What is Covered by this Privacy Policy?

Except as provided in the section, “What is Not Covered by this Privacy Policy?”, this Privacy Policy explains the processing of personal information (“Personal Information”) where the Personal Information is collected on the website or applications where this Privacy Policy is posted (“Websites”).

 

What is Not Covered by this Privacy Policy?

This Privacy Policy does not apply to information processed:

• through offline channels, such as outside of the Websites;
• relating to our employees, personnel, contractors, or applicants for employment;
• as agreed upon in relation to a contractual relationship with a clinical site, client or research partner.
• information collected from individuals enrolled in our research study(ies), including study-related information.

This Privacy Policy does not apply to the information you provide or collected as a part of one of our clinical studies. If you’re enrolled in one of our clinical studies, please refer to the relevant informed consent form provided to you in the enrollment process if you have any questions about how your Personal Information is handled, your data protection rights and who to contact with any questions.

 

Types of Information Collected

Information We May Collect Directly From You. We may collect two types of Personal Information: (i) personally identifiable information and (ii) non-personally identifiable information.

Personally Identifiable Information: Personally identifiable information is information that identifies you or can be used to identify or contact you. The categories of personally identifiable information that may be collected include but are not limited to:

• Profile information, such as your name, email address, mailing address and telephone number;
• Authentication information and account log-in credentials such as your username and password, when you sign up for an account with us;
• Health-related information, such as information about a health condition from your medical records or otherwise, where such information is not provided as a part of a clinical study.
• Troubleshooting and support data, which is data you provide, or we otherwise collect in connection with support queries we receive from you. This may include contact or authentication data, the content of your chats and other communications with us, and the product or service you are using related to your help inquiry;
• Feedback and correspondence, such as information you provide in your responses to surveys, report a problem with the Websites, receive customer support or otherwise correspond with us;
• Payment information when you make a purchase or otherwise subscribe to services that involve payment, such as payment card numbers, expiration dates, associated security codes, and billing address;
• Information you provide so that we can issue payment to you;
• Any other information you submit when you contact us, including any information you provide in a submission through our contact form;
• We may also receive Personal Information from third-party sources, including third party applications that you choose to integrate with the Websites.

Non-Personally Identifiable Information: Non-personally identifiable information is information, any single item which, itself cannot be used to identify or contact you. The categories of non-personally identifiable information that may be collected include but are not limited to:

- demographic information (such as age, profession, gender, location, zip code, birth date or birth year) that has been de-identified so that it is not associated with an individual;
- responses to survey questions queries; or
- IP addresses, browser types, unique device identifiers, device types, requested URLs, referring URLs, browser language, the pages you view, the date and time of your visit, domain names, and other statistical data involving use of the Websites.

Certain non-personally identifiable information may be considered a part of your personally identifiable information if it were combined with other identifiers (for example, combining or associating your name with your survey responses) in a way that enables you to be identified. However, the same pieces of information are considered non-personally identifiable when they are taken alone or combined with only other non-personally identifiable information (for example, your viewing preferences).

Information We May Collect About You Automatically. We may automatically collect Personal Information about you when you.

          We may collect the following information about you:

• Browser and Device Information. Certain information may be automatically collected by most browsers or devices, such as information about user devices (such as IP addresses and MAC addresses), operating systems, and browsers.
• Information Stored in Cookies and Web Beacons. The Websites may also use available web-based technologies to collect personal information, such as cookies or web beacons. Cookies are pieces of information stored directly on users’ computers or devices. Cookies allow us to collect information such as browser type, time spent on the online services, pages visited, referring URL, and other traffic and usage data. We may also use cookies for purposes such as determining what features interest our users, revising our site features or operations, and as further described below. For more information, see the “Your Rights and Choices” section below. Please note that some cookies and web beacons may be set by third parties, who may use the Websites to collect Personal Information about your online activities over time and across different services, applications, and other online products or services.
• Pixel Tags and Log Files. The Websites may also use other tracking systems such as log files and pixel tags. For example, pixel tags, sometimes called web beacons, are similar in function to a cookie and can tell us certain information like what content has been viewed.
• Information Collected in Connection with Analytics Technology. We may use various technologies to learn more about how visitors use the Websites, such as Google Analytics. Google Analytics uses cookies to help us analyze how visitors use the Websites. The information generated by the cookies about your use of the Websites includes your IP address. Many analytics services also allow you to opt out of data collection. For example, to learn more about Google Analytics practices and to opt-out, visit https://www.google.com/settings/ads or by downloading the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout. We may also use other technologies to monitor your activities on our Websites.
• Location Information. When you use the Websites, we may collect information about your location, including general location information that may be associated with your device’s IP address, and, if you allow your device to share information about your location with the Websites, the geolocation of the device you use to access the Websites, which may indicate your precise geolocation.

