This policy was last updated June 19, 2019
1.0 INTRODUCTION (Background and Actions)
1.1 WHAT IS DATA PROTECTION LAW?
Data protection law gives people the right to control how their “personal information”is used. Personal information means any information relating to an identified or identifiable natural person in line with the definition of “personal data” in Directive 95/46/EC. When Pacific Biomarkers collects and uses the personal information of its employees, contractors, business contacts and other third parties this is covered and regulated by data protection law.
1.2 HOW DOES DATA PROTECTION LAW AFFECT PACIFIC BIOMARKERS INTERNATIONALLY?
Data protection law does not allow the transfer of personal information to countries outside Europethat do not ensure an adequate level of data protection. For the purpose of this Policy reference to Europe means the EEA and Switzerland.
1.3 WHAT IS PACIFIC BIOMARKERS DOING ABOUT IT?
To comply with the law, Pacific Biomarkers is taking proper steps to ensure that its use of personal information on an international basis is safe and, hence, lawful. The purpose of this Policy is to establish a framework to satisfy the standards contained in European data protection law and provide an adequate level of protection for all personal information used, collected, and/or transferred.
Although the legal obligations under European law apply only to personal information used and collected in Europe, Pacific Biomarkers will apply this Policy globally, and in all cases where Pacific Biomarkers processes personal information both manually and by automatic means and whether the personal information relates to Pacific Biomarker’s employees, contractors, business contacts or other third parties. Processing in European data protection law means any set of operations performed upon personal information. This is interpreted widely to include collecting, storing, organizing, amending, consulting, destroying and disclosure of the personal information. Central to this Policy are 15 Rules based on, and interpreted in accordance with, relevant European data protection standards that must be followed by each employee or contractor when handling personal information.
1.4 WHAT DOES THIS MEAN IN PRACTICE FOR PERSONAL INFORMATION COLLECTED AND USED IN THE EEA.
European data protection law states that Pacific Biomarkers’ employees, contractors, business contacts and other third parties whose personal information is used and/or collected in Europe and transferred to Pacific Biomarkers entities outside Europe must be able to benefit from certain rights to enforce the Rules set out in this Policy. These individuals will have the right to: seek enforcement of compliance with this Policy, including its appendices, lodge a complaint with a European data protection authority of competent jurisdiction and/or to take action against the Pacific Biomarkers entity responsible for exporting the personal information in the courts of the jurisdiction in which the Pacific Biomarkers entity acted in order to enforce compliance with this Policy, including its appendices; (1)make complaints to a Pacific Biomarkers entity in accordance with the Complaint Handling Procedure, seek appropriate redress from the Pacific Biomarkers entity and responsible for exporting the information, including the remedy of any breach of the Policy by any Pacific Biomarkers entity outside Europe and, where appropriate, receive compensation from the Pacific Biomarkers entity and responsible for exporting the personal information for any damage suffered as a result of a breach of this Policy by Pacific Biomarkers in accordance with the determination of a court or other competent authority; (2)obtain a copy of this Policy, the unilateral declaration made by Pacific Biomarkers in connection with this Policy and the Third Party Beneficiary Rights. In the event of a claim being made in which an individual has suffered damage where that individual can demonstrate that it is likely that the damage has occurred because of a breach of the Policy, Pacific Biomarkers has agreed that the burden of proof to show that a Pacific Biomarkers entity outside Europe is not responsible for the breach, or that no such breach took place, will rest with the Pacific Biomarkers entity responsible for exporting the personal information to that entity outside Europe. Pacific Biomarkers has a system in place to oversee and ensure compliance with all aspects of this Policy. The governance of the Policy is the responsibility of the Data Privacy Officer (DPO).
1.5 FURTHER INFORMATION
If you have any questions regarding the provisions of this Policy, your rights under this Policy or any other data protection issues you may contact the Pacific Biomarkers’ Data Privacy Officer (DPO) and they will either deal with the matter or forward it to the appropriate person or department within Pacific Biomarkers at the following address:
Tel.: (206) 298-0068
Data Privacy Officer
645 Elliot Ave W, Suite 300
Seattle, WA 98119
2.0 PROCEDURE (the Rules)
The Rules are divided into two sections. Section 2.1 addresses the basic principles of European data protection law Pacific Biomarkers must observe when Pacific Biomarkers collects and uses personal information. Section 2.2 deals with the practical commitments made by Pacific Biomarkers to the European data protection authorities in connection with this Policy.
