Regional Privacy Notice Supplement


The information provided in this Regional Privacy Notice Supplement (“Supplement”) contains additional information for individuals located in a Relevant Region. A “Relevant Region” means a country or U.S. state which has enacted a personal data protection law applicable to residents (or to any processing of personal data conducted within such region regardless of data subject location), as set forth by the laws appliable in each such region, that apply to the processing of personal data by ProSciento (“Relevant Laws”). Relevant Regions may include, but are not limited to, the European Economic Area (EEA), United Kingdom, Switzerland, California, Mexico, and Australia. The below information supplements the ProSciento Privacy Notice (“Notice”).

Terms used in this Supplement are consistent with the definitions in The General Data Protection Regulation (EU) 2016/679 (“GDPR”) or its local equivalents under Relevant Laws.

Legal bases for processing. If applicable under a Relevant Law, our legal bases for processing personal data are set forth in the table below.

PROCESSING PURPOSE

LEGAL BASIS
  • To provide, secure, and support, our Services
  • For employment purposes and to process job applications
Processing is based on our legitimate interest in providing the Services you access and request.

Processing is necessary to perform a contract with you.
 
Processing is necessary for compliance with our legal requirements in terms of Relevant Laws.
  • To conduct advertising, marketing, and promotional activities: promoting the Services to a wider audience and providing tailored recommendations based on user data.For product improvement: we may use data to enhance the Services features and functionality, making them more useful and user-friendly.Customer Engagement: keeping users, subscribers and others informed about updates, new features, and content that may interest them.For security and compliance, fraud prevention and safety: protecting the Services and its users from security threats, fraud, and abuse.To create anonymous dataFor research and development, and optimization of our Services and Websites: using aggregated and anonymized data to conduct research on trends and user behavior to improve the Services and Websites.To conduct employee recruiting activities: developing and improving our employee recruiting process or Websites and communicating with you regarding employment opportunities.To communicate with you in response to your requests, questions, inquiries, and submissions: managing day-to-day operations and ensuring the application’s sustainability and growth.Legal Compliance: Ensuring compliance with relevant laws and regulations, including the rules from other countries besides yours.
These activities constitute our legitimate interests.

This means that we use your personal data because we believe it is in our best interest or the interest of someone else.

Legitimate interests work when we use your personal data in ways that make sense and do not intrude on your privacy much.

We do not use your personal data for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • To comply with law
Processing is necessary to comply with our legal obligations.
  • To send you marketing communications (where consent is required by Relevant Laws)
  • To process your sensitive or special categories of information in connection with our employee recruiting activities
Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.
 
However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect the validity of our processing of personal data performed on other lawful grounds.

 Your rights

Certain Relevant Laws provide individuals located in Relevant Regions certain rights regarding their personal data. If a Relevant Law applies to you, you may submit a request to exercise your right(s) in relation to your personal data for which ProSciento is the Data Controller, as follows:

1. Right to be Informed
You may request what personal data is collected about you, why, who is collecting data, how long it will be kept, how you can file a complaint, and with whom we will share the data.

2. Right to Access
You may request a copy of your personal data we process.

3. Right to Rectification
You may request the correction or rectification of any of your inaccurate or incomplete personal data we process.

4. Right to Deletion or Erasure
You may request we delete personal data in accordance with Relevant Laws.

5. Right to Restrict Processing
You may request that we limit the way we use your personal data, including uses of any sensitive personal data.

6. Right to Data Portability
You may request for your data to be transferred directly to another organization.

7. Right to Object to Processing
You may object to the processing of certain personal data.

8. Rights in Relation to Automated Decision Making and Profiling
You have the right not to be subject to automated decision-making if it produces a legal effect that significantly affects you, with certain exceptions. Please note that ProSciento does not generally engage in this activity and does not as a matter of course control or process personal data for this purpose, and if it does, ProSciento complies with Relevant Laws in connection with such data processing.

9. Right to request not to receive direct marketing communications. In some Relevant Regions, you may request to not receive our direct marketing messages, as more fully set forth below.

Certain other details regarding the processing of personal data that individuals located in the above regions may be entitled to receive are contained in other provisions of the Notice.

If you have an account or accounts with us, please visit your account page(s) to review the options available to you to exercise your rights above. Please note that some functionality may not be available, or we may not be able to fulfill your request, depending on our legal obligations or rights, in which case we will inform you of such a limitation or exception. For example, we may not be able to delete all data as we may be legally required to retain certain data or retain certain data in identifiable form.