 

Use of Personal Information

As a general matter, we use, disclose, transmit, transfer, store, and otherwise process your Personal Information when we have an appropriate legal basis.

Further, in general, we may use Personal Information to:

• provide our services’ functionality to you, such as arranging access to an account, responding to your inquiries, and to allow you to use our various services features.
• respond to your inquiries and communicate with you about our services.
• operate and provide support for your use of our services, including to facilitate your registration for and participation in clinical trial activities.
• manage and communicate with you regarding your Target RWE account, if you have one, including by sending you service announcements, technical notices, updates, security alerts, and support and administrative messages.
• store information about your preferences and customize your experience on the Websites.
• analyze usage trends and patterns and measure the effectiveness of the Websites.
• promote our products and services including by sending you newsletters, special offers, and other information we think may be of interest to you, including information about other clinical trials which may be of interest.
• administer, evaluate, and improve our business and the Websites (including developing new products and services; managing our communications; and performing accounting, auditing, billing, reconciliation and collection activities).
• comply with legal and regulatory requirements, judicial process, and our company policies (including due diligence and contracting activities).
• secure the Websites, including by protecting against and responding to fraud, illegal activity (such as incidents of hacking or misuse of the Websites), and claims and other liabilities, including by enforcing our agreements.
• evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceeding.
• create aggregate or de-identified information.
• enforce our policies, terms of use, contracts, or other legal rights.
• fulfill other purposes as you may authorize.

How We May Disclose Your Personal Information

We may disclose Personal Information we collect about you to other parties that may include the following:

• To our collaborators involved in the research such as our steering committee as well as our industry partners who are companies developing medicines in our disease areas of interest.
• To our affiliates and business partners, such as partners involved in joint business transactions.
• To our contractors, service providers, and other third parties we use to support our organization, which may include support of any of the data uses described above.
• To comply with applicable law, other legal requirements, and industry standards.
• To enforce our policies, terms of use, contracts, or other legal rights.
• To investigate or prevent unlawful activities or misuse of the Websites or our services.
• To protect against malicious, deceptive, fraudulent, or illegal activity, and participating in any prosecution or enforcement of laws or agreements meant to prevent or punish such activity.
• To operate, evaluate, debug, identify and repair errors, effectuate similar functional enhancements, and improve our services and offerings.
• To protect the legal rights, property, safety, and security of us, our users, our employees, and others.
• To an actual or potential buyer, successor, or other organization in the event of an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceedings.
• To such other parties as you may authorize.

We may also share aggregate and de-identified information created from our users’ data with third parties for research purposes.

How Long We Keep Personal Information

We will keep your Personal Information for the time period necessary to achieve the purposes for which it was collected, and to comply with law, resolve disputes, and enforce our agreements, as applicable. For example, if you register on our Websites, we will store your information for as long as needed to maintain your account, provide you the functionality as you request it, enforce any applicable terms that govern your use of the Websites, and maintain appropriate records to relevant to your use of the Websites.

 

Your Rights and Choices

We provide you with choices regarding your Personal Information. For example, you can choose not to give us the Personal Information we request, as described in the “Information We May Collect Directly from You” section of this Privacy Policy. However, in some cases, if you decide not to provide the information we request, we will not be able to provide the service or information you requested.

