Effective Date: February 1, 2021
Types of Information We May Collect
We gather personal information about our customers so that we can better serve you. We collect personal information only when it is given to us voluntarily or in response to our request when you inquire about our products. For example, when you request information about or samples of a product, we ask for your contact information (first and last name, email address, telephone number, and physical address) and your organization information (organization and job title). Similarly, if you wish to contact us via our Site, we will also ask you to provide your contact and organization information.
In addition of your contact and organization information, we collect technical information about your computer, such as the browser type and version, browser plug-in types and versions, the operating system of your computer, the Internet Service Provider (ISP), and your internet protocol (IP) address, location, and time zone setting. We also automatically collect information as to how our visitors were directed to our Site, how they navigate around the Site, and what products they browse. We collect this information to help us understand how visitors to our Site use our services, so that we can better manage and enhance our Site.
Disclosures Under the California Consumer Privacy Act
Under the CCPA, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with a particular consumer or household. Personal Information does not include:
(1) de-identified or aggregated information;
(2) “publicly available information” that is lawfully made available from federal, state, or local government records; or
(3) information excluded from the CCPA, such as Protected Health Information or medical information that is subject to HIPAA, or other personal information covered by certain other privacy laws, such as the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, or California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994.
The following categories also represent the categories of Personal Information that we have collected over the past 12 months. Inclusion of a category in the list below indicates only that, depending on the services and products we provide you, we may collect some information within that category. It does not necessarily mean that we collect all information listed in a particular category for all of our customers. We do not and will not sell Personal Information about you, as defined by CCPA. We also have not done so for the last 12 months.
CATEGORY EXAMPLES SOURCES OF INFORMATION PURPOSES OF COLLECTION THIRD PARTIES WITH WHOM INFORMATION IS SHARED Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, signature or other similar identifiers. UserTo reply to inquiries about our products or dispatch samples Distributors of COPAN products; third party service providers for website management and hosting services Internet or another similar network activity Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. User device To gain measurable data on the performance of our website and marketing efforts Third Party service provider for data analytics; website management; and hosting services Professional or employment-related information of prospective employees Contact information of job applicants; job history; resume of job applicants User To communicate with job applicants; to perform initial reviews of job applicants Third party service providers for website management and hosting services
Disclosures under European Union’s General Data Protection Regulation (GDPR):
For individuals in the EU, “Personal Data” has the meaning described in Article 4.1 of the GDPR. The following lawful bases support our processing activities under the GDPR
PERSONAL DATA COLLECTEDDATA SOURCEBASIS OF PROCESSING We collect your name, email address, job title, current organization, current industry, business interests, and phone number. Representative of Prospective Customers It is necessary to take steps at your request prior to entering into a contract (e.g. to respond to your queries and to provide you with further information; or where you have submitted an application to become our Customer).We collect your name, email address, and your organization’s payment information.Vendor and Supplier RepresentativesIt is in our legitimate interests to store vendor/supplier related information so that we can refer back to it (e.g. for our general recordkeeping and supplier relationship management). Our interests are not overridden by the interests or fundamental rights and freedoms of the data subject. We collect your name, current company, and email address. Those who wish to be included on our mailing list(s)Consent. If you subsequently wish to withdraw your consent, you may do so at any time by clicking the “unsubscribe” link at the bottom of these communications. We will collect your name, email address, physical address, phone number, employment and educational history. If you receive a conditional offer from us, and depending on local laws, we may also collect a background check, including any criminal history. Prospective Employees Necessary in order to take steps prior to entering into an employment contract; Consent. We will collect your name, company and purpose for access. We also may monitor our facility using CCTV. Visitors to Copan’s facilities It is in our legitimate interest in maintaining security and accountability; compliance with local laws, including those relating to health and safety.
How We Collect Your Information
We collect information through our Site directly from you as you voluntarily provide such information when you interact with our Site.
We also use tracking technologies such as cookies and Google tags to collect data about your computer and your use of our Site. We will treat this data as personal information only where the data, or the information it is associated with, can be individually identified to you.
