Privacy Policy - TriNetX

Privacy Policy

TriNetX Privacy Policy

Last Updated on March 17, 2023

This Privacy Policy (the “Privacy Policy”) is intended to inform you of TriNetX, LLC.’s policies and practices regarding the main conditions governing the collection, use, and disclosure of personal information that you provide to TriNetX, LLC. (“TriNetX,” “we,” “us,” or “our”) and our corporate affiliates when you use our platform known as TNX™ (“TNX”) which includes TriNetX Live™, TriNetX Research™, TriNetX Services™, and our websites (www.trinetx.com and open.trinetx.com) (collectively, our “Services”). These conditions will apply subject to the specific provisions applicable to you depending on the country where you are located.

If you are a resident of California, please see Appendix 1, our “Additional Information for California Residents” section below for information about our processing of your personal information and your rights under California privacy laws.

If you are located in the European Economic Area (EEA), please see Appendix 2, our “Additional Information for EEA Residents” for information about the conditions of our processing of your personal information and your rights under the General Data Protection Regulation (GDPR) and the law of your country.

If you are located in Brazil, Argentina, Colombia, Chile, Mexico, Australia, Taiwan, Israel, or UAE please click through to the country specific appendix for additional information about the conditions of our processing of your personal information under the data protection law of your country of residence.

When reading this Privacy Policy, the term “Privacy Policy” will include the main body below and the relevant appendix applicable to you depending on where you are located.

This Privacy Policy is subject to occasional revision(s), and any changes will be posted on this page. You are urged to return to check the Privacy Policy and the relevant appendix depending on where you are located for the latest updates. By accessing our Services or sending us personal information, you acknowledge this Privacy Policy and the relevant appendix apply to our handling of your personal information.

1) SCOPE

Except as otherwise noted below, this Privacy Policy applies to the personal information that we process related to:

    • users of our Services;
    • individuals who register for or participate in our webinars and other events;
    • individuals who are subscribed to receive news, information and marketing communications from us;
    • individuals who participate in surveys and research conducted by us to the extent such research is not conducted for, or on behalf of, our business clients; and
    • individuals that communicate with us or otherwise engage with us related to our Services.

Not In Scope. This Privacy Policy does not apply to the personal information we collect and process about TriNetX employees, personnel, job applicants, or candidates. In addition, this Privacy Policy does not apply to the extent we process personal information, as a processor or service provider, on behalf of our business clients (“Client Content”). Our processing of Client Content is subject to the terms of our contracts with each business client, who is the controller and business for the Client Content that we process on their behalf.

Additional Notices.  In some cases, we may provide additional or supplemental privacy notices (each an “additional notice”). For example, we may provide an additional notice to job applicants or as required depending on where you are located or the context of the processing. The additional notice will control to the extent there is a conflict with this Privacy Policy.

2) INFORMATION WE COLLECT

As further described below, TriNetX collects personal information directly from individuals, from third parties, and automatically while a visitor uses our Services.

Personal Information Collected Directly.  The personal information we collect from you depends upon how you use our Services or otherwise interact or engage with us, but generally includes:

a) Account and Profile information: When you register for an account with us, we collect certain personal information from you, such as your first name, last name, e-mail address, and encrypted login credentials which are mandatory for the use of TNX. You also have the option to provide to us your business title, office phone number, and cell phone number which would make it easier for us to provide support. Please note: your user account is generally managed by your company (our client), and therefore we may have limited ability to take independent action regarding your account.

 b) Site Administrator-Provided Information. When our business clients engage us to use TNX, they nominate a site administrator who is responsible for creating accounts for employees to whom they would like to provide access to TNX. The information is provided directly by your employer’s nominated site administrator and not solicited by us through any other source.

 c) Communications and Interactions: We collect other content that you may submit to our website, for example when you communicate with us, provide us feedback, or when you participate in any interactive features, surveys, contests, promotions, sweepstakes, activities, or events.

 d) Contact information for Marketing purposes: We may collect contact information such as your first name, last name, email address, company and title to inform you about our products and services from time to time.

Personal information from Third Parties. We may collect personal information about you from third party sources, such as your employer, subscription-based and publicly available lead databases, joint marketing partners, conference organizers, social media platforms, or other third parties. Please see the applicable Addenda for details of data collected as required in your jurisdiction.

Personal information Collected Automatically.  We automatically collect personal information related to your use of our Services and interactions with us and others, including information we collect automatically (e.g., using cookies and pixel tags), as well as information we derive about you and your use of the Services. Such information includes:

a) Device and browsing information. We may use cookies, log files, pixel tags and other tracking technologies to automatically collect information when users access or use our Services, such as IP address, general location information, domain name, page views, a date/time stamp, browser type, device type, device ID, Internet service provider, referring and exiting URLs, operating system, language, clickstream data, and similar device and usage information.

b) Activities and usage. We also collect activity information related to your use of the Services, such as information about the links clicked, searches, features used, items viewed, and time spent within the Services.

c) Location information. We may collect or derive location information about you, such as through your IP address.

