This Privacy Shield Notice is provided by Sysmex Inostics Inc, 1812 Ashland Ave, Suite 500, Baltimore MD, 21205, in relation to its certification to the principles established by the E.U.-U.S. Privacy Shield Framework (“Privacy Shield Framework”), as set forth by the Department of Commerce. This document applies to E.U.-U.S. and U.K.-U.S. transfers of personal information subject to the E.U. and/or the U.K. General Data Protection Regulation (“GDPR”), respectively.
Currently, Sysmex Inostics, Inc. relies on the E.U. Standard Contractual Clauses and other mechanisms set forth in the GDPR to legitimize transfers of personal information from the E.U. European Union and/or the United Kingdom to the United States. Although Sysmex Inostics Inc. no longer relies on the Privacy Shield Framework to legitimize such transfers, Sysmex Inostics, Inc. continues to certify its adherence to, and compliance with, the Privacy Shield Framework with respect to the collection, use, and retention of personal information that was previously transferred to the United States, pursuant to the Privacy Shield Framework.
For more information on the Privacy Shield Framework or to view our certifications, please visit https://www.privacyshield.gov/
Privacy Shield Principles
Sysmex Inostics Inc. has committed to uphold the Privacy Shield principles and surrounding requirements in regard to personal information that was transferred to it pursuant to the Privacy Shield Framework. The principles are: Notice; Choice (Consent); Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability.
Scope of Individuals and Personal Information Collected/Purpose of Data Collection
Sysmex Inostics Inc. confirms adherence to the Privacy Shield principles for E.U. and U.K. personal information that was transferred to the U.S. pursuant to the Privacy Shield Framework, in relation to: patient personal data (including that pertaining to clinical laboratory patients and patients for whom clinical or clinical research testing is performed); customer personal data (including that pertaining to healthcare professionals and their staff members, employers, insurance companies, and individuals who interact with us in connection with purchasing Sysmex Inostics’ services); suppliers (including individuals assisting us with our business activities, such as accountants and auditors); and clinical trial participants (including individuals enrolled in research trials whose specimens are submitted to Sysmex Inostics by controllers of clinical testing, CROs or research sites, for purposes of performing laboratory testing). The data of these individuals was processed for the purposes for which it was collected, supporting the performance of clinical testing and clinical research testing, or for related purposes such as quality assurance, auditing, and fulfilling legal and compliance responsibilities.
Contact for Information or Complaints
In compliance with the Privacy Shield principles, Sysmex Inostics Inc. is committed to resolve complaints about its collection or use of personal information collected, used, or retained pursuant to the Privacy Shield Framework. E.U. or U.K. individuals with inquiries or complaints regarding the Privacy Shield policies or practices should first contact our SII Privacy Officer at: privacyofficer@sysmex-inostics.com, or call us at +1-443-759-8650 or within the E.U., call us at +49 40-325907-0. In accordance with our Privacy Shield commitment, Sysmex Inostics Inc. has adopted dispute resolution practices that are designed to evaluate and resolve any complaints or concerns about your privacy and its collection or use of your personal information transferred pursuant to the Privacy Shield Framework within forty-five (45) days of receipt. Sysmex Inostics has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
Third Party Transfers
Sysmex Inostics Inc. may entrust certain personal information pertaining to E.U. or U.K. individuals to third-party partners who assist us with business activities, or who have regulatory or legal oversight responsibilities in relation to certain business activities. Where we do so, Sysmex Inostics Inc. will take steps to ensure that the third parties entrusted with E.U. or U.K. personal information uphold an equivalent level of protection for the data. Sysmex Inostics Inc. understands that we can be held responsible if its business partners entrusted with E.U. or U.K. personal information violate those obligations.
Rights of Individuals to Access Their Data
E.U. and U.K. individuals whose personal information was transferred to us pursuant to the Privacy Shield Framework, have the right to access personal information about them, and to limit use and disclosure of their personal information. With its Privacy Shield certification, Sysmex Inostics Inc. has certified to the Privacy Shield Framework its commitment to respect and uphold those rights. Should you wish to exercise those rights, the company requests that you contact us at: privacyofficer@sysmex-inostics.com, or call us at 1-443-759-8650 or within the E.U., call us at +49 40-325907-0. You may also write to us at: Sysmex Inostics Inc., Attention: Privacy Officer, 1812 Ashland Avenue, Suite 500, Baltimore, MD, 21205 USA. Please note that there are certain limitations on these rights, as described in the Privacy Shield framework.
Disputes
In compliance with the Privacy Shield principles, Sysmex Inostics Inc has certified to the Privacy Shield to resolve complaints about its collection or use of personal information transferred to us pursuant to the Privacy Shield Framework. E.U. and U.K. individuals with inquiries or complaints regarding our Privacy Shield policies or practices should first contact our Privacy Officer at: privacyofficer@sysmex-inostics.com, or call us at +1-443-759-8650 or within the E.U., call us at +49 40-325907-0. In accordance with our Privacy Shield commitment, Sysmex Inostics Inc. has adopted dispute resolution practices that are designed to evaluate and resolve complaints or concerns about the collection, use, or retention of personal information transferred to us pursuant to the Privacy Shield Framework, within forty-five (45) days of receipt. Sysmex Inostics has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
The link for the E.U. Data Protection, Third Party Dispute Resolution provider is shown here: https://edpb.E.U.ropa.E.U./about-edpb/board/members_en
Third Party Dispute Resolution
Sysmex Inostics Inc. has certified to the Privacy Shield to cooperate with the E.U. and U.K. supervisory authorities with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from Sysmex Inostics Inc., or if the company has not addressed your complaint to your satisfaction, you have the right to contact the E.U. or U.K. supervisory authorities for more information or to file a complaint. The services of E.U. and U.K. supervisory authorities are provided at no cost to you.
The link for the E.U. Data Protection, Third Party Dispute Resolution provider is shown here: https://edpb.E.U.ropa.E.U./about-edpb/board/members_en
Regulatory Oversight and Enforcement
Sysmex Inostics Inc. has certified to the Privacy Shield Framework and, with regard to personal information transferred to us pursuant to thereto, is also subject to investigatory and enforcement authority of the U.S. and E.U. agencies who oversee the Privacy Shield Framework, namely the U.S. Federal Trade Commission and the relevant E.U. and U.K. supervisory authorities. Individuals also have a right to file a complaint with these oversight agencies, particularly if you believe your complaint is not satisfactorily resolved by Sysmex Inostics Inc.
Right to Binding Arbitration
In accordance with the Privacy Shield framework, E.U. or U.K. individuals may be able to invoke binding arbitration before a Privacy Shield Panel if they believe that their claim has not been handled by the company in a satisfactory manner.
Law Enforcement Requests
Sysmex Inostics Inc. has certified to the Privacy Shield and is required to disclose personal information in response to lawful requests by public authorities, including compliance with national security or law enforcement requirements.
Conflicts
If there is any conflict between the terms in this privacy policy and the Privacy Shield principles, the Privacy Shield principles will govern.
Effective Date of Notice: July 1, 2022
Document Number: QA002-F04_v03c