Other examples of your choices include:

• You can browse our website without registering or directly submitting any information to us (although we may still collect some limited information automatically, as described above);
• A cookie banner will appear on your screen the first time when you visit our website, or access the website with a new device, informing you of our use of cookies. You may change your browser settings or to block, manage, or delete cookies, but doing so may prevent you from using the functionality of the Websites. The means by which you can refuse cookies through your web-browser may vary from browser to browser and you should visit your browser’s help menu for more information.
• Some internet browsers have a “do-not-track” feature that lets you tell websites that you do not want to have your online activities tracked. We do not currently respond to browser “do not track” signals.

Changes to your Personal Information

It is important that the Personal Information we hold about you is accurate and current. Please let us know if your Personal Information changes during your relationship with us by updating your registration profile or emailing us at privacy@TargetRWE.com.

Personally Identifiable Information

We use personally identifiable information collected through the Websites as described in this Privacy Policy or as authorized by you or as otherwise disclosed at the time we request such information from you. You generally must “opt in” and give us permission to use your personally identifiable information collected through the Websites for other purposes. You may also change your preference and “opt out” of receiving communications from us by following the directions provided in association with the communication, or by contacting privacy@TargetRWE.com. Please be aware that your Personal Information may have been previously disclosed to third parties. However, even after any “opt-out”, your personally identifiable information may be used and disclosed to a third party upon a good faith belief that such disclosure is required in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process. Without limitation of any other provision contained herein, following your “opt out”, your information that already has been gathered may continue to be used and to be disclosed to third parties, provided that such information will be de-identified so that you cannot be identified anymore.

Can I Update or Correct My Personally Identifiable Information?

You have the right to request the restriction of certain uses and disclosures of personally identifiable information. You can contact us in order to (subject to the following paragraph) (1) update or correct your personally identifiable information or (2) change your preferences with respect to communications and other information you receive from us by contacting privacy@TargetRWE.com. Such updates, corrections, and changes will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, or change. To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.

You should be aware that it is not technologically possible to update or change each record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your personally identifiable information may exist in a form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, or change, as appropriate, all personally identifiable information collected through the Websites and stored in databases we actively use and other readily searchable media, as appropriate, as soon as and to the extent reasonably practicable.

Without limitation of any other provision contained herein, access to Personal Information associated with research studies may be limited if necessary to maintain the integrity of the research.

 

Children

The Websites are not designed for or directed to children under the age of 17 and we do not collect Personal Information from any person we actually know is under the age of 17. We may collect information about children from their parents or guardians which will be held in accordance with this Privacy Policy.

 

Security

We maintain safeguards that are reasonably designed to protect the Personal Information collected. Please note, however, that we cannot and do not guarantee the security of your information, as no method of data storage or transmission is completely secure.

 

Other Sites and Services

Our Websites may contain links to or options to integrate with other websites, applications or services. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services and are not responsible for their actions. Other websites, applications and services follow different rules regarding the use or disclosure of the Personal Information you submit to them. We encourage you to read the privacy policies of the other websites you visit and applications or services you use.

 

Additional Information for EU and Switzerland Residents

Global Data Protection Policy Statement

In addition to our general privacy policy for all visitors to our Websites, it is our policy to respect and protect personal data collected or maintained by or on behalf of Target RWE on citizens outside of the US in accordance with all applicable regulations—therefore, Target RWE adheres to both the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and the Swiss Federal Act on Data Protection (“FADP”).

Target RWE complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Target RWE has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Target RWE has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In instances where Target RWE data transfers outside of the EU or Switzerland, and where such transfers are not covered by the EU-U.S. DPF or the Swiss-U.S. DPF, Target RWE relies on various other mechanisms as the legal means to transfer personal data including consent, written agreements, and standard contractual clauses.

Scope

This Statement describes the principles pursuant to which Target RWE manages Personal Data received: (i) in the course of Target RWE’s operations involving current, prospective and former strategic partners, clients, website and platform users, vendors, and subcontractors (collectively, “Corporate Parties”); and (ii) physicians/investigators, health care professionals, and trial participants (collectively, “Clinical Parties”). In connection with Target RWE’s operations, Target RWE may now and/or in the future: (a) transfer Personal Data of Corporate Parties and/or Clinical Parties outside of the European Economic Area (“EEA”) and Switzerland to the United States; and/or (b) access Personal Data regarding Corporate Parties or Clinical Parties from the United States.

