Privacy Notice
Effective Date: April 25, 2024
This Privacy Notice (“Notice”) applies to Saama Technologies, LLC, and its affiliates,’ (collectively “Saama,” “We,” “Us,” and “Our/s”) collection, use, and disclosure of “Personal Information” (as defined below), including any collection, use, and disclosure performed for Our Services and in connection with Our online activities and use of Our corporate website, https://www.saama.com (the “Website”).
This Notice describes what Personal Information We collect, how We use it, and informs you about how you may exercise your rights. Saama is committed to ensuring your Personal Information is used in a transparent way and meets the requirements of the regions, or countries, where We offer Our Services or interact with you.
1. An Overview
Saama collects, uses, and discloses (“Processes”) Personal Information and Usage Data (defined below) from: (i) Your access to, and use, of our Website; (ii) Your access, and use, of the Saama Services (outlined below); and (iii) the performance of our Services, as authorized by of our clients as the data controllers.
This Notice does not reflect the privacy practices of Saama’s clients, and Saama is not responsible for Our clients’ privacy policies or practices. Saama does not review, comment upon, or monitor Our clients’ privacy policies or their compliance with their respective privacy policies, nor does Saama review its Clients’ instructions to determine whether they comply, or conflict, with the terms of a client’s published privacy policy.
For purposes of this Notice, “Personal Information” means information that alone, or when in combination with other information, may be used directly (or indirect) to identify, contact, or locate an individual. This includes “Personal Data,” “Personal Information,” or “Protected Health Information” as defined under applicable data protection laws, such as: the Data Protection Regulation (EU) 2016/679 and the United Kingdom Data Protection Act 2018 (collectively “GDPR”); State laws in the United States, including the California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et. seq. (“CCPA”) and the California Privacy Rights Act (“CPRA”); India’s Digital Personal Data Protection Act (“DPDP”); Switzerland’s revised Federal Data Protection Act (“FDPA”); and to the extent applicable, the U.S. Health Insurance Portability and Accountability Act of 1996, and its implementing regulations (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”), as further outlined under Section 10 of this Notice (collectively “Data Protection Laws”).
Additionally, “Usage Data” are information about a person’s activity (on or through the Services or Our Website) that, by itself, does not identify the person, such as a browser type, operating system, or webpages visited. Usage Data are not considered Personal Information, unless it can (with other information) identify a person, as outlined under certain Data Protection Laws. As further described below under Section 14 Cookies (and other tracking technologies), Saama may use this information to provide certain functionality, improve the tools and Services, and monitor the use of Our tools and Services.
2. Personal Information Processing
In this Section we will outline the types of Personal Information Processed as standard for Our core processing activities and describe the purpose and legal basis for each.
The Services
For our Services, Saama is a data processor and only Processes Personal Information on its clients’, who are the data controllers (as defined under applicable Data Protection Laws). Saama’s clients, as the data controllers, decide the means and purposes of Processing, and Saama will only act on behalf of their instructions. We offer a variety of products and Services to Our Clients that may include the Processing of Personal Information, including those described on Our Website and the following (collectively “Services”):
a. Clinical Applications (including SaaS Platform Services).
Saama provides Services, and tools, that allow Our clients (sponsors, CRO’s, etc.) to analyze, and report, clinical data aggregated from multiple, disparate data sources through a single interface (the “Platform”) and other applications (or solutions) that assist in the conduct, and submission, of Our clients’ clinical trials. Saama does not own, or manage, the source data that are submitted to Us and all information will be held subject to lawful requirements specified by Our clients.
This Personal Information, as standard, includes pseudonymized data of clinical trial patients, and business contact information of professionals who are conducting the clinical trial. Additionally, We capture login details from individuals who use our Platform, e.g., client personnel. See Chart A below for more details.
b. Analytics
We also offer custom solutions and Services that accelerate the clinical development life cycle through analytics and services which may support study design and startup, study conduct, analysis and reporting, digital transformation, and post approval. For the purposes of these Services, there may be remote access to Personal Information, as required for the specific project and as defined under a client contract. As standard, such Services include the Personal Information types listed in Chart A, along with Processing purposes.