2.1 Basic Principles/Rules
RULE 1 – COMPLIANCE WITH LOCAL LAW
Rule 1 – Pacific Biomarkers will first comply with local law where it exists.
As an organization, Pacific Biomarkers will always comply with any applicable legislation relating to personal data and will ensure that where personal information is collected and used. Where there is no law or the law does not meet the standards set out by the Rules in this Policy, Pacific Biomarkers’ position will be to process personal information adhering to the Rules in this Policy.
RULE 2 – ENSURING TRANSPARENCY AND USING PERSONAL INFORMATION FOR A KNOWN PURPOSE ONLY
Rule 2A – Pacific Biomarkers will explain to individuals, at the time their personal information is collected, how that information will be used.
Pacific Biomarkers will ensure that individuals are always told in a clear and comprehensive way by means of a fair processing statement about the uses and disclosures made of their information.
Individuals are always allowed the opportunity to choose (opt out) whether their personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. Individuals will be provided with clear, conspicuous, and readily available mechanisms to exercise choice.
Rule 2B – Pacific Biomarkers will only obtain and use personal information for those purposes which are known to the individual or which are within their expectations and are relevant to Pacific Biomarkers.
This rule means that Pacific Biomarkers will identify and make known the purposes for which personal information will be used (including the secondary uses and disclosures of the information) when such information is obtained or, if not possible to do so at the point of collection, as soon as possible after that, unless there is a legitimate basis for not doing so such as where it is necessary to safeguard national security or defense, for the prevention or detection of crime, taxation purposes, legal proceedings or where otherwise permitted by law.
Rule 2C – Pacific Biomarkers will only change the purpose for which personal information is used if Pacific Biomarkers makes people aware of such change or it is within their expectations and they can express their concerns.
If Pacific Biomarkers collects personal information for a specific purpose (as communicated to the individual via the relevant fair processing statement) and subsequently Pacific Biomarkers wishes to use the information for a different or new purpose, the relevant individuals will be made aware of such a change unless there is a legitimate basis for not doing so as described in Rule 2B above. In certain cases, the individual’s consent to the new uses or disclosures will be necessary.
RULE 3 – ENSURING DATA QUALITY
Rule 3A – Pacific Biomarkers will keep personal information accurate and up to date.
The main way of ensuring that personal information is kept accurate and up to date is by actively encouraging individuals to inform Pacific Biomarkers when their personal information changes.
Rule 3B – Pacific Biomarkers will only keep personal information for as long as is necessary.
Pacific Biomarkers will comply with the Pacific Biomarkers Procedure for Document and Record Retention Management (as amended periodically) which sets out a set of general requirements for documents and records applicable globally throughout Pacific Biomarkers.
Rule 3C – Pacific Biomarkers will only keep personal information which is adequate, relevant, and not excessive.
Pacific Biomarkers will identify the minimum amount of personal information that is required in order to properly fulfil its purpose.
RULE 4 – TAKING APPROPRIATE SECURITY MEASURES
Rule 4A – Pacific Biomarkers will always adhere to its IT Security Policies.
Pacific Biomarkers will comply with the requirements in the Computer Systems Standardization and Security Procedure as revised and updated periodically together with any other security procedures relevant to our business.
Rule 4B – Pacific Biomarkers will ensure that providers of services to Pacific Biomarkers also adopt appropriate and equivalent security measures.
European law expressly requires that where a provider of a service to any Pacific Biomarkers entities has access to customers’, contractors’, business contacts’ or employees’ personal information (e.g. a payroll provider), strict contractual obligations dealing with the security of that information are imposed to ensure that such service providers act only on Pacific Biomarkers’ instructions when using that information and that they have in place equivalent technical and organizational security measures to safeguard the personal information.
Rule 4C- Where Pacific Biomarkers entities process personal information on behalf of other entities those entities will adhere to Rule 4A and act only on the instructions of Pacific Biomarkers on whose behalf the processing is carried out.
Where a service provider is a Pacific Biomarkers entity processing personal information on behalf of another Pacific Biomarkers entity the Pacific Biomarkers service provider must act only on the written instructions of the Pacific Biomarkers entity on whose behalf the processing is carried out and ensure that it has in place equivalent technical and organizational security measures to safeguard the personal information.
