Privacy Policy

PRIVACY POLICY

Effective Date: January 24, 2018

INTRODUCTION

Banyan Biomarkers, Inc. respects your concerns about privacy. For purposes of this Privacy Policy (“Privacy Policy”), the terms “we,” “us,” “our” and “Banyan” refer to Banyan Biomarkers, Inc., and “you” and “your” refers to you, as an Individual. We will use our best efforts to ensure that the information you submit to us is used only in accordance with the terms of this Privacy Policy. This Privacy Policy applies only to all information collected or submitted to us from Individuals or originating from the EU.

For purposes of this Privacy Policy:

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

“EU” means the European Union and Iceland, Liechtenstein and Norway.

“Individual” means any natural person who is located in the EU.

“Personal Data” means any information, including Sensitive Data, that is (i) about an identified or identifiable Individual, (ii) received by Banyan in the U.S. from the EU, and (iii) recorded in any form.

“Privacy Shield” means the EU-US Privacy Shield Framework.

“Privacy Shield Principles” means the Principles and Supplemental Principles of the Privacy Shield.

“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.

“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the Individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

WHAT TYPES OF PERSONAL DATA WE COLLECT

We collect and process the following types of Personal Data:

  • Information we receive from our customers, vendors and consultants, such as account numbers and information relating to billing and payments;
  • Information we receive when you participate as a patient in a study we are sponsoring, such as your name, email address, phone number, physical address and any Sensitive Data you provide to us;
  • Information we receive from our clinical investigators and their staff as well as medical and healthcare professionals, such as contact information, occupation and employer, qualifications and debarment status;
  • Information we receive when you communicate with us through email, such as your name and e-mail address;
  • Information we receive from your use of any of our Internet portals, such as the Internet address (IP address) of the computer or device you use to access our portal, the type of browser you use and the times you access our Website; and
  • We may also collect information by using “Cookies.” “Cookies” are small files that your web browser places on your computer’s hard drive.

HOW WE USE PERSONAL DATA

We use Personal Data:

  • To fulfill orders for products or services we provide, conduct product and service surveys, and to handle customer complaints and inquiries;
  • In order to carry out the applicable research studies and other study-related services we are conducting;
  • To respond to your requests, and contact you regarding our products or services; and
  • To make disclosure under the requirements of any applicable law and to comply with legal process or in response to lawful requests from public authorities, including meeting national security, public interest or law enforcement requirements.

WITH WHOM AND WHY WE SHARE PERSONAL DATA

We will not sell your Personal Data to anyone, for any purpose. We share your Personal Data:

  • With Processors acting as our agents who are performing study-related tasks, such as study data management and clinical research monitoring, but only if such Processors meet the requirements described under the Section below titled OUR LIABILITY FOR ONWARD TRANSFERS;
  • In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from law enforcement or other regulatory or public authorities in response to lawful requests, including, meeting national security or law enforcement requirements; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion; and
  • If Banyan (or substantially all of our assets) is acquired, your Personal Data would be transferred along with the other business assets as permitted by law, which remain subject to this Privacy Policy and the Privacy Shield Principles.

YOUR CHOICES TO LIMIT USE AND DISCLOSURE OF YOUR PERSONAL DATA

When Banyan directly collects your Personal Data, we generally offer you the opportunity to choose whether your Personal Data may be (i) disclosed to third-party Controllers, or (ii) used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by you.

To the extent required by the Privacy Shield Principles, we will obtain opt-in consent for certain uses and disclosures of Sensitive Data. You may contact us as indicated below regarding our use or disclosure of your Personal Data. Unless Banyan offers you an appropriate choice regarding the use of your Personal Data, Banyan will only use your Personal Data for purposes that are materially the same as those indicated in this Privacy Policy except (i) as otherwise required by applicable law or legal process, or (ii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements.,

YOUR RIGHTS TO ACCESS YOUR DATA

You have the right to access your Personal Data that we collect as a Controller by contacting us at the address provided below. We will provide you with copies of your Personal Data once we verify your identity. In addition, you can request us to correct, amend, or delete your Personal Data where it is inaccurate, or has been processed in violation of the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to your privacy, or where the rights of other persons would be violated. To access your Personal Data, you can contact us electronically at dataprotection@banyanbio.com or by writing via postal mail at the following address:

BANYAN BIOMARKERS, Inc.
16470 West Bernardo Drive, Suite 100
San Diego CA 91217
ATTN: Global Data Protection Officer
dataprotection@banyanbio.com

PARTICIPATION IN PRIVACY SHIELD

Banyan adheres to the EU – US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of Personal Data from European Union member countries to the United States. Banyan has certified to the Department of Commerce that it adheres to and will abide by the Privacy Shield Principles and will subject to the Privacy Shield Principles all Personal Data received from the EU in reliance on the EU-US Privacy Shield Framework. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-US Privacy Shield Framework and the Privacy Shield Principles please visit http://www.privacyshield.gov and to view Banyan Biomarkers’ certification, please visit https://www.privacyshield.gov/list.