If functionality to exercise your rights is not available to you directly, or you have any concerns about how we process your data under appliable laws, you may submit a request by email to ProSciento’s Data Protection Officer via email at DPO@prosciento.com, via phone to 833-602-2089 (toll free), or by postal mail at:

ProSciento, Inc.
6160 Cornerstone Ct. E
Suite 200
San Diego, CA 92121

Please allow up to four weeks for us to reply.

Data Protection Officer
We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of personal data. VeraSafe’s contact details are:


VeraSafe
100 M Street S.E., Suite 600
Washington, D.C. 20003 USA
+1 (617) 398-7067

experts@verasafe.com

European Union Representative
ProSciento is established in the European Union and can be contacted at:


ProSciento Europe B.V.
Kruisdonk 66
6222 PH Maastricht
We may request specific information from you to help us confirm your identity and process your request.


If you wish to file a complaint about our use of your personal data or our response to your requests regarding your personal data, you may contact the data protection Supervisory Authority in your Relevant Region.

Verification of Your Identity

In order to correctly respond to your privacy rights requests, we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are.

For requests submitted via password-protected accounts, your identity is already verified. For requests sent by other means, we will verify your identity via the following method: we will verify your identity via the same means you use to contact us to make the request, unless you specifically request that we contact you by another means. We will request the minimum amount of information from you required to verify your request and will only request information that we already hold pertaining to you – this is usually your full name, physical address, email address and telephone number.

We will only use the personal data you provide us in a request to verify your identity or authority to make the request.

Verification of Authority

If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual, or proof of parental responsibility or legal guardianship. Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity with ProSciento and confirm with us that they gave you permission to submit this request.

Response Timing and Format of Our Responses

We will confirm the receipt of your request within ten (10) business days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.

Please allow us up to a month to reply to your requests, from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing.

If we cannot satisfy a request, we will explain why in our response. For data portability requests, we will choose a format to provide your personal data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.

We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

Cross-Border Data Transfer

We have affiliates, subsidiaries and operations globally and may transfer personal data on a global basis, including to the Unites States, to operate our business. If we transfer your personal data out of the EEA, UK, Switzerland, or another Relevant Region to a jurisdiction not deemed by the applicable regulatory authorities in the Relevant Region to provide an adequate level of personal data protection, the transfer will be performed:

  • Pursuant to the recipient’s compliance with the applicable standard contractual clauses or their equivalent, or Binding Corporate Rules
  • Pursuant to the consent of the individual to whom the personal data pertains
  • As otherwise permitted by applicable requirements under Relevant Laws.

You may contact us for further information on the specific legal mechanism used when transferring your personal data out of Europe or your applicable Relevant Region.

Additional Terms

California “Shine the Light” Law

California residents may request certain information regarding our disclosure (if any) of personal data to third parties for their direct marketing purposes, pursuant to California Civil Code Section 1798.83 (the California “Shine the Light” law). To make such a request, please contact us, identify yourself as a California resident and provide sufficient information so we can take appropriate action, such as your name, email address or any additional information required.

California Consumer Privacy Act 2018 (“CCPA”) Notice

The below information applies to all personal data collected and/or received by ProSciento from consumers residing in California if and to the extent the CCPA applies and provides additional information about how ProSciento processes personal data.

California residents may have the right to disclosure of certain information about the processing of their personal data, including, to the extent applicable, the following:

  • The categories of personal data we have collected about such consumer.
  • The categories of sources from which such personal data has been collected.
  • The business or commercial purpose for collecting or selling or sharing such personal data.
  • The specific pieces of personal data we have collected about such consumer.
  • The time period for which we retain personal data or the criteria it will use to determine how long we retain personal data
  • The categories of such consumer’s personal data we have sold, shared, or disclosed for a business purpose, by category for each category of third parties to whom the personal data was sold, shared, or disclosed, or we will state that we have not sold, shared, or disclosed for a business purpose such consumer’s personal data.

Information identified above may be found in our Notice.

In addition, as set forth in our Notice, we may collect the following specific categories of personal data we may collect the following specific categories of personal data. The table below describes the categories of personal data we have collected about you in the last twelve months:

Specific Categories of Personal Data We Collect, Process, or StoreHow We Obtain It
Identifiers such as real name; alias; signature; postal address; email address; telephone number; unique personal identifier; online identifier; Internet Protocol address; device identifiers; email address; account name; Social Security number; driver’s license or other state identification number; passport number; insurance policy number; insurance claim number; financial information, including bank account, credit card numbers, bank routing details; employment, including current and historical; association membership; other device identifiers including the operating system, browser type, network information; or other similar identifiersYou provide it directly to us:
when you sign up as a customer,
when you use one of our services,
when you contact us with questions, feedback, or otherwise correspond with us,
in the context of your employment relationship,

We receive it from our customers:
When employees, contractors, and other representatives of their companies provide it directly to us.

