This Privacy Policy was last updated on July 20, 2022.

Introduction
Florence Healthcare, Inc. (“Florence“, “we“, “us“, or “our“) is committed to protecting your Personal Information (as defined below). This Privacy Policy describes our policies and practices regarding the collection, use, disclosure, and processing of your Personal Information. It also describes your rights and choices regarding your Personal Information.

We receive Personal Information from prospects and customers accessing any of our websites (collectively, the “Sites“), We also receive Personal Information from our customers and agents through our software tools (“Products”), mobile apps and/or API services (collectively, the “Services“). This Privacy Policy applies to all Sites and Services. This Privacy Policy does not apply to information collected by us offline or through any other means, including on any other website or online service operated by us or third parties.

Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Information. By accessing the Sites or Services, you agree to be bound by and comply with this Privacy Policy. If you do not agree with this Privacy Policy, you should discontinue your use of the Sites or Services. This Privacy Policy is incorporated into and subject to our Terms of Use for the Sites.

Authorized Users
In connection with a study, an organization may authorize certain users to access the Services although such users are not affiliated with or directly controlled by the organization. These authorized users may include patients, trial subjects, other trial participants, medical professionals, and hospital, clinic or trial site administrators or executives involved with a study. In these situations, the organization acts as the administrator for these accounts and any Personal Information that such authorized users may make available on the Services. These authorized users’ access to the Services is governed by Florence’s Terms and Conditions.

Study Participants who access Florence’s Products, including eBinders™, eISF, SiteLink™, eHub, ePrinter, eConsent, and any other Florence software or tools made available to authorized users will have minimal Personal Information collected to enable our customer-driven workflows and contractual obligations. This Personal Information will not to be used for any other purpose nor disclosed to any third parties that would use such information for their own purposes.

What Personal Information We Collect and How We Collect It
We collect information about you when you voluntarily provide it to us, when you access the Sites or Services, and when third parties provide it to us. Our Product and Development Teams consider data privacy and security when designing and implementing the Services we offer. We follow a Privacy by Design approach to incorporate privacy protections into our Services.

Types of Personal Information: “Personal Information” is information that identifies an individual or relates to an identifiable individual. We may collect some or all of the following:

  • Personal and contact details (e.g., first name, last name, email address, telephone number)
  • Employment details (e.g., company entity, office location)
  • Browsing/monitoring/tracking activities
  • Education and skills
  • Professional experience and affiliations
  • Commercial information (e.g., purchasing history and preferences)
  • Social media details
  • Sensory and electronic information (e.g., audio recordings when you attend a webinar, online meeting, or training session we sponsor)
  • Special categories (e.g., patient health data related to clinical research studies).

Account and profile information: We collect certain Personal Information about you when you are invited to join a team or are otherwise authorized to access the Services, register for an account, create or modify your profile, set preferences, or sign up through the Services. This Personal Information may include your licensure, qualifications, certifications, employment status, or educational training history. Additionally, if you use software (e.g., clinical trial management system) that is integrated with our Services, we collect your name and email address along with the action performed. For example, you provide your contact information and, in some cases, billing information when you register for the Services. You also may have the option of adding a display name, employer name, job title, and other details to your profile information to be displayed in our Services. We keep track of your preferences when you select settings within the Services.

Content you provide through our Sites and Services: This includes the Services you use, when we collect and store content that you post, send, receive and share. We also collect other content that you submit to our Sites, including our community help page and social media or social networking websites operated by us. Limited Personal Information is collected when you provide any content. For example, you provide your name and email address to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities or events.

Information you provide through our support channels: The Services also include our customer support, where you may choose to submit monitoring and tracking information regarding a problem you are experiencing with a Service. (Note that if you use our online help desk and post messages, your messages are available to all participants.) For example, if you designate yourself as a technical contact, open a support ticket, speak to one of our representatives directly, or otherwise engage with our support team, you will be asked to provide your contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.

Information you provide when you download our content: When you download content from our Sites or Services, we collect your information in our marketing records. For example, if you download an eBook or other electronic material from our Sites or Services, we collect information such as your name, email address, company, job title, role, function, and seniority.

Information we collect automatically when you access the Sites or Services: We collect information about you when you visit our Sites or use our Services, including browsing our websites and taking certain actions within the Sites or Services. For example, when you log into our Services, we track your name and email address to generate audit trails.

