COVIANCE PRIVACY POLICY

Here at Coviance, we take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use, and share your Personal Information. It also explains your rights in relation to your Personal Information and how to contact us or supervisory authorities in the event you have a complaint.

Key Terms

It would be helpful to start by explaining some key terms used in this policy:

We, Us, OurCoviance, Inc.
Personal InformationAny information relating to an identified or identifiable individual
Websitewww.coviance.com and all sub-domains, including secure.coviance.com & Coviance Platform
CustomerAny person or entity that is registered with Coviance to use Coviance’s services

Personal Information We Collect About You

We may collect and use the following Personal Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household:

Categories of Personal Information
Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, or other similar identifiers)
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual (e.g., their name, signature, telephone number, or other similar information
Characteristics of protected classifications under California or federal law.
Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, geolocation data, or advertisement)
Geolocation
Professional or employment-related information

This Personal Information is required to provide services to you. If you do not provide Personal Information we ask for, it may delay or prevent us from providing services to you.

How Your Personal Information is Collected

We collect most of this Personal Information directly from you  — by telephone, text, email and/or via our website. However, we may also collect information:

  • From publicly accessible sources;
  • Directly from a third party;
  • From a third party with your consent;
  • From cookies on our website—for more information on our use of cookies, please see our Cookies/Web Beacons section below
  • Via our IT systems, including:some text
    • Automated monitoring of our websites and other technical systems, such as our computer networks and connections;
    • Communications systems

How and Why We Use Your Personal Information

Under data protection law, we can only use your Personal Information if we have a proper reason for doing so, e.g.,:

  • To comply with our legal and regulatory obligations;
  • For the performance of contracted services or before entering into a contract as required by the contracting parties;
  • For our legitimate interests or those of a third party, as described above; or
  • Where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

What we use your Personal Information forOur reasons
To provide servicesFor the performance of our contract or to take steps at your request before entering into a contract
To prevent and detect fraudFor our legitimate interests or those of a third party, i.e., to minimize fraud that could be damaging for us and for you

Conducting checks to identify our customers and verify their identity
Screening for financial and other sanctions or embargoes
Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g., under health and safety regulation or rules issued by our professional regulator

To comply with our legal and regulatory obligations
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodiesTo comply with our legal and regulatory obligations
Ensuring business policies are adhered to, e.g., policies covering security and internet useFor our legitimate interests or those of a third party, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality controlFor our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price
Ensuring the confidentiality of commercially sensitive information

For our legitimate interests or those of a third party, i.e., to protect trade secrets and other commercially valuable information
To comply with our legal and regulatory obligations

Statistical analysis to help us manage our business, e.g., in relation to Improve content of the Website, Respond to inquiryFor our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price.
Preventing unauthorized access and modifications to systems

For our legitimate interests or those of a third party, i.e., to prevent and detect criminal activity that could be damaging for us and for you
To comply with our legal and regulatory obligations.

Updating and enhancing customer records

For the performance of our contract with you or to take steps at your request before entering into a contract
To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party, e.g., making sure that we can keep in touch with our customers about existing orders and new products.

Statutory returnsTo comply with our legal and regulatory obligations
Ensuring safe working practices, staff administration and assessments

To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party, e.g., to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you.

Marketing our services to:
—existing and former customers;
—third parties who have previously expressed an interest in our services;
—third parties with whom we have had no previous dealings.

For our legitimate interests or those of a third party, i.e., to promote our business to existing and former customers
External audits and quality checks, e.g., audit of our accounts

For our legitimate interests or a those of a third party, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards
To comply with our legal and regulatory obligations

The table below explains what we use (process) your Personal Information for and our reasons for doing so:

Promotional Communications

We may use your Personal Information to send you updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions or new services.

We have a legitimate interest in processing your Personal Information for promotional purposes (see above “How and why we use your Personal Information”). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your Personal Information with the utmost respect and never sell or share it with other organizations outside Coviance for marketing purposes.

You have the right to opt out of receiving promotional communications at any time by:

  • Contacting us at privacy@coviance.com; or
  • Using the “unsubscribe” link in emails or “STOP” number in texts; or

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

Who We Share Your Personal Information With

We routinely share Personal Information with:

  • Service providers we use to help deliver our services to you;
  • Other third party providers we use to help us run our business;
  • Third parties approved by you;

We only allow our third party  providers to handle your Personal Information if we are satisfied they take appropriate measures to protect your Personal Information. We also impose contractual obligations on our third party providers ensuring they can only use your Personal Information to provide services to us and to you. We may also share Personal Information with external auditors, e.g., in relation to SOC certification and the audit of our accounts.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We will not share your Personal Information with any other third party.