RULE 5 – HONOURING INDIVIDUALS’ RIGHTS
Rule 5A – Pacific Biomarkers will adhere to the Subject Access Procedure and will be receptive to any queries or requests made by individuals in connection with their personal information.
Individuals are entitled (by making a written request to Pacific Biomarkers) to be supplied with a copy of any personal information held about them (including both electronic and paper records). Pacific Biomarkers will follow the steps set out in the Subject Access Procedure (see Appendix 1) when dealing with subject access requests.
Rule 5B – Pacific Biomarkers will deal with requests to delete, rectify or block inaccurate personal information or to cease processing personal information in accordance with the Subject Access Procedure.
Individuals are entitled to rectification, deletion or blocking, as appropriate, of personal information which is shown to be inaccurate and, in certain circumstances, to object to the processing of their personal information. Pacific Biomarkers will follow the steps set out in the Subject Access Procedure (see Appendix 1) in such circumstances.
RULE 6 – ENSURING ADEQUATE PROTECTION FOR OVERSEAS TRANSFERS
Rule 6 – Pacific Biomarkers will not transfer personal information to third parties outside Pacific Biomarkers without ensuring adequate protection for the information in accordance with the standards set out by this Policy.
In principle, international transfers of personal information to third parties outside the Pacific Biomarkers entity is not allowed without appropriate steps being taken; for example, contractual clauses (such as the EU standard contractual clauses) which will protect the personal information being transferred.
In the context of an onward transfer, Pacific Biomarkers has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Pacific Biomarkers shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless organization proves that is it’s not responsible for the event giving rise to the damage.
RULE 7 – SAFEGUARDING THE USE OF SENSITIVE PERSONAL INFORMATION
Rule 7A – Pacific Biomarkers will only use sensitive personal information if it is absolutely necessary to use it.
Sensitive personal information is information relating to an individual’s racial or ethnic origin, political opinions, religious or other beliefs, trade union membership, health, sex life and criminal convictions. Pacific Biomarkers will assess whether sensitive personal information is required for the proposed use and when it is absolutely necessary in the context of the business.
Rule 7B – Pacific Biomarkers will only use sensitive personal information where the individual’s express consent has been obtained unless Pacific Biomarkers has a legitimate basis for doing so.
In principle, individuals must expressly agree to the collection and use of sensitive personal information by Pacific Biomarkers unless Pacific Biomarkers has a legitimate basis for doing so. This permission to use sensitive personal information by Pacific Biomarkers must be genuine and freely given.
RULE 8 – LEGITIMISING DIRECT MARKETING
Rule 8A – Pacific Biomarkers will allow customers to opt out of receiving marketing information.
One of the data protection rights that individuals have is the right to object to the use of their personal information for direct marketing purposes and Pacific Biomarkers will honor all such opt out requests.
Rule 8B – Pacific Biomarkers will suppress from marketing initiatives the personal information of individuals who have opted out of receiving marketing information.
Pacific Biomarkers will take all necessary steps to prevent the sending of marketing materials to individuals who have opted out.
RULE 9 – AUTOMATED INDIVIDUAL DECISIONS
Rule 9 – Where decisions are made by automated means, individuals will have the right to know the logic involved in the decision and Pacific Biomarkers will take necessary measures to protect the legitimate interests of individuals.
There are particular requirements in place under European data protection law to ensure that no evaluation of, or decision about, a data subject which significantly affects them can be based solely on the automated processing of personal information unless measures are taken to protect the legitimate interests of individuals.
2.2 SECTION B
RULE 10 – TRAINING
Rule 10 – Pacific Biomarkers will provide appropriate training to employees who have permanent or regular access to personal information, who are involved in the collection of personal information or in the development of tools used to process personal information.
RULE 11 – AUDIT
Rule 11 – Pacific Biomarkers will comply with the Data Protection Binding Corporate Rules Policy Audit Protocol set out in Appendix 2.
RULE 12 – COMPLAINT HANDLING
Rule 12 – Pacific Biomarkers will comply with the Data Protection Binding Corporate Rules Policy Complaint Handling Procedure set out in Appendix 3.
Should a complainant dispute the response, under certain circumstances they may invoke binding arbitration regarding Privacy Shield compliance. Additional information is set out in Appendix3 and can be referenced at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
RULE 13 – COOPERATION WITH DATA PROTECTION AUTHORITIES
Rule 13 – Pacific Biomarkers will comply with the Data Protection Binding Corporate Rules Policy Co-operation Procedure set out in Appendix 4.
