Welcome to Sysmex Inostics!

Participation in Data Privacy Framework program (formerly referred to as Privacy Shield)

This Notice is provided by Sysmex Inostics Inc, 1812 Ashland Ave, Suite 500, Baltimore MD, 21205, in relation to its certification to the principles established by the EU U.S. Data Privacy Framework (DFP) Program”), as set forth by the Department of Commerce. This document applies to EU -U.S. and UK -U.S. transfers of personal information subject to the EU and/or the UK General Data Protection Regulation (“GDPR”), respectively.

Currently, Sysmex Inostics, Inc. relies on the EU Standard Contractual Clauses and other mechanisms set forth in the GDPR to legitimize transfers of personal information from the European Union and/or the United Kingdom to the United States. Although Sysmex Inostics Inc. no longer relies on the Data Privacy Framework Program Framework to legitimize such transfers, Sysmex Inostics, Inc. continues to certify its adherence to, and compliance with, the Data Privacy Framework with respect to the collection, use, and retention of personal information that was previously transferred to the United States, pursuant to the Data Privacy Framework (previously known as Privacy Shield Framework).

For more information on the Data Privacy Framework Program or to view our certifications, please visit https://www.data privacy framework.gov

Data Privacy Framework principles

Sysmex Inostics Inc. has committed to uphold the Data Privacy Framework principles and surrounding requirements in regard to personal information that was transferred to it pursuant to the Data Privacy Framework. The principles are: Notice; Choice (Consent); Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability.

Scope of individuals and personal information collected/purpose of data collection

Sysmex Inostics Inc. confirms adherence to the Data Privacy Framework for EU and UK personal information that was transferred to the U.S. pursuant to the Data Privacy Framework (formerly known as Privacy Shield Framework), in relation to: patient personal data (including that pertaining to clinical laboratory patients and patients for whom clinical or clinical research testing is performed); customer personal data (including that pertaining to healthcare professionals and their staff members, employers, insurance companies, and individuals who interact with us in connection with purchasing Sysmex Inostics’ services); suppliers (including individuals assisting us with our business activities, such as accountants and auditors); and clinical trial participants (including individuals enrolled in research trials whose specimens are submitted to Sysmex Inostics Inc. by controllers of clinical testing, CROs or research sites, for purposes of performing laboratory testing). The data of these individuals was processed for the purposes for which it was collected, supporting the performance of clinical testing and clinical research testing, or for related purposes such as quality assurance, auditing, and fulfilling legal and compliance responsibilities.

Contact for information or complaints

In compliance with the Data Privacy Framework principles, Sysmex Inostics Inc. is committed to resolve complaints about its collection or use of personal information collected, used, or retained pursuant to the Data Privacy Framework (formerly known as Privacy Shield Framework). EU or UK individuals with inquiries or complaints regarding the Data Privacy Framework policies or practices should first contact our SII Privacy Officer at: privacyofficer@sysmex-inostics.com, or call us at +1-443-759-8650 or within the EU, call us at +49 40-325907-0. In accordance with our Data Privacy Framework commitment, Sysmex Inostics Inc. has adopted dispute resolution practices that are designed to evaluate and resolve any complaints or concerns about your privacy and its collection or use of your personal information transferred pursuant to the former Privacy Shield Framework within forty-five (45) days of receipt. Sysmex Inostics Inc. has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.

Third party transfers

Sysmex Inostics Inc. may entrust certain personal information pertaining to EU or UK individuals to third-party partners who assist us with business activities, or who have regulatory or legal oversight responsibilities in relation to certain business activities. Where we do so, Sysmex Inostics Inc. will take steps to ensure that the third parties entrusted with EU or UK personal information uphold an equivalent level of protection for the data. Sysmex Inostics Inc. understands that we can be held responsible if its business partners entrusted with EU or UK personal information violate those obligations.

Rights of individuals to access their data

EU and UK individuals whose personal information was transferred to us pursuant to the Data Privacy Framework (formerly known as Privacy Shield Framework), have the right to access personal information about them, and to limit use and disclosure of their personal information. With its Data Privacy Framework certification, Sysmex Inostics Inc. has certified to the Data Privacy Framework its commitment to respect and uphold those rights. Should you wish to exercise those rights, the company requests that you contact us at: privacyofficer@sysmex-inostics.com, or call us at 1-443-759-8650 or within the EU, call us at +49 40- 325907-0. You may also write to us at: Sysmex Inostics Inc., Attention: Privacy Officer, 1812 Ashland Avenue, Suite 500, Baltimore, MD, 21205 USA. Please note that there are certain limitations on these rights, as described in the Privacy Shield framework.

Disputes

In compliance with the Privacy Shield principles, Sysmex Inostics Inc. has certified to the Data Privacy Framework to resolve complaints about its collection or use of personal information transferred to us pursuant to the Data Privacy Framework. EU and UK individuals with inquiries or complaints regarding our Data Privacy Framework policies or practices should first contact our Privacy Officer at: privacyofficer@sysmex-inostics.com, or call us at +1-443-759-8650 or within the EU, call us at +49 40- 325907-0. In accordance with our Data Privacy Framework commitment, Sysmex Inostics Inc. has adopted dispute resolution practices that are designed to evaluate and resolve complaints or concerns about the collection, use or retention of personal information transferred to us pursuant to the Data Privacy Framework, within forty-five (45) days of receipt. Sysmex Inostics has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Data Privacy Framework complaints concerning data transferred from the EU.

The link for the EU Data Protection, Third Party Dispute Resolution provider is shown here: https://edpb.europa.eu/about-edpb/board/members_en

Third party dispute resolution

Sysmex Inostics Inc. has certified to the Data Privacy Framework to cooperate with the EU and UK supervisory authorities with regard to unresolved Data Privacy Framework complaints. If you do not receive timely acknowledgment of your complaint from Sysmex Inostics Inc., or if the company has not addressed your complaint to your satisfaction, you have the right to contact the EU or UK supervisory authorities for more information or to file a complaint. The services of EU and UK supervisory authorities are provided at no cost to you.

The link for the EU Data Protection, Third Party Dispute Resolution provider is shown here: https://edpb.europa.eu/about-edpb/board/members_en

Regulatory oversight and enforcement

Sysmex Inostics Inc. has certified to the Data Privacy Framework and, with regard to personal information transferred to us pursuant to thereto, is also subject to investigatory and enforcement authority of the U.S. and EU agencies who oversee the Data Privacy Framework, namely the U.S. Federal Trade Commission and the relevant EU and UK supervisory authorities. Individuals also have a right to file a complaint with these oversight agencies, particularly if you believe your complaint is not satisfactorily resolved by Sysmex Inostics Inc.

Right to binding arbitration

In accordance with the Data Privacy Framework, EU or UK individuals may be able to invoke binding arbitration before a Data Privacy Framework Panel if they believe that their claim has not been handled by the company in a satisfactory manner.

Law enforcement requests

Sysmex Inostics Inc. has certified to the Data Privacy Framework and is required to disclose personal information in response to lawful requests by public authorities, including compliance with national security or law enforcement requirements.

Conflicts

If there is any conflict between the terms in this privacy policy and the Data Privacy Framework principles, the Data Privacy Framework principles will govern.

Effective date of notice: May 28, 2024

Document number: SAP 1008 QMS_v1.1