Definitions

“Agent” or collectively, “Agents” means any third party that processes Personal Data pursuant to the instructions of, and solely for, Target RWE or to which Target RWE discloses Personal Data for use on its behalf.

“Citizen” or collectively, “Citizens” means a lawful citizen or citizens of any EEA country or Switzerland and includes Corporate and Clinical Parties.

“EEA” means the European Economic Area which is composed of the following thirty-one (31) countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Ireland, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden.

“Personal Data” means any information any information relating to an identified or identifiable Citizen; an identifiable Citizen is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The term “Personal Data” does not include anonymized information or information that is reported in the aggregate (provided that such aggregated information is not identifiable to a natural person).

“Process” or “Processing” of Personal Data means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.

“Sensitive Personal Data” means Personal Data that reveals race, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data where Processed to uniquely identify a person, any information that concerns medical or health conditions or sex life, or information relating to the commission of a criminal offense.

“Statement” means this Global Data Protection Policy Statement.

GDPR Principles

Personal Data shall be:

1. processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
4. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
5. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).”

We will only use your Personal Data to the extent that the law allows us to do so. Pursuant to the GDPR we rely on the following legal bases for processing your Personal Data:

1. where you have given consent to the processing of your Personal Data;
2. where it is necessary to perform a contract we have entered into or are about to enter into with you; and/or
3. where it is necessary for the purposes of our legitimate interests, including where Personal Data are processed for a scientific research purpose under Art. 89 of the GDPR, and your interests or fundamental rights and freedoms do not override those legitimate interests.

Types of Personal Data Collected

As described above, Personal Data is information relating to an identified or identifiable natural person in the European Economic Area and/or Switzerland. While the types of Personal Data collected vary, the following types of information generally are collected from the following categories of individuals:

As described above, Personal Data is information relating to an identified or identifiable natural person in the European Economic Area and/or Switzerland. While the types of Personal Data collected vary, the following types of information generally are collected from the following categories of individuals:

Study Participants – The information collected from individuals participating in our research studies (“Participants”) is collected with written consent of the Participant, redacted at the respective research study site, and typically transferred as a pseudonymized data set in key-coded form as described in Data Privacy Framework Supplemental Principle 14 Pharmaceutical and Medical Products, subsection (g) “Key-coded Data”, and therefore does not constitute a transfer that would be subject to the DPF Principles. To the extent that study participant information, although key-coded, still provides enough information to be personally identifiable, Target RWE will adhere to all applicable regulations.

Research Study Site Staff, Vendors, and Contractors – The types of Personal Data collected from research study site staff, vendors, and contractors generally include name, e-mail address, phone number, business or home address, and curriculum vitae.

Website Visitors – The types of Personal Data collected from visitors to our Website may generally include name, email address, telephone number, demographic information (such as age, profession, gender, location, zip code, birth date, or year of birth), IP addresses, browser types, unique device identifiers, device types, requested URL, referring URL, browser language, the pages you view, the date and time of your visit, domain names, and other statistical data involving use of the Website.

General Inquirers, Advisors, and Representatives of Our Business Partners and Clients– The types of Personal Data collected from individuals inquiring about our clinical data business and our research studies, from our advisors, and from individuals who represent our business partners and clients generally include name and contact information and queries.

Purposes for Which Personal Data is Collected and Used

Purposes of Information Collected From Study Participants – Personal Data generally is collected from the Participant and used for the purposes of: conducting research studies; regulatory documentation and submissions to relevant agencies, ethics committees/competent authorities; responding to audit and inspection requests by relevant agencies, ethics committees, and competent authorities; community building and data analytics; and presenting and sharing the results and data from research studies. As examples, non-identifiable data associated with Participants is used as part of publications in medical journals in the form of summary statistics; figures included may show individual data points in scatter plots or non-identifiable Participant data may be presented in the form of a case study displaying key highlights of the patient record (such as medication, lab values, comorbidities over time, etc.). In addition to the above, Personal Data may be used in the future for new scientific, medical, and pharmaceutical research activities, including activities that are unanticipated.