Your use of the Services: We keep track of certain information about you when you interact with any of our Services. We also collect information about the teams and other people you work with and how you work with them, such as who you collaborate and communicate with most frequently, in addition to content-related information as described above.

Device and Connection Information: We collect information about the computer, phone, tablet, or other devices you use to access our Sites and Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, Internet Protocol (IP) address, Uniform Resource Locators (URLs) of referring/exit pages, device identifiers, country preference, and crash data.

Like many website operators, we collect information that your browser sends whenever you visit our Sites (“Log Data”). This Log Data may include information such as your IP address, browser type, browser version, the pages of our Sites that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

We use your IP address and/or country preference in order to approximate your location to provide you with a better service experience. How much of this information we collect depends on the type and settings of the device you use to access the Sites or Services.

Server and data center service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.

Cookies and other tracking technologies: Cookies are pieces of information stored directly on the device you are using. Cookies allow us to collect information such as browser type, time spent on the Sites, pages visited, language preferences, and other anonymous traffic data. Florence and certain third-party providers, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. The categories of cookies are:

  • Strictly necessary cookies:You cannot opt out of these cookies, which are essential for the provision of the Sites and any requested Services.
  • Performance cookies:These cookies provide statistical information on site usage, such as web analytics.
  • Functional cookies:These cookies allow the provision of enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages.
  • Targeting/advertising cookies:These cookies are used to create profiles or personalize content to serve you online targeted advertisements that we think are most relevant to you.

You can control and/or opt out of these cookies and tracking technologies as described below.

How We May Use the Personal Information We Collect
To provide the Sites and Services and personalize your experience: We may use Personal Information to provide the Sites and Services to you, including authenticating you when you log in, providing customer support, and operating and maintaining the Sites and Services. We may use your email domain to infer your affiliation with a particular organization or industry to personalize the content and experience you receive on our Sites. If you use multiple Services, we combine information about you and your activities to provide an integrated experience, such as to allow you to find information from one Service while searching from another or to present relevant product information as you travel across our Sites and Services.

For research and development: We may use collective learning about how people use our Sites and Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns, and areas for integration and improvement of the Sites and Services. In some cases, we apply the lessons learned across our Sites and Services to improve and develop similar features or to better integrate the services you use. We may even contact you to participate in an optional focus group or other type of discovery session to help us evaluate possible product enhancements.

To communicate with you about the Sites or Services: We may use your contact information to send transactional communications via email and within the Services regarding your use of the Services. We also may send you email notifications when you or others interact with the Services and send you communications as you onboard to a particular Service. These communications are necessary to ensure that you can access and use those Services you request. You cannot opt out of these transactional communications.

To communicate with you regarding updates and status notifications about the Services: We may use your contact information to send informational updates to you via email and within the Services. This includes information regarding software updates, release notes, and status notifications. You can opt out of these communications.

To share training and educational materials: We may use your contact information to share training and educational materials tailored to your areas of interest. You can opt out of these communications.

To market, promote, and drive engagement with the Sites and Services: We may use your contact information and information about how you use the Sites and Services to send promotional communications that may be of specific interest to you, including by email and by displaying advertisements on other companies’ websites and applications, as well as on platforms like Facebook and Google. These communications are aimed at improving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers, promotions, and contests.

Customer support: We may use your information to resolve technical issues you encounter, respond to your requests for assistance, analyze crash information, and repair and improve the Sites and Services.

How We May Disclose Personal Information
We may disclose your Personal Information for the following business purposes:

  • To our third-party service providers who provide services such as information technology and related infrastructure provision, cloud storage, messaging and voice services, email delivery, data analytics, marketing analytics, auditing, software development and maintenance, quality control and assurance, customer support, and other services. These service providers are legally obligated to ensure the confidentiality of Personal Information and implement appropriate security measures.
  • To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business or assets (including in connection with any bankruptcy or similar proceedings).
  • As we believe to be necessary or appropriate under applicable law; to comply with legal processes; to respond to requests from public and government authorities; to enforce our terms and conditions; to protect our operations; to protect the rights, privacy, safety, or property of Florence, you or others; and to allow us to pursue available remedies or limit damages that we may sustain.

Legal Basis

Our legal bases for collecting Personal Information are: (i) your consent; (ii) if we need the Personal Information for performance of a contract or requested service; or (iii) if the collection and use is in our or another’s legitimate interests and is not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we also may have a legal obligation to collect Personal Information. If we collect your Personal Information with your consent, you may withdraw your consent at any time as described below. You understand and agree that we may collect, use, disclose, and otherwise process the Personal Information you provide even if you are located outside the United States.

