“Data Subject” means the individual to whom any given Privacy Shield Personal Data refers.
“Personal Data” means any information relating to an individual residing in the European Economic Area or Switzerland that can be used to identify that individual either on its own or in combination with other readily available data.
“Sensitive Personal Data” means Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, sexual life, or criminal record.
Scope and Responsibility
This EU-U.S. and Swiss-U.S Privacy Shield Policy (the “Policy”) applies to all Personal Data received by Vecna in the United States from the EU or Switzerland, in any format, including electronic, paper, or verbal.
All employees of Vecna that have access to such EU/Swiss Personal Data in the U.S. are responsible for conducting themselves in accordance with this Policy. Adherence by Vecna to this Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations, but EU/Swiss Personal Data shall not be collected, used, or disclosed in a manner contrary to this policy without the prior written permission of Vecna’s Legal Department.
Vecna employees responsible for engaging third parties to handle EU/Swiss Personal Data covered by this Policy on behalf of Vecna (e.g., temporary staff, independent contractors, sub-contractors, business partners, or vendors) are responsible for obtaining appropriate assurances that such third parties have an obligation to conduct themselves in accordance with the applicable provisions of this Policy, including any applicable contractual assurances required by Privacy Shield.
Failure of a Vecna employee to comply with this Policy may result in disciplinary action up to and including termination.
Privacy Shield Principles
Vecna commits to comply with the Privacy Shield Principles with respect to Personal Data Vecna receives from Switzerland and the EU in reliance on the Privacy Shield. The Privacy Shield List can be found at: https://www.privacyshield.gov/list
Depending on requirements and purchased modules/services, Vecna software may receive, process, store, and/or transmit personally identifying information (PII) and personal health information (PHI). This PII/PHI may include: names, medical record numbers (MRNs) or other identifying numbers, Social Security numbers, insurance policy information, addresses, phone numbers, responses to medical questionnaires, electronic signatures, and other data, either originating with client [customer] record systems or input to Vecna systems by users, whether patient users, staff users, or otherwise.
Vecna offers individuals the right to choose whether their personal information is (i) to be disclosed to a third party or, (ii) to be used for a purpose that is materially different from the purpose we originally collected it. In order to opt-out of disclosure of your information, please contact Vecna at the address or email address listed below.
For sensitive personal information like, for example, personal information specifying medical or health conditions, race, and/or ethnic origin, Vecna will not disclose this information without receiving affirmative consent from individuals if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which Vecna originally collected or was subsequently authorized by the individual. Vecna also treats sensitive information it receives from third parties as sensitive.
Accountability for Onward Transfer (transfers to affiliates and/or other third parties) – In the event Vecna transfers EU/Swiss Personal Data covered by this Policy to an affiliate or other third party, it will do so consistent with any notice provided to Data Subjects and any consent they have given. Vecna will transfer Personal Data to such third parties only if the transfer is for limited and specified purposes and the third party will provide at least the same level of privacy protection as is required by this Policy and the Privacy Shield Principles. When Vecna has knowledge that a third party is using or sharing Personal Data in a way that is contrary to this Policy, Vecna will take reasonable steps to prevent or stop such use or sharing.
With respect to transfers to its agents, Vecna remains responsible under the Privacy Shield Principles if an agent processes Personal Data in a manner inconsistent with the Principles, except where Vecna is not responsible for the event giving rise to the damage.
Data Integrity and Purpose Limitation
Vecna does not process personal information in a way that is incompatible with the purposes for which is has been collected or subsequently authorized by the individual. Vecna has internal processes in place to ensure that personal data is reliable for its intended use, accurate, complete and current. Vecna will adhere to this Principle for as long as the company retains such information.
Subject to applicable law, Vecna retains Personal Data only for as long as it serves a purpose that is compatible with the purposes for which the Personal Data was collected or subsequently authorized by the Data Subject.
EU and Swiss Individuals have the right to access their personal information. Upon request, and with consent of our clients, Vecna will grant individuals access to personal information that it holds about them. In addition, Vecna will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
Recourse, Enforcement and Liability
Vecna has mechanisms in place designed to help assure compliance with the Privacy Shield Principles. Like all Privacy Shield companies, Vecna must conduct an annual self-assessment of its Personal Data practices to verify that Vecna is in compliance with the Privacy Shield Principles.
If you have inquires or complaints regarding Vecna’s use of your confidential information, you can write to:
Attn: Vecna Legal Department
36 Cambridgepark Drive
or email Vecna at firstname.lastname@example.org. In the event an inquiry or compliant cannot be resolved between Vecna and a Data Subject, the Data Subject may contact Vecna’s independent recourse mechanism, the International Centre for Dispute Resolution/American Arbitration Association (ICDR/AAA), to use their EU/Swiss Privacy Shield Dispute Procedure. Data Subjects can find the ICDR/AAA’s contact information at http://go.adr.org/privacyshield.html.
Should a complaint remain fully or partially unresolved after a review by Vecna and the applicable independent recourse mechanism, Data Subjects may be able to, under certain conditions, seek binding arbitration before the Privacy Shield Panel. For more information, please visit www.privacyshield.gov.
Vecna is also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Changes to this Policy
This Policy may be amended from time to time consistent with the requirements of the Privacy Shield Principles. Appropriate notice will be given concerning such amendments.