Personal Information We Sold or Disclosed for a Business Purpose

In the preceding 12 months, we have not sold any Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

How Long Your Personal Information Will Be Kept

We will keep your Personal Information while we are providing services to you. Thereafter, we will keep your Personal Information for as long as is necessary:

  • To respond to any questions, complaints or claims made by you or on your behalf;
  • To show that we treated you fairly;
  • To keep records required by law.

We will not retain your Personal Information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of Personal Information.

We may keep an anonymized form of your Personal Information, which will no longer refer to you, to the extent that we have a legitimate and lawful interest in doing so.

Cookies/Web Beacons

The Website uses “cookie” technology to measure Website activity and to collect information such as browser type, time spent on the Website, pages visited and other information about your visit to the Website. Cookies are also used to prefill information previously entered into forms and to customize information to your personal tastes. A cookie is an element of data that an internet site can send to your browser. Cookies are stored on your computer. We may share information about you that we collect through a cookie with third-parties who help us analyze Website data.

If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. You may also wish to refer to: https://www.allaboutcookies.org. If, however, you do not accept our cookies, you may experience some inconvenience in your use of the Website.

We may also include small graphic images called web beacons, also known as “Internet tags” or “clear gifs,” in our web pages and email messages. We may use web beacons or similar technologies for a number of purposes, including, without limitation, to count the number of visitors to the Website, to monitor how users navigate the Website, and to count how many emails that we sent were actually opened or how many particular articles or links were actually viewed.

We may also use embedded scripts on the Website. An embedded script is programming code that is designed to collect information about your interactions with the Website. It is temporarily downloaded onto your computer from our web server or a third party with whom we work, is active only while you are connected to the Website, and is deleted or deactivated thereafter.

Automatically-collected information about you, such as how you interact with the Website, may be combined with your Personal Information. If we associate any such automatically-collected information with Personal Information about you, we will treat the combined information as Personal Information. 

The Website may use third party analytics and advertising cookies, such as Google Analytics, to help us understand how you use the Website so we can improve its design and functionality. The information collected through the use of analytics may include: your IP address, the website from which you visited us, the type of device you used, what pages of the Website you visited, and which elements of the Website you interacted with. We use this information to help us analyze how you use the Website, improving and developing the Website, and monitoring and analyzing use of the Website. You can opt out from the use of Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add On.

Compliance with Privacy Laws

Coviance complies with the data protection and privacy laws to which it is subject. You should familiarize yourself with those laws, including any exceptions which may apply under them. You should also be aware that privacy laws in various jurisdictions may change from time to time. Except to the extent expressly stated otherwise in this Privacy Policy, Coviance accepts no obligations with respect to the handling of Personal Information other than those mandated by law.

California Privacy Rights

This section of the Policy applies solely to those individuals who reside in the State of California. We are providing this policy in compliance with the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), and other applicable California privacy laws. Any terms used in this section that are not defined in the Policy itself have the same definition as used in the CCPA/CPRA, and its implementing regulations.

Our Collection, Use, and Disclosure of Consumer Personal Information

We collect, use, and disclose California consumers’ Personal Information as previously described in this privacy policy. Please see “Personal Information We Collect About You”, “How Your Personal Information is Collected”, “How and Why We Use Your Personal Information”, & “Who We Share Your Personal Information With”

California Consumer Rights

If you are a California resident, you may ask Us to disclose what Personal Information we have about you and what we do with that information, to delete your Personal Information, to direct Us not to sell or share your Personal Information, to correct inaccurate information that we have about you, and to limit our use and disclosure of your sensitive Personal Information:

