Polaris Solutions, LLC

Privacy Policy

Last updated: November 21, 2016

 

Introduction

Polaris Solutions, LLC (“Polaris”) assists life sciences companies with their compliance, finance, sales and marketing processes by providing management consulting services. In providing these services, Polaris may make use of individuals’ Personal Data provided to Polaris by its clients. Protecting this personal data is important to Polaris.

Polaris generally does not collect Personal Data directly from individuals, nor is Polaris’ website designed to obtain or collect Personal Data from individuals. Nonetheless, with respect to such Personal Data that Polaris does collect and receive from individuals residing in the European Union (“EU”), Polaris complies with both the United States-European Union Privacy Shield Framework and the EU General Data Protection Regulation (GDPR), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries.

In addition, clients of Polaris may use software systems designed and supported by Polaris to collect personal information, and may make such information available to Polaris in order for Polaris to carry out the services purchased by them. With respect to personal information from individuals residing in the EU or Switzerland that is collected by clients of Polaris using Polaris systems, Polaris’ systems provide disclosures and resources to comply with the Privacy Shield Privacy Principles regarding the collection, use, and retention of personal information.

Accordingly, as applicable to its business activities, Polaris adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.

To learn more about the Privacy Shield program, and to view Polaris’ certification page, please visit https://www.privacyshield.gov/list. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Principles shall govern. This Policy explains Polaris’ privacy practices only in relation to the Privacy Shield, and applies to Personal Data received by Polaris from entities in the EU.

Polaris is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Definitions

As used in this Policy, “Personal Data” or “Data” means any information or data that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to, a specific individual; and (4) can be linked to that individual.

Types of Personal Data Collected or Processed by Polaris

Polaris assists life sciences companies with their compliance, finance, sales and marketing processes by providing automated solutions. In providing these services, Polaris may make use of Personal Data of individuals provided to Polaris by its clients. Protecting this Personal Data is important to Polaris. Polaris does not collect Personal Data directly from individuals, nor is Polaris’ website designed to obtain or collect Personal Data from individuals. Instead, clients of Polaris may use software designed and supported by Polaris to collect Personal Data, and may make such information available to Polaris in order for Polaris to carry out the services purchased by them.

Personal Data processed by Polaris concern the following categories of data subjects: Employees, consultants or agents of customers of Polaris or their business partners; healthcare professionals, meaning those who are members of the medical, dental, pharmacy and nursing professions and any other persons who, in the course of their professional activities may prescribe, recommend, purchase supply or administer a pharmaceutical product; and patients who are prescribed or use any products supplied by Polaris’ customers.

Personal Data processed by Polaris concern the following categories of data: Name, address, contact information, log-in information, affiliation, information about payments made to healthcare professionals, and services provided by healthcare professionals.

Third Parties to Which Polaris Discloses Personal Data and the Purposes for which Polaris Shares Personal Data with such Third Parties

Disclosure of Personal Data

We may disclose Personal Data as described below and as described elsewhere in this Privacy Policy.

Third Party Service Providers. As noted above, Polaris does not collect Personal Data directly from individuals. Instead, clients of Polaris may use software designed and supported by Polaris to collect Personal Data, and may make such information available to Polaris in order for Polaris to carry out the services purchased by them.  With respect to Personal Data made available to Polaris by clients of Polaris, Polaris may share such Personal Data with third party service providers to: Provide and maintain information technology services; to conduct quality assurance testing; to respond to help and other support requests; and/or to provide other services to Polaris customers and their business partners. These third party service providers are required not to use Personal Data other than to provide the services requested by Polaris. Polaris requires its service providers to whom it discloses Personal Data and who are not subject to the laws based on the EU Data Protection Directive 95/46 or Swiss Federal Data Protection law to contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Privacy Shield principles.

On behalf of Polaris’ Customers. As noted above, Polaris does not collect Personal Data directly from individuals. Instead, clients of Polaris may use software designed and supported by Polaris to collect Personal Data, and may make such information available to Polaris in order for Polaris to carry out the services purchased by them.  With respect to Personal Data made available to Polaris by clients of Polaris, Polaris may disclose such Personal Data to government agencies on behalf of Polaris’ customers and their business partners, in the following circumstances: Acting in compliance with contractual commitments to Polaris customers and their business partners, and acting solely in accordance with instructions of such customers and their business partners, Polaris may submit reports to government agencies to comply with “Sunshine Act” and similar transparency laws and regulations in the United States and the European Union.

Affiliates and Acquisitions. As noted above, Polaris does not collect Personal Data directly from individuals. Instead, clients of Polaris may use software designed and supported by Polaris to collect Personal Data, and may make such information available to Polaris in order for Polaris to carry out the services purchased by them.  With respect to Personal Data made available to Polaris by clients of Polaris, Polaris may share some or all of such Personal Data with our subsidiaries or other companies under a common control (“Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy. If another company acquires our company, business or our assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy.

  1. Other Disclosures. Regardless of any choices you make regarding your Personal Data (as described below), Polaris may disclose Personal Data if it believes in good faith that such disclosure is necessary (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas or warrants served on Polaris; (c) to protect or defend the rights or property of Polaris or users of Polaris’ services; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy. Polaris may be required to disclose an individual’s Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Commitment to Process Personal Data Only in Accordance with Privacy Shield Principles

Polaris complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries. Polaris has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.  In addition, certain Personal Data may be subject to more specific privacy policies of Polaris, which are also consistent with the requirements of the U.S.-EU Privacy Shield Framework and the GDPR.  For example, Personal Data obtained from or relating to clients or former clients is further subject to the terms of any specific privacy notice provided to the client, any contractual arrangements with the client, and applicable laws and professional standards.  If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

Principles

Notice

As noted above, Polaris does not collect Personal Data directly from individuals.  Should Polaris in the future collect Personal Data directly from individuals, Polaris will inform individuals about the purpose for which it collects and uses their Personal Data, the types of third parties to whom Polaris may disclose the information, how to contact Polaris with inquiries and complaints, and the choices and means Polaris offers individuals for limiting the use and disclosure of their Personal Data. Polaris will provide such notice in two instances: (1) prior to using Personal Data for a purpose other than that for which it was originally collected by Polaris’ client, or (2) prior to disclosing Personal Data to a third party.

