Polaris Management Partners, LLC

 

Last updated: May 11, 2017

Polaris Management Partners, LLC Privacy Shield Compliant Privacy Policy

Privacy Policy

We self-certify compliance with: EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield| U.S. Department of Commerce

I. Introduction

Polaris Management Partners, LLC (“Polaris”) assists life sciences companies (“Clients”) with their compliance, finance, sales and marketing processes by providing management consulting services. In providing these services, Polaris may make use of individuals’ Personal Data provided to Polaris by its Clients. Protecting this personal data is important to Polaris.

Polaris generally does not collect Personal Data directly from individuals, nor is Polaris’ website designed to obtain or collect Personal Data from individuals. Nonetheless, with respect to such Personal Data that Polaris does collect and receive from individuals residing in the European Union (“EU”) and Switzerland, Polaris complies with both the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland.

Accordingly, Polaris adheres to the Privacy Shield Privacy Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, liability and enforcement as this adherence pertains to Polaris’ participation in both the EU-U.S. Privacy Shield Framework and the Swiss-US Privacy Shield Framework.

To learn more about the Privacy Shield program, and to view Polaris’ certification page, please visit https://www.privacyshield.gov/. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Principles shall govern. This Policy explains Polaris’ privacy practices only in relation to the Privacy Shield, and applies to Personal Data received by Polaris from entities in the EU and Switzerland.

Polaris is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

II. Definitions

As used in this Policy, “Personal Data” or “Data” means any information or data that (1) is transferred from the EU to the United States and from Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to, a specific individual; and (4) can be linked to that individual.

As used in this Policy, “Data Controller” means the party that determines the purposes for which and the manner in which any personal data is processed.

As used in this Policy, “Data Processor” means the party that processes the Personal Data on behalf of, and according to the instructions of, the Data Controller.

As used in this Policy, “Processing” broadly covers any activity taken with respect to the data, such as collecting, storing, transmitting and deleting data.

III. Types of Personal Data Collected or Processed by Polaris

Polaris assists life sciences companies with their compliance, finance, sales and marketing processes by providing automated solutions and management consulting services. In providing these services, Polaris may make use of Personal Data of individuals provided to Polaris by its Clients. Protecting this Personal Data is important to Polaris. Polaris does not collect Personal Data directly from individuals, nor is Polaris’ website designed to obtain or collect Personal Data from individuals. Instead, clients of Polaris may use software designed and supported by Polaris to collect Personal Data, and may make such information available to Polaris in order for Polaris to carry out the services purchased by them.

Personal Data processed by Polaris concern the following categories of data subjects: Employees, consultants or agents of Clients or their business partners; healthcare professionals, meaning those who are members of the medical, dental, pharmacy and nursing professions and any other persons who, in the course of their professional activities may prescribe, recommend, purchase supply or administer a pharmaceutical product; and patients who are prescribed or use any products supplied by Polaris’ customers.

Personal Data processed by Polaris concern the following categories of data: Name, address, contact information, log-in information, affiliation, information about payments made to healthcare professionals, and services provided by healthcare professionals.

IV. Third Parties to Which Polaris Discloses Personal Data and the Purposes for which Polaris Shares Personal Data with such Third Parties

A. Disclosure of Personal Data

We may disclose Personal Data as described below and as described elsewhere in this Privacy Policy.

1.Third Party Service Providers. As noted above, Polaris does not collect Personal Data directly from individuals. Instead, Clients may make Personal Data available to Polaris in order for Polaris to carry out the consulting services purchased by them. With respect to Personal Data made available to Polaris by Clients, Polaris may share such Personal Data with third party service providers to: Provide and maintain information technology services; to conduct quality assurance testing; to respond to help and other support requests; and/or to provide other services to Clients and their business partners. These third party service providers are required not to use Personal Data other than to provide the services contracted by Polaris. Polaris requires its service providers to whom it discloses Personal Data to contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Privacy Shield principles.

2.  Affiliates and Acquisitions. As noted above, Polaris does not collect Personal Data directly from individuals. Instead, clients of Polaris may make Personal Data available to Polaris in order for Polaris to carry out the consulting services purchased by them. With respect to Personal Data made available to Polaris by clients of Polaris, Polaris may share some or all of such Personal Data with our subsidiaries or other companies under a common control (“Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy. If another company acquires our company, business or our assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy.