Chart A (Clinical Services):
Data Subject | Data Types | Purpose and Legal Basis |
Clinical Trial Participants (and Caregivers where relevant) | ● Subject ID, gender, age, or date of birth; ● Sensitive information, including health information (such as treatment and dosage information), race, or ethnic origin. | This Personal Information will be Processed, as instructed by Our clients, as the data controllers, to provide the Services under a contract. Processing is based on the contract, the participant’s informed consent obtained by the relevant client, to participate in a clinical study, and Saama’s legitimate business interests in performing Our Services. |
Healthcare Professionals (“HCPs”).
| ● Business contact information, including first and last name, email address, country, and office address. | This Personal Information will be Processed, as instructed by Our Clients, as the data controllers, to provide Our Services based on consent obtained by the relevant client, and Saama’s legitimate business interests in performing Our Services. |
Platform User | ● First and last name; ● Email address; ● login-in username, password; and ● Usage Data (including Cookies). | This Personal Information will be Processed to facilitate Our Services and ensure users have appropriate access permissions based on your consent, as agreed to in this Notice. |
Third-Party Service Provider Personnel | ● Business contact information, including first and last name and email address; ● (Where applicable) login-in data, including username, password; and ● Usage Data (including Cookies). | This Personal Information will be Processed to facilitate Our Services and ensure users have appropriate access permissions, as defined within a service agreement between Saama (or the relevant client) and a third-party service provider. |
c. Professional Services
Saama also offers professional Services, which concentrates on providing data insights, and analytics, solutions for a variety of industries, such as insurance, finance, and higher education, inclusive of Saama’s Astraa division (For more information, visit https://astraa.com/). As part of these Services, Saama employees, and contractors, may have access to Personal Information, and sensitive Personal Information, which will be further outlined within a project plan or service agreement.
The types of Personal Information Processed will differ depending on the specific Services offered and industry in scope, but generally includes the following types of data, as outlined in Chart B below. Please also note, for relevant Services, Protected Health Information (“PHI”) may also be processed as further outlined under Section 10 (HIPAA) below.
Chart B (Professional Services):
Data Subject | Data Types | Purpose and Legal Basis |
Consumer | ● (Possibly) first and last name; ● Contact information including email, phone number, and physical address (where applicable); ● (Possibly) Social Security Number; ● (Possibly) information related to insurance claims, premiums, etc.; ● (Possibly) health-related information, applicable to insurance, including PHI; and ● Other Personal Information, as defined under a statement of work or a project plan. | This Personal Information will be Processed, as instructed by Our clients, as the data controllers or covered entities, and only for purposes of providing Our Services, as defined in the relevant service agreement. It is based on the contractual agreement, Saama’s legitimate interest in performing the Services and consent obtained by the Client (as data controller). |
Client Personnel | ● Business contact information, including first and last name, email address, and telephone number; ● (Where applicable) login information, such as username and password; ● (Where applicable) Usage Data (including Cookies); and ● Other Personal Information, as defined under a statement of work or a project plan. | This Personal Information will be Processed, as instructed by Our clients, as the data controllers, to provide our Services. Processing will be based on consent, as documented between an individual and their employer and as contracted between a client and Saama to perform Our Services. |
Healthcare Professionals (“HCPs”).
| ● Personal Information, such as information which may identify an individual working at, or as a representative of, a healthcare institution, including: name; workplace address; and work contact information; and ● Employment details, such as information relating to the employment of an HCP working at a healthcare institution, including: job title; and function. | This Personal Information will be Processed, as instructed by Our client, as the data controllers or covered entities, to provide Our Services. Processing is based on consent, as documented between an individual and their employer and as contracted between a client and Saama to perform Our Services. |
Third-Party Service Provider Personnel | ● Business contact information, including first and last name, email address, telephone number, and (where applicable) login-in username, password, and Usage Data (including Cookies). | This Personal Information will be Processed to facilitate Our Services and ensure users have appropriate access permissions, as defined within a service agreement between Saama and a third-party service provider. |
If you have specific questions about the types of information collected for a particular project, you may contact us, as outlined under Section 16 below.
Sales and Marketing
For Our sales and marketing activities, Saama may process Personal Information for its business operations to enable Us to provide relevant information about Our products and Services to you. This includes the collection (and Processing) of business contact information, including first and last name, email address, telephone number, information about your title or position, and (where applicable) Usage Data (including Cookies).
This Personal Information are used in support of Our legitimate business interests and will be based on opt-in consent, as may be required for your region of residence. If you would like to opt-out of sales or marketing-related information, you can exercise your rights, as instructed under Section 4 (Your Rights).