3) USE OF PERSONAL INFORMATION

Generally, we collect, use, disclose and otherwise process the personal information we collect for the following purposes:

a) To provide our Services and customer support: We use personal information to support the use of our Services, and provide you with information about feature enhancements, bug fixes, security patches and other changes to TNX, including system notifications, and training as well as news and materials related to other TriNetX products and services.

b) Analytics and improvement. We use personal information to better understand how users access and use the Services, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop services and features, and for internal quality control and training purposes.

c) Security and protection of rights. We use personal information to protect the Services and our business operations; to protect our rights or those of our stakeholders; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use.

d) To market and promote TriNetX Products and Services. We may use your personal information to send promotional communications that may be of specific interest to you subject to the requirements of the law applicable in your country. We also communicate with you about new product offers and promotions. You can control whether you receive these communications as described below under “Opt-out of communications.”

e) Compliance and legal process. We use personal information to comply with the law and our legal obligations, to respond to legal process and related to legal proceedings.

4) DISCLOSURE OF PERSONAL INFORMATION 

We may disclose the personal information we collect for the purposes described above to the following categories of recipients or in the following situations:

a) Vendors and service providers. We may disclose personal information we collect to our service providers, processors, and others who perform functions on our behalf. These may include, for example, IT service providers, help desk, payment processors, analytics providers, consultants, event service providers, advertising providers, auditors, and legal counsel.

b) Subsidiaries and Affiliates. We may disclose personal information on a need-to-know basis to our subsidiaries or affiliated companies to help us support our Services. These subsidiaries and affiliates will use the disclosed personal information in line with this Privacy Policy.

c) Business Transfers. We may share information if all or part of TNX is sold, merged, dissolved, acquired, or in a similar transaction. We may also share certain personal data as necessary prior to the completion of such a transaction or corporate transactions such as financings or restructurings, such as to lenders, auditors, and third-party advisors, including attorneys and consultants, as part of due diligence, or as necessary to plan for a transfer.

d) Compliance and legal obligations. We may also disclose personal information to comply with our legal and compliance obligations and to respond to legal process. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. This may include regulators, government entities, and law enforcement as required by law or legal process. In addition, it may include certain disclosures that we are required to make under applicable laws.

e) Security and protection of rights. We may disclose personal information where we believe doing so is necessary to protect the Services, our rights and property, or the rights, property, and safety of others. For example, we may disclose personal information to (i) prevent, detect, investigate and respond to fraud, unauthorized activities and access, illegal activities, and misuse of the Services, (ii) situations involving potential threats to the health, safety or legal rights of any person or third party, or (iii) enforce, and detect, investigate and take action in response to violations of, our Terms of Use.

5) COOKIES AND OTHER TRACKING TECHNOLOGIES

We, and our third-party providers, use cookies, pixels, tags, and other similar tracking mechanisms to automatically collect information about browsing activity, type of device and similar information within our Services, and to target advertising and content across our Services and third-party sites and services.

For more information about how we use cookies or other trackers on our site please consult our cookie policy [https://trinetx.com/cookie-policy].

6) RETENTION OF PERSONAL INFORMATION

How long we keep personal information we collect depends on the context of our collection, the purpose for which we collect your personal information and our relationship with you, subject to the requirements under applicable laws.  Once we no longer have a reason to maintain personal information, we will either delete or anonymize the information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible, to the extent allowed by applicable law.

a) Account and Profile information: We retain your account and profile information for as long as your account remains active and until such time as your company directs us to delete it, as the one responsible for managing your account. Where we retain information for product improvement and development, we take steps to anonymize your personal information and eliminate information that directly identifies you.

b) Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences for the term allowed by applicable law, (which may, depending on where you live, start from the last contact with you such as from the date you last expressed interest in our products and services, such as when you last opened an email from us or stopped using your account).

7) YOUR PRIVACY CHOICES

You have choices available to you when it comes to your accessing and controlling your information. Below is a summary of those choices, how to exercise them and any limitations. If you are located in the EEA, or a resident of California, you may have additional privacy choices.

a) Access and update your information: TNX gives you the ability to access and update certain information about yourself from the Account Profile page. You can update your profile information within your profile settings and modify content that contains information about you using the editing tools associated with that content.

b) Deactivating/deleting your Account: If you no longer wish to use TNX, please contact your administrator to deactivate your account. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact TNX Support. Please be aware that, depending on where you live, deactivating your account may not delete all your information; we may need to retain certain information for legal and regulatory compliance purposes or to comply with our contractual obligations to our clients.

c) Opt-out of communications: You may opt out of receiving promotional communications from TNX by using the unsubscribe link within each email, updating your email preferences, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database.

8) CHILDREN UNDER 18 YEARS OF AGE

You should be aware that TNX is not intended for, nor designed to be used by, children under the age of 18 and as such, TriNetX does not intentionally gather information about visitors who are under the age of 18. If we discover that a child under 18 has provided us with personal information in violation of applicable law, we will delete such information from our systems. If you’re a parent and you believe we have collected your child’s information in violation of applicable law, please contact us as set forth below.