3. Other Disclosures. Regardless of any choices you make regarding your Personal Data (as described below), Polaris may disclose Personal Data if it believes in good faith that such disclosure is necessary (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas or warrants served on Polaris; (c) to protect or defend the rights or property of Polaris or users of Polaris’ services; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy. Polaris may be required to disclose an individual’s Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

 V. Commitment to Process Personal Data Only in Accordance with Privacy Shield Principles

Polaris complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Polaris has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In addition, certain Personal Data may be subject to more specific privacy policies of Polaris, which are also consistent with the requirements of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework and the GDPR. For example, Personal Data obtained from or relating to clients or former clients is further subject to the terms of any specific privacy notice provided to the client, any contractual arrangements with the client, and applicable laws and professional standards.

A. Principles

1. Notice

Polaris shall make their privacy policy publicly available on our website. Polaris shall inform individuals how to file complaints against the use of Personal Data under the Privacy Shield, and provide the information to the independent dispute resolution body designated to address complaints and provide appropriate recourse free of charge.

2. Choice

While Polaris does not collect Personal Data directly from individuals, Clients may, from time to time, transfer Personal Data to Polaris consistent with the services contracted by the Client. When Personal Data is transferred to Polaris by a Client, the Client is the Data Controller and is responsible for extending the choice of how Personal Data is shared with a third party. Individuals wishing to exercise choice over their Personal Data should contact the Client and/or the entity that originally obtained their Personal Data. Should Polaris in the future collect Personal Data directly from individuals, Polaris will provide individuals an opportunity to choose (or “opt-out”) whether their Personal Data is shared.

Polaris will seek express, prior opt-in consent before disclosing Personal Information for a purpose different than that for which it was originally collected or other than as set forth in this Privacy Policy.

3. Onward Transfers

As noted above, Polaris does not collect Personal Data directly from individuals. Should Polaris in the future collect Personal Data directly from individuals, when disclosing such Personal Data to a third party, Polaris shall ensure that the third party subscribes to the Privacy Shield Principles, and agrees in writing to provide at least the same protection as that required by the Privacy Shield Principles. Additionally, should Polaris in the future collect Personal Data directly from individuals, Polaris will provide individuals an opportunity to choose (or “opt-out”) whether their Personal Data is shared. The transfer of such data will be for limited and specified purposes. Polaris acknowledges it has potential liability in cases of onward transfer of such Personal Data to third parties. Upon notice, Polaris will take reasonable and appropriate steps to stop and remediate unauthorized processing.

4. Data Security

Polaris takes reasonable and appropriate security measures to account for the risks related to the processing and nature of Personal Data, including securing Personal Data and protecting it from loss, misuse, and unauthorized access, alteration and destruction, by using physical, electronic and managerial safeguards. Polaris cannot guarantee the security of Information on or transmitted via the Internet.

5. Data Integrity

Polaris shall only use Personal Data that is relevant to the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for those purposes, Polaris shall take reasonable steps to make sure that Personal Data is accurate, complete, current, reliable and relevant for its intended use.

6. Access

Polaris acknowledges the right of individuals to have access to their Personal Data. As a Data Processor, Polaris is obligated to refer individuals who wish to access their Personal Data to the Client that controls their Personal Data.

7. Enforcement

A. Annual Assessment

Polaris shall periodically verify, through self-assessment, that this Privacy Policy is accurate, comprehensive, prominently displayed, completely implemented and accessible. Polaris shall also periodically verify, through self-assessment, that the policy continues to conform to the Privacy Shield Principles, that its employees are trained in implementing the policy, that it has in place procedures for disciplining employees for non-compliance, and that Polaris is in general compliance with its policy and the Privacy Shield.

B. Applicability

In compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework Principles, Polaris commits to resolve complaints about your privacy and our collection or use of your Personal Data. European Union and Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact Polaris:

By Email: EUPrivacyShield@polarismanagement.com

By Phone: 1.646.381.8982

Polaris has further committed to refer unresolved privacy complaints under the EU-U.S. and the Swiss-U.S. Privacy Shield Principles to an independent dispute

resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Polaris has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs and/or the Swiss FDPIC for more information or to file a complaint. The services of EU DPAs and the Swiss FDPIC are provided at no cost to you.

Please note that if your complaint is not resolved through these channels, under limited circumstances a binding arbitration option may be available before a Privacy Shield Panel.

VI. Amendments

This privacy policy may be amended from time to time consistent with the requirements of the Privacy Shield provisions of both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Polaris will post any revised policy on its website.