Polaris shall inform individuals how to file complaints against the use of Personal Data under the Privacy Shield, and provide the information to the independent dispute resolution body designated to address complaints and provide appropriate recourse free of charge.

Choice

As noted above, Polaris does not collect Personal Data directly from individuals.  Should Polaris in the future collect Personal Data directly from individuals, Polaris will provide individuals an opportunity to choose (or “opt-out”) whether their Personal Data is (a) to be disclosed to a third party, or (b) used for a purpose other than that for which it was originally collected by Polaris’ client or subsequently authorized by the individual. Such choice may be exercised by contacting Polaris via the contact information set forth below.

Polaris will seek express, prior opt-in consent before disclosing Personal Information for a purpose different than that for which it was originally collected or other than as set forth in this Privacy Policy.

Onward Transfers

As noted above, Polaris does not collect Personal Data directly from individuals.  Should Polaris in the future collect Personal Data directly from individuals, when disclosing such Personal Data to a third party, Polaris shall ensure that the third party subscribes to the Privacy Shield Principles, is subject to law providing the same level of privacy protection as the Privacy Shield Principles, or agrees in writing to provide at least the same protection as that required by the Privacy Shield Principles. The transfer of such data will be for limited and specified purposes. Upon notice, Polaris will take reasonable and appropriate steps to stop and remediate unauthorized processing.  Polaris will provide an individual opt-out or opt-in choice before we share their data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Polaris is potentially liable.

Data Security

As noted above, Polaris does not collect Personal Data directly from individuals.  Should Polaris in the future collect Personal Data directly from individuals, Polaris shall take reasonable and appropriate security measures to account for the risks related to the processing and nature of Personal Data, including securing Personal Data and protecting it from loss, misuse, and unauthorized access, alteration and destruction, by using physical, electronic and managerial safeguards. Polaris cannot guarantee the security of Information on or transmitted via the Internet.

Data Integrity

As noted above, Polaris does not collect Personal Data directly from individuals.  Should Polaris in the future collect Personal Data directly from individuals, Polaris shall only use Personal Data that is relevant to the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for those purposes, Polaris shall take reasonable steps to make sure that Personal Data is accurate, complete, current, reliable and relevant for its intended use.

Access

As noted above, Polaris does not collect Personal Data directly from individuals.  Should Polaris in the future collect Personal Data directly from individuals, individuals will have access to their Personal Data that is held by Polaris, and be able to correct, amend or delete inaccurate information. Individuals may be provided access by using the contact information outlined below. Polaris shall also reserve the right to restrict an individual’s access if it determines (1) the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or (2) the rights of persons other than the individual would be violated.

Enforcement

Annual Assessment

Polaris shall periodically verify, through self-assessment, that this Privacy Policy is accurate, comprehensive, prominently displayed, completely implemented and accessible. Polaris shall also periodically verify, through self-assessment, that the policy continues to conform to the Privacy Shield Principles, that its employees are trained in implementing the policy, that it has in place procedures for disciplining employees for non-compliance, and that Polaris is in general compliance with its policy and the Privacy Shield.

Applicability

In compliance with the EU-US Privacy Shield Principles, Polaris commits to resolve complaints about your privacy and our collection or use of your Personal Data.  European Union individuals with inquiries or complaints regarding this Privacy Policy should first contact Polaris at:

By Email: EUPrivacyShield@polarismanagement.com
By Phone: 1.646.381.8982

Polaris has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances a binding arbitration option may be available before a Privacy Shield Panel.

Polaris has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.  If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint.  The services of EU DPAs are provided at no cost to you.

 Your Choices Regarding Use of Personal Data

Access, Correction and Deletion

Polaris acknowledges that individuals have the right to access the Personal Data that we maintain about them.  As noted above, Polaris does not collect Personal Data directly from individuals.  Should Polaris in the future collect Personal Data directly from individuals, we will offer you choices regarding the collection, use and sharing of your Personal Data. As to any such Personal Data that Polaris collects directly from individuals, Polaris will allow individuals to access, modify and set permissions with respect to Personal Data that it holds about them.

Such access and actions may be taken by contacting Polaris via the contact information set forth above.  Without limiting the generality of the foregoing, an individual may:

  • Control and promote your single online identity
  • Control the information that others see about you
  • Correct data that is no longer valid
  • Opt out completely and remove the Personal Data that we have for you

US-Swiss Safe Harbor Provision

Polaris complies with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from Switzerland.  Polaris has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern.  To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/

In compliance with the US-Swiss Safe Harbor Principles, Polaris commits to resolve complaints about your privacy and our collection or use of your Personal Data.  Swiss citizens with inquiries or complaints regarding this privacy policy should first contact Polaris at:

By Email: EUPrivacyShield@polarismanagement.com
By Phone: 1.646.381.8982

Polaris has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of the Privacy Shield and US-Swiss Safe Harbor Provisions. Polaris will post any revised policy on its website.