Sciteline respects the privacy of our clients, business partners, employees and those who seek information and/or
contact us through www.sciteline.com. We recognize the need for appropriate protections and management of the
information provided to Sciteline by its clients and users. As such, Sciteline has established policies and
practices to inform what information we collect and how that information is used. These policies and practices apply
to Sciteline, including its divisions and subsidiaries.
We want to help you understand how data is processed so that you may make informed decisions on your personal data.
Personal Identifiable Information (“PII”) is any information relating to an identified or identifiable individual;
this includes any information that could be used on its own or in combination with other pieces of information to identify a person. PII is not just a person’s name or email address, it can include information related to your location, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or
social identity of an individual.
Sciteline may store PII provided to us by our clients and business partners who use our products and services. PII may also be directly collected by you when you register and use certain products and services, and when you visit our website and request information.
As part use of our products and services, we store individuals’ PII, which may include health information such as patient reported outcomes. This information may come directly from you when you register and use specific products and services, to which we request your explicit consent. This information may also be obtained indirectly from your healthcare provider (e.g. hospital, clinic, physician, principal investigator) who is using our products and services, and it is the responsibility of your healthcare provider to obtain your consent.
Sciteline will never share, sell, or trade Personal Identifiable Information (PII) or Personal Health Information (PHI) to third parties. Sciteline does not use or disclose Personal Health Information, except as necessary in the course of providing its product and service to its clients. If disclosure of Personal Health Information is
necessary at any point, it is used or disclosed strictly in accordance with the Personal Health Information
To communicate with individuals and provide our products and services, individuals will be asked to provide basic
contact information about themselves, such as name, email address, telephone number and physical address when
registering with us. Individuals are responsible for the accuracy and completeness of the information they provide.
Some PII is automatically collected (e.g. the type of web browser and operating system used by the website visitor)
when you visit our website. Other PII is not collected unless you choose to provide such PII or indicate your
consent to any cookies that our website may employ. On our website, you can request information, subscribe to
marketing or support materials or apply for jobs at Sciteline. The types of personal information you provide to us
on these pages may include name, address, phone number, e-mail address, contact preferences, education and
employment background and job interest data.
When a user profile is created with our products, users will be asked to provide a username and password, contact and
demographic information about themselves, such as email address, gender, date of birth. This request is for identity
purposes and to manage individual user accounts.
As part use of our products and services, we store individuals’ personal health information. This information may
come directly from users/clients when registering and using specific products, to which explicit consent is
requested. This information may also be obtained indirectly from a healthcare provider who is using our products and
services, and it is the responsibility of the healthcare provider to obtain consent.
When visiting our website, we may automatically collect the following information:
1) Technical information, including the internet protocol (IP) address, internet domain names, the web browser and
operating system used to access the Sciteline’s website, client support and to collect aggregate information for
internal reporting purposes
2)Information about an individual visit to the site, including the full URL, any products viewed or searched for, the
files visited, the time spent in each file and the time and date of each visit.
This is required in improving the stability and functionality of our website. The data will not be passed on or used
in any other way. However, we reserve the right to check the server log files subsequently, if there are any
concrete indications of illegal use.
Sciteline also collects PII of its employees (human resources data) in connection with the administration of its
Human Resources programs and functions. These programs and functions include compensation, performance appraisals,
training, travel, expense reimbursement, access to Sciteline’s computer facilities and computer networks, employee
profiles, internal employee directories, Human Resource record keeping and other employment related purposes. In
addition, we may collect PII that is provided when individuals apply for jobs at Sciteline, such as name, address,
phone number, e-mail address, contact preferences, education and employment background and job interest data.
Sciteline is committed to protecting the privacy, confidentiality and security of all personal data that has been
entrusted to us.
We do not use or disclose PII except as may be necessary in the course of providing its product and services to its
clients and business partners. When use or disclosure of personal information is necessary, it is used or disclosed
strictly in accordance with applicable laws, including the Personal Information Protection and Electronic Documents
Act, and applicable provincial health legislation.
Sciteline de-identifies the data for the purposes as mentioned above, and more generally, improving the services through understanding usage patterns by end users. We will not use data to re-identify individuals.
We may use PII to detect, investigate, address and prevent fraudulent or illegal activities. We reserve the right to disclose an individuals’ PII as required by law, when we believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal process served on us and to defend against legal claims.
Except as provided in this policy, Sciteline does not use or process PII for a purpose that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual, as required by law.
We will not sell, trade or lease any personal data to others.
Sciteline is committed to taking reasonable efforts to secure the PII you choose to provide us. To protect the privacy of any PII you have provided, we employ industry-standard controls
including physical access controls, internet firewalls, intrusion detection and network monitoring.
