privacy policy
iSpecimen Privacy Policy – Updated as of 5/18/18
I. Notice
This privacy policy describes iSpecimen's privacy practices, including the purposes for which it collects and uses Personal Data, the types of Personal Data iSpecimen collects, the types of third parties to which iSpecimen discloses the Personal Data and the purposes for doing so, the rights and choices Data Subjects have for limiting the use and disclosure of their Personal Data, and how to contact iSpecimen about its practices concerning Personal Data. Please note if iSpecimen receives Personal Data without use of our Services or through a direct interaction, we generally will not attempt to independently provide this notice, but will still otherwise follow this privacy policy. Information regarding iSpecimen's data practices is contained in this Policy and available at www.iSpecimen.com. Additional information may be requested using the contact information listed at the end of this policy.
By using the iSpecimen Services, you implicitly accept the Terms of Use (as found at https://ispecimen.supremeclients.com/terms-of-use) and this Privacy Policy. You shouldn't use Services if don't accept the terms in these policies.
iSpecimen is not responsible for content and privacy practices of any third-parties.
II. Definitions
For purposes of this Policy:
"Controller" means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
"EU" means the European Union and Iceland, Liechtenstein and Norway.
"Governing Regulations" means the US Privacy Act of 1974 and the EU's General Data Protection Regulations (GDPR).
"Identifiable Information" means information in which a user can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
"Personal Data" means any identifiable information received by iSpecimen regarding a natural person.
"Processor" means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.
"Sensitive Data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data.
"Services" means the use of any iSpecimen website or software product.
"User" means a natural person who has agreed to use iSpecimen's Services.
III. Personal Data iSpecimen Collects
As a Data Controller, iSpecimen collects Personal Data directly from Users or indirectly from third parties Controllers. Personal data is collected directly from Users when, for example, a biomedical researcher or specimen contributor visits iSpecimen's website or Marketplace. Personal data is collected indirectly when, for example, iSpecimen obtains a list of trade show attendees from a trade organization or marketing affiliate.
iSpecimen may also directly obtain and use Personal Data independent of its Services, including, but not limited to, surveys, focus groups, market research, inbound and outbound Consumer communications and education, etc.
The types of Personal Data iSpecimen iSpecimen collects may include:
- name;
- contact information;
- form information;
- IP addresses;
- browser characteristics;
- device characteristics;
- operating systems;
- language preferences;
- referring URLs;
- dates and times of website visits and actions;
- information about actions taken on our website; and
- other personal data provided on iSpecimen’s website, collected automatically through the website, or sought directly from a natural person with prior informed consent.
iSpecimen may use this personal data for purposes such as:
- marketing and selling products and services;
- providing products or services;
- verifying identities for security or financial transaction purposes; and
- providing suggestions and advice on products, services and how to obtain the most from using our website.
Additionally, iSpecimen may aggregate personal data in a general way and use it in a de-identified fashion, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, Users will not be personally identifiable.
IV. Use of Cookies and Similar Technologies
iSpecimen, along with the service providers that help the company provide the Services, use small text files called cookies, which are small computer files sent to or accessed from a Consumer's web browser or computer's or tablet's hard drive that contain information about the computer, such as a user ID, user settings, browsing history and activities conducted while using the Services. Cookies are not themselves personally identifiable, but may be linked to Personal Data that is provided to the company through interaction with the Services. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the "lifetime" of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier.
Cookies help iSpecimen improve the Services by tracking Consumers' navigation habits and storing their passwords, customizing their experience with the Services; enabling the company to analyze technical and navigational information about the Services; and helping to detect and prevent fraud.
iSpecimen also uses other cookies and other data collection tools (such as web beacons and server logs), collectively refer to as "data collection tools," to help improve Consumers' experience with the Services.
The Services also may use data collection tools to collect information from the device used to access the Services, such as operating system type, browser type, domain and other system settings, as well as the operating system used and the country and time zone in which the computer or device is located.
Web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to manage and delete cookies, visit www.allaboutcookies.org. Some web browsers (including some mobile web browsers) provide settings that allow a user to reject cookies or to alert a user when a cookie is placed on the user's computer, tablet or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the Services.
V. Basis for Data Collection Activities
iSpecimen must process personal data to provide our Services. By accepting iSpecimen's Terms of Use, Users are confirming to having read and understood this policy including how and iSpecimen will use personal data. If a User does not want iSpecimen to collect or process his/her personal data in the ways described in this policy, he/she should not use the Services.
For non-Service based activities involving collection of Personal Data, iSpecimen will seek explicit informed consent prior to the collection, which will include the opportunity to review this policy.
iSpecimen is not responsible for the practices, privacy policies, or compliance generally of any of its partners or collaborators.
VI. minors
iSpecimen does not sell products or provide services for purchase by minors, nor do we market to minors. Should the company become aware that Personal Data is from a minor, the Personal Data will be expunged.