Retention of Personal Information
We will retain and use your Personal Information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to provide our services, and to enforce our agreements. When applicable, we store your Personal Information in accordance with the instructions from our data controller customers.

When there is no longer a legitimate need to retain your information, we will securely delete or anonymize it or, if this is not possible, securely store it until it can be deleted. When we delete Personal Information, it will be removed from our active servers and databases as well as the Sites, but it may remain in our archives when it is not practical or possible to delete it.

To the extent permitted by law, we may retain and use anonymous and aggregated information for performance reporting, benchmarking, and analytic purposes and for improving our Products and Services.

Information Security
We take reasonable technical and organizational security measures to protect your personal information, and we review our security procedures periodically to consider appropriate new technology and methods. However, no security system is perfect and no data transmission over the Internet can be guaranteed to be completely secure. While we strive to protect your Personal Information, we cannot guarantee the security of any information you transmit to or from our Services or Sites, and you do so at your own risk.

Certain areas of the Sites or Services may require the use of a user identification, email address, and/or password as an additional security measure to help protect your information. Do not share your password with anyone.

International Transfers

Florence and the Sites and Services are located in the United States (“US”) and governed by US law. If you are outside the US when you visit the Sites or Services or engage in communications with us via mail, email or telephone, please be aware that your Personal Information may be transferred to, stored, and processed in the US where we have data centers. While the US data protection, privacy and other laws might not be as comprehensive as those in your country, we take necessary and appropriate steps to protect the privacy and security of your Personal Information. By using the Sites or Services, you understand and consent to the collection, storage, processing, and transfer of your Personal Information to the US and those third parties with whom we share it, as described in this Privacy Policy.

When storing, hosting, or otherwise processing information (including Personal Information) for residents of the European Union (“EU”), European Economic Area (“EEA”), or United Kingdom (“UK”), we may send such data outside of these regions. When we transfer information to the US or other countries, we do so for the purposes set forth in this Privacy Policy and in accordance with applicable law. We rely on recognized legal bases to lawfully conduct cross-border/international transfers of Personal Information outside of the EU, EEA or UK, such as your express informed consent to do so, when transfer is necessary for us to deliver the Services pursuant to an agreement between us and you, or when the transfer is subject to safeguards that assure the protection of your Personal Information, such as the European Commission’s approved Standard Contractual Clauses.

Your Rights Regarding Personal Information
If Florence has any of your Personal Information, you generally have the following rights:

  • Cookies: You have the ability to opt out of certain cookies by going to the cookie preferences of your browser. You can find out more information about how to change your browser cookie settings here. If you choose to disable cookies, please note that you may not be able to sign in or use some of the interactive features offered on our Sites or Services.
  • Google Analytics: We use Google Analytics to help us manage and improve the Sites and Services. Google provides a browser add-on that allows you to opt out by downloading and installing the add-on for your web browser. This is available here.
  • Marketing or promotional communications: You can opt out of our marketing or promotional email communications by using the “unsubscribe” feature at the bottom of the email from us or by requesting to opt out by emailing us at privacy@florencehc.com. Please note that you cannot opt out of receiving transactions communications from us regarding Services you request or use.
  • Access and update your information:Our Services allow you to update your profile information within your profile settings and modify content that contains information about you. For certain fields, you may need to contact your administrator.
  • Deactivate your account: If you no longer wish to use our Services, you or your administrator may be able to deactivate your account. If you can deactivate your own account, that setting is available to you in your account settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact support@florencehc.com.

In some cases, due to certain rules governing auditing clinical trial processes, you will not be able to delete certain information about you from our Services once you have opted in, nor can you ask us to stop using your data in administrator-controlled accounts.

California Privacy Rights

The California Consumer Privacy Act (“CCPA”) gives consumers the right to request that we disclose what Personal Information we collect, use, disclose, and sell, and delete certain Personal Information that we have collected or maintain. You may submit these requests to us as described in the Contact Us section of this Privacy Policy.

We will confirm receipt of your request within 10 business days. We must provide the requested information or delete your Personal Information within 45 days of receipt of your request, but we can take up to an additional 45 days if we let you know that additional time is needed.

