AG Mednet, Inc. Privacy Policy

1.   Introduction

AG Mednet, Inc. (“AGM”), a Delaware corporation headquartered in the United States, is committed to protecting the privacy and security of the Personal Information of our clients, employees, business partners, and other individuals whose information we may obtain from our clients or through interactions with our website https://www.judi.io/, or through our client portal at https://judi.agmednet.net.

This Privacy Policy describes the Personal Information we collect and how we use, process and protect that information.

2.  Definition of Personal Information

As used in this Privacy Policy, “Personal Information” is any information relating to an individual that can be used to identify that individual either on its own or with other readily available data. Personal Information does not include information that is publicly available or has been encoded, encrypted, de-identified, or anonymized in accordance with applicable legal requirements.

3.  Collection of Personal Information

A. Website Visitors

We may collect Personal Information directly from you if you interact with our websites, complete an online form, or request information about products and services including booking a demonstration.  This information may include your name, mailing address, phone number, company or organization name, email address and other information provided.  If you submit an application through the careers section of our website, we and our business partner will also collect information about your education, authorization to work in the U.S., and other information you choose to provide.

In addition, like most companies, we collect information that allows us to personalize your visits to our websites through the use of cookies, web beacons, and other technologies that enhance your experience and gather information about visitors and visits to our website.  Please refer to Section 5 below regarding Cookies and Similar Technologies.

B. Client Information

We collect the following types of Personal Information when you or your organization set up your user account and when you log in or out of your account:  

  • Name and contact information. First and last name, email address, postal address, phone number, and other similar data.
  • Credentials. Username, passwords, password hints, and similar security information used for authentication and account access.
  • Transactional data. Services ordered, support questions and emails.
  • Company data. Company name, size, location for and individual role within the company.
  • IP information. IP address and information that may be derived from IP address.

4.  Use and Disclosure of Personal Information

If you visit our website, the Personal Information that we collect helps us personalize and continually improve your experience on our website.  We may use the information we collect through our website in some of the following ways:

  • To contact you to respond to your requests or provide you with information that might be of interest, including information about products and services.
  • For analytical purposes and to research, develop, and improve products, services and content.
  • To troubleshoot problems about the website.
  • For testing, research, analysis and product development related to our website, which may include identifying usage trends and determining the effectiveness of our promotional campaigns.

We use Personal Information collected from clients to establish and manage our client relationships and to perform any related functions, including providing  services and related communications.  For example, we may use this information to:

  • Provide and improve our services through business operations, such as Client Support.
  • Communicate and deliver functionality and support.
  • Market our services.
  • Support clinical research of our clients.
  • Manage security.
  • Comply with applicable laws and regulations.

Certain Personal Information will be reported to government and regulatory authorities where required by law and for tax or other purposes. Personal Information may also be released to external parties as required or permitted by employment or other statutes and regulations, or by legal process, as well as to parties to whom individuals expressly authorize us to release their Personal Information. We will not sell any Personal Information to any third party other than in connection with the sale or transfer of all, or substantially all of our business or assets, or in connection with a merger, consolidation, or other reorganization.

We may be forced to disclose Personal Information when compelled by a lawful request made by a recognized public authority or where required to meet national security and or law enforcement requirements.  AGM is subject to the investigatory and enforcement powers of the Federal Trade Commission and the Food and Drug Administration.

Personal Information may also be made available to third parties providing relevant services under contract, such as auditors and compliance managers, background verification, legal and IT hosting and maintenance providers, among others. We will maintain appropriate contractual, security and privacy measures with such third parties including how they hold and maintain any Personal Information that is provided to them.

5.  Cookies and Similar Technologies

We also collect information from website visitors through the use of cookies, which are small text files that contain a string of characters and uniquely identify a browser on a device connected to the Internet.  This information may include your IP address, web browser and device characteristics, operating system, language preferences, referring URLs, country, location, pages viewed, time spent on pages, links clicked and other web browsing information.

We use several types of cookies, some of which are placed by us, while others are placed by certain service providers. They include:

  • Functional cookies that remember who you are as a user of our website.
  • Web beacons which collect information such as loading errors and most visited pages.  
  • Chatflow cookies that provide a visitor’s chat history if you use the chat feature and submit your contact information on our website.  
  • Site analytics cookies that monitor how our website is performing including the number of website visitors, which pages of our site are most popular, which browsers are used and certain demographic information. This information helps us improve our websites. These third-party technologies may use this information to provide you with interest-based (behavioral) advertising or other targeted content. To learn more about how Google Analytics, in particular, collects and processes this information, please visit https://policies.google.com/technologies/partner-sites. You may prevent Google Analytics from recognizing you on our websites by deleting or disabling the relevant cookies. Alternatively, you can opt-out from Google Analytics cookies by visiting:  https://tools.google.com/dlpage/gaoptout.

Website visitors can set their computer to provide a warning each time a cookie is sent or turn off non-essential cookies through their web browser (e.g., Internet Explorer, Chrome, or Firefox). Visitors are advised to check their browser’s HELP menu to learn the correct way to manage these preferences.

6. Protection of Personal Information

We are committed to taking reasonable steps to ensure that Personal Information is secure.

In order to prevent unauthorized loss, alternation, destruction, access, use or disclosure of Personal Information, we maintain reasonable physical, administrative and technical safeguards, including but not limited to the following:

  • Systems require user-identification and password protection.
  • Firewall protection and security software are in place. Patches and updates are performed regularly, including (but not limited to) operating system updates, malware, and anti-virus.
  • Storage media is securely disposed.
  • Encryption is deployed (where applicable).
  • Contractual agreements with third parties are implemented for the responsibility and physical protection of Personal Information.  
  • Training is provided to all personnel.

