Effective May 25, 2018
Data Protection Officer:
MMS has appointed a Data Protection Officer (DPO) to ensure appropriate implementation of applicable legal and regulatory data protection and privacy requirements, including the EU General Data Protection Regulation (GDPR) and maintenance of the Privacy Shield Framework. The MMS DPO is responsible to advise MMS Senior Leadership as required to attain and maintain compliance to such laws, regulations, and safeguards, and to continually review and advise on MMS business practices and codes of conduct related to Data privacy and protection.
Collected Data & Data Usage:
MMS collects Data from individuals who visit our website (“Visitors”) and individuals who use MMS services (“Customers”).
When you request additional information about MMS, contact MMS via our website, or register to use MMS services, MMS may require you to provide contact information such as your name, company name, title, address, phone number(s), fax number, and email address. When purchasing MMS services, financial qualification and billing information may be requested, such as billing name and address, credit card number, and the number of project team members.
MMS uses the collected Data to perform the requested services. For example, if you complete a web contact form, MMS will use the information provided to contact you with details regarding the MMS services of interest.
MMS may also use the collected Data for marketing or other legitimate business purposes. For example, MMS may use the collected Data to contact you to further discuss your interest in MMS services, and to send information regarding our company or partners, such as promotions and events. You may opt-out of receiving marketing communication from MMS at any time, please refer to the Opt-Out Policy below.
All financial and billing information collected is used solely to verify the qualifications of prospective Customers and to invoice for services provided. Financial and billing information is not used by MMS for marketing or promotional purposes.
MMS may also collect information about your interaction with our website. For example, MMS may use technologies, such as cookies (described below), to collect information about the pages you view, the links you click and other actions you take on our site. Additionally, MMS may also collect certain standard information that your browser sends to every website you visit, such as your IP address, access times, and referring website addresses. This information is primarily used to help diagnose technical problems, for administrative purposes, to compile non-identifying aggregate statistics about site usage and to improve the quality of our website and services.
Standing alone, cookies do not identify you personally. They merely recognize your browser. Unless you choose to identify yourself to MMS, either by responding to a promotional offer, completing a contact or interest form or registering for an account, you remain anonymous to MMS.
There are two types of cookies, session cookies and persistent cookies. Session cookies exist only during an online session. They disappear from your computer when you close your web browser or turn off your computer. Persistent cookies remain on your computer after you’ve closed your browser or turned off your computer. They include information such as a unique identifier for your browser.
MMS may use persistent cookies to identify the fact that you are a MMS Customer or prior MMS website Visitor (whichever the case may be). MMS is particularly careful about the security and confidentiality of the information stored in persistent cookies. For example, MMS does not store account numbers or passwords in persistent cookies. Users can disable their web browsers’ ability to accept cookies and will still be able to browse the MMS website.
Pages within MMS’s website and software service may contain links to other/external websites. MMS is not responsible for the privacy practices or the content of these websites. When visiting these sites, MMS encourages you to verify and understand their privacy policies prior to providing any private Data. When accessing a linked site, you may be disclosing your private Data; it is your responsibility to keep such information private and confidential.
Sharing of Collected Data:
Except in the cases where MMS explicitly states otherwise, at the time we request information, or as provided for in the MMS Master Subscription Agreement, MMS does not disclose to third parties your personally identifiable Data except as follows: MMS may share your Data with Agents who process Data only on behalf of MMS and for MMS purposes (as used here, “Agents” are persons or companies who act on behalf of or under the direction of MMS). MMS may share your Data as required by law or in the interest of protecting or exercising MMS’ or others’ legal rights (e.g., without limitation, relating to requests from law enforcement officials and relating to court proceedings). MMS may share or transfer your Data relating to a prospective or actual sale, merger, transfer, or other reorganization of all or parts of MMS business. MMS may also share Data with third parties involved in the normal business operations; for example, with contract research organizations (CROs), study sponsors, or others that are involved in study management as commonly done in our industry. MMS reserves the right to fully use and disclose any Data that is not in personally identifiable form (such as site usage statistics that do not identify you individually by name).
MMS may also use a third-party intermediary to manage the credit card processing. This intermediary is solely a link in the distribution chain, and is not permitted to store, retain, or use the Data provided, except for the sole purpose of credit card processing.
