Data Privacy Framework
The collection, use, and retention of personal information and transfer from the European Union, United Kingdom or any affiliated MMS location to the United States will be defined in Standard Contractual Clauses (SCCs) as applicable to meet business needs.
The data protection landscape is rapidly evolving and recent events may be reviewed at the following URL: News and Events
MMS is subject to investigatory and enforcement powers of the U.S. Federal Trade Commission. The Federal Trade Commission has jurisdiction over MMS’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
Users may have the option to select binding arbitration under the Data Privacy Framework for the resolution of your complaint under certain circumstances. For further information, please see the Data Privacy Framework website ANNEX I (introduction) (dataprivacyframework.gov)
Data Protection Officer:
MMS has appointed a Data Protection Officer (DPO) to ensure appropriate implementation of applicable legal and regulatory data protection and privacy requirements, including the EU General Data Protection Regulation (GDPR). The MMS DPO is responsible to advise MMS Executive Leadership as required to attain and maintain compliance to such laws, regulations, and safeguards, and to continually review and advise on MMS business practices and codes of conduct related to Data privacy and protection.
Collected Data & Data Usage:
MMS collects Data from individuals who visit our website (“Visitors”) and individuals who use MMS services (“Customers”).
When you request additional information about MMS, contact MMS via our website, or register to use MMS services, MMS may require you to provide contact information such as your name, company name, title, address, phone number(s), fax number, and email address. When purchasing MMS services, financial qualification and billing information may be requested, such as billing name and address, credit card number, and the number of project team members.
MMS uses the collected Data to perform the requested services. For example, if you complete a web contact form, MMS will use the information provided to contact you with details regarding the MMS services of interest.
MMS may also use the collected Data for marketing or other legitimate business purposes. For example, MMS may use the collected Data to contact you to further discuss your interest in MMS services, and to send information regarding our company or partners, which may include promotions and events. You may opt-out of receiving marketing communications from MMS at any time by referring to the Opt-Out Policy below.
All financial and billing information collected is used solely to verify the qualifications of prospective Customers and to invoice for services provided. Financial and billing information is not used by MMS for marketing or promotional purposes.
MMS may also collect information about your interaction with our website. For example, MMS may use technologies, such as cookies (described below), to collect information about the pages you view, the links you click and other actions you take on our site. Additionally, MMS may also collect certain standard information that your browser sends to every website you visit, such as your IP address, access times, and referring website addresses. This information is primarily used to help diagnose technical problems, for administrative purposes, to compile non-identifying aggregate statistics about site usage and to improve the quality of our website and services.
Standing alone, cookies do not identify you personally. They merely recognize your browser. Unless you choose to identify yourself to MMS, either by responding to a promotional offer, completing a contact or interest form or registering for an account, you remain anonymous to MMS.
There are two types of cookies, session cookies and persistent cookies. Session cookies exist only during an online session. They disappear from your computer when you close your web browser or turn off your computer. Persistent cookies remain on your computer after you’ve closed your browser or turned off your computer. They include information such as a unique identifier for your browser.
MMS may use persistent cookies to identify the fact that you are a MMS Customer or prior MMS website Visitor (whichever the case may be). MMS is particularly careful about the security and confidentiality of the information stored in persistent cookies. For example, MMS does not store account numbers or passwords in persistent cookies. Users can disable their web browsers’ ability to accept cookies and will still be able to browse the MMS website.
Pages within MMS’s website and software service may contain links to other/external websites. MMS is not responsible for the privacy practices or the content of these websites. When visiting these sites, MMS encourages you to verify and understand their privacy policies prior to providing any private Data. When accessing a linked site, you may be disclosing your private Data; it is your responsibility to keep such information private and confidential.
MMS recognizes potential liability in cases of onward transfer to third parties. MMS will not transfer any personal information to a third-party without first ensuring that the third-party adheres to the Data Privacy Framework principles.
Sharing of Collected Data:
Except in the cases where MMS explicitly states otherwise, at the time we request information, or as provided for in the MMS Master Subscription Agreement, MMS does not disclose to third parties your personally identifiable Data except as follows: MMS may share your Data with Agents who process Data only on behalf of MMS and for MMS purposes (as used here, “Agents” are persons or companies who act on behalf of or under the direction of MMS). MMS may share your Data as required by law or in the interest of protecting or exercising MMS’ or others’ legal rights (e.g., without limitation, relating to requests from law enforcement officials and relating to court proceedings). MMS may share or transfer your Data relating to a prospective or actual sale, merger, transfer, or other reorganization of all or parts of MMS business. MMS may also share Data with third parties involved in the normal business operations; for example, with contract research organizations (CROs), study sponsors, or others that are involved in study management as commonly done in our industry. MMS reserves the right to fully use and disclose any Data that is not in personally identifiable form (such as site usage statistics that do not identify you individually by name).