ENFORCEMENT BY THE FTC

By participating in the Privacy Shield, Banyan is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with regards to our compliance with the Privacy Shield and the Privacy Shield Principles.

OUR LIABILITY FOR ONWARD TRANSFERS

We require third-party Controllers to whom we disclose your Personal Data to contractually agree to (i) only process such Personal Data for the limited and specified purposes consistent with the consent you provide; and (ii) provide the same level of protection to your Personal Data as required under this Privacy Policy and the Privacy Shield Principles; and (iii) notify us if the third-party Controller makes a determination that it can no longer meet the foregoing obligations.

In addition, when we transfer your Personal Data to a third party Processor acting as our agent, we will: (i) transfer such Personal Data only for the limited and specified purposes consistent with the request or consent you provide; (ii) contractually require the Processor to provide at least the same level of privacy protection as is required by this Privacy Policy and the Privacy Shield Principles; (iii) take reasonable and appropriate steps to ensure that the Processor effectively processes your Personal Data in a manner consistent with our obligations under the Privacy Shield Principles; (iv) require the Processor to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the this Privacy Policy and the Privacy Shield Principles. Should we receive any such notice, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.

We shall remain liable should our Processors process Personal Data in a manner inconsistent with the Privacy Shield Principles and this Policy, unless we can prove we are not responsible for the event giving rise to the damage. We acknowledge our liability for such data transfers to third parties in violation of this Privacy Policy.

SECURITY

Banyan takes reasonable and appropriate measures to protect your Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. We restrict access to your Personal Data to our employees who need to have access to the information to as necessary to enable us to use it as permitted above. We use physical, electronic, and procedural safeguards that comply with applicable federal regulations to protect your Personal Data.

CHILDREN

We do not knowingly collect any Personal Data from children. We ask that minors (under the age of 18) do not submit any personal information to us, order any products or services from us, or attempt to use any of our Internet portals under any circumstance. We do not knowingly collect information from children under 13 years of age or have any reasonable grounds for believing that children under the age of 13 are accessing our Internet portals or using our products or services. If we learn that we have inadvertently collected Personal Data from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from a child under age 13, please contact us.

DATA INTEGRITY AND PURPOSE LIMITATION

The Personal Data that we collect is limited to the specific information that is relevant for the purposes of processing consistent with the request or consent you provide and for which we are collecting. We will not process any Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. We will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current and will adhere to the Privacy Shield Principles for as long as we retain such information.

Your Personal Data will generally be retained in a form identifying you or making you identifiable only for as long as it is required for the processing consistent with the request or consent you provide. Notwithstanding the foregoing, we may process your Personal Data for longer periods for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis. In these cases, such processing shall be subject to the other Privacy Shield Principles.

DISPUTE RESOLUTION

In compliance with the Privacy Shield we commit to resolve complaints about our collection or use of your personal information. Residents of the EU who believe that their Personal Data has not been processed in compliance with the Privacy Shield Principles may raise their complaints by employing the following procedures:

First contact us directly using the contact details provided below and we will respond to your complaint within 45 days of receipt.

BANYAN BIOMARKERS, Inc.
16470 West Bernardo Drive, Suite 100
San Diego CA 92127
ATTN: Global Data Protection Officer
dataprotection@banyanbio.com

We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus ("BBB"). The BBB is a non-profit alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through the above methods, as a last resort and under limited circumstances, a binding arbitration process option may be available before a Privacy Shield Panel. To find out more about the Privacy Shield's binding arbitration scheme please see http://www.privacyshield.gov/article?id=My-Rights-under-Privacy-Shield.

HOW TO CONTACT US

We welcome comments and questions on this Privacy Policy. As stated above, we are dedicated to protecting your privacy, and we will make every reasonable effort to keep your information secure. If you have any questions or comments about this Privacy Policy you can contact us electronically at dataprotection@banyanbio.com. Additionally you may contact us by writing via postal mail at the following address:

BANYAN BIOMARKERS, Inc.
16470 West Bernardo Drive, Suite 100
San Diego CA 91217
ATTN: Global Data Protection Officer
dataprotection@banyanbio.com