EU-U.S. Privacy Shield Policy
The Emmes Company, LLC, Emmes Biopharma Services LLC, OptymEdge, LLC and Casimir LLC (collectively “Emmes”) each comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Emmes has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
This Privacy Shield Policy sets forth Emmes’ practices with respect to personal data it receives in the United States from the European Union in reliance on the Privacy Shield Framework.
To view Emmes’ certification, you can view the Privacy Shield List at https://www.privacyshield.gov/list.
Definitions
“Personal Data” means data about an identified or identifiable person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to one or more factors specific to the individual, such as an identification number or a person’s physical, physiological, mental, economic, cultural or social identity.
“Processing” of personal data means any operation or set of operations that is performed on personal data, whether or not by automated means. Processing includes, by way of example, collection, recording, organization, storage, adaption or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
Collection and Use of EU Personal Data
Employee Personal Data
We collect personal data from and about contingent workers, employees, former employees, and prospective employees. This can include someone’s name, contact information, social security or government-issued identification number, financial information, education and employment history, information about one’s family (spouse and dependents, for example), and job performance and development.
Our primary purpose in collecting and processing such information is to carry out the employment relationship. This includes but is not limited to payment, compensation planning and related transactions, providing and managing benefits, performance management, career development, training, staffing considering candidates for open positions, personnel security issues, headcount reporting, and statistical analysis.
Customer and Other Personal Data
Emmes collects personal data in connection with Emmes’ business activities, including offering and managing our products, services, and programs. This information can include name and contact information as well as information on demographics, health and wellness, healthcare or medication, inquiries or feedback about our products and programs, and preferences. We collect and process this information in order to provide requested products, services or programs; to personalize product information or provide additional information about our products and programs; to optimize or improve our products, programs, and operations; to manage customer information across Emmes programs and platforms; to conduct market research; to support research and development, including clinical research; for safety and efficacy monitoring; and for purposes of conducting certain legal, audit and regulatory compliance activities.
Sharing of Personal Data
Emmes may share personal data with applicable customers, affiliates, agents, contractors, or business partners so that they may perform services for us or so Emmes may perform services for them. Emmes remains liable under the Privacy Shield Framework if the third-party handles personal data in a manner inconsistent with the Framework, unless Emmes proves that it is not responsible for the third-party’s activities.
In addition, we may disclose personal data (i) as required by law or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (ii) to protect and defend Emmes’ rights, (iii) as incident to a corporate sale, merger, reorganization, dissolution, bankruptcy, or similar event, (iv) under circumstances we believe reasonably necessary to protect the personal safety of users of Emmes’ products, services and programs, or the public, or (v) as is otherwise described in this policy.
Your Rights and Choices
Under the Privacy Shield Framework and this policy, you have the right to request access to personal data about yourself and to request limitations on how Emmes uses or discloses personal data about you. You also have the rights to correct, amend, or delete the data if any information is inaccurate.
In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don't have the appropriate rights to do so. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt-out of our use of your information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. If there is delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved.
For sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of the individual), Emmes must obtain affirmative, express consent (opt-in) from you if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by you through the exercise of opt-in choice. In addition, Emmes will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.
With our Privacy Shield certification, Emmes has committed to respect these rights. To exercise these rights, please contact us as indicated in the “Contact Information” section of this Policy. Emmes will respond to such requests within a reasonable timeframe.
Privacy Shield Inquiries or Complaints
In compliance with the Privacy Shield Principles, Emmes commits to resolve complaints about our collection or use of your personal information. European Union individuals with inquiries or complaints regarding our Privacy Shield policy should please contact us free of charge as indicated in the “Contact Information” section of this Policy.
If you have a complaint as described above, you may also contact free of charge the Data Protection Authority (DPA) in your country. The list of DPAs in the European Union is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html.
Emmes commits to cooperate with the panel established by the EU DPA and comply with the advice given by the panel with regard to human resources data and non-human resources data transferred from the EU.
As further explained in the Privacy Shield Framework, a binding arbitration option will also be made available to address complaints not resolved by any other means. Emmes is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).
Contact Information
Debra Glickfeld Bang
Chief Legal Officer & Corporate Secretary
The Emmes Company, LLC
401 North Washington Street, Suite 700
Rockville, Maryland, U.S.A. 20850
Emmes Biopharma Services LLC
401 North Washington Street, Suite 700
Rockville, Maryland, U.S.A. 20850
OptymEdge, LLC
401 North Washington Street, Suite 700
Rockville, Maryland, U.S.A. 20850
Casimir LLC
401 North Washington Street, Suite 700
Rockville, Maryland, U.S.A. 20850