However, these rights do not apply where we collect or sell a consumer’s Personal Information if: (1) we collected that information while the consumer was outside of California; (2) no part of a sale of the consumer’s Personal Information occurred in California; and (3) no Personal Information collected while the consumer was in California is sold. In addition, de-identified information is not subject to these rights. Furthermore, if your information is collected in the context of a business relationship with us, it may not be covered by the CCPA.

Request to know: You have the right to request: (1) the specific pieces of Personal Information we have collected about you; (2) the categories of Personal Information we have collected about you; (3) the categories of sources from which the Personal Information is collected; (4) the categories of Personal Information about you that we have sold and the categories of third parties to whom the Personal Information was sold; (5) the categories of Personal Information about you that we disclosed for a business purpose and the categories of third parties to whom the Personal Information was disclosed for a business purpose; (6) the business or commercial purpose for collecting, disclosing, or selling Personal Information; and (7) the categories of third parties with whom we share Personal Information. Our response will cover the 12-month period preceding our receipt of your request.

Request to delete: You have the right to request the erasure/deletion of certain Personal Information collected or maintained by us. We will delete your Personal Information from our records and direct any service providers (as defined under the CCPA) to delete your Personal Information from their records.

Excessive requests: If your requests are unfounded or excessive, particularly because they are repetitive, we may either charge a reasonable fee or refuse to act on the request and notify you of the reason for refusal. If we charge a fee, the amount will be based upon the administrative costs of providing the information or communication or taking the action requested.

Verification process: We are required by law to verify the identities of those who submit requests. To determine whether the individual making the request is the consumer about whom we have collected information, we will verify your identity by matching the identifying information provided by you in the request to the Personal Information that we already maintain about you. If we cannot verify your identity, we may deny the request in whole or in part. We will inform you if we cannot verify your identity.

Authorized agents: An authorized agent may submit a request on your behalf. If you use an authorized agent to submit a request, we may require you to: (1) provide the authorized agent with signed permission to do so; (2) verify your identity directly with us; and (3) directly confirm with us that you provided the authorized agent permission to submit the request. We may deny a request from an agent that does not submit proof of your authorization to act on your behalf.

Sale of Personal Information: Under the CCPA, you have the right to direct us to stop selling your Personal Information to third parties and to refrain from doing so in the future. We do not sell Personal Information as defined under the CCPA, and we have not sold Personal Information during the past 12 months.

Non-discrimination: You have the right not to receive discriminatory treatment by us due to your exercise of the rights provided under the CCPA. We do not discriminate against consumers for exercising their rights under the CCPA.

Privacy Rights In Other States

Residents of Nevada and other states may have rights to request information about or delete their Personal Information. To inquire about exercising these rights, please contact us at privacy@florencehc.com.

EU/EEA/UK Residents

If you are located in the EU, EEA or UK, you may have the following rights under the relevant EU/UK Regulations, including the General Data Protection Regulation (“GDPR”) or UK equivalent.

Right of access: You have the right to receive confirmation as to whether or not Personal Information concerning you is being processed and, if so, access to the Personal Information as well as the purposes of the processing, categories of Personal Information, and recipients or categories of recipients to whom the Personal Information has been or will be disclosed.

Right of rectification: You have the right to require us to correct any inaccurate or incomplete Personal Information.

Right to erasure: In some cases, you have a legal right to request that we delete your Personal Information when (1) it is no longer necessary for the purposes for which it was collected; (2) consent has been withdrawn; (3) you have objected to the processing; (4) the Personal Information has been unlawfully processed; (5) the Personal Information must be erased for compliance with a legal obligation; or (6) the Personal Information was collected in relation to the offer of information society services. However, this right is not absolute. When we delete Personal Information, it will be removed from our active servers and databases as well as the Sites, but it may remain in our archives when it is not practical or possible to delete it. We may also retain your Personal Information as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.

Right to restrict processing: You have the right to restrict the processing of your Personal Information when: (1) the accuracy of the Personal Information is contested, for a period enabling us to verify its accuracy; (2) the processing is unlawful but you oppose erasure and instead request a restriction; (3) we no longer need the Personal Information but you require us to keep it for the establishment, exercise or defense of legal claims; or (4) you have objected to us processing the Personal Information, pending resolution of the objection.

Right to object: In certain circumstances, you have the right to object to the processing of your Personal Information if the processing is necessary for performance of a task carried out in the public interest, for our legitimate interests, or for the legitimate interests of others. You also have the right to object if Personal Information is processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.

