Connextbio Inc. (“ConnextBio” “we” or “us”) has issued this Global Data Protection and Privacy Notice (“Notice”) to describe how we handle Personal Information that you may provide to us when using our software solutions. We respect the privacy of individuals and are committed to handling Personal Information responsibly and in accordance with applicable laws. This Notice sets out the Personal Information that we collect and process about you, the purposes of the processing, and the rights that you have in connection with it. If you are in any doubt regarding the applicable standards, or have any comments or questions about this Notice, please contact us at the contact details in Section 10 below.
We may require basic information which identifies you as an individual (“Personal Information”), such as your name, email address and phone number, in order to transact business with you, on behalf of the company you work for or as our customer. We will only use such Personal Information for the purposes of providing the services which you have requested, fulfilling business transactions, or for other purposes set out in this Notice.
ConnextBio may also collect Personal Information indirectly from third parties, such as our business partners, or members of your Community.
We may collect the following information, depending on the software application being used:
We do not collect sensitive information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, or data concerning health or sexual orientation.
3.1. Business Transactions
We process Personal Information through ConnextBio’s global IT systems, which include tools and systems that help us to administer customer accounts, orders and business transactions and share information across ConnextBio systems, and with related corporate entities, as described in Section 4.1 below. This includes transferring Personal Information to our servers in the US (see also Section 6.1 below). ConnextBio may host these servers or utilize third party servers and applications, but in either case will be responsible for the security access of Personal Information on the systems.
3.2. SaaS Products
You may provide Personal Information to ConnextBio through our “registration” page or by processing orders when you use the software products which run on ConnextBio's multi-tenant SaaS platforms, or as standalone single tenant instances. We may make use of Personal Information that we collect to help us administer the SaaS products and platforms:
3.3. Other legitimate business purposes
We may also collect and use Personal Information when it is necessary for other legitimate purposes, such as to help us conduct our business more effectively and efficiently, for example, for general IT resourcing on a global level and information security/management.
3.4. Legal Purposes
We also may use your Personal Information where we consider it necessary for complying with laws and regulations, or to exercise or defend the legal rights of the ConnextBio.
4.1. Within Connextbio
Employees, contractors and agents of ConnextBio may be given access to Personal Information which we collect, but their use will be limited to the performance of their duties and the reason for processing. Our employees, contractors and agents who have access to your Personal Information are required to keep that information confidential and are not permitted to use it for any other purposes. Personal Information may be shared among related entities within the ConnextBio group of companies. ConnextBio data centers for the SaaS solutions are located at Amazon Web Services (AWS).
4.2. Service Providers and Partners
ConnextBio will never sell, rent, or disclose to unaffiliated third parties your Personal Information unless we have your permission or are required by law to do so. When we permit a third party to access Personal Information, we will implement appropriate measures to ensure the information is used in a manner consistent with this Notice and that the security and confidentiality of the information is maintained. ConnextBio discloses the Personal Information it collects to the following third parties:
We do so on a "need to know basis" and in accordance with applicable data privacy law.
4.3. Lawful Grounds
We may disclose Personal Information to third parties on other lawful grounds, including:
You can request a correction, update, or deletion of your Personal Information via e-mail. Our contact information is provided in Section 10 below. We will use reasonable efforts to contact you regarding your request. To update or delete your Personal Information or correct an inaccuracy, we may ask you to verify your identity and cooperate with us in our effort.
6.1. Transfer of Personal Information
As we operate at a global level, we may need to transfer Personal Information to countries other than the ones in which the information was originally collected. When we export your Personal Information to a different country, we will take steps to ensure that such data exports comply with applicable laws. For example, if we transfer Personal Information from the European Economic Area to a country outside it, such as the United States, we will implement an appropriate data export solution such as entering into EU standard contractual clauses with the data importer, or taking other measures to provide an adequate level of data protection under EU law.
6.2. Privacy Rights
If you are a resident of the European Union, you can object to processing of your Personal Information, ask us to restrict processing of your Personal Information, or request portability of your Personal Information. You can exercise these rights by contacting us using the contact details provided in Section 5 above. You have the right to contact a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. If we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Personal Information will be retained no longer than necessary in relation to the business purposes for which such Personal Information is provided, and to fulfill legal requirements
We are committed to ensuring that your information is secure. We have put in place appropriate technical, physical, and administrative procedures to safeguard and secure the information we collect in order to prevent unauthorized access or disclosure.
ConnextBio reserves the right, at its discretion, to make changes to any part of the software products, platforms, or this Notice. ConnextBio may change this Notice from time to time by updating this page. You should check this page from time to time to ensure that you are aware of any changes. This Notice is effective from August 1, 2020. By continuing to use the ConnextBio products and services, you consent to this Notice as amended.
If you have any questions or comments about this Notice or about our data handling practices, you may contact:
Data Protection Officer Connextbio Inc. 4683 Garden Spring Lane Salt Lake City, UT 84117
U.S.A. Email: firstname.lastname@example.org
We will investigate your issues and do our best to resolve them as soon as possible.