it will be removed from our active servers and databases as well as the Sites, but it may remain in our archives when it is not practical or possible to delete it. We also may retain your Personal Information as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.
Restriction of processing: You have the right to restrict the processing of your Personal Information when: (1) the accuracy of the Personal Information is contested, for a period enabling us to verify its accuracy; (2) the processing is unlawful but you oppose erasure and instead request a restriction; (3) we no longer need the Personal Information but you require us to keep it for the establishment, exercise or defense of legal claims; or (4) you have objected to our processing of the Personal Information, pending resolution of the objection.
Objection: In certain circumstances, you have the right to object to the processing of your Personal Information if the processing is necessary for performance of a task carried out in the public interest, for our legitimate interests, or for the legitimate interests of others. You also have the right to object if Personal Information is processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.
Withdrawal of consent: If you have provided your consent to the collection, processing, and transfer of your Personal Information, you may have the right to fully or partially withdraw your consent. Once we have received notice that you have withdrawn your consent we will no longer process your information for the purposes to which you originally consented, unless we have a legitimate basis that overrides your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of Personal Information for the provision of our Services.
Complaints: If you believe we have not processed your Personal Information in accordance with applicable law, you have the right to make a complaint to the relevant Supervisory Authority (as described below) or seek a remedy through the courts.
Automated decision-making. We do not employ solely automated decision-making, as a matter of course, that results in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you. Automated decisions are decisions made automatically based on computer determinations (using software algorithms), without human review. If you are to be subjected to automated decision making, we will make it clear at the time and you will have the right to contest the decision, to express your point of view, and to require a human review of the decision.
California Privacy Rights
We will confirm receipt of your request within 10 business days. We must provide the requested information or delete your Personal Information within 45 days of receipt of your request, but we can take up to an additional 45 days if we let you know that additional time is needed.
However, these rights do not apply when we collect or sell a consumer’s Personal Information if: (1) we collected that information while the consumer was outside of California; (2) no part of a sale of the consumer’s Personal Information occurred in California; and (3) no Personal Information collected while the consumer was in California is sold. In addition, de-identified information is not subject to these rights. Furthermore, if your information is collected in the context of a business relationship with us, it may not be covered by the CCPA.
Request to know: You have the right to request: (1) the specific pieces of Personal Information we have collected about you; (2) the categories of Personal Information we have collected about you; (3) the categories of sources from which the Personal Information is collected; (4) the categories of Personal Information about you that we have sold and the categories of third parties to whom the Personal Information was sold; (5) the categories of Personal Information about you that we disclosed for a business purpose and the categories of third parties to whom the Personal Information was disclosed for a business purpose; (6) the business or commercial purpose for collecting, disclosing, or selling Personal Information; and (7) the categories of third parties with whom we share Personal Information. Our response will cover the 12-month period preceding our receipt of your request.
Request to delete: You have the right to request the erasure/deletion of certain Personal Information collected or maintained by us. We will delete your Personal Information from our records and direct any service providers (as defined under the CCPA) to delete your Personal Information from their records.
Request to correct: You have the right to request the correction of Personal Information that we collect and maintain.
Request to limit the use of Sensitive Personal Information: This right is not applicable as we do not collect or process “Sensitive Personal Information”, as defined by applicable California law, for the purpose of inferring characteristics about consumers.
Non-discrimination: You have the right to not receive discriminatory treatment by us due to your exercise of the rights provided under the CCPA. We do not discriminate against consumers for exercising their rights under the CCPA.
Excessive requests: If your requests are unfounded or excessive, particularly because they are repetitive, we may either charge a reasonable fee or refuse to act on the request and notify you of the reason for refusal. If we charge a fee, the amount will be based upon the administrative costs of providing the information or communication or taking the action requested.
Verification process: We are required by law to verify the identities of those who submit requests. To determine whether the individual making the request is the consumer about whom we have collected information, we will verify your identity by matching the identifying information provided by you in the request to the Personal Information that we already maintain about you. If we cannot verify your identity, we may deny the request in whole or in part. We will inform you if we cannot verify your identity.
Authorized agents: An authorized agent may submit a request on your behalf. If you use an authorized agent to submit a request, we may require you to: (1) provide the authorized agent with signed permission to do so; (2) verify your identity directly with us; and (3) directly confirm with us that you provided the authorized agent permission to submit the request. We may deny a request from an agent that does not submit proof of your authorization to act on your behalf.
Privacy Rights In Other States
Residents of other states (including Colorado, Connecticut, Nevada, Utah and Virginia, among others) may have rights to request information about or delete their Personal Information. To inquire about exercising these rights, please contact us at email@example.com.
Exercising Your Rights
If you wish to contact us to exercise rights with respect to your Personal Information, you can either:
You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your account settings menu, or contacting us to have your contact information removed from our promotional email list or registration database. Even if you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding Services you request or use.
If the Services are administered for you by an administrator, you should first contact your administrator to assist with your request. In rare cases, you may need to contact your Florence representative to exercise these rights.
If you are a study participant (including children): In general, study participants must contact their research team directly instead of contacting Florence. If a study participant contacts Florence directly, Florence will adhere to any customer contractual obligations for fulfilling the request.
If you are based in the EU, EEA, Switzerland, or UK: You may contact our Data Protection Representative, DataRep, which has locations in each of the EU countries, the UK, Switzerland, and Norway and Iceland in the EEA, in the following ways:
- Send an email to DataRep at firstname.lastname@example.org and include “Florence Healthcare, Inc.” in the subject line,
- Submit an online webform here.
- Residents of Switzerland also may send correspondence to DataRep at:
DataRep, Leutschenbachstrasse 95, ZURICH, 8050, Switzerland
If you have any questions about how DataRep will handle Personal Information, refer to the DataRep privacy notice here.
You also may have the right to make a complaint under the GDPR to the relevant Supervisory Authority. A list of Supervisory Authorities is available here.
Data Privacy Framework Program
If Florence receives information under the DPF Principles and subsequently transfers such information to a third party acting as an agent on our behalf, we remain liable under the DPF Principles if the agent processes such personal information in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.
In compliance with the EU-US DPF Principles, Florence commits to resolve complaints related to the DPF Principles about your privacy and our collection or use of your personal information transferred to the US pursuant to the DPF Principles. EU, Swiss and UK individuals with DPF inquiries or complaints should first contact Florence at email@example.com.
Florence has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit here for more information or to file a complaint. This service is provided free of charge to you. Before you file a complaint, please review the BBB’s Procedure Rules here.
If your DPF complaint cannot be resolved through the above channels, under certain conditions you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. Details are available here.
Children’s Personal Information
The Children’s Online Privacy Protection Act (“COPPA”) and other data privacy regulations restrict the collection, use, or disclosure of Personal Information from and about children on the Internet. Our Sites and Services are not directed to children under the age of 18, nor is information knowingly collected from children. If you are under 18, please do not use or provide any Personal Information on the Sites or within the Services. If we learn that we have collected or received Personal Information from a child without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete it. If you believe that we might have any information from or about a child, please contact us using the contact information provided below.
Note that we may be provided with Personal Information of children by customers using our Services (e.g., clinical research data for pediatric studies). We have no control over the content uploaded through the Services, so we cannot delete or revise this Personal Information.
For more information about COPPA, please visit the Federal Trade Commission’s website here.
Third Party Links and Services
Florence Healthcare, Inc.
600 Peachtree St NE, Suite 920
Atlanta, GA 30308
Attn: Privacy Team