COOKIES are small text files placed on your device that uniquely identify your device and which a website can transfer to a consumer’s hard drive to keep records of his or her visit to a website. We, or third parties, may use session cookies or persistent cookies. Session cookies only last for the specific duration of your visit and are deleted when you close your browser. Persistent cookies remain on your device’s hard drive until you delete them or they expire. Both types of cookies enhance user experience by recalling your use of the Internet and our Site.
We use Google Analytics, a third party analytic tool which uses tags to measure, analyze, and report on access to and usage of our Site. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. When you access the Site, your web browser automatically sends certain information to us and to Google, which is used to understand how visitors to our Site engage with our Site. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. Google Analytics does not collect sensitive information on our Site, as described in the Google AdWords sensitive category restrictions.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
How We Use Your Information
We may use your Personal Information for our business purposes, such as:
To respond to your requests for information and services;
To provide you with information about our products and services;
To provide you with marketing communications and offers for products and services;
To administer promotional programs, such as sweepstakes, rewards, and rebate programs;
If you apply for a job, to consider you for employment;
For our research and development efforts;
To anonymize data so that it is no longer identifiable to an individual;
we analyze information we obtain automatically, including from cookies and web beacons, concerning our customers’ use of, access to, and navigation of our services and their browsing activities to improve, customize, and market our services and content; and for research, marketing, and other business purposes
For product safety, such as adverse event reporting, or to communicate product safety information to you; and/or
For other business and operating purposes, such as website administration, product development, contract management, fulfilment, analytics, fraud prevention, corporate governance, reporting, and legal compliance
When and Why We Disclose Your Personal Information
QSM will share your personal information only in compliance with applicable laws and regulations.
To respond to your inquiries about our products, we may share your contact information with other entities, such as our affiliated companies, our distributors or suppliers.
We may share personal information with our service providers, who are bound by law or contract to protect personal information and only use personal information in accordance with our instructions or the agreements we have signed. For example, we may share personal information with vendors who provide data processing or fulfilment services for us.
We may use third-party agents, consultants, and contractors to perform business functions on our behalf, including customer service, credit review, account servicing, customer research, marketing, provision of IT services, and records maintenance. We give these entities access to our customers’ personal information to perform these functions for us.
We may also disclose personal information where needed to affect the sale or transfer of business assets, to investigate legal issues, enforce our rights, protect our property, or protect the rights, property or safety of others, or as needed support external auditing, compliance and corporate governance functions.
We may also disclose personal information when requested under legal process or otherwise required by law, such as in response to a subpoena, including to law enforcement agencies and courts in the United States and other countries where we operate.
We reserve the right to share non-personal, non-individually identifiable information about our customers at our sole discretion.
COLLECTION AND USE OF INFORMATION FROM CHILDREN
Our Site is not intended for children. We do not knowingly collect personal information from children, and none of the features of our Site is designed to attract children. In the event that we learn that a person under the age of 16 has provided personal information to us, we will delete such personal information as soon as possible.
We do not sell personal information of children under age 16 without affirmative authorization.
Our Site contains links to other websites. When you follow these links to those sites, the operators of those websites may collect information about you. QSM does not review, control or monitor the practices, information or materials on any other websites, and are not responsible or liable for the communications, information, content or materials from or the practices and policies (including without limitation privacy or data collection practices or policies) of any of those sites. If you have any questions about how these other sites use your information, you should review their policies and contact them directly.
We provide you the opportunity to opt-out of marketing communications by clicking the “unsubscribe” link in email communications or by contacting us using the contact information provided below. We will process your request as soon as possible in accordance with applicable law, but please be aware that in some circumstances you may receive a few more messages until the unsubscribe request is processed.
Additionally, we may send you information regarding our Site, such as information about changes to our policies and other notices and disclosures required by law. Generally, users cannot opt-out of these communications, but they will be primarily informational in nature, rather than promotional.
Changing or Updating Your Information
We encourage our visitors to keep their information up to date. We are ready to assist you in checking or changing your personal information. Please contact us at email@example.com and use the subject line “Updating my information.” We will respond to you within a reasonable time.