VII. Use, Disclosure, and Retention of Personal Data
iSpecimen generally does not use Personal Data for purposes that are materially different from the purposes for which the information was originally or subsequently authorized by the Data Subject. Should iSpecimen wish alter the use of the Personal Data, iSpecimen will offer Data Subjects the opportunity to choose whether their data may be used in this fashion. Additionally, iSpecimen limits the Personal Data it collects to that which is relevant for the purposes for which the information was originally or subsequently authorized by the Data Subject.
iSpecimen may share Personal Data to third-party Processors. With respect to third-party Processors, iSpecimen (a) enters into a contract with each relevant Processor, (b) transfers Personal Data to each such Processor only for limited and specified purposes, (c) ascertains that the Processor is obligated to provide the Personal Data with at least the same level of privacy protection as is required by the Governing Regulations, (d) takes reasonable and appropriate steps to ensure that the Processor effectively processes the Personal Data in a manner consistent with iSpecimen's obligations under the Governing Regulations (e) requires the Processor to notify iSpecimen if the Processor determines that it can no longer meet its obligation to provide the same level of protection as is required by the Governing Regulations, (f) upon notice, including under (e) above, takes reasonable and appropriate steps to stop and remediate unauthorized processing of the Personal Data by the Processor.
iSpecimen may share Personal Data with its affiliates and subsidiaries. iSpecimen may disclose Personal Data without offering an opportunity to opt out, and may be required to disclose the Personal Data, (a) to third-party Processors the company has retained to perform services on its behalf and pursuant to its instructions, (b) if it is required to do so by law or legal process, or (c) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. iSpecimen also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).
iSpecimen will not share or disclose any of your Personal Data with third-party Controllers except as described in this policy. iSpecimen does not sell your Personal Data. We do not share Personal Data about you with third-party Controllers for their marketing purposes (including direct marketing purposes) without your permission.
Except as permitted or required by applicable law, iSpecimen provides Data Subjects with an opportunity to opt out of sharing their Personal Data with third-party Controllers.
iSpecimen may continue to retain and process Personal Data until a Data Subject withdraws consent or it can be reasonably assumed that consent no longer exists. Data Subjects may withdraw consent at any time by instructing iSpecimen at [email protected]. However, if upon doing so, Data Subjects may not be able to use the company's website or other services further.
VIII. Personal Data Access and Accuracy
iSpecimen takes reasonable steps to ensure that the Personal Data the company processes is accurate, complete and current. This generally includes the right to request access, rectification, erasure or restriction, and data portability. Where appropriate, iSpecimen provides reasonable access to the Personal Data iSpecimen maintains. iSpecimen also provides a reasonable opportunity to correct, amend or delete Personal Data where it is inaccurate or has been processed in a purported violation of law, as appropriate. iSpecimen may limit or deny access to Personal Data where the burden or expense of providing access would be disproportionate to the privacy risks in the case in question, or where the rights of persons other than natural person would be violated.
A natural person may request access to their Personal Data by contacting iSpecimen as indicated in this Policy.
IX. data transfers
iSepcimen offers a global service. Personal Data are generally collected, processed, and stored in the United States. However, we may also use outsourced services in other countries from time to time. The United States, European Economic Area ("EEA") Member States, and other countries all have different laws and requirements. If personal data is moved from one country to the next, the laws and requirements that protect personal data in the country to which personal data is transferred may be different from those in the originating country. For example, the circumstances in which law enforcement can access personal data may vary from country to country. In particular, if personal information is in the US, it may be accessed by government authorities in accordance with US law.
To the extent that iSpecimen is deemed to transfer personal data outside of the EEA, we rely separately, alternatively, and independently on the following legal bases:
Necessary to performance of a contract: iSpecimen's offered Services are entirely voluntary and each consumer may choose whether or not they want to use the Services. If a consumer wants to use iSpecimen's services, they must agree to iSpecimen's Terms of Use, which sets out the contract between iSpecimens and its users. iSpecimen operates in countries worldwide and uses technical infrastructure in the US to deliver Services to its users, in accordance with the contract between iSpecimen and its users, iSpecimen needs to transfer personal data to the US and other jurisdiction as necessary to provide the Services. In all circumstances, iSpecimen implements appropriate end-to-end technical and organization safeguards to protect user's consumer personal data.
Informed Consent: iSpecimen may obtain personal data outside the use of its Services. In this circumstance, iSpecimen or the person or the entity providing the information will have obtained the personal data with explicit informed consent, or under another lawful basis, that includes the possible transfer to other entities, such as iSpecimen, and to other jurisdictions that may offer different legal protections.
X. security
iSpecimen takes reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.
XI. Compliance with Regulations
iSpecimen has mechanisms in place designed to effect compliance with the Governing Regulations. iSpecimen conducts a regular self-assessment of its Personal Data practices to verify that the attestations and assertions iSpecimen makes about its privacy practices are true and that iSpecimen's privacy practices have been implemented as represented and in accordance with the Governing Regulations.
XII. changes
iSpecimen may update this privacy policy from time to time in order to reflect, for example, changes to practices for other operational, legal or regulatory reasons. We will post a statement at the top of this policy notifying you when this policy is updated. We encourage you to check back regularly and review any updates.
XIII. Contacting iSpecimen
To ask questions or express concerns about iSpecimen's collection, management and processing of Personal Data, or questions or concerns about this Policy or other Privacy Policies as may exist, Data Subjects may contact us using the contacts listed below.
XIV. Hotjar
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.
For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
Privacy Officer
iSpecimen
450 Bedford Street
Lexington, MA 02420 USA
[email protected]