For purposes of this Policy:
"Controller" means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
"EU" means the European Union and Iceland, Liechtenstein and Norway.
"Governing Regulations" means the US Privacy Act of 1974 and the EU's General Data Protection Regulations (GDPR).
"Identifiable Information" means information in which a user can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
"Personal Data" means any identifiable information received by iSpecimen regarding a natural person.
"Processor" means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.
"Sensitive Data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data.
"Services" means the use of any iSpecimen website or software product.
"User" means a natural person who has agreed to use iSpecimen's Services.
III. Personal Data iSpecimen Collects
As a Data Controller, iSpecimen collects Personal Data directly from Users or indirectly from third parties Controllers. Personal data is collected directly from Users when, for example, a biomedical researcher or specimen contributor visits iSpecimen's website or Marketplace. Personal data is collected indirectly when, for example, iSpecimen obtains a list of trade show attendees from a trade organization or marketing affiliate.
iSpecimen may also directly obtain and use Personal Data independent of its Services, including, but not limited to, surveys, focus groups, market research, inbound and outbound Consumer communications and education, etc.
The types of Personal Data iSpecimen iSpecimen collects may include:
- contact information;
- form information;
- IP addresses;
- browser characteristics;
- device characteristics;
- operating systems;
- language preferences;
- referring URLs;
- dates and times of website visits and actions;
- information about actions taken on our website; and
- other personal data provided on iSpecimen’s website, collected automatically through the website, or sought directly from a natural person with prior informed consent.
iSpecimen may use this personal data for purposes such as:
- marketing and selling products and services;
- providing products or services;
- verifying identities for security or financial transaction purposes; and
- providing suggestions and advice on products, services and how to obtain the most from using our website.
Additionally, iSpecimen may aggregate personal data in a general way and use it in a de-identified fashion, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, Users will not be personally identifiable.
V. Basis for Data Collection Activities
iSpecimen does not sell products or provide services for purchase by minors, nor do we market to minors. Should the company become aware that Personal Data is from a minor, the Personal Data will be expunged.
VII. Use, Disclosure, and Retention of Personal Data
VIII. Personal Data Access and Accuracy
iSpecimen takes reasonable steps to ensure that the Personal Data the company processes is accurate, complete and current. This generally includes the right to request access, rectification, erasure or restriction, and data portability. Where appropriate, iSpecimen provides reasonable access to the Personal Data iSpecimen maintains. iSpecimen also provides a reasonable opportunity to correct, amend or delete Personal Data where it is inaccurate or has been processed in a purported violation of law, as appropriate. iSpecimen may limit or deny access to Personal Data where the burden or expense of providing access would be disproportionate to the privacy risks in the case in question, or where the rights of persons other than natural person would be violated.
A natural person may request access to their Personal Data by contacting iSpecimen as indicated in this Policy.
IX. data transfers
iSpecimen takes reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.
XI. Compliance with Regulations
iSpecimen has mechanisms in place designed to effect compliance with the Governing Regulations. iSpecimen conducts a regular self-assessment of its Personal Data practices to verify that the attestations and assertions iSpecimen makes about its privacy practices are true and that iSpecimen's privacy practices have been implemented as represented and in accordance with the Governing Regulations.