We receive it from third parties:
When we purchase lists of individuals who might be interested in becoming customers of ours.

It is collected automatically from our users:  
such as through our IT systems or anonymous identifiers when users visit our websites.
Protected legal characteristics such as age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, or veteran or military status.You provided it directly to us:
When you are completing contact forms or otherwise correspond with us.  

For prospective research participants
you provide it directly to us by contacting us in order to participate in one of the active research studies (e.g. by completing phone questionnaires).   

For actual clinical research study participants:  
you provide this information to the study site as part of the research study, and we process this information on behalf of our customers (pharmaceutical life sciences companies – study sponsors).
Commercial information such as data related to insurance policies, or other purchasing or consuming histories or tendencies.You provide it directly to us:
When you are purchasing/using our services.

It is collected automatically from our users:
such as through our IT systems or anonymous identifiers when users visit our websites.
Biometric information (i.e. Items related appearance including, but not limited to, height, weight, eye color, hair color; NOT including any genetic data or data that could alone be considered Personal Data when not combined with other information (i.e. fingerprint or genetic data))You provide it directly to us:
You may provide in connection with surveys, feedback, use of our Services, or your communications with us  

For prospective research participants
you provide it directly to us by contacting us in order to participate in one of the active research studies (e.g. by completing phone questionnaires).   

For actual clinical research study participants:
you provide this information to the study site as part of the research study, and we process this information on behalf of our customers (pharmaceutical life sciences companies – study sponsors).  
Internet activity such as data set forth in our Notice.Collected automatically from our users, such as through our IT systems or anonymous identifiers when users visit our websites.
Thermal information such as your body temperature taken in connection with a clinical trial study.For prospective research participants
you provide it directly to us by contacting us in order to participate in one of the active research studies (e.g. by completing phone questionnaires).   

For actual clinical research study participants:
you provide this information to the study site as part of the research study, and we process this information on behalf of our customers (pharmaceutical life sciences companies – study sponsors).
Employment information.  Current or past job history or performance evaluations, job title.You provide it directly to us:
When you visit the ‘Careers’ portion of our Website, we collect the information that you provide to us in connection with your job application or other employment inquiry.When you submit your CV.  

Information is collected in the context of your employment relationship with us such as:
Performance evaluations conducted internally to assess your performance. Information about trainings that you participate is collected by the HR.
Education information.You provide it directly to us:
When you visit the ‘Careers’ portion of our Website, we collect the information that you provide to us in connection with your education.
When you submit your CV.

Information is collected in the context of your employment relationship with us such as:
Your education is recorded as part of your employee file.
Inferences drawn from the above data to create a profile reflecting personal preferences and attributes. 

“Sale” and “Sharing” of Personal Data

ProSciento does not as a matter of course “sell” or “share” personal data , in accordance with the definitions of “sell” and “share” in the CCPA. If you believe we have “sold” or “shared” your personal data, please contact us as set forth below.

Non-Discrimination and Non-Retaliation 

In accordance with the CCPA, ProSciento will not discriminate or retaliate against you for exercising any of your Personal Data rights. Unless permitted by applicable regulations, we will not: 

  • Deny you goods or services. 
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. 
  • Provide you a different level or quality of goods or services. 
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. 

Responding to Your Requests

Depending on the applicable Relevant Law, we may only have to respond to requests for access or data portability twice within a 12-month period. Each verifiable request must: 

  • Provide sufficient information that allows us to reasonably verify you are either (i) the person about whom we collected personal data or (ii) an authorized representative which provided the personal data. 
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. 

ProSciento cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you or an individual about which you provided personal data. 

ProSciento will respond to a verifiable request within the time periods required by the Relevant Law and if more time is required, ProSciento will comply with any such applicable requirements. The response ProSciento provides will also explain the reasons we cannot comply with a request, if applicable. 

We will provide appropriate disclosures upon receipt of a verifiable request, to the extent required by Relevant Laws (or in our discretion if not required by Relevant Laws) and as permitted by our contracts, confidentiality obligations and applicable laws and regulations.

Contact ProSciento 

If you have any questions regarding this Regional Privacy Notice Supplement or about our privacy practices, wish to exercise any of your rights, or wish to file a complaint, please contact ProSciento or ProSciento’s Data Protection Officer at the contact details provided under the section “Your rights” above.

Last modified: August 6, 2024