Rights Available to California Residents
Under the CCPA, residents of California are provided with certain rights regarding their Personal Information (as defined in the CCPA). The following section outlines these rights:
Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
the Categories of Personal Information we have collected from you
the business purposes for which such Personal Information was collected
the Sources of Personal Information we have collected from you
the specific pieces of Personal Information stored about you
the categories of 3rd parties with whom we share Personal Information
If we shared your Personal Information for a business purpose, the categories of Personal Information that each category of recipient obtained.
Right to Request Deletion: You have the right to request deletion of your Personal Information that has been collected and retained from you subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your Personal Information from our records, unless there is an applicable exception. We may deny your deletion request if we need to retain the information to:
Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
If none of the foregoing exceptions applies, and we delete the information in compliance with your verifiable request, we will also direct our applicable service providers to delete your personal information.
You or an authorized agent registered with the California Secretary of State that you authorize to act on your behalf, may exercise the Rights twice in a 12-month period. Your verifiable request must include sufficient detail for us to understand, evaluate, and respond to it. It must also provide sufficient information that allows us to reasonably verify that you are the individual about whom we have collected Personal Information or an authorized agent representing the individual. Please note that in some cases we may need to obtain information from you as part of the verification process to verify your identity to a reasonable degree. We may require you to provide Personal Information as part of the verification process. For authorized agents, we may require a signed, written authorization, a notarized affidavit, or a valid power of attorney. We will only use this information for the purpose of verifying the requestor’s identity or authority. To exercise these rights, please call us at 1-617-579-2004 or email us at firstname.lastname@example.org.
We will acknowledge your right to know or deletion request within ten (10) business days of receipt, and provide information about how we will process the request. In many cases we will respond to your request within 45 days. In some cases we may extend the time to respond for another 45 days. If this extension is necessary, we will give you notice and the reason that we need the additional time to respond.
If we are unable to verify your identity or your authority to make the request within 45 days, we cannot fully respond to you and may deny your request. We may treat the deletion request as an opt-out request. For requests seeking specific pieces of information, we will treat it as a request for the disclosure of the categories of Personal Information about the consumer.
We retain records of your requests, including the request data, nature of the request, manner of submission, the response and any basis of denial for a period of 24 months.
We will not discriminate against you in terms of services, the level or quality of services, or pricing for exercising any of your CCPA rights. If there are excessive requests, we may charge a reasonable fee as permitted under the CCPA.
Right to Opt-Out of Data Sales for Nevada Residents
We do not sell your covered information, as defined by Section 603A.320 of the Nevada Revised Statutes. If you reside in Nevada, you have the right to submit a request to us at email@example.com regarding the sale of covered information. Please include “Nevada” in your email subject line, and include the following information in your email: your name, Nevada resident address, and email address. We will respond within sixty (60) days of receiving your request.
Rights for Individuals located in the European Union
Under the GDPR, individuals in the European Union are provided with certain rights regarding their Personal Data, as defined under that Regulation. The following section provides notice of these rights:
You have the right to access your Personal Data. You have a right to know if we process any Personal Data about you and, be sent a copy of the Personal Data, along with an explanation of the purposes of the processing, and the categories of recipients to whom we have disclosed your Personal Data.
You have to right of rectification of your Personal Data. You have the right to correct your Personal Data is it is inaccurate. You may change or update your information at any time by requesting access to the Personal Data that has been collected about you and confirm or change that information.
You have the right to have your Personal Data erased under certain circumstances. You may exercise this right if you (a) withdraw your consent and there is no other lawful basis for processing the data; (b) if the data is no longer necessary for the purpose for which it was collected; (c) where you have objected to the use of the data for direct marketing; (d) where the data has been unlawfully processed; or (e) where erasure is necessary to comply with a legal obligation. Please note that there are also exceptions to this right that may prevent you from exercising this right. For example, if the data is necessary for the establishment, exercise, or defense of legal claims, your right to erasure will not apply.
You have the right to restrict the processing of your Personal Data under certain circumstances. You may exercise this right if (a) you contest the accuracy of the Personal Data collected and retained about you; (b) if the processing is unlawful; (c) if the data is no longer necessary for the purposes of processing but it is required for the establishment, exercise, or defense of legal claims; or (d) if you have objected to the processing of your data based on the public interest or the legitimate interest of others.