Website
When you visit Saama’s Website(s), certain Personal Information may be captured in the form of Cookies and other Usage Data, as agreed to, and outlined under Section 14 (Cookies (and other tracking technologies)).
Additionally, if you use a “Contact Us” form, or schedule a demo, you will be asked to provide certain contact information to ensure We can contact you to answer your questions or inquiries. Furthermore, where available, you may sign up for informational newsletters, emails, or Website updates from Saama. You may unsubscribe from receiving this correspondence by following the opt-out instructions under Section 4 (Your Rights).
We also use “Cookies,” and other tracking technologies, for the lawful basis of Saama’s legitimate business interests in personalizing content, advertising, and to make our content functions appropriately. When you contact Us, We use Personal Information only for providing the Services you’ve requested, or to fulfill your request, as consented to when you signed up for Our correspondence.
3. Sharing of Personal Information
We will share your Personal Information with third parties, where necessary, to provide Our Services, operate our Website, and where there is a legal basis to do so. We may share your Personal Information with service providers, affiliates, partners, and other third parties, where necessary, to provide our products and Services, as agreed to under a service agreement, or for any other purposes, as described in this Notice. This includes sharing Personal Information to the following parties:
- Saama is headquartered in the United States and has office locations (and affiliates) within the United States, India and the United Kingdom. Therefore, where required to perform the Services, your Personal Information will be remotely accessed or shared amongst those entities.
- Personal Information provided to Our clients is aggregated within Our clinical SaaS Platform, as a central location where clients may review data from various inputs (i.e., electronic data capture, and lab test results).
- Third-Party Providers. Saama may use third-party service providers to supplement its workforce or technology. For example, We use Amazon Web Services (“AWS”) to host our cloud solutions (including the Platform). While Amazon will not have access to Personal Information, it may be considered a Processor of Personal Information. Additionally, Saama may supplement its workforce with subcontractors, or agents, to assist in performing Our Services.
- Web analytics service providers. As further described under Section 14 (Cookies and (other tracking technologies)), third parties outlined may collect information, via Cookies or other information, to analyze use patterns and information about your use of Our Website.
- Regulatory Agencies. There may be instances where We are required to, by law, to share your Personal Information with the government, or regulatory agencies, to ensure We are meeting applicable regulatory requirements.
Where we share your Personal Information, We will only share the minimum data necessary that are required and ensure that data are only Processed according to our specific written instructions or as outlined under relevant contractual obligations, including requiring that that the same standards of confidentiality and security are maintained.
4. Your Rights
Under relevant Data Protection Laws, you are entitled to certain rights and information about how We use, or Process, your Personal Information. For Our Services, Saama is not responsible for the originating source of your Personal Information, and data, submitted to Us. This responsibility lies with Our clients. Therefore, certain requests may need to be fulfilled by Saama’s clients, as the data controllers. Additionally, some of these rights may only be relevant based on your region of residence or where the Personal Information were collected.
Where applicable, Saama shall make all reasonable efforts to fulfill your rights, including (but not limited to) the following:
The Right to be Informed | You have the right to be informed about how We collect, use, and Process your Personal Information, as outlined in this Notice. If you have additional questions not answered in this Notice, you can contact Us, as specified under Section 16 (Contact Us). |
Access Request | You may request access (or a “data subject access request”) which enables you to receive a copy, or listing, of the Personal Information We hold about you. |
Request Correction | You have the right to have any incomplete, or inaccurate, Personal Information We hold about you corrected, where applicable. |
Request Erasure | You have the right to request that We delete, or remove, your Personal Information where We no longer have a legal basis for Processing it. You also have the right to ask us to delete, or remove, your Personal Information where you have successfully exercised your right to object to Processing (see below), where We may have Processed your information unlawfully or where We are required to erase your Personal Information to comply with local law. Note, however, that We may not always be able to comply with your erasure request for specific legal reasons which will be notified to you, if relevant, at the time of your request. |
Object to Processing | You may object to the Processing of your Personal Information where We are Processing it for direct communication purposes (i.e., opt-out), if you believe the Processing is inconsistent with Our lawful basis or is otherwise unfair to you. |
Request Restriction of Processing | You may restrict the use of your Personal Information if you are contesting the accuracy of the data, or you have objected to the Processing of your Personal Information and wish to restrict the Processing until a legal basis for continued Processing has been verified. Also, you may request a restriction where you may need us to hold the data even if we no longer require it as you may need to establish, exercise, or defend a legal claim. |
Data Portability | You may request that We transfer your Personal Information to you or to a third-party. We will provide to you, or the third-party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. |
Withdraw Consent | Where We are relying on consent to Process your Personal Information, you may withdraw your consent subject to certain limitations. Any withdrawal will not affect the lawfulness of any Processing carried out before you withdraw your consent. If you withdraw your consent, We may not be able to provide certain products or Services to you. We will advise you if this is the case at the time you withdraw your consent. |
Automated Decision-Making | You have the right to request information about determinations made about you using automated decision-making, and human intervention, where relevant. See Section 5 below for additional information. |
Rights under HIPAA | If applicable, you may be entitled to additional rights under HIPAA, as further described under Section 10 (HIPAA) below. |
Making a Request
If you wish to exercise any of your rights granted to you under relevant Data Protection Laws, or submit a “subject access request,” you may contact Us by using the following methods:
- [email protected];
- our toll-free number at: (888) 609-8586; or
- at our physical addresses, as provided under Section 16 (Contact Us).