10) CONTACT US

If you have questions or concerns about how your information is handled, please direct your inquiry to the contact indicated in the relevant Appendix, or to:

TRINETX, LLC.
125 Cambridgepark Dr, Suite #500
Cambridge, MA 02140, USA
Email: Privacy@TriNetX.com

APPENDIX 1: ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

This California Privacy Policy and Notice (“CCPA Notice”) provides specific information for residents of California who interact with TriNetX or our Services. This CCPA Notice is intended to satisfy the requirements of the California Consumer Privacy Act (“CCPA”) (Cal Civ. Code § 1798.100 et seq.), as amended by the California Privacy Rights Act (“CPRA”). The purpose of this Notice is to help you understand how TriNetX collects, uses, and discloses your Personal Information, and any privacy rights you may have.

A) Service Provider

When we collect Personal Information on for or on behalf of our business clients we act as service providers under the CCPA. This means that we collect and use personal information on behalf of another company. Where your Personal Information is processed by TriNetX acting as a service provider, our business clients’ privacy policy should explain its privacy practices, and you should submit any request to exercise CCPA rights directly to that company.

B) Personal Information We Collect and How We Use It

As further described below, we collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household (“Personal Information”). Please note that, for purposes of this Notice, Personal Information does not include the following:

    • Publicly Available Information. Information that is lawfully made available from government records, information we have a reasonable basis to believe is lawfully made available to the general public by you or by widely distributed media, or by a person to whom you have disclosed the information and not restricted it to a specific audience.
    • Deidentified or Aggregated Information. Information that is deidentified or aggregated.
    • HIPAA PHI. Protected Health Information subject to the Health Insurance Privacy and Accountability Act.

Additionally, as with our Privacy Policy, this CCPA Notice does not apply to job applicants or employees who are California residents. We may provide additional notices that cover these groups of individuals.

C) Categories of Personal Information We Collect

The table below describes the categories of Personal Information that we may collect, use, disclosure, and sell/share (or have collected, used, disclosed, or sold/shared in the preceding 12 months). We will not collect additional categories of Personal Information without first providing notice. Some Personal Information included in the categories below may overlap with other categories.

Categories of Personal Information Collected Whether We Disclose For Business Purposes Whether We Sell or Share
Name, contact information, and other identifiers, such as real name, alias, address, email address, date of birth, unique personal identifier, online identifier, Internet Protocol (IP) address, social security number, driver’s license number, passport number, or other similar identifiers. Yes No
Professional or employment-related information, such as employment history, qualifications, licensing, disciplinary record, or any other related information. Yes No
Audio, visual, or similar information, such as audio, electronic, visual, or similar information, including information collected via call recordings, recorded meetings, videos, photographs, and CCTV footage to secure our offices and premises. Yes No
Network activity information, such as Internet, or other electronic network activity information including, but not limited to, browsing history, clickstream data, and search history, as well as interactions with our portals, websites, applications, or advertisements. Yes Yes
Inferences and preferences, such as inferences drawn from any of the information described above reflecting preferences, characteristics, attitudes, behaviors, and abilities. Yes No

D) Purposes for Which Personal Information is Used

The categories of Personal Information described above are used for the purposes described in Section 3, Use of Personal Information (and have been used for these purposes in the preceding 12 months).

E) Retention of Personal Information

We will retain the categories of Personal Information we collect for as long as reasonably necessary to support our ongoing legitimate business needs and to carry out the purposes described in this Notice or as otherwise required by applicable law. For example, we will retain Personal Information for as long as you maintain a user account with us, and for a reasonable period of time thereafter in line with our retention policies.

F) Deidentification of Personal Information

Occasionally, we may deidentify Personal Information and use the deidentified information for our internal purposes. We commit to maintaining and using this information in deidentified form and will not attempt to reidentify the information except to determine whether our deidentification process is effective.

G) Rights Regarding Your Personal Information

Under the CCPA, you may have various rights regarding the Personal Information we collect, including:

  • Right to Know. With respect to the Personal Information we have collected about you in the prior (twelve) 12 months, you have the right to request from us (up to twice per year and subject to certain exemptions and carveouts):
    • The categories of Personal Information we collected about you;
    • The sources from which we have collected that Personal Information;
    • Our business or commercial purpose for collecting, selling, or sharing that Personal Information;
    • The categories of third parties to whom we have disclosed that Personal Information; and
    • A copy of the specific pieces of your Personal Information we have collected.
  • Right to Correct. Subject to certain restrictions, you have the right to request that we correct inaccuracies in your Personal Information.
  • Right to Delete. Subject to certain conditions and exceptions, you have the right to request deletion of your Personal Information that we have collected about you.
  • Right to Opt-Out. You have the right to opt-out of “sales” and “sharing” of your Personal Information, as those terms are defined under the CCPA. While we do not sell Personal Information in the traditional sense (i.e., for money), we may be considered to be “selling” or “sharing” Personal Information because of our use of third-party ad cookies and analytics providers. We do not and will not sell personal information if we have actual knowledge that the consumer is less than 16 years of age, unless we receive affirmative authorization (“opt-in”) from either the consumer between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age.
    To exercise your right to opt-out of the “sale” or “sharing” of your Personal Information, please use the Do Not Sell or Share My Personal Information link at the bottom of our website.You also have the right to opt-out of “sales” and “sharing” of your Personal Information, as those terms are defined under the CCPA, including through the use of an opt-out preference signal. If our Services detects that your browser or device is transmitting an opt-out preference signal, such as the “global privacy control”—or GPC— signal, we will opt that browser or device out of cookies on our website that result in a “sale” or “sharing” of your Personal Information. If you come to our website from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device as well.
  • Right to Limit Use and Disclosure. Subject to certain conditions and exceptions, you may have the right to limit the use and disclosure of “sensitive personal information,” as defined under the CCPA. However, we do not engage in activities triggering this right.
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of the rights described in this section.