RULE 14 – UPDATE OF THE RULES
Rule 14 – Pacific Biomarkers will comply with the Data Protection Binding Corporate Rules Policy Updating Procedure set out in Appendix 5.
RULE 15 – ACTIONS IN CASE OF NATIONAL LEGISLATION PREVENTING RESPECT FOR
Rule 15A – Pacific Biomarkers will ensure that where it has reason to believe that the legislation applicable to it prevents it from fulfilling its obligations under the Policy and which has a substantial effect on its ability to comply with the Policy, Pacific Biomarkers will promptly inform the CPO unless otherwise prohibited by a law enforcement authority.
Rule 15B – Pacific Biomarkers will ensure that where there is a conflict between the national law and this Policy the CPO will make a responsible decision on the action to take and will consult the data protection authority with competent jurisdiction in case of doubt.
PART III – APPENDICES
APPENDIX 1: SUBJECT ACCESS PROCEDURE
- SUBJECT ACCESS OVERVUE
1.1 European Data Protection law gives individuals whose personal information is collected and/or used in Europethe right to be informed whether any personal information about them is being processed by an organization. This is known as the right of subject access. In this policy Europe means the EEA plus Switzerland
1.3 Where a subject access request is subject to European data protection law because it is made in respect of personal information collected and/or used in Europe, such a request will be dealt with by Pacific Biomarkers in accordance with this Procedure, but where the applicable European data protection law differs from this Procedure, the local data protection law will prevail.
1.4 An individual making a valid request to Pacific Biomarkers is entitled to:
1.4.1 Be informed whether Pacific Biomarkers holds and is processing personal information about that person.
1.4.2 Be given a description of the personal information, the purposes for which they are being held and processed and the recipients or classes of recipient to whom the information is, or may be, disclosed by Pacific Biomarkers.
1.4.3 Communication in intelligible form of the personal information held by Pacific Biomarkers.
1.5 The request must be made in writing, which can include email, unless the local data protection law provides that an oral request may be made, in which case Pacific Biomarkers will record the request and provide a copy to the individual making the request before dealing with it
1.6 Under normal circumstances no fee will be applied
1.7 Pacific Biomarkers must respond to a valid request within 20 working days of receipt of that request.
1.8 Pacific Biomarkers may ask for such information which it may reasonably require in order to confirm the identity of the individual making the request and to locate the information which that person seeks.
2.1 Receipt of a Subject Access Request
2.1.1 If any employee or subcontractor of Pacific Biomarkers receives any request from an individual for their personal information, they must pass the communication to the Data Compliance Officer immediately upon receipt indicating the date on which it was received together with any other information which may assist the company legal counsel and the DPO to deal with the request.
2.1.2 The request does not have to be official or mention data protection law to qualify as a subject access request.
2.2 Initial Steps
2.2.1 The company legal counsel and the DPO will make an initial assessment of the request to decide whether it is a valid request and whether confirmation of identity, or any further information, is required.
2.2.2 The company legal counsel and the DPO will then contact the individual in writing to confirm receipt of the subject access request, seek confirmation of identity or further information, if required, or decline the request if one of the exemptions to subject access applies.
2.3 Exemptions to subject access
2.3.1 A valid request may be refused on the following grounds;
(a) Where the subject access request is made to Pacific Biomarkers and relates to the use or collection of personal information by that entity, if the refusal to provide the information is consistent with the data protection law within that jurisdiction, or;
(b) Where the subject access request does not fall within 2.3.1(a) and;
(i) if, in the opinion of Pacific Biomarkers it is necessary to do so to safeguard the legitimate business interests of Pacific Biomarkers, national or public security, defense, the prevention, investigation, detection and prosecution of criminal offences, for the protection of the data subject or of the rights and freedoms of others; or
(ii) if the personal information held by Pacific Biomarkers is processed by or on behalf of Pacific Biomarkers solely for scientific purposes or are kept as personal information for a period which does not exceed the period necessary for the sole purpose of creating statistics; or
(iii) if the personal information is held by Pacific Biomarkers in non-automated form and is not or will not become part of a filing system.