Purposes of Information Collected From Research Study Site Staff, Vendors, and Contractors - Personal Data generally is collected from research study site staff, vendors, and contractors and used for the purposes of contacting such individuals; conducting research studies; ensuring appropriate qualifications and training; administering the receipt of services from such individuals; regulatory documentation and submissions to relevant agencies, ethics committees, and competent authorities; responding to audit and inspection requests by relevant agencies, ethics committees, and competent authorities; community building and data analytics; and presenting and sharing the results and data from research studies. In addition to the above, Personal Data may be used in the future for new scientific, medical, and pharmaceutical research activities, including activities that are unanticipated. These activities may include, but are not limited to, periodic follow-up and related studies.

Purposes of Information Collected Through Websites - In general, the Personal Data collected through our Websites is used to conduct and improve our business, to help us understand who uses the Websites, to improve the Websites, for internal operations, and, if you request information or request that we contact you, to respond to your requests. We may also use the information gathered through the Websites (including Personal Data) to perform statistical analysis of user behavior or to evaluate and improve the Websites and our business. Some of this information may be linked to Personal Data for internal purposes.

Purposes of Information Collected From General Inquirers, Advisors, and Representatives of Our Business Partners and Clients – Personal Data generally is collected from inquirers, advisors, and representatives of our business partners and clients in order to respond to the relevant inquiry, to conduct our and improve our business (including conducting research studies), to carry out our relationships with our business partners and clients, and for internal operations.

EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Framework Principles

The EU-U.S. DPF and the Swiss-U.S. DPF outline the following seven “DPF Principles:

1. Notice: In the event that Target RWE collects Personal Data from a Citizen, Target RWE will furnish a notice to the Citizen (e.g., via an Informed Consent Form provided to each clinical study participant in the EEA or Switzerland) that describes: (i) the types of Personal Data that it collects about such Citizens; (ii) the purposes for which it collects such information; (iii) the types of third parties to which it discloses such information, and the purposes for which it does so; and (iv) how to contact Target RWE with any inquiries or complaints. Notice will be provided in clear and conspicuous language at the time of collection, or as soon as reasonably practicable thereafter. In any event, notice will be provided before Target RWE discloses the Personal Data or uses such information for a purpose other than that for which the Personal Data was originally collected or processed.
2. Choice: In the event that Personal Data is to be used for a new purpose that is materially different from the purpose(s) for which the Personal Data was originally collected or subsequently authorized, or transferred to a non-Agent third party, Citizens will be provided, where practical and appropriate, with an opportunity to decline to have their Personal Data so used or transferred. In the event that the Personal Data used for a purpose other than that for which it was originally collected or subsequently authorized or transferred to the control of a non-Agent third party is Sensitive Personal Data, the Citizen’s affirmative express consent will be obtained prior to the use or transfer of the Sensitive Personal Data or as otherwise permitted in accordance with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles.
3. Accountability for Onward Transfer: Before we disclose any of your transfer data to a third party we will require that such third party provide the same level of privacy protection as is required by the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles. Target RWE’s accountability for transfer data that it receives under the EU-U.S. DPF and the Swiss-U.S. DPF and transfers to a third party is outlined in the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles. In particular, Target RWE remains liable under the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles if third-party agents that it retains to process transfer data on Target RWE’s behalf process such transfer data in a manner inconsistent with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles, unless Target RWE can prove that it is not responsible for the event giving rise to the damage.
4. Security: Target RWE takes reasonable and appropriate administrative, technical and physical precautions designed to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, regardless of whether such Personal Data is in electronic or tangible, hard copy form.
5. Data Integrity and Purpose Limitation: Target RWE endeavors to limit the collection, usage, and retention of Personal Data to that which is relevant for the intended purposes of Processing, and takes reasonable steps designed to ensure that all Personal Data is reliable for its intended use, accurate, complete and current.
6. Access: Citizens may seek confirmation regarding whether Target RWE is Processing Personal Data about them, request access to their Personal Data and ask that Target RWE correct, amend or delete that information, where it is inaccurate or has been processed in violation of the DPF Principles. Although Target RWE makes good faith efforts to provide Citizens with access to their Personal Data, we reserves the right to limit or deny such access where the burden or expense of providing access would be disproportionate to the risks to the Citizen’s privacy, where the rights of Citizens other than the subject Citizen would be violated, where the information is commercially proprietary or where doing so is otherwise consistent with the DPF Principles. If Target RWE determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries.
7. Recourse, Enforcement and Liability: Target RWE has implemented mechanisms to verify its ongoing compliance with the DPF Principles and this Statement.