Please note, for clinical trials Saama is supporting on its clients’ behalf, Saama does not own, or manage, the source data submitted to Us. If you wish to exercise your rights, and you are participating in a clinical trial as a participant, healthcare provider, or other associated party, We encourage you to contact the relevant sponsor, or principal investigator, who is managing the relevant clinical trial for best results. However, We will provide any reasonable assistance to facilitate your request, when received.
Additionally, We may request specific information from you to help Us confirm your identity and facilitate your request. Applicable law may require, or permit, Us to decline your request. If We decline your request, We will tell you why, subject to legal restrictions.
As standard, requests will be fulfilled within thirty (30) days of their receipt, upon confirmation of your identity, or receipt of additional required information to help us to better manage your request. Based on the complexity of the request, additional time may be required, and Saama will contact you and provide you with information regarding any delays.
Right to submit a Complaint
If you would like to submit a complaint about Our use of your Personal Information or if you are unsatisfied with a response to your lawful request, you may contact Us, as described above, or submit a complaint to the data protection regulator in your jurisdiction, including those identified under Section 8 (for the EEA/UK/Switzerland), Section 9 (for the U.S.), Section 10 (if related to PHI/HIPAA).
5. Artificial Intelligence (and Automated Decision-Making)
Saama is at the forefront of Artificial Intelligence (“AI”) and its application to clinical trials and Saama’s other Service offerings. AI and advanced analytics empower Our clients to perform quick and efficient analysis of their data, eliminating manual processes, and accelerating time to market. As standard, our AI technology does not include “automated decision-making”, which is where decisions about you are made solely on automated Processing and produces legal effects on you. Our AI technology is a tool for our clients to make decisions, but all clinical-related decisions that may have an impact on you, are performed by healthcare professionals, at their discretion. The AI in our platform and Service offerings provides insights and predictions for users to action. The human user must always review and approve any outputs from our AI models. Any action taken within our platform is human-driven and approved.
As part of Saama’s AI strategy, We are committed to ensuring transparency and adherence to the evolving legal requirements. This includes alignment with President Biden’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (2023) in the United States and monitoring upcoming laws, such as Canada’s Artificial Intelligence and Data Act (“AIDA”) and the EU AI Act.
6. Data Retention
We will only retain your Personal Information for as long as reasonably necessary to fulfill the purposes We collected it for, including purposes satisfying any legal, regulatory, tax, accounting, or other reporting requirements, as agreed to contractually with Our clients or for Our legitimate business interests.
As standard, Saama may store your Personal Information for up to seven (7) years. We may retain your Personal Information for a longer period if a specific request is made by a client, a complaint, or if We reasonably believe there is a prospect of litigation in respect to Our relationship with you.
In some circumstances, We may anonymize your Personal Information (so that it can no longer be associated with you) in which case We may use this information indefinitely, in accordance with applicable Data Protection Laws.