H) Exercising Your Rights

Visitors who are California residents may exercise their CCPA rights via the methods described below:

Authorized Agent

You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the requestor directly verify their identity and the authority of the authorized agent.

Businesses operating as an authorized agent on behalf of a California resident must provide both of the following:

  • (1) Certificate of good standing with its state of organization; and
  • (2) A written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the business to act on behalf of the California resident.

Individuals operating as an authorized agent on behalf of a California resident must provide either of the following:

  • (1) A notarized power of attorney signed and dated by the California resident naming the authorized agent as the California resident’s representative; or
  • (2) A written authorization document, signed by the California resident, containing the California resident’s name, address, telephone number, and valid email address, and expressly authorizing the individual to act on behalf of the California resident.

We reserve the right to reject (1) requests from authorized agents who have not fulfilled the above requirements, or (2) automated CCPA requests where we have reason to believe the security of the requestor’s personal information may be at risk.

Verification

Before responding to your request, we must first verify your identity using the Personal Information you recently provided to us. You must provide us with your full name, the email you used to interact with us or register your account, and your phone number. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

APPENDIX 2: ADDITIONAL INFORMATION FOR EEA RESIDENTS

This Appendix supplements the main Privacy Policy above and includes all the additional information required by the EU General Data Protection Regulation (GDPR), to inform you on how your personal information is processed and how to exercise your rights if you are located in the EEA.

A) Contact Details

When you use our Services, TriNetX LLC acts as data controller. Our representative in the EEA is:

TriNetX Europe NV
Kortrijkesteenweg 214 b3
9830 Sint-Martens-Latem, Belgium

If you have a question about our practices with respect to your personal information, you can contact our representative by e-mail at Info-Europe@trinetx.com. You can also contact our Data Protection Officer (DPO) by e-mail at: privacy@TriNetX.com.

B) Definitions

  • Personal information or information means personal data within the meaning of the GDPR
  • The terms “controller”, “processor”, “processing”, “recipients”, and “consent” have the same meaning as in the GDPR

C) Categories of personal information

The categories of personal information we process are those listed in Section 2 “INFORMATION WE COLLECT” of this Privacy Policy.

D) Purposes and Legal Basis for Processing

The purposes for which we process your personal information are indicated in Section 3 “USE OF PERSONAL INFORMATION” of the Privacy Policy. We only process your personal information when we have a legal basis for such processing.

You will find below the legal basis associated to each purpose:

Purpose Legal basis
Provide our Services and customer support Performance of our contract with you
Analytics and improvement Our legitimate interest to understand and improve the use of our Services
Security and protection of rights Our legitimate interest to ensure the protection of our platforms against cyber risks or the violation of our rights or protect third-parties rights
Market and promote our Services Your consent when required or our legitimate interest when consent is not required
Compliance and legal process Necessity to comply with our legal obligations
Business Transfer Our legitimate interest to ensure the development of our business or take the relevant actions in the event it is dissolved or acquired

E) Data Recipients

The data recipients of your personal information are those listed in Section 4 “DISCLOSURE OF PERSONAL INFORMATION” of the Privacy Policy.

F) International transfers

Some of these recipients may be located outside the European Economic Area (EEA) in a country which does not benefit from an adequacy decision of the EU Commission and is not considered as providing an adequate level of data protection, such as the United States of America.,

TriNetX has implemented appropriate and suitable safeguards to protect your personal information, including the relevant Standard Contractual Clauses (SCCs), and, where applicable, supplemented the SCC by additional contractual, organizational, and technical measures. For further information on the safeguards implemented to protect the personal information transferred, or to obtain a copy of same, you can contact our DPO by e-mail at Privacy@trinetx.com.

G) Data Retention

In accordance with Section 5 “RETENTION OF PERSONAL INFORMATION” of the Privacy Policy, TriNetX retains your personal information in its active database as long as necessary to provide the Services and while you have an active account.

If your account is deleted, your personal information related to your account or profile, your communications and interactions with us as well as information on site administrators  is stored in an intermediary archive on a separate space accessible only on a restricted basis by the relevant personnel (mainly the legal department). We will retain information relevant to comply with our legal obligations or to defend our rights in the event of a claim or a dispute for the duration of the statute of limitation, i.e. by principle 5 years after we close your account, or the contract governing your account is terminated.

Marketing information is kept in an active database as long as there is a contractual or commercial relationship with you, and thereafter in an intermediary database in a separate space, for 3 years after the end of such relationship or the last contact with you.

After the data retention terms defined above expire, the personal information is deleted or anonymized to be used to continue to develop and improve our Products and Services.