In compliance with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles, Target RWE commits to resolving complaints about our collection or use of your Personal Data.  Citizens with inquiries or complaints regarding our Statement should first contact our privacy team at: privacy@TargetRWE.com. 

Target RWE has further committed to refer unresolved EU-U.S. DPF and the Swiss-U.S. DPF complaints to the International Centre for Dispute Resolution (ICDR-AAA), an alternative dispute provider located in the United States. If you do not receive timely acknowledgement of your complaint from Target RWE, or if Target RWE has not addressed your complaint to your satisfaction, please contact https:/go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.

As further described in the DPF Principles, a binding arbitration option will be made available to you in order to address residual complaints regarding DPF compliance that have not been resolved by any other DPF mechanisms. See Data Privacy Framework Annex I at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

The Federal Trade Commission has jurisdiction over Target RWE’s compliance with the Privacy Framework.

Adherence by Target RWE to the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles and the above-set forth provisions regarding transfer data may be limited (a) to the extent necessary to meet national security, public interest or law enforcement requirements; (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations; or (c) if the effect of the GDPR, Member State law or FADP is to allow exceptions or derogations, provided that such exceptions or derogations are applied in comparable contexts.

Limitation on Scope

Adherence to these GDPR and DPF Principles may be limited (i) to the extent required or allowed by applicable law, rule or regulation; (ii) to the extent necessary to respond to lawful requests by public authorities, including to meet national security, law enforcement, legal or governmental requirements; and/or (iii) to protect the health or safety of a Citizen.

 

Additional Information for CA Residents

This section applies only to residents of the State of California and generally describes how we collect, use, and disclose the personal information of California residents and their households (“California Personal Information”). However, California Personal Information does not include, and this section does not apply to:

• Personal information reflecting a communication or a transaction between us and a California resident acting as a representative of an organization that relates to the organization obtaining products or services from us.
• Personal information, emergency contact information, and benefits administration information we collected about a California resident in the course of that California resident acting as our job applicant, our employee, our owner, our director, our officer, our medical staff member, or our contractor to the extent we use that information within the context of that California resident’s role as our job applicant, our employee, our owner, our director, our officer, our medical staff member, or our contractor.
• Where we collect and maintain information in connection with research studies, this data may be subject to clinical study protocols and informed consents executed by individuals participating in these clinical studies and not subject to CCPA.
• Personal Information that has been de-identified according to HIPAA rules or other frameworks that is not “personal information” under the CCPA.
• Other personal information excluded or excepted from requirements of the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”).

Additionally, this section applies only to the extent we direct the purposes and means of California Personal Information processing and otherwise qualify as a business subject to the CCPA.

California Personal Information We Collect

We may collect, and may have collected the following categories of California Personal Information regarding consumers within the last 12 months:

• Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, signature, address, telephone number, bank account number, credit card number, debit card number, or any other financial information. Some Personal Information included in this category may overlap with other categories;
• Identifiers such as your real name, alias, postal address, zip code, telephone number, email address and account name;
• Unique and online identifiers such as device identifiers, internet protocol addresses, cookie identifiers, beacon identifiers, pixel tags or mobile ad identifiers or similar technology, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device;
• Commercial information that identifies or could reasonably be linked to you, such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
• Internet or other electronic network activity information identifies or could reasonably be linked to you, such as browsing history, search history and information regarding an individual’s interaction with an internet website, application, or advertisement;
• Professional or employment-related information, such as current or past job history;
• Protected classification characteristics under California or federal law, which includes age if 40 years or older, race, color, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, pregnancy or childbirth and related medical conditions), veteran or military status, genetic information (including familial genetic information);
• Inferences drawn from Personal Information, such as person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes; and
• Geolocation data, such as precise location information from your device or rough location generated based on IP address.