7. International Data Transfers
As part of Saama’s Services and operations, it may be necessary to transfer your Personal Information outside of your region or country of residency. For example, for Our Platform Services, Saama’s database is located within the United States; and therefore, your data will be stored in a secure location within AWS’s data centers in the United States. Additionally, Saama employees, and Our client’s employees, may access your data remotely from other regions, or affiliate locations, as required to perform the Services.
Some jurisdictions (such as the EU/UK) may require specific conditions to ensure the security of your Personal Information when transferred internationally to a region that has not been deemed “adequate” by the relevant data protection authority. Where such transfers occur, Saama shall ensure the protections required under relevant Data Protection Laws are performed in alignment with relevant client contractual obligations and as otherwise necessary to adhere to the law. For the specific measures used for the EEA, UK, and Switzerland, please see Section 8 below.
If you have questions about the specific security measures used to protect data transfers, or how Saama complies with specific country requirements, please do not hesitate to contact Us, as specified under Section 16 (Contact Us).
8. EEA/UK/Switzerland Specific Terms
Where We are conducting Services or Processing Personal Information of individuals in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, We strive to ensure We are meeting the requirements of those regions, including as required under GDPR and FDPA. In addition to your rights and the information provided in this Notice, the following applies:
- International Transfers. As outlined above under Section 7, Saama will ensure that data transfers are performed in alignment with data transfer requirements and provide an adequate level of protection in countries that do not meet the EU/UK’s essential guarantees. This includes entering into standard contractual clauses (“SCCs”) or other approved methods defined by the Information Commissioner’s Officer (“ICO”) for the UK and the European Data Protection Board (“EDPB”) for the EEA and performing transfer impact assessments, as needed.
- Registration. Saama maintains an office location in the UK, as specified under Section 16, and has appointed a representative in the EU and Switzerland, as identified below:
For the EU | For Switzerland |
GDPR Rep, Suite 10357, 5 Fitzwilliam Square, Dublin 2, Ireland, D02 R744 | GDPR Rep, Andreaspark, Hagenholzstrasse 56, 7th Floor, Zurich, 8050 |
- Government Requests. If Saama receives a request from a government authority outside of the EEA, UK, Switzerland to access your Personal Information, We will use reasonable, and lawful efforts, to ensure your data are protected and that disclosures meet relevant Data Protection Laws standards.
- Complaints. If you have unresolved concerns, you also have the right to submit a complaint to relevant data protection authorities. The relevant data protection authority will be the supervisory authority in the country where your Personal Information were collected and includes:
For the EEA | A list of relevant data protection authorities can be found at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm |
For the UK | |
For Switzerland | https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html |
9. U.S. State Laws (including California)
If you are located in the United States, there may be specific consumer Data Protection Laws relevant to you that grant you additional protections and rights. For example, if you are a California resident, you may be entitled to additional rights, as defined under the CCPA and CPRA.
As outlined in this Notice, Saama may collect Personal Information from a variety of sources, as outlined under Section 2 (Personal Information Processing), including from Our clients to provide Our Services, from Our Website, as part of a service agreement with Us, or when you contact Us voluntarily to request information. The types of Personal Information collected will be outlined in the relevant documentation or as outlined in this Notice.
The following are additional rights that may be relevant to you in the United States:
- Opt-out of the sale of your Personal Information. You have the right to information about the sale of your Personal Information. We do not “sell” Personal Information, as defined under relevant Data Protection Laws. California residents have the right to opt-out of the sale of their Personal Information by businesses that sell their Personal Information. The CCPA defines a “sale” as the disclosure of Personal Information for monetary or other valuable consideration. For any questions you have about this section, see Section 16 (Contact Us).
- Authorized Agent. The CCPA permits California residents to use an authorized agent to make privacy rights requests. We require the authorized agent to provide Us with proof of the California resident’s written permission (for example, a power of attorney) that shows the authorized agent has the authority to submit a request for the California resident. An authorized agent must follow the process described above to make a request (i.e., under “Your Rights” under Section 4). The authorized agent must also verify his or her own identity. We will confirm the agent’s authority with the relevant California resident related to the request that was made.
- Direct Marketing Purposes. We do not share Personal Information with other people, or non-affiliated businesses, for their direct marketing purposes, unless otherwise agreed to by you.
- Non-Discrimination. Saama does not discriminate against any relevant treatment for exercising any of your rights.
