Effective Date: December 14, 2018
Blackfynn, Inc. (“Blackfynn”) has submitted certification to the U.S. Department of Commerce that it complies with the EU-US Privacy Shield Framework Principles and the Swiss-US Privacy Shield Framework Principles as set forth by the U.S. Department of Commerce with respect to the personal information that we process on behalf of our clients through our platform, to the extent the personal information is transferred from the EEA or Switzerland to Blackfynn in the United States (“Personal Data”). To learn more about the Privacy Shield program and to view our certification, please visit: https://www.privacyshield.gov/ and https://www.privacyshield.gov/list.
This Privacy Shield Statement explains how Blackfynn complies with the Privacy Principles in handling Personal Data.
The Privacy Shield Privacy Principles are:
- Accountability for Onward Transfer
- Data Integrity & Purpose Limitation
- Recourse, Enforcement & Liability
Our Privacy Shield certification and this Privacy Shield Statement apply to Personal Data - personal information that we process on behalf of our clients through our platform, to the extent the information is transferred from the EEA or Switzerland to Blackfynn in the United States.
Blackfynn’s Role in Processing Personal Data
Blackfynn provides a platform that helps individuals and organizations in the medical community (“Users”) make optimal use of the vast quantities of highly complex medical and healthcare data by integrating the data points into our platform and placing the data into a useful context (the “Services”).
Blackfynn acts as a processor for the Services. This means that Blackfynn is a vendor that processes Personal Data on behalf of and on the instructions of Users. The Users act as data controllers or have been authorized by data controllers to instruct Blackfynn. Users control the purposes for which Blackfynn processes Personal Data, and are responsible for the processing to individuals to whom the Personal Data pertains.
As a processor, Blackfynn relies on its Users to provide notice to individuals regarding our privacy practices associated with the Services. Blackfynn has informed its Users that they are responsible for providing the notice. To assist Users in providing notice, we have provided Users with our Services Privacy Statement, which explains our privacy and security practices with respect to Personal Data.
Blackfynn has informed its Users that they are responsible for providing individuals with any required privacy choices regarding Blackfynn’s processing of Personal Data on behalf of the User. Blackfynn does not use Personal Data for purposes other than to provide our services, and as otherwise authorized by relevant customer agreements. We do not share Personal Data with third parties for those parties’ own purposes, except as follows:
We may share Personal Data with third party service providers that provide services in connection with our platform. We authorize these third parties to access Personal Data only to the extent necessary for them to provide services to Blackfynn or Users.
We may also share Personal Data as required by law or legal process, enforce the terms and conditions that govern the platform, and protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
We may transfer the Personal Data as part of Blackfynn’s platform or other assets in connection with a business transaction, such as a merger, consolidation, acquisition, reorganization, or in the event of bankruptcy. In the event of such a transfer, we will require the transferee to continue to abide by the terms of this Privacy Shield Statement and any customer agreements that govern our processing of the personal information, as specified in detail in the relevant customer agreements.
Accountability for Onward Transfer of Personal Data
Blackfynn may share Personal Data with third party services providers that perform services on behalf of Blackfynn. Blackfynn does not authorize these service providers to use or disclose the Personal Data except as necessary to perform services on behalf of Blackfynn or Blackfynn Users, or to comply with legal requirements. Blackfynn maintains contracts with these providers restricting their access, use and disclosure of Personal Data in compliance with the Privacy Principles, and requiring these providers to appropriately safeguard the privacy and security of the Personal Data they process. Blackfynn may be liable if these third parties fail to meet those obligations, and Blackfynn is responsible for the event giving rise to the damage. If Blackfynn has knowledge that a third party to which it has disclosed Personal Data subject to this Privacy Shield Statement is processing such Personal Data in a way that is inconsistent with the Principles, or if Blackfynn has knowledge that such third party is no longer capable of processing such Personal Data consistent with the Principles, Blackfynn will take reasonable and appropriate steps to prevent or stop and remediate such processing.
Blackfynn takes reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration and destruction, as further described in our Security Overview webpage.
Data Integrity and Purpose Limitation
Blackfynn limits the Personal Data it collects to the Personal Data that is relevant for the purpose(s) for which it is being processed. Blackfynn does not use Personal Data for purposes incompatible with the purpose(s) for which it was collected.
In addition, Blackfynn takes reasonable steps to ensure that the Personal Data it processes is reliable for its intended use and is accurate, complete and current. Blackfynn depends on its Users to provide accurate Personal Data to Blackfynn and to correct and keep such Personal Data up to date, or to instruct merchants and consumers to do so.
Users are responsible for responding to requests that individuals submit to exercise any privacy rights, to the extent such requests are submitted by or on behalf of individuals to whom the personal information the Users process using the platform pertains. Blackfynn will assist Users in responding to such requests as set forth in the customer contract.
Recourse, Enforcement and Liability
Blackfynn has established procedures for periodically reviewing and verifying the accuracy of this Privacy Shield Statement, for verifying the company’s implementation of and compliance with the Principles, and for remedying any issues identified during such reviews. Blackfynn conducts an annual self-assessment of its Personal Data practices to verify that the attestations and assertions the company makes about its privacy practices are true, that the company’s privacy practices have been implemented as represented, and that any identified issues have been remedied. Blackfynn personnel with access to the Personal Data covered by this policy are responsible for conducting themselves in accordance with the policies described in this Privacy Shield Statement, the failure of which may result in disciplinary action up to and including termination.
Individuals may make an inquiry or file a complaint concerning Blackfynn’s processing of their Personal Data by emailing email@example.com. Blackfynn will respond to any such inquiries or complaints within forty-five (45) days. If Blackfynn fails to respond or to adequately address a complaint, individuals may contact Blackfynn’s independent dispute resolution provider, JAMS, at no cost. More information about JAMS and how to file a complaint is available at https://www.jamsadr.com/eu-us-privacy-shield. If neither Blackfynn nor JAMS resolves an individual's complaint, the individual may have the ability to engage in binding arbitration through the Privacy Shield Panel. Additional information on the arbitration process is available on the Privacy Shield website at http://www.privacyshield.gov.
US Federal Trade Commission Jurisdiction
Blackfynn’s commitments under the Principles are subject to the jurisdiction and the investigatory and enforcement authority of the United States Federal Trade Commission.
Blackfynn may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have any questions, comments or concerns about this Privacy Shield Statement, please contact us at firstname.lastname@example.org.