2.4 The Search and the Response
2.4.1 The DPO will arrange a search of all relevant electronic and paper filing systems.
2.4.2 The company legal counsel and the DPO may refer any complex cases to executive management for advice, particularly where the request includes information relating to third parties or where the release of personal information may prejudice commercial confidentiality or legal proceedings.
2.4.3 The information requested will be collated by the company legal counsel and the DPO into a readily understandable format (internal codes or identification numbers used at Pacific Biomarkers that correspond to personal data shall be translated before being disclosed). A cover letter will be prepared by the company legal counsel and the DPO which includes information required to be provided in response to a subject access request.
2.4.4 Where the provision of the information in permanent form is not possible or would involve disproportionate effort there is no obligation to provide a copy of the information. The other information referred to in 1.2 above must still be provided. In such circumstances the individual may be offered the opportunity to have access to the information by inspection or to receive the information in another form.
2.5 Requests for deletion, rectification or blocking of personal information
2.5.1 If a request is received for the deletion, rectification or blocking of that individual’s personal information, such a request must be considered and dealt with as appropriate by the company legal counsel and the DPO.
2.5.2 If a request is received advising of a change in that individual’s personal information, such information must be rectified or updated accordingly if Pacific Biomarkers is satisfied that there is a legitimate basis for doing so.
2.5.3 If the request is to cease processing that individuals’ personal information because the rights and freedoms of the individual are prejudiced by virtue of such processing by Pacific Biomarkers, or on the basis of other compelling legitimate grounds, the matter will be referred by the company legal counsel and the DPO senior management for advice and follow-up. Where the processing undertaken by Pacific Biomarkers is required by law, the request will not be regarded as valid.
2.6 All queries relating to this policy are to be addressed to the DPO.
APPENDIX 2: AUDIT PROTOCOL
2.1 Scope of audit
Pacific Biomarkers Quality Assurance Department will be responsible for performing the audits (although from time to time Pacific Biomarkers may appoint third party auditors to carry out the audits on its behalf in accordance with clause 2.4 below) and will ensure that such audits address all aspects of the Policy, including all IT systems, databases, security policies, training, privacy policies and contractual provisions in place within Pacific Biomarkers.
2.2 Responsibility for compliance
Pacific Biomarkers Quality Assurance Department will be responsible for ensuring that any issues or instances of non-compliance are brought to the attention of Pacific Biomarkers’ Executive Management which is committed to ensuring that any corrective actions take place as soon as is reasonably possible.
Audit of the Policy will take place annually or within a shorter timescale at the instigation of Pacific Biomarkers Quality Assurance Department. The scope of the audit performed annually will be decided by Pacific Biomarkers Quality Assurance Department based on a risk and materiality assessment which will be updated annually.
Audit of the Policy will be undertaken by Pacific Biomarkers Quality Assurance Department but reliance on work performed by other accredited internal/external auditors may be determined by Pacific Biomarkers Quality Assurance Department. Pacific Biomarkers Quality Assurance Department will manage and provide quality assurance of audit work performed by others.
Pacific Biomarkers has agreed to provide copies of the results of any audit of the Policy to a European data protection authority of competent jurisdiction upon request subject to applicable law and respect for the confidentiality and trade secrets of the information provided. Pacific Biomarkers Quality Assurance Department will be responsible for liaising with the European data protection authorities for this purpose. In addition, Pacific Biomarkers has agreed that data protection authorities may audit Pacific Biomarkers for the purpose of reviewing compliance with the Policy in accordance with the provisions of clause 5 of the Co-operation Procedure. Pacific Biomarkers Quality Assurance Department will also be responsible for liaising with the European data protection authorities for this purpose.
APPENDIX 3: COMPLAINT HANDLING PROCEDURE
Complaint Handling Procedure
How individuals can bring complaints:
Individuals can bring complaints in writing by contacting the Pacific Biomarkers DPO. Complaints should be addressed to firstname.lastname@example.org.
Who handles complaints?
The Pacific Biomarkers company legal counsel and the DPO will handle all complaints arising under the Policy. The Pacific Biomarkers company legal counsel and the DPO will liaise with colleagues from relevant business support units as appropriate to deal with complaints.
What is the response time?
Unless exceptional circumstances apply, the Pacific Biomarkers company legal counsel and the DPO will acknowledge receipt of a complaint to the individual concerned within 5 working days, investigating and making a substantive response within one month. If, due to the complexity of the complaint, a substantive response cannot be given within this period, the Pacific Biomarkers company legal counsel and the DPO will advise the complainant accordingly and provide a reasonable estimate (not exceeding six months) for the timescale within which a response will be provided.