H) Your Rights

Under the GDPR and your local applicable law in EEA, you may be able to exercise the following rights regarding your personal information:

  • Right to access: you have the right to ask us to confirm whether we are processing your personal information and, if so, inform you of the characteristics of the processing(s) of your personal information, access your personal information, and obtain a copy.
  • Right to rectify: you can ask us to correct or complete your personal information if it is incorrect or incomplete.
  • Right to erase: you can ask us to delete your personal information in the following cases:
    • when it is no longer necessary for us to keep your personal information for the purposes for which it was collected;
    • when you have revoked your consent;
    • following the exercise of your right to object;
    • when your personal information has been processed unlawfully; or
    • to comply with a legal obligation.

    We are not obliged to comply with your deletion request if our processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.

  • Right to restrict: you may ask us to restrict the processing of your personal information (i.e., to retain it without using it) where:
    • the accuracy of your personal information is disputed;
    • the processing is unlawful but you object to the erasure of your personal information;
    • we no longer need your personal information but it is still required for the establishment, exercise, or defense of a legal claim; or
    • we are verifying the existence of compelling reasons in connection with the exercise of your right to object.

We may continue to use your personal information following a request to restriction of processing: with your consent; for the establishment, exercise, or defense of legal claims; or to protect the rights of any other natural or legal person.

  • Right to object: you have the right to object to the processing of your personal information where we are relying upon legitimate interest(s) to process information. In case of such objection, we must stop that processing unless we can either demonstrate legitimate grounds for the processing that override your interests, rights, and freedoms or where we need to process the data for the establishment, exercise, or defense of legal claims.
  • Right to data portability: you may ask us to provide you with your personal information in a structured, commonly used, and machine-readable format, or you may request that it be transmitted directly to another controller, but only if the processing is based on your consent or the performance of a contract with you and the processing is automated.
  • Right to withdraw your consent: you can withdraw your consent to process data at any time, if the processing is based on consent, without affecting the lawfulness of the processing based on your consent and carried out prior to your withdrawal of consent.
  • Digital legacy: if you are located in France, you have the right to set out instructions (general or specific) about what happens to your personal information after your death.

To exercise these rights, please contact us using the details given in Section 1 of this Appendix. Please note that we may request proof of identity to verify you are who you claim to be, and  reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.

If you believe that the processing of your personal information is contrary to data protection laws, you have the right to lodge a complaint with your supervisory authority:

  • In France: the Commission Nationale de l’Informatique et des Libertéshttps://www.cnil.fr.

APPENDIX 3: ADDITIONAL INFORMATION FOR RESIDENTS OF BRAZIL

If you are a resident in Brazil, the data processing will be in compliance with the General Data Protection Law No 13,709/2018 (LGPD).

Rights Regarding Your Personal Information

If you are a resident in Brazil, you have the following rights regarding the Personal Information we collect:

  • Right of confirmation and access. You have the right to, upon request, be informed if there is any personal data processing and more information about the processing of your personal data as well as a copy of the personal data undergoing processing insofar as such copy does not adversely affect the rights and freedoms of others.
  • Right to rectification. You may request correction of your personal data that is inaccurate, outdated and/or the completion of such data which is incomplete.
  • Right to anonymization, blocking or erasure. You may request anonymization, blocking or erasure of your personal data, in particular where (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) you objected to the processing and there are no overriding legitimate interests for the processing, (iii) your personal data has been unlawfully processed or (iv) your personal data has to be erased for compliance with a legal obligation to which we are subject. The right to deletion, however, does not apply in particular where the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
  • Right to data portability. You have the right to have your personal data transmitted to another service or product provider, limited to commercial or industrial secrets.
  • Right to provide informed consent and withdraw. You are entitled to grant your consent to the specific purposes and determined retention period. You also have the right to withdraw your consent at any time for the future where processing is based on your consent, without affecting the lawfulness of processing based on consent before its withdrawal. You may also request the deletion of your personal data processed with the consent of the data subject, except in the situations provided by the law.
  • Right to object. You also have the right to oppose the processing carried out based on one of the legal bases other than your consent, if there is noncompliance with the provisions of the LGPD.
  • Right of Review. You have the right to request the review of decisions taken solely on the basis of automated processing of personal data that affects your interests, including decisions intended to define your personal, professional, consumer and or aspects of your personality, if applicable.
  • Right to information. You have the right to information about public and private entities with which we have shared your data as well as about the possibility of denying consent and the consequences of such denial at any time.
  • Right to lodge a complaint. You have the right to petition, regarding your data, against the controller before the Brazilian national authority as well as consumer-defense entities.

International Transfer

For international transfer of Personal Information from Brazil to other countries, we shall follow the legal basis provided by the LGPD, such as the contractual standard clauses, in accordance with the instructions to be specified, updated, amended, replaced or superseded from time to time by the applicable regulatory authority. In the lack of instructions from such authority, we may request to the recipients the adoption of standard models under the European Union.

Contact Us

Your information is controlled by TriNetX, LLC.  If you have questions or concerns about how your information is handled, please direct your inquiry to:

TRINETX, LLC
125 Cambridgepark Dr, Suite #500
Cambridge, MA 02140, USA
Email: Privacy@TriNetX.com

APPENDIX 4: ADDITIONAL INFORMATION FOR RESIDENTS OF ARGENTINA

If you are a resident in Argentina, the data processing will be in compliance with the Data Protection Law No 25,326. Therefore, we will only collect and process your Personal Information upon your specific consent.