Right to withdraw consent: If you have provided your consent to the collection, processing, and transfer of your Personal Information, you may have the right to fully or partially withdraw your consent. Once we have received notice that you have withdrawn your consent we will no longer process your information for the purposes to which you originally consented, unless we have a legitimate basis that overrides your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of Personal Information for the provision of our Services.

Right to complain: If you believe we have not processed your Personal Information in accordance with applicable law, you have the right to make a complaint to the relevant Supervisory Authority (as described below) or seek a remedy through the courts.

Exercising Your Rights

If you wish to contact us to exercise rights with respect to your Personal Information, you can either:

You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your account settings menu, or contacting us to have your contact information removed from our promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding Services you request or use.

If the Services are administered for you by an administrator, you should first contact your administrator to assist with your requests. In rare cases, you may need to contact your Florence representative to exercise these rights.

If you are a study participant (including children): In general, study participants must contact their research team directly instead of contacting Florence. If a study participant contacts Florence directly, Florence will adhere to any customer contractual obligations for fulfilling the request.

If you are based in the EU, EEA, or UK: You may contact our Data Protection Representative, DataRep, which has locations in each of the EU countries, the UK, and Norway and Iceland in the EEA, in the following ways:

  • Send an email to DataRep at datarequest@datarep.com and include “Florence Healthcare, Inc.” in the subject line,
  • Submit an online webform here.

If you have any questions about how DataRep will handle Personal Information, refer to the DataRep privacy notice here.

You also may have the right to make a complaint under the GDPR to the relevant Supervisory Authority. A list of Supervisory Authorities is available here.

Privacy Shield
On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as invalid the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield. As a result of that decision, the EU-US Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring Personal Information from the EU to the United States.

Therefore, Florence continues to maintain its Privacy Shield self-certification under the EU-US and Swiss-US Privacy Shield Frameworks, but also relies on other recognized mechanisms such as the Standard Contractual Clauses to authorize these cross-border transfers. If there is any conflict between this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles will govern. You can learn more about the Privacy Shield program or view our certification here.

UK and Swiss individuals with Privacy Shield inquiries or complaints should first contact Florence at privacy@florencehc.com. Unresolved privacy complaints under the Privacy Shield Principles may be submitted to an independent dispute resolution mechanism, the BBB EU Privacy Shield. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit here for more information and/or visit here to file a complaint. This service is provided free of charge to you. Before you file a complaint, please review the BBB’s Procedure Rules: here. If you determine that you meet eligibility, you can submit a complaint to the BBB EU Privacy Shield as follows:

  • Online (preferred) here
  • Via mail:

BBB National Programs, Inc.

ATTN: BBB EU Privacy Shield

3033 Wilson Boulevard, Suite 600

Arlington, VA 22201

U.S.A.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions you may invoke binding arbitration for some residual claims. Details are available here.

Children’s Personal Information
The Children’s Online Privacy Protection Act (“COPPA”) and other data privacy regulations restrict the collection, use, or disclosure of Personal Information from and about children on the Internet. Our Sites and Services are not directed to children under the age of 18, nor is information knowingly collected from children. If you are under 18, please do not use or provide any Personal Information on the Sites. If we learn that we have collected or received Personal Information from a child without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete it. If you believe we might have any information from or about a child, please contact us using the contact information provided below.

For more information about COPPA, please visit the Federal Trade Commission’s website here.

Note that we may be provided with Personal Information of children by customers using our Services (e.g., clinical research data for pediatric studies). We have no control over the content uploaded through the Services, so we cannot delete or revise this Personal Information.

Third Party Links and Services
This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third party operating any site or service to which the Sites or Services link. Unless expressly stated otherwise, the inclusion of a link on the Sites or Services does not imply our endorsement or recommendation of the linked site or service.

Changes to this Privacy Policy
We may update this Privacy Policy at any time in our sole discretion and without notice. We will post any revised Privacy Policy on the Sites and Services. You should review this Privacy Policy periodically to ensure that you are aware of any changes. Your continued use of the Sites or Services constitutes your acceptance of any revised Privacy Policy.

Contact Us
If you have any questions about this Privacy Policy, please contact us at privacy@florencehc.com or at the following address:

Florence Healthcare, Inc.
600 Peachtree St NE, Suite 920
Atlanta, GA 30308
Attn: Privacy Team