  • Right to know: You can request that we disclose to you: (1) the categories and/or specific pieces of Personal Information we have collected about you, (2) the categories of sources for that Personal Information, (3) the purposes for which we use that information, (4) the categories of third parties with whom we disclose the information, and (5) the categories of information that we sell or disclose to third parties. You can make a request to know up to twice a year, free of charge.
  • Right to delete: You can request that we delete Personal Information we collected from you and tell our service providers to do the same, subject to certain exceptions (such as if we are legally required to keep the information).
  • Right to opt-out of sale or sharing: You may request that we stop selling or sharing your Personal Information (“opt-out”), including via a user-enabled global privacy control. We cannot sell or share your Personal Information after we receive your opt-out request unless you later authorize us to do so again.
  • Right to correct: You may ask us to correct inaccurate information that we have about you.
  • Right to limit use and disclosure of sensitive Personal Information: You can direct us to only use your sensitive Personal Information (for example, your social security number, financial account information, your precise geolocation data, or your genetic data) for limited purposes, such as providing you with the services you requested.

You also have the right to be notified, before or at the point we collect your Personal Information, of the types of Personal Information we are collecting and what we may do with that information. Generally, we cannot discriminate against you for exercising your rights under the CCPA. We cannot make you waive these rights, and any contract provision that says you waive these rights is unenforceable.

Colorado, Connecticut, Utah and Virginia

Eligible residents of Colorado, Connecticut, Utah and Virginia also have rights with respect to the Personal Information that We collect about you. This section applies solely to eligible residents of Colorado, Connecticut, Utah and Virginia.

Any terms not defined in this section have the same meaning as defined under applicable Colorado, Connecticut, Utah and Virginia privacy law, including the Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act and Virginia Consumer Data Protection Act. Subject to certain exceptions, if you are an eligible resident of one of these states, you have certain privacy rights which may include, depending on your state of residency:

  • Right to Access: You have the right to confirm whether We process your Personal Information and access such Personal Information. You also have the right to obtain your Personal Information in a portable, and to the extent reasonably feasible, readily usable format that you can transmit without hindrance. 
  • Right to Delete: You have the right to request that We delete the Personal Information you have provided to us or that We have otherwise obtained about you. 
  • Right to Correct: You have the right to request that We correct inaccuracies in your Personal Information, taking into account the nature of the Personal Information and the purposes of the processing of your Personal Information.
  • Right to Opt Out: You have the right to opt out of the processing of your Personal Information for the purposes of (i) targeted advertising, (ii) the sale of your Personal Information and (iii) profiling in furtherance of decisions, including, for eligible residents of Connecticut, solely automated decisions, that produce legal or similarly significant effects. 
  • Right to Appeal: You have the right to appeal Our decision with regard to your request to exercise any rights described herein.

How to Exercise Your Rights

If you would like to exercise any of your rights as described in this Privacy Policy, please:

  • Call us, toll-free, at 855-525-6730; or
  • Email us at privacy@coviance.com.

Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.

If you choose to contact directly by phone or email, you will need to provide us with:

  • Enough information to identify you;
  • Proof of your identity and address; and
  • A description of what right you want to exercise and the information to which your request relates.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person’s behalf.

Any Personal Information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

Keeping Your Personal Information Secure

We have appropriate security measures in place to prevent Personal Information from being accidentally lost, used or accessed in an unauthorized way. We limit access to your Personal Information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. We employ encryption technologies to protect Personal Information and maintain a current data flow diagram identifying the flow of Personal Information.

Third Party Websites

There may be hyperlinks on the Website to other websites or locations that are operated and controlled by third parties (“Third Party Websites”). These Third-Party Websites may solicit Personal Information from you. We make no representations regarding the policies or business practices of such Third Party Websites and encourage you to familiarize yourself with their privacy policies before providing them with your Personal Information.

Children’s Online Privacy

Our Website is not intended for children under the age of 13. We do not intentionally or knowingly collect Personal Information from children under the age of 13 and we request that individuals under the age of 13 do not submit any Personal Information on the Website. If we learn that we have received identifying information from a user under the age of 13, we will delete this information.

Changes to this Statement

Coviance may from time to time and without prior notice revise this Privacy Policy. Any changes will be effective immediately when the revised Policy is posted on the Website unless stated otherwise. We will not, however, use your Personal Information in a manner materially different than what was stated in the Privacy Policy posted on the Website at the time your Personal Information was collected unless we receive your consent.

Contacting Us

If you have any questions about this Privacy Policy, our practices, or your dealings with the Website, you can contact us by mail or email:

Coviance

PO Box 65367

West Des Moines, IA 50265

privacy@coviance.com

Updated: 5/10/2024