Rights Regarding Your Personal Information

If you are a resident in Argentina, you may have various rights regarding the Personal Information we collect, including:

  • Right to Know. With respect to the Personal Information we have collected about you in the prior 12 (twelve) months, you have the right to request from us (up to twice per year and subject to certain exemptions and carveouts):
    • The categories of Personal Information we collected about you;
    • The sources from which we have collected that Personal Information;
    • Our business or commercial purpose for collecting, selling, or sharing that Personal Information;
    • The categories of third parties to whom we have disclosed that Personal Information; and
    • A copy of the specific pieces of your Personal Information we have collected.
  • Right to Correct. Subject to certain restrictions, you have the right to request that we correct inaccuracies in your Personal Information.
  • Right to Delete. Subject to certain conditions and exceptions, you have the right to request deletion of your Personal Information that we have collected about you.
  • Right to Opt-Out. You have the right to opt-out of “sales” and “sharing” of your Personal Information. While we do not sell Personal Information in the traditional sense (i.e., for money), we may be considered to be “selling” or “sharing” Personal Information because of our use of third-party ad cookies and analytics providers. We do not and will not sell personal information if we have actual knowledge that the consumer is less than 16 years of age, unless we receive affirmative authorization (“opt-in”) from either the consumer between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age.To exercise your right to opt-out of the “sale” or “sharing” of your Personal Information, please decline third-party cookies via your web browser.

    You also have the right to opt-out of “sales” and “sharing” of your Personal Information, including through the use of an opt-out preference signal. If our Services detects that your browser or device is transmitting an opt-out preference signal, such as the “global privacy control”—or GPC— signal, we will opt that browser or device out of cookies on our website that result in a “sale” or “sharing” of your Personal Information. If you come to our website from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device as well.

  • Right to Limit Use and Disclosure. Subject to certain conditions and exceptions, you may have the right to limit the use and disclosure of “sensitive personal information”. However, we do not engage in activities triggering this right.
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of the rights described in this section.

International Transfer

Should we transfer internationally your Personal Information, we will either assure that the jurisdictions comply with the standards of Argentine Data Protection Law or we will collect your specific consent to do so.

APPENDIX 5: ADDITIONAL INFORMATION FOR RESIDENTS OF COLOMBIA

If you are a resident in Colombia, the data processing will be in compliance with the Colombian Data Protection Regime Law No. 1581/2012, Decree 1377 of 2013 (CDPR) and the External Circular of the Superintendence of Industry and Commerce.

Rights Regarding Your Personal Information

If you are a resident in Colombia, you have the following rights regarding the Personal Information we collect:

  • Right to verification: You have the right to know, update, and amend your personal data.
  • Right to request consent evidence: You may request evidence of the consent granted to TNX.
  • Right to be informed:  You have the right to, upon request, be informed about the use of your personal data.
  • Right to lodge a complaint: You have the right to submit before the Colombian local authority (Superintendencia de Industria y Comercio) claims for violations of the provisions contained in the CDPR.
  • Right to Withdraw and Deletion of data: You have the right to withdraw your consent and/or request the deletion of data when processing is not compliant with principles, rights, and constitutional guarantees.
  • Right to access: You have the right to, to freely access your personal data that has been processed upon request.

Exercising Your Rights

Visitors who are Colombian residents may exercise their CDPR rights by contacting Jeffrey Burd which is the responsible person for the attention of petitions and claims to which you may exercise your rights. To do so, you may do it via the method described below:

  • Email: Privacy@TriNetX.com

Contact Us

Your information is controlled by TriNetX, LLC. If you have questions or concerns about how your information is handled, please direct your inquiry to:

TRINETX, LLC.
125 Cambridgepark Dr, Suite #500
Cambridge, MA 02140, USA
Email: Privacy@TriNetX.com

Phone number: +1 (857) 285-6037

Retention of Personal Information

We will retain the categories of Personal Information we collect for as long as reasonably necessary to support our ongoing legitimate business needs and to carry out the purposes described in this Privacy Policy or as otherwise required by applicable law. For example, we will retain Personal Information for as long as you maintain a user account with us, and for a reasonable period of time thereafter in line with our retention policies.

Changes to the Privacy Policy

If there is any substantial and significant change to our Privacy Policy, we will inform you about the changes so you are duly informed.

APPENDIX 6: ADDITIONAL INFORMATION FOR RESIDENTS OF CHILE

If you are a resident in Chile, the collection and processing of personal data must comply with the article 19 No. 4 of the Political Constitution of the Republic of Chile, and the Privacy Protection Act No. 19,628/1999 (”Privacy Act”).

By accepting our Privacy Policy you hereby grants us your free, informed, explicit, and unequivocal consent to collect and process all Personal Information you provide into our website, as well as data generated from your browsing and any other data you may provide us with in the future.

Rights Regarding Your Personal Information

If you are a resident in Chile, you have the following rights regarding the Personal Information we collect:

  • Request information about the collection and processing of your personal data.
  • Request that incorrect or incomplete data be amended.
  • Request your personal data to be deleted when its storage is no longer lawful or has expired.
  • Request that your data be deleted or blocked, where appropriate, when you have voluntarily provided your personal data or it is being used for commercial communications and you do not wish to continue appearing in the respective registry, either permanently or temporarily.
  • Opt out of the use of personal data for advertising purposes, market research, or opinion surveys.
  • Request to revoke your consent on data processing at any time. This revocation will operate with future effect as from the date of revoking request; in this event, continuing use of your data in the Website is not permitted.

