Evidence Partners Incorporated

Privacy Statement

Version 3.0 | August 2018

This Privacy Statement lets you know how we’re collecting, using, disclosing and protecting the personal information you entrust to us. We have changed our policies and procedures based on the European General Data Protection Regulation (GDPR).

When we refer to ‘personal information’ or ‘personal data’, we mean information about an identifiable natural person.  In other words, someone we can identify, directly or indirectly, using an identifier like a name, an identification number, location data, an online identifier, or someone we can identify using one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

This Privacy Statement does not apply to data you upload through our software like aggregate health information, clinical trial information, etc., from which you use our software to generate output data (“Customer Data”).  Customer Data is subject to the agreement between you and Evidence Partners when you purchase a subscription to use our software.

We do not knowingly collect, process, or retain any special categories of personal information like personal information of children under the age of 16, personal health information, personal financial information, or any other special category of information.

What Personal Information Does Evidence Partners Collect About Me?

When you purchase a subscription to use our software or opt-in to receive marketing or sales communications from us, we collect the following personal information about you, and/or your organization:

  • Name & address
  • Postal code
  • Phone number
  • Email address for work contact
  • Purchase history
  • Evidence Partners software product/service preferences
  • Payment information

Use of Software

When you and/or your users login to use our software, we also collect:

  • User names and work email addresses, for the purposes of recording use of our system and maintaining the audit logs which are required for regulatory compliance of our software and which are a critical feature of our system.
  • Information about your computer, including your IP address, the type of operating system and browser you use, and your login credentials.
  • What pages you visit on our site, what links you click on, and what changes you make to your studies (including reports generated), again in order to maintain the audit trail and provide software functionality.
  • Performance and use metrics on your use of the system, such as project size, project complexity, system response times and so on, to enable us to continually improve our software and the user experience.

Use of Website, Cookies, and Tracking Technology

When you visit our website (https://www.evidencepartners.com/), we collect:

  • The personal information you choose to share with us by completing the contact form on the site.
  • Standard IP address, browser type, and navigation information about pages visited from your visit so that we can understand the traffic to our website.
  • Website activity information received anonymously through Google Analytics.

We also make use of browser cookies to provide software functionality for our users and to provide us with additional information about traffic to our site, and your use of the site.

A cookie is a small text file that the website sends to your browser, which then stores the cookie on your hard drive to save you time, provide you with a more meaningful visit, and measure website activity.  We use a pop-up window on our site to ask that you opt-in to our use of cookies in this way.

You can set up your browser to disable cookies at any time.  For instructions on how to disable cookies, please visit the links below:

Do Not Track

As there is not yet a common understanding of how to interpret Do Not Track (“DNT”) signals, Evidence Partners does not current respond to browser DNT signals.

Other Links

Our website contains links to other websites.  If you follow those links, like Twitter, LinkedIn, or other social media icons, you are accessing external websites operated by those entities. Evidence Partners does not have any control over any information you provide to those third-party websites, and you are governed by those entities’ the privacy policies, not this Evidence Partners privacy statement.

How Does Evidence Partners Use Personal Information?

The reasons we collect personal information from you are:

  • To provide customer technical support;
  • To communicate with you regarding administrative matters such as regulatory compliance and software release activities;
  • For contact relationship management including notification to customers of expiring subscriptions or providing you with information such as a blog post notification or white papers that you have requested;
  • To improve our customer service and evaluate customer experience, for example evaluating the compatibility of your browser with Evidence Partners software or asking you to provide feedback on certain features;
  • To conduct security checks and verify identities;
  • To inform you of security breaches and comply with our legal obligations;
  • To receive orders from and corresponding with customers;
  • To complete a sale/transaction, collect fees, process payments, or provide receipts and reports.

In most cases, we will obtain consent from you before we use or disclose your personal information.

Third-Party Service Providers

From time to time we need to disclose your personal information to another company to provide you with our services. For example, we give your name and address to a courier company to complete delivery of a hard copy of our contract together. Third-party service providers we share information with are:

  • Amazon AWS. We use Amazon AWS to host Customer Data and our software platform.  We have very limited access to Customer Data uploaded by you to Amazon AWS.  You are in complete control of your Customer Data and you decide what to collect, what to process, and when to disclose or delete the Customer Data.
  • HubSpot. We use HubSpot to manage our client relationships, develop contact lists, keep contract information, and carry out other marketing and sales tasks.
  • Paypal. We use Paypal to process payments.  We only have access to the last four digits of your credit card number.

We encourage you to review the privacy policies of our third-party service providers.  For security reasons, we have not listed all our third-party service providers here.  We would be happy to discuss your privacy concerns, and can be contacted at privacy@evidencepartners.com.

Sales And Marketing

We like to send you information about our products and services that we think might interest you.  Unless we already have a business relationship with you or you have offered your contact information to us (i.e. business card), we will always ask for your consent to receive sales and marketing information before sending you any communications.

You can always opt-out of our sales and marketing communications.  If you wish to opt-out of receiving sales and marketing communications, please contact privacy@evidencepartners.com or select the unsubscribe link in an email you receive.

We will provide you with our response to that request in a timely fashion, and can make appropriate modifications to our information, up to and including deletion.

Evidence Partners does not otherwise share your information with any third-parties for sales and marketing purposes.

