AG Mednet, Inc. (“AGM”), a Delaware corporation headquartered in the United States, respects the
privacy of clients, employees, business partners, and other individuals with whom it interacts. AGM treats
Personal Information (as defined in Section 2 below) in accordance with applicable legal requirements.
Personal Information, including through its website and its commercially available products and services
prospective clients and their representatives, suppliers and business partners and other parties impacted
by the use of Services.
AGM has designated a Privacy Officer and a Security Officer who are responsible for privacy policies and
procedures, compliance and related issues. AGM limits access to Personal Information to those
employees, contractors or other third parties who have a business need for that information. Access is
reviewed as job duties or other responsibilities change. AGM employees, contractors or other third parties
AGM complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework
as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal
Information transferred to the United States from the European Union (“EU”), the United Kingdom (“UK”)
and Switzerland in reliance on Privacy Shield. Please see Section 7 of this Policy for additional
information regarding Privacy Shield.
be used to identify that individual either on its own or with other readily available data. Personal
Information does not include information that is publicly available or has been encoded, encrypted, de-
identified, or anonymized in accordance with applicable legal requirements.
AGM collects Personal Information to operate effectively and efficiently and to deliver its Services to its
clients. Personal Information collected by AGM includes, but is not limited to:
Name and contact information. First and last name, email address, postal address, phone number, and other similar data.
AGM does not collect identifiable health information or protected health information (“PHI”) as defined by the Health Insurance Portability and Accountability Act (“HIPAA”). AGM’s Judi Collaboration Platform (“Judi”) includes features to properly de-identify documents and images (prior to leaving the client’s or other sender’s workstation) and enforce de-identification workflows according to protocol requirements. If notified by the client that data retained by AGM contains Personal information, including PHI, AGM will work with the client to remove such data from its database and to alter the de-identification workflow as required by the client to eliminate future occurrences. Information collected by Judi is limited to subject identification number, clinical site identification number, and de-identified patient health information.
AGM uses Personal Information to establish and manage its relationship with its clients and to perform any related functions, including providing Services and related communications.
For example, AGM may use Personal Information to:
Certain Personal Information will be reported to government and regulatory authorities where required by law and for tax or other purposes. Personal Information may also be released to external parties as required or permitted by employment or other statutes and regulations, or by legal process, as well as to parties to whom individuals expressly authorize AGM to release their Personal Information. AGM will not sell any Personal Information to any third party other than in connection with the sale or transfer of all, or substantially all of AGM’s business or assets, or in connection with a merger, consolidation, or other reorganization.
AGM may be forced to disclose Personal Information when compelled by a lawful request made by a recognized public authority or where required to meet national security and or law enforcement requirements. AGM is subject to the investigatory and enforcement powers of the Federal Trade Commission and the Food and Drug Administration.
Personal Information may also be made available to third parties providing relevant services under contract, such as auditors and compliance managers, background verification, legal and IT hosting and maintenance providers, among others). AGM will maintain appropriate contractual, security and privacy measures with such third parties including how they hold and maintain any Personal Information that is provided to them.
AGM is committed to taking reasonable steps to ensure that Personal Information is secure. In order to prevent unauthorized loss, alternation, destruction, access, use or disclosure of Personal Information, AGM maintains reasonable physical, administrative and technical safeguards, including but not limited to the following:
Individuals whose Personal Information has been collected by AGM have the right to access that data for review, modification or deletion.
Access to review, modify and or delete your Personal Information or otherwise manage the use and disclosure of Personal Information (“opt-out”) may be initiated by contacting AGM as provided below in Section 9 of this Policy.
Even after it has processed your request for a change or deletion, AGM may retain certain residual information in the backup and/or archival copies of AGM’s database for audit purposes, for its clients’ protection, and to comply with laws or regulations. For example, AGM will retain certain audit trail information for at least as long as is required for the subject electronic records, and it will be available for agency review and copying.
Within Judi, AGM does not monitor the content of data, documents, and images on the network for Personal Information. If notified by the client that data retained by AGM contains Personal information, AGM will work with the client to remove such data from its database and to alter the de-identification workflow as required by the client to eliminate future occurrences.
In certain situations, AGM may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, AGM is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
AGM’s accountability for Personal Information that it receives in the United States under Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, AGM remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process Personal Information on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless AGM proves that it is not responsible for the event giving rise to the damage.
In instances in which AGM receives Personal Information in providing Services to its clients, such clients are responsible for providing appropriate notice to (and obtaining any necessary consent from) the individuals whose Personal Information is transferred to the US.
Pursuant to the Privacy Shield Frameworks, individuals in the EU, UK, and Switzerland have the right to obtain confirmation of whether AGM maintains Personal Information relating to such individuals in the United States, and to correct, amend or delete that information. If an individual requests that AGM remove data, AGM will respond within a reasonable timeframe.
AGM will provide an individual opt-out choice, or opt-in for sensitive data in accordance with Privacy Shield Principles before sharing the individual’s data with third parties other than its agents, or before AGM uses it for a purpose other than which it was originally collected or subsequently authorized.
In compliance with the Privacy Shield Principles, AGM commits to resolve complaints about EU, UK and Swiss individual’s privacy and AGM’s collection or use of Personal Information transferred to the United States pursuant to Privacy Shield.
All complaints or requests to remove or limit the use of and disclosure of Personal Information transferred to the United States pursuant to Privacy Shield should be sent to the Privacy Officer at the address provided in Section 9 below:
AGM has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. Individuals who do not receive timely acknowledgment of a complaint, or if a complaint is not satisfactorily addressed, should visit https://bbbprograms.org/privacy-shield-complaints for more information and to file a complaint. This service is provided free of charge.
If a Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, individuals may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
AG Mednet, Inc.
2 Atlantic Avenue
Boston, MA 02110