APPENDIX 7: ADDITIONAL INFORMATION FOR RESIDENTS OF MEXICO

If you are a resident in Mexico, the data processing will be in compliance with the Federal Law on the Protection of Personal Data held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares) and its regulation.

Information We Collect

If you are a resident in Mexico, please notice that we do not collect or process any additional Personal Information which is not previously informed in section 02 of this Privacy Policy. In this regard, please notice that we will not process any sensitive Personal Information.

In accordance with the Mexican Law, please be aware the data processing purposes indicated in sections 02 and 03 of this Privacy Policy that result in and are necessary for the legal relationship between the us are considered primary purposes. The remaining purposes are identified by the Mexican Law as secondary purposes. For additional clarifications, please consult all the data processing purposes in sections 02 and 03 of this Privacy Policy or if you have questions, we are available at the e-mail address informed below.

Any additional Personal Information processing or purposes will be duly included and reported in an updated Privacy Policy to which you will have access.

Disclosure of Personal Information

We will only process and disclosure your information considering the mentioned purposes in section 04 of this Privacy Policy, which will rely upon the applicable legal basis. At times, we will require your consent for specific purposes or disclosure of your personal data, which will be timely collected.

You can limit the use and disclosure of your Personal Information through the following means:

  • Your registration in the Public Registry to Avoid Advertising, which is in charge of the Federal Consumer Protection Agency (“PROFECO”), so that your Personal Data is not used to receive advertising or promotions from goods or services companies. For more information on this registry, you can consult the PROFECO Internet portal, or contact it directly.
  • Your registration in our exclusion list, so that your Personal Data is not processed for marketing, advertising or commercial prospecting purposes. For the purposes of the above, please send an email informed above.

Rights Regarding Your Personal Information

If you are subject to the Mexican legislation, you have the following rights regarding the Personal Information we collect:

  • access your personal data;
  • rectify inaccurate or incomplete personal data;
  • cancel them;
  • oppose the use of the same for specific purposes; and
  • revoke consent for the processing of your personal data which is based upon your consent. However, it is important that you bear in mind that not in all cases we will be able to respond to your request or terminate the use immediately, since it is possible that due to some legal obligation, we will need to continue processing your Personal Data. Likewise, you should consider that, for certain purposes, the revocation of your consent will imply the termination of your relationship with us.

In case you wish to exercise any of the rights, please contact us at the e-mail informed below. Your request must contain, at least, the following information and, if required, we may request additional information:

  • Full name and email or address, to communicate the response to your request.
  • The documents that prove your identity, or where appropriate, that of your legal representative.
  • A clear description of the Personal Data with respect to which you seek to exercise any of the rights above.
  • Any other element or document that facilitates the location of the Personal Data.

The response to your request will be communicated to you within 20 (twenty) business days and, if it is appropriate, it will be implemented within a maximum period of 15 (fifteen) business days.

If you consider that your right to the protection of Personal Information has been harmed by any conduct or omission by us or presumes any violation of the provisions provided in the law, its regulations and other applicable regulations, you may file your disagreement or complaint before the National Institute of Transparency, Access to Information and Protection of Personal Data (INAI). For more information, we suggest you visit its official website: www.inai.org.mx.

Changes to the Privacy Policy

We reserve the right to make, at any time, modifications or updates to this Privacy Notice, which will be notified to the email that you have provided us.

APPENDIX 8: ADDITIONAL INFORMATION FOR RESIDENTS OF AUSTRALIA

This section provides specific information for individuals in Australia who interact with TriNetX or our Services. This section provides additional information for the purpose of the Privacy Act 1988 (Cth) and other applicable Australian privacy laws and is to be read in conjunction with the remainder of this Privacy Policy.

How we store your personal information

We store most information about you in computer systems and databases operated by either us or our external service providers.

We implement and maintain a range of processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorized access, modification or disclosure. These processes and security measures are reviewed and updated by us on a regular basis.

Overseas transfer of your personal information

TriNetX is an international organization, with offices in a range of locations throughout the world, including the United States of America, Germany and U.K. As a result, we may store your personal information outside of Australia in a range of locations, including those identified above.

Additionally, some of the third parties to which we may disclose personal information, as described in Section 4), may be located outside of Australia, in a range of locations including the United States and Germany.

Complaints

If you have a complaint about the way in which we have handled any privacy issue, you should contact us using the details set out in Section 10) above. We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation. You may also approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.

APPENDIX 9: ADDITIONAL INFORMATION FOR RESIDENTS OF TAIWAN

If you are located within Taiwan and your personal information is collected, and/or processed (process or processing in our Privacy Policy and this Taiwan appendix shall be taken to mean “use”, “process” and “processing” as defined under the PIPA the Taiwan Personal Data Protection Act) by us within Taiwan, the collection and/or processing of your personal information is subject to the Taiwan Personal Data (“PDPA”) and the relevant regulations, as may be updated and amended from time to time.