When an individual communicates with us via our site, we cannot guarantee or warrant the security of any information that transmitted, as is the nature of the internet, no data transmission over the internet can be guaranteed to be 100% secure. While we have implemented reasonable safeguards to prevent unauthorized use or disclosure of the information, we cannot guarantee the security of any information transmitted via our site.
The Sciteline website may provide links to third-party web sites for convenience and information; by accessing those links, you will leave the Sciteline website.
Sciteline does not control those sites or their privacy practices which may differ from Sciteline’s policy. We do not endorse or make any representations about third party websites.
Sciteline provides its products and services from its head office in Toronto, Ontario, Canada, unless otherwise specified. We store Canadian client data on secure servers located in Canada and U.S. client data on secure servers located in the US. Sciteline’s Canadian servers are located in Montreal, Quebec and certified as ISO 27001:2013
compliant. Sciteline may also store, process or access clients’ data from Canada for purposes of, for example: responding to client support and technical requests; fixing software issues; or, providing services to a client on the back end of the platform (e.g. performing simulation testing of our disaster recovery plan). However, regardless of location, PII will be protected in accordance with applicable privacy laws, including having stringent privacy and security safeguards and appropriate mechanisms in place.
For our products and services that we provide to healthcare providers, we will retain data in accordance with our client’s data retention policy and will destroy and/or return data at the end of the provision of services. After such time, data may be stored in an aggregated and anonymized format.
Where we have collected PII directly (e.g. via the website or use of our Virtual Clinical Trial product) and not from you’re an individual’s healthcare provider, it shall not be kept for longer than is necessary for that purpose or those purposes. An individual may notify us at any time should they choose to deactivate their account and have
their personal data deleted. We will delete or destroy the PII in a manner designed to ensure that it cannot be reconstructed or read.
Under privacy laws, individuals have specific rights, and we work with individuals, clients and healthcare provider (e.g. hospital, clinic, physician, principal investigator) to honour this.
Where a healthcare provider (e.g. hospital, clinic, principal investigator, trial coordinator, nurse) has collected PII directly, and has provided it to Sciteline as the result of the product or service with the appropriate consents (e.g., Virtual Clinical Trial platform), we encourage individuals to contact their healthcare provider directly
regarding the request. These may include requests related to:
We will provide the data custodian with all the information necessary to respond to requests and work with them to assist them fulfill their obligations as custodians and address your rights under the law.
As indicated in this Policy, whenever we rely on an individual’s explicit consent to process their PII, the individual has the right to opt-out and withdraw their consent at any time.
We do not require that any individual provides us with PII. The decision to provide PII is voluntary. Except as expressly stated otherwise in this policy, individuals may opt out of having Sciteline share PII with third parties as described in this policy by notifying us in writing of their desire to do so.
If an individual does not wish to provide the PII requested, however, they may not be able to proceed with the activity or receive the benefit for which the personal information is being requested. Similarly, by choosing to unsubscribe from receiving notifications or messages, my compromise the client experience in using the products
and/or services. If complying with a request would result in termination of any services, we will make that clear and confirm this with the individual before proceeding.
If we have obtained PII directly with express consent, in addition to the right to withdraw consent, an individual may:
In order to make an inquiry, complaint or withdraw consent, an individual can contact firstname.lastname@example.org and we will employ best efforts to deal with the request as soon as possible.
Sciteline strives to keep PII we collect accurate. We have implemented technology, management processes and policies to maintain data accuracy. We will provide individuals with access to their information and the opportunity to change that information. The individual providing us with personal information is responsible to provide true, accurate, current and complete information about themselves, and notify Sciteline if there are any updates or changes to ensure it remains true, accurate, current and complete.
Sciteline will engage in periodic self-assessment to verify that it continues to be in compliance with this these policies.
Sciteline will review and update this policy periodically. We reserve the right to change the terms of at any time (for example due to changes in data protection laws). We will take adequate and reasonable action to obtain your consent if required, as a result of any such change.
We know that privacy and security is everyone’s responsibility, and this is reflected in our training and awareness program.
In accordance with Sciteline’s regulatory requirements, Sciteline’s Privacy Incident &Breach Management Procedures provide a comprehensive set of steps for handling privacy events (which include concerns, incidents, breaches, including third party breaches) that impact Sciteline and its clients, employees and end users.
If you have concerns or are reporting a breach in Ontario an individual may contact the Information and Privacy Commissioner of Ontario:
Toll Free: 1-800-387-0073
For more information about Sciteline’s privacy practices or to raise a concern you have with our practices, contact us:
Chief Executive Officer, Chad Walsh
351 King Street East, Toronto, ON M5A 0L6