- Right to Notice of Financial Incentives. California residents have the right to information on how businesses may offer financial incentives, including payments to consumers as compensation for the collection, or sale, of Personal Information. Where relevant, any incentives to collect, or share, your Personal Information will be outlined in an informed consent, project-specific privacy notice, or terms of service, associated with the relevant Services offered.
- Nevada Residents. Although Saama does not sell Personal Information, Nevada residents have the right to submit a verified request directing Saama not to sell their Personal Information. If you are a Nevada resident and would like to submit such a request, please send your request through any of the methods noted above under Section 4 (Your Rights).
- Complaints (California and Virginia). If Saama does not allow you to exercise any or your rights, as may be relevant to you within the required timeframe, in the event of an extension, or to your satisfaction, you may contact the Attorney General of Virginia or California to submit a complaint.
10. Protected Health Information and HIPAA
For certain Services (as outlined under Section 2 above), Saama may qualify as a Business Associate to certain clients where We Process or come into contact with PHI, as defined under the U.S. Health Insurance Portability and Accountability Act of 1996, and its implementing regulations (“HIPAA”) the Health Information Technology for Economic and Clinical Health Act (“HITECH”).
- Overview
Where We do Process PHI, as a Business Associate, We do so at the direction of Our clients, in alignment with this Notice, relevant requirements defined under HIPAA, and for the following purposes:
- We may use, or disclose, PHI on behalf of, or to provide Services to, our clients, as the Covered Entities (as defined under HIPAA) for purposes of performing Our Service obligations, as outlined in Our service agreements with Covered Entities, as permitted under the relevant business associate agreement;
- We may disclose PHI to subcontractors, or agents, that provide supporting Services to Us; however, We require Our subcontractors, and agents, to comply with the same terms and conditions that apply to Us under relevant business associate agreements, including the implementation and maintenance of required data safeguards;
- We may use, or disclose, PHI where required by law. For example: for judicial and administrative proceedings; under a court or administrative order; in response to a subpoena, warrant, or other lawful process; or for research purposes to the extent that certain steps required by law are taken to protect your privacy; and
- Other uses, and disclosures, not described in this Notice will be made only with your express written authorization, as directed by Our clients.
Where Saama does use or disclose PHI, We ensure that PHI confidentiality is maintained by implementing appropriate technical and organizational measures, as outlined under Section 12 (Security) of this Notice.
- Additional Rights under HIPAA
In addition to your rights outlined under Section 4 of this Notice, you may have additional rights under HIPAA regarding the use and disclosure of your PHI. Where We Process PHI, please note, Saama is not responsible for the originating source of your PHI; and in most cases, may not have the ability to perform the request. However, where relevant, We will assist in facilitating any lawful requests with Our clients, including the following:
- Right to Receive an Accounting of Disclosures. You have the right to request an “accounting” of certain disclosures of your PHI. The accounting lists instances where We disclosed your PHI and to whom that disclosure was made. The accounting does not include disclosures for treatment, payment, and health care operations; disclosures made to or authorized by you; and certain other disclosures. Your request for an accounting of disclosures must be made in writing (as outlined in Section 4 (Your Rights) and you may request an accounting for disclosures made up to six (6) years before your request.
- The right to revoke Authorization of Processing PHI. As identified under Section 4 (Your Rights), you have the right to withdraw your consent, or as specified under HIPAA, revoke your authorization.
- The right to confidential communications of PHI. You have the right to reasonable requests to receive confidential communications of PHI by alternative means or at alternative locations.
- The right to restrict disclosures of PHI. Under certain circumstances, you have the right to request restrictions on certain uses and disclosures of PHI. We may not be required to comply with all requests but will provide you with the reasoning behind our decision, where applicable.
- Requests for Amendment. As identified under Section 4, you have the right to correct inaccuracies of your Personal Information, including your PHI.
For all requests outlined herein, or otherwise available to you under HIPAA, can be made as specified under Section 4 (Your Rights).
11. Children
We do not knowingly collect or solicit personal information from anyone under the age of legal consent. i.e., 16 years of age. If you are under the legal age of consent, please do not attempt to access the Services or send any personal information about yourself to us. If we learn that we have collected Personal Information from a child under the age of consent incorrectly, we will delete that information as quickly as possible. If you believe that a child under the age of consent may have provided us Personal Information, please contact us at [email protected] or submit a subject access request as outlined under Section 4 (Your Rights).