You have the right to object to the processing of your Personal Data. You have the right to object to direct marketing at any time. You can also object to the processing of your Personal Data which is based on legitimate interests. Likewise, you can object to the processing of your Personal Data for scientific or historical research or statistics purposes. Note that while the right to object to direct marketing is absolute, the two other rights to object are more limited.
You have the right to port (transfer) Personal Data you have provided to us, either to you or to another provider. You may request to be given a copy the Personal Data that you have provided to us and that we have processed through automated means based on your consent in a commonly used, machine-readable electronic format where technologically possible, for your re-use.
You have a right to revoke your consent to or to opt-out of how your Personal Data is processed as described in this Policy. You may withdraw consent to the extent that our processing of your Personal Data is based on your consent
You have the right to lodge a complaint. If you have any concerns or a complaint about how your Personal Data has been or is being processed, please let us know directly by contacting us by email. You also have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated.
To find out more about your data subject rights under GDPR, you may contact the data protection agency of your member country, for e.g., the Data Protection Commission of Ireland.
To exercise your rights, please contact us: our contact details are in the “Contact Us” section below. Please make it clear which right(s) you want to exercise, for example by titling your email or letter “right to object” if you wish to exercise the right to object.
We implement reasonable technical and organizational security measures to ensure the security of your Personal Information. Personal information is encrypted when it is transmitted to Copan using SSL/TLS technology. The information we collect is contained behind secured networks and only accessible by authorized personnel and service providers who need access to perform their duties. Please understand, however, that no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, QSM cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to us is done at your own risk. If we learn of a security system breach, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Services or providing Personal Information to us, you agree that we can communicate with you electronically regarding security, privacy and administrative issues relating to your use of the Services. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
INTERNATIONAL DATA TRANSFERS
QSM Diagnostics is based in the U.S. If you choose to provide us with information, please understand that your Personal Information may be transferred to the U.S. and that we may transfer that information to our affiliates and subsidiaries or to other third parties, across borders, and from your country or jurisdiction to other countries or jurisdictions around the world. If you are visiting from the EU or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring your Personal Information to the U.S. and other jurisdictions which may not have the same levels of data protection as the EU, and Personal Information may be subject to access by and disclosure to law enforcement agencies in the U.S.
We put in place appropriate operational, procedural and technical measures in order to ensure the protection of your Personal Information. You acknowledge you understand that by providing your Personal Information: (i) your Personal Information will be used for the uses identified above in accordance with this Policy; and (ii) your Personal Information may be transferred to the U.S. and other jurisdictions as indicated above, in accordance with applicable law.
In the event that all or part of our assets are sold or acquired by another party, or in the event of a merger, we retain the right to transfer your Personal Information to the successor business. The new business would retain the right to use your Personal Information according to the terms of this privacy notice as well as to any changes to this privacy notice as instituted by the new business.
HOW WE RESPOND TO DO-NOT-TRACK SIGNALS
At this time our website does not recognize automated browser signals regarding tracking mechanisms, which may include “Do Not Track” instructions.
Data Retention Periods
QSM retains your Personal Information for as long as necessary for the purposes for which it was collected. In certain instances, we may keep it longer:
for as long as necessary to comply with any legal requirement;
for backup and disaster recovery purposes;
for as long as necessary to protect our legal interests or otherwise pursue our legal rights and remedies; or
for data that has been aggregated or otherwise rendered anonymous in such a manner that you are no longer identifiable, indefinitely.
We reserve the right to change this Policy. When we do, we will also revise the “Effective Date” at the top of this Policy. If we make material changes to the Policy, we will notify you by placing a prominent notice on our website and/or by sending you an email at the email address we have on file for you. We encourage you to periodically review this Policy to keep up to date on how we are handling your Personal Information.
If you have any questions, comments or concerns about our privacy practices or this Policy, please contact us at:
38 Wareham Street, Floor 3
Boston, MA 02118