The purpose of this Policy is to describe OmniComm’s privacy principles set forth by federal and international regulations that govern clinical research, including the EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield framework and General Data Protection Regulation regarding the processing, transfer and hosting of personal information in electronic, paper, or verbal formats.
OmniComm Systems, Inc. respects the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. This includes data from its customers, employees, clinical trial participants, healthcare professionals, investors, business partners, and others. OmniComm Systems, Inc. collects, processes and uses personal information in a manner that is consistent with the laws of countries in which the organization does business. Furthermore, data is only collected for specified, explicit and legitimate purposes detailed in initial agreements and contracts in which the data subject provides consent. Data is not further processed in a manner that is incompatible with those purposes.
OmniComm Systems, Inc. respects and follows the privacy principles as set forth by GDPR, the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Framework including principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability including the transfer of personal information in electronic, paper or verbal formats from the member states of the European Union and Switzerland to the United States as set forth in the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Framework.
To confirm participating organizations you may refer to
OmniComm Systems, Inc. informs individuals about the purposes for which it collects and uses personal information. The notice is provided in clear language in a conspicuous manner. The use of the data is limited to the purpose first identified and no more information is collected than is required to satisfy the business purpose. Any personal information that is related to the use of the OmniComm clinical trial software products or personal data developed in specific medical or pharmaceutical research studies is the responsibility of the client, as the controller.
OmniComm may collect the following types of Personal Information:
OmniComm Systems, Inc. informs individuals about the type of third party to which OmniComm Systems, Inc. discloses information if any, and offers individuals the choices and means for limiting the use and disclosure of their personal information.
OmniComm understands that it can only process data under the following principles:
Personal data shall be: (a) processed lawfully, fairly and in a transparent manner; (b) collected for specified, explicit and legitimate purposes and not further processed; (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; (d) accurate and, where necessary, kept up to date; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
OmniComm Systems, Inc. offers individuals the option of choice as to whether their personal information is disclosed to a third party. Individuals can request the data in a structured, commonly used and machine-readable format and may also choose to not have their data shared if the purpose is incompatible with the original purpose of data collection. OmniComm Systems, Inc. provides individuals with a reasonable mechanism to exercise their choices, including the ability to rectify any incorrect data, the ability to request to be forgotten (as long as it does not contradict legal requirements), and the ability to withdraw consent and opt out.
If sensitive personal information is to be disclosed to a third party or is to be used other than the purpose originally authorized, OmniComm Systems, Inc. will give individuals explicit (opt in) choice, and will disclose the information only after explicit consent of the individual.
Individuals are provided readily available mechanisms to exercise choice whether their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected. Individuals may email firstname.lastname@example.org to exercise this option.
OmniComm Systems, Inc. ensures by written agreement that our agents and third party providers follow the same privacy principles and data protections principles as OmniComm Systems, Inc.
Personal data is only shared by OmniComm with Third Parties who require it for specific business purposes. Data is transferred only for the scope of purpose it was initially intended and not for any other reasons. These third parties must agree to abide by the same of level of privacy protection as required by Privacy Shield principles.
Third party vendors may include Data Centers who store employee contact information such as name, email, phone number of a select group of employees as part of the approved access list. The employees in the list have limited access to the data center to provide maintenance of servers. These typically involve members of the IT department and the individuals responsible for conducting third party vendor audits.
Another example is the Customer Relationship Management (CRM) tool, where all change management and project management activities are recorded. Employee and Client contact information such as name, title/role, email, phone number and communication details are stored in this tool.
OmniComm utilizes reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process and to prevent unauthorized disclosure of data.
OmniComm Systems, Inc. provides services internationally and receives information from all over the world. Whenever OmniComm Systems, Inc. is required to transfer personal information, regardless of where this occurs, OmniComm Systems, Inc. protects confidentiality, integrity and availability of personal information by physical and logical security measures. OmniComm Systems, Inc. has written procedures in place regulating the protection of confidential data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
OmniComm Systems, Inc. takes steps through OmniComm’s validation process to ensure that personal information is reliable to its use, that the data is accurate, complete and current. OmniComm Systems, Inc. does not process information that is incompatible with the original purposes for which it has been collected unless subsequently authorized by the individual.
Upon request, individuals will be granted reasonable access to personal information that OmniComm Systems, Inc. holds about them. In addition, upon request, OmniComm Systems, Inc. will take reasonable steps to allow individuals to correct, amend, or delete information that is found to be inaccurate or incomplete.
OmniComm Systems, Inc. has written procedures in place that regulate regular internal compliance audits of the privacy principles. Internal audits are conducted on a regular basis by the OmniComm Compliance Committee or by a third party as delegated by the Compliance Committee. The Compliance Committee is comprised of a cross-section of department and affiliate representatives across the companies, who have authority to enforce the policies that are created. The CEO has the ultimate responsibility and authority for managing all Quality Systems. Non-compliance issues are investigated and corrective actions are put in place and followed up until resolution for any problems arising out of a failure to comply with the principles. Remedy actions could include disciplinary actions, up to and including termination of employees.
In compliance with the Privacy Shield Principles, OmniComm commits to resolve complaints about our collection or use of your personal information.
OmniComm has further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution / American Arbitration Association (ICDR/AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of the ICDR/AAA are provided at no cost to you.
OmniComm has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
All individuals are encouraged to please forward any complaints, issues, concerns, or questions regarding the collection, the use or disclosure of personal information to email@example.com or to:
OmniComm Systems, Inc.
Attention: Compliance Department
2101 West Commercial Boulevard, Suite 3500
Fort Lauderdale, FL 33309, USA
For non-HR data transferred from the EU or Switzerland, OmniComm has registered with the American Arbitration Association (AAA) as an independent recourse mechanism to resolve complaints at http://go.adr.org/privacyshield.html
For HR data transferred from the EU for use in the context of the employment relationship, OmniComm has registered with the EU data protection authorities (DPAs) as an independent recourse mechanism to resolve complaints at http://ec.europa.eu/justice/data-protection/bodies
For HR data transferred from Switzerland for use in the context of the employment relationship, OmniComm has registered with the Swiss Federal Data Protection and Information Commissioner (FDPIC) as an independent recourse mechanism to resolve complaints at https://www.edoeb.admin.ch/
Notification of Policy Changes
The OmniComm Systems, Inc. organization is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
There exists the possibility, under certain conditions, for the individual to invoke binding arbitration when other dispute resolution procedures have been exhausted.
OmniComm Systems, Inc. is required to disclose personal information in response to lawful requests by public authorities, including those necessary to meet national security or law enforcement requirements.
OmniComm Systems, Inc. acknowledges the potential liability in cases of onward transfers to third parties of personal data of EU or Swiss individuals received pursuant to Privacy Shield.
OmniComm will retain personal information for as long as the account is needed to provide products or services; as outlined in previously stated agreements at the time of collection; and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements; or to the extent permitted by law.
At the end of the retention period, OmniComm will delete this Personal Information in a manner designed to ensure that it cannot be reconstructed or read according to its Document Retention Policy.