7.  Privacy and Security Officers

We have designated a Privacy Officer and a Security Officer who are responsible for privacy policies and procedures, compliance and related issues. Access to Personal Information is limited to those employees, contractors or other third parties who have a business need for that information. Access is reviewed as job duties or other responsibilities change. All employees, contractors or other third parties with access to Personal Information are responsible for adhering to this Privacy Policy.

8.  Options for Personal Information

As provided under applicable law, Individuals whose Personal Information has been collected have the right to access that data for review, modification or deletion.

Access to review, modify and or delete your Personal Information or otherwise manage the use and disclosure of Personal Information (“opt-out”) may be initiated by contacting our Privacy Officer as provided below in Section 11.

Please be aware that even if we delete Personal Information, we may retain certain residual information in our backup and/or archival copies of our database for audit purposes and to comply with laws or regulations. For example, we will retain certain audit trail information for at least as long as is required for the subject electronic records, and it will be available for regulatory agency review and copying.

In the event that a client requests that we review, modify or delete Personal Information that the client has provided to us, we will work with the client to remove such data from its database and to alter the de-identification workflow as required by the client to eliminate future occurrences.

9.  Data Privacy Framework

A. Overview

AGM complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S Data Privacy Framework (UK Extension to the EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. AGM has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (including Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  AGM has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework, and to view our certification, please visit https://www.dataprivacyframework.gov/s/. For purposes of this Privacy Policy the EU-U.S. DPF Principles, the UK Extension to the EU-US DPF, and the Swiss-U.S. DPF are referenced collectively as the DPF Principles.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

The Federal Trade Commission has jurisdiction with enforcement authority over AGM’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.  

AGM is responsible for the processing of personal data that it receives in the United States under the DPF Principles and subsequently transfers to a third party is described in the DPF Principles. In particular, AGM remains responsible and liable under the DPF Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the DPF Principles, unless AGM proves that it is not responsible for the event giving rise to the damage .

In instances in which we receive personal data in providing services to our clients, our clients are responsible for providing appropriate notice to (and obtaining any necessary consent from) the individuals whose personal data is transferred to the U.S.

B. Individual Rights

Pursuant to the DPF Principles, individuals in the EU, UK, and Switzerland have the right to obtain confirmation of whether we maintain personal data relating to such individuals in the United States, and to correct, amend or delete that information. If an individual requests that we remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data in accordance with DPF Principles before sharing the individual’s data with third parties other than its agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  

In compliance with the DPF Principles, we commit to resolve DPF Principles-related complaints about our collection and use of personal data transferred to the United States pursuant to the Data Privacy Frameworks.  EU, UK, and Swiss individuals with inquires or complaints regarding our handling of personal data received in reliance of the DPF Principles, should first contact the AGM Privacy Officer as provided in Section 11 of this Privacy Policy.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF , we commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Data Privacy Framework Services, an independent dispute resolution provider based in the United States and operated by BBB National Programs. Individuals who do not receive timely acknowledgment of a DPF Principles-related complaint from us or we have not addressed your DPF Principles-related complaint to your satisfaction, should visit bbbprograms.org for more information and to file a complaint. These services are provided at no cost to you.

If a DPF Principle-related complaint cannot be resolved through the above channels, under certain conditions, individuals may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Data Privacy Framework Annex 1 at dataprivacyframework.gov.

10.  Changes to this Policy

This Privacy Policy is revised effective on 02 October 2023 and is posted on our website (https://www.judi.io/privacy-policy). We may amend this Privacy Policy from time-to-time to meet changing business needs or to comply with legal requirements. We will provide appropriate notice of any such amendments.

11.  Contact Us

Individuals with questions or complaints regarding this privacy policy should contact us via mail or email:

Privacy Officer
AG Mednet, Inc.
2 Atlantic Avenue
Boston, MA 02110

Email: dataprotection@agmednet.com

Whistleblower Protections

AG Medent is committed to maintaining a work environment that encourages all employees to act with integrity and is free of retaliation for reporting wrongdoing. We strictly prohibit any form of retaliatory action against employees who raise concerns, make reports, participate in an investigation, refuse to participate in a suspected improper or wrongful activity, or exercise workplace rights protected by law ("Protected Activity").

Any employee who engages in a Protected Activity will be shielded from retaliation. Retaliation occurs when an employer takes an adverse action, such as demotion, suspension, or termination, or creating a hostile work environment against an employee because they engaged in Protected Activity.

If any employee reasonably believes that a policy, practice, or activity violates the law, the employee is required to report concerns or complaints to the Director of Human Resources. Whenever practical, these concerns or complaints should be in writing. Reports may be submitted anonymously via Ethics@agmednet.com.  Your communication must include sufficient details so that AG Mednet can adequately investigate. Reports of concerns or complaints will be handled with sensitivity, discretion, and confidentiality to the extent allowed by the circumstances and law.

Any employee who interferes with Whistleblower Protections (by, e.g., retaliating against an employee engaged in Protected Activity) is subject to disciplinary action, up to and including employment termination.

Discrimination or Harassment in the Workplace

AG Mednet has a zero-tolerance policy for discrimination or harassment in the workplace. We hold ourselves to a high standard. However, If you reasonably believe that a policy, practice, or activity violates the law, please report concerns or complaints confidentially via Ethics@agmednet.com. Your communication must include sufficient details so that AG Mednet can adequately investigate. Reports of concerns or complaints will be handled with sensitivity, discretion, and confidentiality to the extent allowed by the circumstances and law.