MMS will not disclose personally identifiable Data to any Agent unless it first either ascertains that the Agent adheres to the EU-U.S. Privacy Shield Framework or Swiss-U.S. Privacy Shield Framework, or is subject to GDPR EU Directive on Data Protection or another adequacy finding, or enters into a written agreement with such Agent requiring that the Agent provide at least the same level of privacy protection as is required by the relevant Privacy Shield Principles.
MMS offers Visitors and Customers a means to choose how we may use the Data provided. If, at any time after providing MMS with Data, you change your mind about receiving commercial information from MMS or about sharing your Data with third parties, send a request specifying your new choice to firstname.lastname@example.org.
Customers can not opt-out of receiving emails from MMS that are directly related to their use of MMS services such as email notifications, or service notifications.
Correcting & Updating Data:
MMS is dedicated to maintaining accurate and up to date Customer Data. If you need to update Data and/or billing information or to have your information deleted please email email@example.com or call +1 855 667 9444. MMS will respond to your correction or update request within 30 days from the date of your request.
Customer-Provided Data & Data Services:
Where Customers are contracting MMS services to process Customer-provided Data, MMS will comply with all GDPR principles relating to processing of personal Data as defined in GDPR Chapter 2, Articles 5-11. Customers are responsible to ensure processing requests are permitted based on Data Subject Consent and adhere to the lawfulness of processing defined in GDPR Chapter 2. MMS will also comply with all other rules and regulations in processing of Customer-provided data as appropriate (i.e. Policy 70, HIPPA). MMS will not review, share, distribute, print, or reference any such Data except as defined in the MMS Master Subscription Agreement, or as may be required by law. Individual records may at times be viewed or accessed only for resolving a problem, support issue, or suspected violation of the Master Subscription Agreement, or as may be required by law. Customers are responsible for maintaining the confidentiality and security of their user registration and password. Customer-provided Data retention and destruction is managed per the appropriate Customer agreement and must comply with applicable legal and regulatory requirements.
Security & Breach Notification:
MMS has placed commercially reasonable security measures in place to protect the integrity, availability, and confidentiality of Data. These measures include policies, procedures, employee training, and physical access and logical security controls. In addition, when accessing the MMS software systems, Data transmitted to MMS’ servers are secured using standard security protocols and mechanisms such as SSL encryption to ensure data confidentiality and integrity.
If individual personal Data is acquired, or is reasonably believed to have been acquired, by an unauthorized person and applicable law requires notification of affected individuals, MMS will issue a notification of the breach by email or fax or, if MMS is unable to contact the individual by these means, then by U.S. mail. Notice will also be sent to Customers when a breach affects Customer-provided Data, and to legal and law enforcement authorities as required under current laws and regulations. Any measures necessary for MMS or legal and law enforcement to determine the scope of the breach and to assure or restore the integrity of the data system will be taken. MMS may delay notification to Customers and/or individuals if MMS or a law enforcement agency determines that the notification will impede a criminal investigation, unless and until MMS or the agency determines that notification no longer compromises an investigation.
Data Minimization, Retention, & Destruction:
Data which permits identification of Data Subjects will be minimized to only the Data required to perform contracted services and processing activities to which Data Subjects have consented. All data will be anonymized to the extent possible. Data permitting identification of Data Subjects will be retained only for the period defined in the applicable agreement(s). Personal Data may be stored for longer periods insofar as the Data will be processed solely for archiving, purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with GDPR Article 89(1) ensuring appropriate technical and organizational measures to safeguard the rights and freedoms of the Data Subject.
MMS Holdings, Inc.
Attn: Data Protection Officer
6880 Commerce Blvd.
Canton, MI 48187
MMS has further committed to cooperate with the panel established by the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) regarding unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland at no cost to you. As a last resort, privacy complaints that remain unresolved after pursuing these and other channels may be subject to binding arbitration before the Privacy Shield Panel to be created jointly by the U.S. Department of Commerce and the European Commission and Swiss Administration. The Federal Trade Commission has jurisdiction over MMS’s compliance with this Policy, the EU-U.S. Privacy Shield Framework, and the Swiss-U.S. Privacy Shield Framework. In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework, MMS is potentially liable.
MMS Holdings, Inc.
Attn: Data Protection Officer
6880 Commerce Blvd.
Canton, MI 48187