Data collected may include personal information collected about you, as you use our website, interact with us, and utilize the Services. “Personal Information” is any information that can be used to identify an individual, and may include name, address, email address, phone number, login information (account number, password), marketing preferences, payment information including name/contact/billing and tax information, and content you provide when participating in any interactive surveys, activities, or events.
Medullan will gather some information automatically when you visit this website, and when you use our Services.
USE OF YOUR INFORMATION
Medullan uses Google Analytics to gather this data to determine customer and Website needs, and to optimize the website for your viewing. Medullan may also use the information to deliver, support, analyze, and improve the Services solution you have requested. Generic information will not reveal the identity of the visitor to this website.
DISCLOSURE OF INFORMATION
Medullan will only disclose personal data to third parties other than law enforcement or a sub-processor at the instruction of the user where there is a lawful basis to do so.
Requirement to Disclose
Medullan may disclose personal data in special cases when we have a good faith belief that such action is necessary to: a) conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; b) protect and defend our rights or property; c) enforce the website Terms and Conditions; d) act to protect the interests of our users or others.
LEGAL BASIS FOR PROCESSING (FOR EEA USERS)
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your information only where:
We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services and to protect our legal rights and interests;
You give us consent to do so for a specific purpose;
We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
Medullan implements physical, administrative, and technical safeguards designed to protect your Personal Information from unauthorized access, use, or disclosure. We also contractually require that our suppliers protect such information from unauthorized access, use, and disclosure. The Internet, however; cannot be guaranteed 100% secure, and we cannot therefore ensure or warrant the security of any personal information you provide to us.
EU-US & Swiss-US Privacy Shield
In compliance with the Privacy Shield Principles, Medullan commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield should first contact Medullan at Medullan Privacy Officer 240 Elm St. 2nd Floor, Somerville, MA 0214, USA or firstname.lastname@example.org.
Medullan has further committed to refer unresolved Privacy Shield complaints to JAMS EU PRIVACY SHIELD, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit JAMS EU Privacy Shield for more information or to file a complaint. The services of JAMS EU Privacy Shield are provided at no cost to you.
Investigatory and Enforcement powers of the FTC
Medullan is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Medullan is also committed to cooperating with EEA and Swiss data protection authorities. If Medullan shares Personal Data with a third-party service provider that processes the data solely on Medullan’s behalf, them Medullan will be liable for that third-party’s processing of Personal Data in violation of the Principles, unless Medullan can provide that it is not responsible for the event giving rise to the damage. In cases of Onward Transfer to third parties of Personal Data of EU individuals received pursuant to the EU-US Privacy Shield, Medullan is potentially liable.
If you are located in the EEA or Switzerland and have exhausted all other means to resolve your concern regarding a potential violation of Medullan’s obligations under the Privacy Shield principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please visit the Privacy Shield website.
By using our website and the Services or by providing any personal information to Medullan, where applicable law permits, you consent to the transfer, processing, and storage of such information outside of your country of residence where the data protection standards may be different. For data stored and used to support the Services, and to respond to any request for such data to be deleted, Medullan has a CRM system. If you choose to provide Medullan with a third party’s personal information (such as name, email, and phone number), you represent that you have the third party’s permission to do so. Your personal data is stored on the secure servers of the CRM system within the US. Medullan retains the data for the duration of your business relationship with us, and otherwise as required under applicable law. If you are located in the EEA (European Economic Area), if you withdraw your consent for the processing of your personal data, all your personal data will be deleted unless we are required to retain this personal data by law or to comply with our regulatory obligations.
How to Access & Control Your Personal Data
Reviewing, Correcting and Removing Your Personal Information
You have the following data protection rights:
You can request access, correction, updates or deletion of your personal information.
You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the US and Canada) are available here.
To exercise any of the rights listed above, please contact us at email@example.com or by mail to Medullan, Inc. 240 Elm St. 2nd Floor, Somerville, MA 02144 USA, Attention: Privacy. We will respond to your request to change, correct, or delete your information within a reasonable timeframe and notify you of the action we have taken.
QUESTIONS ON AND CHANGES TO THIS POLICY
Last updated: March 2, 2020