Students

To create and have access to a student account, Evidence Partners requires personal information to verify student status.

If you are a post-secondary student and have submitted your personal information to Evidence Partners to apply for a student account, you acknowledge that you have reached the age of majority in your jurisdiction and that you can give your informed and meaningful consent to our collection, use, retention, disclosure or processing of your personal information.

How Does Evidence Partners Store And Retain Data?

We store your personal information on secure servers at with Amazon Web Services (AWS), US North East.

We retain information throughout the relationship between you and Evidence Partners and as necessary for us to comply with our legal obligations.  Once we no longer need the information for the purpose for which it was collected, we securely dispose of or de-identify the personal information unless otherwise required by law or requested by you in writing under your rights (See: What Rights Do You Have?).

What Rights Do You Have?

You have the right to request access or corrections to your personal information, subject to our legal requirements.  Please send us your request at privacy@evidencepartners.com and we will respond within 30 calendar days.

You also have the right to withdraw your consent for us to collect or process your personal information.  We will endeavor to comply with the withdrawal and adjust our practices regarding your personal information within a reasonable time.  Withdrawing consent does not affect the legality of our collection, use, disclosure, and retention of the information before withdrawal.

If you do not want us to continue contacting you, we will add your contact information to a ‘do not send’ list to comply with your no-contact request.  If you request to be placed on a ‘do not send’ list, your name and limited contact information will be kept on that list.

If you are a European ‘data subject’, or a ‘consumer’ from certain US states, you may also have the right to request that we erase your personal information, under certain conditions; restrict or object to our processing of your personal information; or, request that we transfer your personal information to another organization or directly to you, under certain conditions.  A good explanation of European data subject rights is available on the website of the United Kingdom’s Information Commissioner’s Office.

To exercise any of these rights, please contact us at privacy@evidencepartners.com.

Your activities in the software are tracked only to ensure that the audit logging features of our software are complete. This is required for Evidence Partners to maintain 21 CFR Part 11 regulatory compliance (Code of Federal Regulations), as our customers use that information to support regulatory submissions based on the output from our systems. We are unable to adjust the audit trail in any project in any way. While the specific personal information tracked through software use is minimal and project related only, users should be aware that Evidence Partners will not be able to honour deletion requests relating to software use.

We may still need to send you important information about your DistillerSR account, even if you opt out of receiving other updates from us, to provide you with technical support or otherwise satisfy our legal obligations.

Protecting Personal Information

Evidence Partners protects personal information using technical, physical and administrative methods.

We ensure that all interactions between your computer and our servers for use of our software are encrypted, and we use a number of advanced security features built into our software and associated with our hosting infrastructure to ensure that your personal information remains protected at all times.  The technical security features include:

  • Firewall
  • Intrusion detection software
  • Multi-factor authentication
  • Network encryption
  • Secure password protection
  • Checksums/hash totals

We also implement physical security measures at our facility in Ottawa, Ontario, Canada, such as key-card access to our offices and monitored alarms. Any personal information is kept under lock and key, and only accessed by trained employees with proper clearance on a need-to-know and limited basis.  We limit the creation of printed materials to what is necessary to fulfill our functions to reduce the risk of a security breach, and we ensure that when storing or transporting information appropriate measures are taken such as using sealed envelopes, containers, locks, or equivalent devices.

Access to the backend of the software is restricted to only specific members of Senior Management and certain employees.  All our employees and short-term contractors who have access to personal information have completed national level police checks prior to their engagement at Evidence Partners.  As part of our administrative measures, our Information Security Officer conducts periodic audits and risk assessments to ensure that we maintain up-to-date and appropriate security practices.

The security provisions of Amazon Web Services (AWS) is described in security and compliance whitepapers published by AWS; they can be found by visiting https://aws.amazon.com/whitepapers/#security.

Contact us at privacy@evidencepartners.com for more information on our security practices or user access management policies.

International Transfers

Some of our third-party service providers are based in countries that do not have equivalent privacy and data protection laws in your country of residence. If we share personal information customers in the European Economic Area (“EEA”) with third parties outside the EEA or to a country the European Commission has not deemed ‘adequate’, we ensure the third parties abide by necessary policies and certifications such as a privacy shield, standard contractual data protection clauses, binding corporate rules, or other appropriate legal mechanisms.

Changes To Our Privacy Statement

We keep our Privacy Statement and privacy practices under regular review and will change this Privacy Statement from time to time.  If we make any significant changes, we will notify you of the changes by posting them on our website or sending you an email, and we will change the last updated date at the bottom of this Privacy Statement.

Contact Information

If you have questions or concerns regarding data protection and privacy at Evidence Partners, we encourage you to contact us:

Jonathan Barker, Data Protection Officer
Melanie Rosenblath, Data Controller
Evidence Partners Inc.
505 March Road, Suite 450, Ottawa, Ontario, Canada K2K 3A4
T: 1.844.622.8727 (toll free)
E: privacy@evidencepartners.com

Appropriate Authority

Should you wish to report a complaint or if you feel that Evidence Partners has not addressed your concerns in a satisfactory manner, you can contact the appropriate governmental authority in your jurisdiction.  This would be a data protection authority, information commissioner’s office, or other supervisory authority.

Last Updated: August 23, 2019