MMS may also use a third-party intermediary to manage the credit card processing. This intermediary is solely a link in the distribution chain, and is not permitted to store, retain, or use the Data provided, except for the sole purpose of credit card processing.
MMS will not disclose personally identifiable Data to any third party unless it first either ascertains that the third party adheres to the EU-U.S. Data Privacy Framework, the U.K Extension to the EU-U.S. Data Privacy Framework or Swiss-U.S. Data Privacy Framework, or is subject to GDPR EU Directive on Data Protection or another adequacy finding, or enters into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant Data Privacy Framework Principles.
MMS offers Visitors and Customers a means to choose how we may use the Data provided. If, at any time after providing MMS with Data, you change your mind about receiving commercial information from MMS or about sharing your Data with third parties, send a request specifying your new choice to DPO@mmsholdings.com
Customers can not opt-out of receiving emails from MMS that are directly related to their use of MMS services such as email notifications, or service notifications.
Correcting & Updating Data:
MMS is dedicated to maintaining accurate and up to date Customer Data. If you need to update Data and/or billing information or to have your information deleted please email DPO@mmsholdings.com or call +1 855 667 9444. MMS will respond to your correction or update request within 30 days from the date of your request.
Correcting & Updating Data:
Where Customers are contracting MMS services to process Customer-provided Data, MMS will comply with all GDPR principles relating to processing of personal Data as defined in GDPR Chapter 2, Articles 5-11. Customers are responsible to ensure processing requests are permitted based on Data Subject Consent and adhere to the lawfulness of processing defined in GDPR Chapter 2. MMS will also comply with all other rules and regulations in processing of Customer-provided data as appropriate (i.e. Policy 70, HIPAA). MMS will not review, share, distribute, print, or reference any such Data except as defined in the MMS Master Subscription Agreement, or as may be required by law. Individual records may at times be viewed or accessed only for resolving a problem, support issue, or suspected violation of the Master Subscription Agreement, or as may be required by law. Customers are responsible for maintaining the confidentiality and security of their user registration and password. Customer-provided Data retention and destruction is managed per the appropriate Customer agreement and must comply with applicable legal and regulatory requirements.
Security & Breach Notification:
MMS has placed commercially reasonable security measures in place to protect the integrity, availability, and confidentiality of Data. These measures include policies, procedures, employee training, and physical access and logical security controls. In addition, when accessing the MMS software systems, Data transmitted to MMS’ servers are secured using standard security protocols and mechanisms such as SSL encryption to ensure data confidentiality and integrity.
If individual personal Data is acquired, or is reasonably believed to have been acquired, by an unauthorized person and applicable law requires notification of affected individuals, MMS will issue a notification of the breach by email or fax or, if MMS is unable to contact the individual by these means, then by U.S. mail. Notice will also be sent to Customers when a breach affects Customer-provided Data, and to legal and law enforcement authorities as required under current laws and regulations. Any measures necessary for MMS or legal and law enforcement to determine the scope of the breach and to assure or restore the integrity of the data system will be taken. MMS may delay notification to Customers and/or individuals if MMS or a law enforcement agency determines that the notification will impede a criminal investigation, unless and until MMS or the agency determines that notification no longer compromises an investigation.
Internal Complaints Mechanism, Enforcement & Dispute Resolution:
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, MMS commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact MMS at:
MMS Holdings, Inc.
Attn: Data Protection Officer
6880 Commerce Blvd.
Canton, MI 48187
Within the scope of this privacy notice, if a privacy complaint or dispute cannot be resolved through MMS Holdings Inc.’s internal processes, MMS Holdings Inc. in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Data Privacy Framework Dispute Resolution Program | VeraSafe. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Program, VeraSafe will provide appropriate recourse free of charge to you. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit Submit a Dispute | VeraSafe for more information or to file a complaint.
Data Subject’s rights:
personal information that MMS maintains about them to correct, amend or delete such personal information if it is inaccurate or has been processed in violation of the Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated). Requests for access, correction, amendment or deletion should be sent to: DPO@mmsholdings.com
Data Minimization, Retention, & Destruction:
Data which permits identification of Data Subjects will be minimized to only the Data required to perform contracted services and processing activities to which Data Subjects have consented. All data will be anonymized to the extent possible. Data permitting identification of Data Subjects will be retained only for the period defined in the applicable agreement(s). Personal Data may be stored for longer periods as far as the Data will be processed solely for archiving, purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with GDPR Article 89(1) ensuring appropriate technical and organizational measures to safeguard the rights and freedoms of the Data Subject.