When a complainant disputes a finding
If the complainant disputes the response of Pacific Biomarkers company legal counsel and the DPO or any aspect of a finding, under certain conditions they may invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Additional information on this process can be referenced at: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
If the complaint is upheld, the Pacific Biomarkers DPO will arrange for any necessary steps to be taken as a consequence.
In compliance with the Privacy Shield Principles, Pacific Biomarkers commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Pacific Biomarkers at:
Att. Data Privacy Officer
645 Elliott Ave W. Suite 300
Seattle WA 98115
Pacific Biomarkers has further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution-American Arbitration Associate (ICDR-AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visithttps://www.icdr.org/for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.
Certain individuals whose personal information is collected and/or used and in accordance with European data protection law have rights under the Policy to complain to a European data protection authority and/or to lodge an application with a court of competent jurisdiction if they are not satisfied with the way in which the complaint has been resolved. Individuals entitled to such rights will be notified accordingly as part of the complaints handling procedure.
APPENDIX 4: CO-OPERATION PROCEDURE
- Where required, Pacific Biomarkers will make the necessary personnel available for dialogue with a European data protection authority in relation to the Policy.
- Pacific Biomarkers will actively review and consider: any decisions made by relevant European data protection authorities on any data protection law issues that may affect the Policy; and the views of the Article 29 Working Party as outlined in its published guidance on Binding Corporate Rules.
- Pacific Biomarkers will provide upon request copies of the results of any audit of the Policy to a European data protection authority of competent jurisdiction subject to applicable law and respect for the confidentiality and trade secrets of the information provided.
- Where any Pacific Biomarkers entity is located within the jurisdiction of a data protection authority based in Europe, Pacific Biomarkers agrees that data protection authority may audit Pacific Biomarkers for the purpose of reviewing compliance with the Policy, in accordance with the applicable law of the country in which the Pacific Biomarkers entity is located, or, as in the case of Pacific Biomarkers located outside Europe, in accordance with the applicable law of the European country from which the personal information is transferred under the Policy, on giving reasonable prior notice and during business hours, with full respect to the confidentiality of the information obtained and to the trade secrets of Pacific Biomarkers.
- Pacific Biomarkers agrees to abide by a formal decision of the applicable data protection authority which is final and against which no further appeal is possible on any issues related to the interpretation and application of the Policy.
- Pacific Biomarkers, a company located in the United States, is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
- At times Pacific Biomarkers may be required to disclose personal information in response to lawful request by the public authorities whom have jurisdiction over Pacific Biomarkers, including to meet national security or law enforcement requests.
APPENDIX 5: UPDATING PROCEDURE
- Pacific Biomarkers will communicate any material changes to the Policy to relevant European data protection authorities in the year made.
- Pacific Biomarkers will communicate any changes to the Policy to the Pacific Biomarkers entities bound by the Policy and to the data subjects who benefit from the Policy. The Policy contains a chronology log which sets out the date the Policy is revised and the details of any revisions made.
- The appointed DPO will ensure that an up to date list of the Pacific Biomarkers entities is maintained and ensure that all new Pacific Biomarkers entities are bound by the Policy before a transfer of personal information to them takes place. Pacific Biomarkers will communicate any substantial changes to the list of Pacific Biomarkers entities once a year. Otherwise, Pacific Biomarkers will communicate an up to date list of entities to relevant European data protection authorities when required.
- Why we gather information
We at Pacific Biomarkers strive to make a difference and improve the life of millions of people affected by illnesses around the world. We use information about our visitors to improve our services and gather vital information that could help us improve our websites. We take your privacy seriously, and we only collect and keep information as long as we need it for a specific task. We will never transfer or sell personally identifiable information about our visitors to a third party unless we explicitly state so at the time of collection, or ask for your permission before doing so.
- Two types of information
Some information we ask you for directly, but other information is collected automatically. All information collected automatically is stored in an aggregate form and cannot be used to identify you as a specific individual. To provide additional functionality on our websites, answer your inquiries, and improve our services, we occasionally ask you to provide us with information that can at times be personally identifiable and sensitive. As a result, information gathered by us can be divided into two main categories: personally identifiable and sensitive information, and aggregated visitor statistics. We do not link aggregated visitor statistics with personally identifiable and sensitive information.
