TeraRecon, Inc. Data Privacy Framework Policy

This Data Privacy Framework Policy ("Policy") describes how TeraRecon, Inc. and its subsidiaries and affiliates (“TeraRecon”," "we," or "us") collect, use, process, and disclose certain personally identifiable information and personal health information that we receive in the US from the European Union (“EU”), United Kingdom (“UK”), and Switzerland (collectively, “EEA”). This Policy supplements our Privacy Policy located at https://www.terarecon.com/privacy-policy.

TeraRecon recognizes that the EEA has established strict protections regarding the handling of EEA Personal Data, including requirements to provide adequate protection for EEA Personal Data transferred outside of the EEA. To provide adequate protection for certain EEA Personal Data of our customers and our customers’ patients received in the US, TeraRecon has elected to self-certify to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework administered by the US Department of Commerce ("Data Privacy Framework"). TeraRecon adheres to the Data Privacy Framework Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between the terms in this Data Privacy Framework Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.

For purposes of enforcing compliance with the Data Privacy Framework, TeraRecon is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Data Privacy Framework, and to view our certification page, please see the US Department of Commerce's Data Privacy Framework website located at: https://www.dataprivacyframework.gov/.

Personal data collection, processing, and use

We may receive the following categories of EEA Personal Data in the U.S.:

Customer data:

We may collect Personal Data from individual customers when they purchase our products/services, visit our websites (including www.terarecon.com and other sites within the TeraRecon domains) (“Site”), register on our Site, utilize other activities, services, features, or resources we make available on our Site, or when they request information or otherwise communicate with us.

The Personal Data we collect may vary based on the individual customer’s interaction with our Site, other requests for services, and other means of communication. As a general matter, TeraRecon collects the following types of Personal Data from its individual customers: name, email address, mailing address, phone number, company, and job title. TeraRecon does not collect any Sensitive Personal Data from its customers. Users of our website may, however, visit our Site anonymously. We will collect Personal Data from customers only if they voluntarily submit such information to us. Customers can always refuse to supply Personal Data, except that it may prevent them from engaging in certain Site-related activities.

We may collect non-personal identification information about Site users whenever they interact with our website. Non-personal identification information may include the browser name, the type of computer and technical information about Site users means of connection to our website, such as the operating system and the Internet service providers utilized and other similar information.

Our Site may use “cookies” to enhance user experience. The user’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. Users may choose to set their web browser to refuse cookies, or to alert them when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

How we use customer data:

TeraRecon, Inc. may collect and use customers’ Personal Data for the following purposes:

• To deliver and provide products/services, to maintain and support our products, to comply with our contractual obligations related thereto, or to communicate for the purpose of engaging in contractual relations
• To register with our Site
• To improve our Site
  We continually strive to improve our website offerings based on the information and feedback we receive from you.
• To improve customer service
  Your information helps us to more effectively respond to your customer service requests and support needs.
• To send periodic emails
  The email address customers provide will only be used to respond to their inquiries, and/or other requests or questions. Customers will only be sent marketing material if they provide their consent to the receipt of such material.
• To otherwise comply with applicable legal or regulatory requirements

If we use your Personal Data for a purpose that is materially different than the purpose for which it was collected, we will provide you with the opportunity to opt out.

How we protect customer data:

We adopt appropriate data collection, storage and processing practices, and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal information, username, password, transaction information, and data stored on our infrastructure. Any sensitive private data exchange is transmitted over an encrypted SSL secured communication channel.

Personal Health Information

TeraRecon sells medical image processing software. For certain TeraRecon products, TeraRecon serves as a service provider, which may require remote access from the United States to Personal Health Information (PHI) and/or Personal Identification Information of customers’ patients in the EEA. In such cases, we are acting as a data processor. We will process the PHI on behalf of and under the direction of the data controller and will process PHI only as needed to provide technical support services and fulfill contractual obligations.

How we protect Personal Health Information:

We have implemented physical, administrative, and technical measures, and have trained our employees on the necessity of confidentiality.

TeraRecon prohibits the practice of transferring, using, and storing PHI and PII. Should the need arise to temporarily handle PHI or PII, TeraRecon adheres to strict data confidentiality procedures implemented within the company to de-identify PHI and PII data. TeraRecon commits to compliance with strict data confidentiality principles and practice, and has implemented measures to assist customers with compliance to data security requirements.

TeraRecon has implemented stringent requirements within the company to handle PHI and PII data if made available or obtained by company. Training on procedural instructions specifying how to handle confidential data (such as PHI) is provided to applicable employees, who also sign a statement confirming their understanding of the requirements. TeraRecon assists customers in securely transferring confidential data via an encrypted SSL transmission to the company, if there is a concern with the product. The strict Company policy is to de-identify PHI data, removing patient identifying information, prior to transmitting securely via SSL encryption, which is stored in secure servers. In addition to these measures, the company has a robust firewall to electronically protect company computers and servers, with access strictly restricted to authorized personnel only with unique login credentials.

Third parties:

We do not sell, trade, or rent Personal Data to any other third parties. We may transfer Personal Data to third-party agents or service providers for the purposes outlined above. Where required by the Data Privacy Framework, we enter into strict confidentiality agreements with those third-party agents and service providers requiring them to provide the same level of protection the Data Privacy Framework requires and limiting their use of the data to the specified services on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process EEA Personal Data in accordance with our Data Privacy Framework obligations, and to stop and remediate any unauthorized processing.

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors, and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.

We may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them, unless the third party is directly responsible contractually or in tort liability for the event giving rise to the damage.

Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security, law enforcement, or other governmental requirements.

How you can control your information

You may have the right to access Personal Data that we hold, the right to request that we correct, amend, or delete it if it is inaccurate, or processed in violation of the Data Privacy Framework. If you would like to make a request for access to, correction, amendment, or deletion of your Personal Data, please send an email to privacy@terarecon.com. In the email please describe, with specificity, the right you are requesting assistance with. Please note additional information may be requested prior to initiation of a request. TeraRecon will endeavor to respond in a timely manner to all reasonable written requests. Upon TeraRecon’s completion of its review you will be notified if your request has been granted, denied, or exemptions apply.

Changes to this privacy policy

This policy may be amended from time to time, consistent with the Data Privacy Framework Principles and applicable data protection and privacy laws and principles. If there are material changes, we will notify customers by email, by means of a notice on the website, or by other means upon or prior to becoming effective. We encourage customers to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.

Dispute resolution

TeraRecon recognizes the importance of having mechanisms in place to address and resolve complaints by individuals about the processing of Personal Data. Individuals with inquiries or complaints should first directly contact TeraRecon at privacy@terarecon.com. If an individual makes a complaint about the processing of their information, and the complaint is not resolved to the individual’s satisfaction through internal TeraRecon procedures, then TeraRecon will refer such individual to and will cooperate with JAMS to provide independent third-party dispute resolution at no cost. To contact JAMS, including instructions for submitting a complaint, please visit: https://www.jamsadr.com/dpf-dispute-resolution. The preferred language for such dispute resolution shall be English.

Binding arbitration

As a last resort and in limited situations, you may have the option to select binding arbitration for the final resolution of your complaint under certain circumstances, provided you have raised your compliant directly with TeraRecon, Inc. and provided us the opportunity to resolve the issue, and made use of the independent dispute resolution mechanism above.

Contacting us

If you have any questions or complaints about this Privacy Policy, please contact us at:  privacy@terarecon.com.

TeraRecon, Inc.
www.terarecon.com
4309 Emperor Boulevard, Suite 310
Durham, NC 27703
Tel: 650.372.1100