Sources of California Personal Information

We collect California Personal Information from the sources described in the “Use of Personal Information” section of this Privacy Policy.

Use of California Personal Information

We may use the categories of California Personal Information that we collect, as described above, for one or more of the business purposes and commercial purposes described in the “Use of Personal Information” section above.

Disclosures of California Personal Information for a Business Purpose

We may disclose the categories of California Personal Information that we collect as indicated above to the categories of third parties described in the “How We Share Disclose Information” section above. In the preceding 12 months, we may have disclosed all of the categories of California Personal Information listed above to our service providers and other third parties when you direct us to do so, or when you use our services to do so. 

Sales of California Personal Information

In the preceding 12 months, we have not sold California Personal Information, and we do not have actual knowledge that we sell California Personal Information of consumers under 16 years of age.

California Personal Information Rights and Choices 

The CCPA and other California laws provide consumers with specific rights regarding their California Personal Information. This section describes those rights and explains how to exercise those rights to the extent we direct the purposes and means of the processing of your California Personal Information processing and otherwise qualify as a “business” under the CCPA.

Access to Specific Information and Data Portability Rights

California residents have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your California Personal Information over the past 12 months. If we receive and confirm a verifiable consumer request from you pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will disclose to you, depending on the scope of the request:

• The categories of California Personal Information we collected about you.
• The categories of sources for the California Personal Information we collected about you.
• Our business or commercial purpose for collecting California Personal Information about you.
• The categories of third parties with which we share your California Personal Information.
• The specific pieces of California Personal Information we collected about you.
• If we disclosed your California Personal Information for a business purpose, a list of the categories of third parties to whom we disclosed California Personal Information for a business purpose identifying the categories of California Personal Information disclosed to those parties in the preceding 12 months.

Deletion Request Rights

California residents have the right to request that we delete California Personal Information, subject to certain exceptions. Once we receive and confirm your verifiable consumer request pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will delete your California Personal Information from our records, unless an exception applies.

Correction Request Rights

California residents have the right to request that we correct inaccuracies in their personal information, taking into account the nature of the personal information and the purposes of the processing of your personal information. You may submit a request to correct pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below.

Opt-Out Rights

California consumers have the right to opt out of the selling or sharing of personal information. You may submit an opt-out request pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at privacy@TargetRWE.com.

You may designate an authorized agent to submit requests on your behalf through a signed written permission that authorizes the agent to act on your behalf. We may mandate additional requirements when submitted through an authorized agent, such as requiring you to verify your identity directly with us or to directly confirm the authorized agent’s permission to act on your behalf.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Your request must provide information sufficient to permit us to reasonably verify you are the person about whom we collected California Personal Information, or an authorized agent of that person. To verify your request, we may require you to provide additional information, including account profile information such as your email address and other information elements necessary to verify your identity. Your request also must include sufficient detail for us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with California Personal Information if we cannot verify your identity or authority to make the request and confirm the California Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, if you have a password-protected account with us we consider requests made through that account sufficiently verified when the request relates to California Personal Information associated with that specific account.

Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable request. If we cannot fulfill or are permitted to decline your request then we will alert you or your authorized agent. For data portability requests, we will select a format to provide your California Personal Information that is readily usable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision, and we reserve the right to either refuse to act on your request or charge you a reasonable fee to complete your request if it is excessive, repetitive, or manifestly unfounded.

Non-Discrimination 

Subject to certain exceptions, you have a right to not receive discriminatory treatment for exercising your access, data portability, and deletion rights described above.

Notice of Financial Incentive

From time to time we may offer opportunities to participate in programs designed to incentivize your use of the services. Under California law, these programs may be considered a financial incentive provided in exchange for the collection of personal information. We will provide you additional information regarding specific programs when we offer them.

 

Contact Us

If you have any concerns or questions about this Privacy Statement, and the privacy practices set forth herein please contact us directly as follows:

Target RWE

6409 Fayetteville Rd, Ste 120, Box 377

Durham, NC 27713

Phone: (984) 234-0268

E-mail: privacy@targetrwe.com