Aggregated visitor statistics
When you visit our websites, we automatically collect general information about your computer and its location. This information cannot be used to identify you as an individual. This information is only used in aggregate form to tell us where our visitors come from, what they look at, and where they spend the most time. This allows us to improve our websites to create a better experience for you.
Personally identifiable information
At times, we need to collect more personal information about you. Our website might require you to register in order to log in, in which case you will be required to provide personal information about yourself to us. We might also collect your name and email address in order to respond to a question you may pose to us. Typically, the information we ask for includes:
Contact details, such as your name, e-mail/ postal address, company affiliation, title, contact phone number.
We will not gather any personally identifiable information from you unless you specifically agree to provide it to us. We will only gather and store personally identifiable information for the purpose stated during the gathering process. When we finish processing your information for the stated purpose, we will erase and destroy it to ensure your privacy. There is always a lot of information that a company can ask you for, but Pacific Biomarkers will only ask for information where there is a clear and necessary need for that information, which is clearly explained to you. You will always have a choice as to what information you provide. Also, you can write to us and ask for a summary of information we have that relates to you or, if the site does not provide the opportunity for you to directly edit information you provided, contact us to have information deleted or modified.
- How we gather information
There are two main ways in which we gather information.
As with most other web sites, our servers keep logs over which files were downloaded, and which computers downloaded those files. Information gathered by our servers can be analyzed and used to create aggregate visitor statistics which we use for evaluating and improving our website.
- Disclosure to Third Parties
- Protection for Children
Protecting the privacy of children is important. Pacific Biomarkers does not intend to collect personally identifiable information from children (a child is defined as being under the age of 18).
- Customer Questions
Att. Data Privacy Officer
645 Elliott Ave W. Suite 300
Seattle WA 98115
- Changes and Updates
The content presented on the Pacific Biomarkers website is presented solely for informational purposes. The site does not provide you with advice or recommendation of any kind and should not be relied on as the basis for any decision or action.
Information provided ”as is”
The information on this site is provided “as is” and Pacific Biomarkers makes no representations or warranties, expressed or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose or non-infringement. Pacific Biomarkers makes no representations or warranties of any kind as to the completeness, accuracy, timeliness, availability, functionality and compliance with applicable laws. By using this website you accept the risk that the information may be incomplete or inaccurate or may not meet your needs or requirements.
Neither Pacific Biomarkers nor our content providers shall be liable for any damages or injury arising out of your access to, or inability to access, this site or from your reliance on any information provided herein. Pacific Biomarkers disclaims any and all liability for direct, indirect, incidental, consequential, punitive, and special or other damages, lost opportunities, lost profit or any other loss or damages of any kind. This limitation includes damages or any viruses, which may affect your computer equipment.
Links to other sites
This website contains links to other sites that are not owned or controlled by Pacific Biomarkers, please be aware that we are not responsible for or have control over the privacy policies of these sites.
This privacy statement applies only to information gathered on this site. We strongly encourage you to read the privacy statements of every site you visit that gathers personally identifiable information.
Sites linking to us
Pacific Biomarkers does not endorse web sites linking to Pacific Biomarkers sites. Pacific Biomarkers is not responsible for content on these linked sites or for control over information that users may choose to provide to these sites.
Pacific Biomarkers reserves its right to alter, modify, substitute or delete any content of or may restrict access to or discontinue distribution of this site at any time and at its sole discretion.
Copyright and use of content
The content of this website is the property of Pacific Biomarkers and is protected by copyright laws. The trademarks, service marks, trade names, logos and product displayed on this site are protected worldwide, and no use of any of these may be made without the prior written consent of Pacific Biomarkers. You are welcome to download the content of this website, however, only for your personal and non-commercial use. No modification or further reproduction of the contents is permitted. The content may otherwise not be copied or used in any other manner.
Use of questions and comments
Any questions, comments, suggestions or any other communications, including any ideas,
inventions, concepts, techniques or know how you may forward to this site or otherwise to Pacific Biomarkers, electronically or by any other means, are on a non-confidential basis and will become the property of Pacific Biomarkers, which Pacific Biomarkers without restriction may use in any fashion and for any purposes whatsoever including developing, manufacturing and/or marketing goods or services.