Global Data Protection and Privacy Notice




1. Introduction

Connextbio Inc. (“ConnextBio” “we” or “us”) has issued this Global Data Protection and Privacy Notice (“Notice”) to describe how we handle Personal Information that you may provide to us when using our software solutions. We respect the privacy of individuals and are committed to handling Personal Information responsibly and in accordance with applicable laws. This Notice sets out the Personal Information that we collect and process about you, the purposes of the processing, and the rights that you have in connection with it. If you are in any doubt regarding the applicable standards, or have any comments or questions about this Notice, please contact us at the contact details in Section 10 below.

2. The types of personal Information we collect

We may require basic information which identifies you as an individual (“Personal Information”), such as your name, email address and phone number, in order to transact business with you, on behalf of the company you work for or as our customer. We will only use such Personal Information for the purposes of providing the services which you have requested, fulfilling business transactions, or for other purposes set out in this Notice.

ConnextBio may also collect Personal Information indirectly from third parties, such as our business partners, or members of your Community.

We may collect the following information, depending on the software application being used:

  • Name: first name and last name
  • Job title or description
  • Contact information including email address and telephone number(s)
  • User names (account alias) and passwords according to the software product specifications to allow users to login and use our Software-as-a-Service (SaaS) products
  • Account information such as how you purchased or signed up for ConnextBio services, your transaction, billing and support history, the ConnextBio services you use, and anything else relating to the account you create.

We do not collect sensitive information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, or data concerning health or sexual orientation.

3. Purposes for which Personal Information is processed

3.1. Business Transactions

We process Personal Information through ConnextBio’s global IT systems, which include tools and systems that help us to administer customer accounts, orders and business transactions and share information across ConnextBio systems, and with related corporate entities, as described in Section 4.1 below. This includes transferring Personal Information to our servers in the US (see also Section 6.1 below). ConnextBio may host these servers or utilize third party servers and applications, but in either case will be responsible for the security access of Personal Information on the systems.

3.2. SaaS Products

You may provide Personal Information to ConnextBio through our “registration” page or by processing orders when you use the software products which run on ConnextBio's multi-tenant SaaS platforms, or as standalone single tenant instances. We may make use of Personal Information that we collect to help us administer the SaaS products and platforms:

  • To analyze system usage and help maintain the operational system
  • To enable you to access customer support portals or to provide customer support services to you
  • To optimize system operation based on usage, and enable future product development and improvements
  • To enable our compliance with export control and other laws and regulations

The Internet is a global environment and using the Internet to collect and process data can involve the transmission of data on an international basis. By using our SaaS products and communicating electronically through the SaaS products, you acknowledge our processing of data in this way. The SaaS products allow users to send documents and communicate with other users. ConnextBio is not responsible for the data protection or privacy practices or the content of other users’ sites. When your communications leave our platforms, we cannot be responsible for the protection and privacy of any information which you provide while visiting such sites and such sites are not governed by this Notice. You should review the data protection and privacy statements applicable to such sites. Our SaaS products use cookies. Most browsers allow you to turn off cookies or to receive a warning before a cookie is stored on your hard drive. Find out more about our cookies in our Cookie Notice.

3.3. Other legitimate business purposes

We may also collect and use Personal Information when it is necessary for other legitimate purposes, such as to help us conduct our business more effectively and efficiently, for example, for general IT resourcing on a global level and information security/management.

3.4. Legal Purposes

We also may use your Personal Information where we consider it necessary for complying with laws and regulations, or to exercise or defend the legal rights of the ConnextBio.

4. Who we share your Personal Information with

4.1. Within Connextbio

Employees, contractors and agents of ConnextBio may be given access to Personal Information which we collect, but their use will be limited to the performance of their duties and the reason for processing. Our employees, contractors and agents who have access to your Personal Information are required to keep that information confidential and are not permitted to use it for any other purposes. Personal Information may be shared among related entities within the ConnextBio group of companies. ConnextBio data centers for the SaaS solutions are located at Amazon Web Services (AWS).

4.2. Service Providers and Partners

ConnextBio will never sell, rent, or disclose to unaffiliated third parties your Personal Information unless we have your permission or are required by law to do so. When we permit a third party to access Personal Information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the security and confidentiality of the information is maintained. ConnextBio discloses the Personal Information it collects to the following third parties:

  • Business partners for the purposes of providing services, support, and products to customers
  • Third parties where disclosure is required or authorized by law
  • Service Providers who provide business services to us.

We do so on a "need to know basis" and in accordance with applicable data privacy law.

4.3. Lawful Grounds

We may disclose Personal Information to third parties on other lawful grounds, including:

  • To comply with our legal obligations, regulations, or to respond to an administrative or judicial process
  • In response to lawful requests by public authorities (including for national security or law enforcement purposes)
  • If necessary to exercise or defend against potential, threatened, or actual litigation
  • If necessary to protect the vital interests of another person
  • In connection with the sale, assignment, or other transfer of all or part of our business
  • With your consent.

5. Controlling your Personal Information

You can request a correction, update, or deletion of your Personal Information via e-mail. Our contact information is provided in Section 10 below. We will use reasonable efforts to contact you regarding your request. To update or delete your Personal Information or correct an inaccuracy, we may ask you to verify your identity and cooperate with us in our effort.

6. EEA Residents

6.1. Transfer of Personal Information

As we operate at a global level, we may need to transfer Personal Information to countries other than the ones in which the information was originally collected. When we export your Personal Information to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer Personal Information from the European Economic Area to a country outside it, such as the United States, we will implement an appropriate data export solution such as entering into EU standard contractual clauses with the data importer, or taking other measures to provide an adequate level of data protection under EU law.

6.2. Privacy Rights

If you are a resident of the European Union, you can object to processing of your Personal Information, ask us to restrict processing of your Personal Information, or request portability of your Personal Information. You can exercise these rights by contacting us using the contact details provided in Section 5 above. You have the right to contact a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. If we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

7. Data Retention

Personal Information will be retained no longer than necessary in relation to the business purposes for which such Personal Information is provided, and to fulfill legal requirements

8. Security

We are committed to ensuring that your information is secure. We have put in place appropriate technical, physical, and administrative procedures to safeguard and secure the information we collect in order to prevent unauthorized access or disclosure.

9. Updates to this Notice

ConnextBio reserves the right, at its discretion, to make changes to any part of the software products, platforms, or this Notice. ConnextBio may change this Notice from time to time by updating this page. You should check this page from time to time to ensure that you are aware of any changes. This Notice is effective from August 1, 2020. By continuing to use the ConnextBio products and services, you consent to this Notice as amended.

10. Contact Information

If you have any questions or comments about this Notice or about our data handling practices, you may contact:

Data Protection Officer Connextbio Inc. 4683 Garden Spring Lane Salt Lake City, UT 84117

U.S.A. Email: dataprotectionofficer@connextbio.com

We will investigate your issues and do our best to resolve them as soon as possible.