12. Security
Saama ensures that the Personal Information entrusted to it is protected with organizational and technical measures. The specific measures will depend on the Services and types of data processed and in accordance with Saama’s data privacy and security governance program. For more information, please visit Our “Security and Compliance” page at https://www.saama.com/about/company/security-compliance/.
13. Links to other Websites
Our Website may contain links to other websites and services. These links are not an endorsement, authorization or representation that We are affiliated with that third party. We do not exercise control over third party websites or services and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the Personal Information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.
14. Cookies (and other Tracking Technologies)
We may also collect information using “Cookies” or other tracking technologies for users of the Website and our Services. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session Cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Website.
We use two broad categories of Cookies: (1) first-party Cookies, served directly by Us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Website; and (2) third-party Cookies, which are served by service providers on our Website, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
Cookies we use
Our Website uses the following types of cookies for the purposes set out below:
- Essential Cookies. These Cookies are essential to provide you with services available through our Site and to enable you to use some of its features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services. These are primarily used by our employees and contractors.
- Functionality Cookies. These Cookies allow our Site to remember choices you make when you use our Site. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-select your preferences or re-enter information every time you visit Our Site.
- Analytics and Performance Cookies. These Cookies are used to collect information about traffic to Our Website and how users use our Website. The information gathered may include the number of visitors to Our Website, the websites that referred them to our Website, the pages they visited on Our Site, what time of day and duration they visited Our Website, whether they have visited our Website before, and other similar information. We use this information to help operate our Website more efficiently, to gather broad demographic information and to monitor the level of activity on our Website. We primarily use Google Analytics for this purpose. Google Analytics also uses its own cookies, which you can learn about at the follow links below.
- You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
- You can learn about how Google protects your data at the following link: https://policies.google.com/privacy?hl=en; and
- You can prevent the use of Google Analytics relating to your use of our Website by following the instructions here: https://tools.google.com/dlpage/gaoptout?hl=en-GB;
- Targeted and Advertising Cookies. These Cookies track your browsing habits to enable Us to show advertising on a third-party site which is more likely to be of interest to you. These Cookies use information about your browsing history to group you with other users who have similar interests. You can disable certain Cookies which remember your browsing habits and target advertising at you by visiting this site: https://youronlinechoices.eu/.
- If you choose to remove targeted or advertising Cookies, you will still see advertisements, but they may not be relevant to you. Even if you do choose to remove Cookies by the companies listed at the above link, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.
Disabling cookies
You can typically remove or reject Cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept Cookies until you change your settings.
Further information about Cookies, including how to see what Cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.
If you do not accept our Cookies, you may experience some inconvenience in your use of our Website. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Website.
On-Site Tracking
We may also use tracking tags (which are also known as web beacons) on our Website to track the actions of users while on our Website. Unlike Cookies, which are stored on the hard drive of your computer or mobile device by a website, tracking tags are embedded on web pages. Tags compile statistics about usage of the Website, so that we can manage our content more effectively. The information we collect using tracking tags is not linked to our users’ Personal Information.
Do Not Track Signals
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to and do not track signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
15. Changes to this Privacy Notice
We use Personal Information as outlined, and described, in this Notice. However, from time-to-time, We may, at our discretion, modify this Notice, indicated by a new revision date at the top of the Notice. It is important that you check this Notice when you visit our Website and your continued use of our Website after this Notice has been updated, indicates your agreement and acceptance of this Notice, including the modifications made as of the date of your use.
16. Contact Us
If you have any questions or concerns at all about our Privacy Notice, please feel free to email us at [email protected], or write to us at:
For the US
Saama Technologies, Inc.
900 E. Hamilton Ave., Suite 200
Campbell, CA 95008 USA
Attention: Data Protection Officer
For the UK
3rd Floor Paternoster House
65 ST Paul’s Churchyard
London, UK EC4M 8AB
Attention: Data Protection Officer
For the EU and Switzerland
You may contact our legal representative: Data Priva Limited T/A GDPREP.ORG
Website: https://www.gdprep.org/
Email: [email protected]
Phone Number: +44 (0 7810883333)
For the EU | For Switzerland |
GDPR Rep, Suite 10357, 5 Fitzwilliam Square, Dublin 2, Ireland, D02 R744 | GDPR Rep, Andreaspark, Hagenholzstrasse 56, 7th Floor, Zurich, 8050 |