This Taiwan appendix shall be construed and interpreted as a part of our Privacy Policy subject to the provisions in this appendix apply in respect of collection and/or processing of personal information subject to the PDPA. Any capitalized terms used in this appendix but not defined shall have the meaning given to it in our Privacy Policy.

By accepting our Privacy Policy (including this Taiwan appendix), accepting our Services or providing us with your personal information, you hereby acknowledge and consent to our collection, transfer, disclosure and processing of your personal information (and sensitive personal information, where applicable), including overseas transfers of your personal information, as described in our Privacy Policy (including this Taiwan appendix).

Subsidiaries and Affiliates

As stated in our Privacy Policy, we may disclose personal information to our subsidiaries or affiliated companies to help us support our Services. These subsidiaries and affiliates will use the disclosed personal information in line with our Privacy Policy. You may find the locations of our subsidiaries and affiliated companies at these links:

Rights Regarding Your Personal Information

If the PDPA applies to the collection and/or processing of your personal information by us, you have the following rights regarding your personal information we collect:

  • Request to review your personal information.
  • Request to make copies of your personal information.
  • Request to supplement or correct your personal information.
  • Request to discontinue collection or processing of your personal information.
  • Request to delete your personal information.

You are not obligated to provide your personal information to us. If you decide not to provide your personal information to us, we might, in some instances, not be able to provide you with our Services or otherwise communicate with you.

International Transfer

We may transfer your personal information to the recipients that may be located outside of Taiwan.  We will take reasonable steps to ensure that the recipients will provide an adequate level of protection to comply with the PDPA and that appropriate technical and organizational security measures are in place.

Detention of Your Personal Information

Your personal information will be retained and processed by us until the latest of: (i) the expiration of any mandatory data retention periods where applicable; or (ii) as long as it is required to satisfy the purpose for which it was collected by us or provided by you, including for the duration of the applicable statute of limitations.

Contact Us

If you have questions, concerns about how your information is handled, or need to exercise your rights, please contact:

TRINETX, LLC.
125 Cambridgepark Dr, Suite #500
Cambridge, MA 02140, USA
Email: Privacy@TriNetX.com

APPENDIX 10: ADDITIONAL INFORMATION FOR RESIDENTS OF ISRAEL

If you are a resident of Israel, please note the following:

No Legal Obligation

You are under no legal obligation to provide us with personal information.  However, if you do not agree to collection and use of personal information as described in this policy you will need to cease communicating or engaging with us or using our Services.

International Transfer

When we disclose personal information as described in the privacy policy, we may transfer this personal information to recipients that are located outside the country in which you are located.  By communicating or engaging with use or providing us with this personal information, you confirm that you consent to the transfer of such information, including subsequent transfers, for use for purposes that are described in the privacy policy.

APPENDIX 11: ADDITIONAL INFORMATION FOR RESIDENTS OF UNITED ARAB EMIRATES

If you are a user located in the United Arab Emirates (“UAE”), the terms set out below apply to you in addition to the terms set out in our privacy policy above. If there is any conflict between the main body of the privacy policy, and this Appendix 10, this Appendix 11 shall prevail. This Appendix 11 provides additional information for the purposes of UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data (“UAE PDPL”). For the purposes of this Appendix 11, the terms “Consent”, “Controller” “Cross-Border Processing”, “Data Office”, “Personal Data” and “Processor” shall have the meanings as defined under that law.

Cross-Border Processing of Personal Data

The data recipients of your personal information are those listed in Section 4 “DISCLOSURE OF PERSONAL INFORMATION” of the Privacy Policy. Some of these recipients may be located outside of the UAE. There are three possibilities relating to such transfers. Transfers may occur to countries which:

  1. the Data Office has approved for the purposes of transfers of Personal Data outside of the UAE pursuant to the terms of the UAE PDPL;
  2. the UAE has acceded to bilateral or multilateral agreements related to Personal Data Protection to which the Personal Data is to be transferred;
  3. have not been approved by the Data Office for transfer of Personal Data outside of the UAE, but where the transfer complies one of the following conditions.

In cases where the Data Office has not approved such transfers of Personal Data outside of the UAE, TriNetX will transfer the Personal Data in any of the following cases:

  1. to operations based in countries where there is no data protection law and we have entered into a contract or agreement with that other operation that obliges the recipient operation in those countries to implement the provisions, measures, controls and requirements set out in the UAE PDPL, including provisions related to imposing appropriate measures on us, as either Controller or Processor, through a competent supervisory or judicial authority in that recipient country, which shall be specified in the contract;
  1. with your express Consent to transfer your Personal Data outside the UAE in a manner that does not conflict with the security and public interest of the UAE;
  1. if the transfer is necessary to fulfill obligations and establish, exercise or defend rights before judicial authorities;
  1. If the transfer is necessary to enter into or execute a contract between us acting in our capacity as a Controller, and you as a Data Subject;
  1. between us as a Controller and a third party to achieve your interests as a Data Subject;
  1. if the transfer is necessary to perform a procedure relating to international judicial cooperation; or
  1. if the transfer is necessary to protect the public interest.

We may also transfer for other reasons that are allowed under executive regulations that are issued by the UAE Cabinet from time to time.