Personal Data Collected from this Website

This section applies to all Personal Data collected through veristat.com.  

For purposes of this Privacy Policy, “Personal Data” means any data related to you as an identified or identifiable natural person. Personal Data that we collect about you includes: 

• Your personal details (e.g., Your name, job title, name of employer, email address, language, and country or location, etc.) or contact details (e.g., telephone number, email address, postal address, etc.).  
• Information you have provided as part of the job application and selection process such as your resume/curriculum vitae (CV), and/or any other information you provide to us.  
• We may also ask You for Personal Information (such as when You report a problem with the Website). 
• Information on your use of the site, which includes but is not limited to usage details, IP addresses, location data and other communication data which will be used in accordance with Veristat’s Cookie Policy. 

How We Collect Your Personal Data

The types of Personal Data that we may collect and receive while you use the site include both Personal Data that you provide to us, Personal Data that we collect automatically when you use the website and Personal Data that we receive from third parties. In particular: 

Personal Data That You Provide Us 

You provide Personal Data to us when you: 

1. Visit our site; 
2. Register for or order services and register your email address with us;  
3. Complete a form;  
4. Apply for a position with Veristat; 
5. Download material; 
6. Subscribe to receive materials, information, newsletters and job alerts; and 
7. Send email messages, feedback and transmit other information by telephone or letter. 

We might ask you to provide other information when necessary for a requested service, where an employment opportunity is being processed or where services as an Investigator in a clinical trial are being offered.

We collect Personal Data to support delivery of a diverse range of clinical research and consulting services in the pharmaceutical, biotechnology, diagnostic, and medical device industry. We may use Personal Data to further inform you about Company news, company experience, the service offering, industry trends, or other scientific or clinical development topics.  

Depending upon the activity, some of the information we ask you to provide is identified as mandatory and some as voluntary. If you do not provide the mandatory information requested with respect to a particular activity, you will be unable to engage in that activity.  

Data That May Be Collected Automatically 

When you use the Veristat site, we also may collect certain usage and device data automatically, including:

IP Address 

We may record the Internet Protocol (“IP”) address of your computer or other electronic device when you visit the Veristat website. An IP address identifies the electronic device you use to access the site, which allows us to maintain communication with your computer as you move around the Veristat website and allows us to personalize the content. 

Cookies and Other Tracking Technologies 

We use cookies (and equivalent technologies) to collect and analyze information on the performance of our website and to enable it to function better. Cookies also allow us and third parties to tailor the content and advertisements you see when you visit our website and other third-party websites in the same online network, including social networks. You can find out more information in our Cookie Policy.  

Data Collected from Other Sources 

We may combine Personal Data about you that is collected through the website with Personal Data that we have collected offline, as well as with Personal Data provided to us by third parties.

Use of Your Personal Information

We may use your Personal Data to provide you the services you request, communicate with you, improve your experience on the Veristat website, process your job application, and for other internal business purposes, as described in more detail below: 

Delivery of Services and Information about Veristat  

If you choose to submit a website form, we use the Personal Data that you provide to respond to your questions and provide you the information or services that you request. We may use Personal Data to deliver information to you via the postal service, by email, by phone.   

Creating and Publishing Content Relevant to You 

We may use your IP address and the data that we obtain automatically through the use of cookies or similar tracking technologies to make our Veristat website easier to use and navigate, as well as to personalize the content provided on the site by anticipating the information and services that may be of interest to you.  

In addition, we use your IP address to diagnose problems with our servers and software, to manage our website and to gather demographic information. 

Analytics and performance 

We may use the information that you provide and the information we collect automatically about your use of the Veristat website to monitor user traffic patterns and preferences for our legitimate business interests of improvement, analytics, and optimization.

Provide updated information about Veristat and Veristat Services 

If you choose to subscribe to receive our newsletters, service updates, company news, or job alerts, we include your Personal Data in our contact database to send you communications. You may unsubscribe from receiving these communications at any time using the link in the emails we send or as described in section below “Your rights to your Personal Data”. 

Careers 

Users may apply for employment at Veristat through the Careers section of the website. The information supplied by candidates is collected and accessed by Veristat during the recruitment process.  

We use your Personal Data to communicate with you and conduct the recruitment and selection process. If you create a job candidate profile from an existing profile on an external social account or job board such as LinkedIn, Indeed or Glassdoor, Veristat may collect relevant content from your application via those websites to build your candidate profile. If you register with external recruitment agencies, they may send us your job candidate profile in response to vacant positions Veristat has posted. If we are provided with your Personal Data from these external parties, we will upload your profile details into our recruitment database to progress our selection process and pre-employment steps, as appropriate.

Personal Data in our recruitment database may be used to contact you about future employment opportunities in which we think you may be interested.  

Veristat may collect candidate feedback and opinions periodically (e.g., surveys) for business purposes, such as improving recruitment processes, subject to local legal requirements. You may respond to these surveys voluntarily or may elect not to respond and will not suffer any reprisals for your decision.

Legal and contractual obligations 

We may also use your Personal Data to resolve disputes, troubleshoot problems and enforce our agreements with you, including our site Terms of Use and this Privacy Policy. 

Data Security

Veristat takes appropriate technical and organizational measures, consistent with applicable laws and current industry standards, to prevent unauthorized access, accidental loss, destruction or damage to Personal Data and any unauthorized disclosure or processing.  However, there is always some risk that an unauthorized third-party could intercept an Internet transmission, or that someone will find a way to thwart our security systems. We urge you to exercise caution when transmitting Personal Data over the Internet.  Veristat cannot guarantee that unauthorized third parties will not gain access to your Personal Data; therefore, when submitting Personal Data to the website, you must weigh both the benefits and the risks. 

In addition, your Personal Data resides on a secure server that only selected Veristat personnel and contractors have access to via password. We encrypt your Personal Data, as well, and thereby prevent unauthorized parties from viewing such information when it is transmitted to us. 

We store the Personal Data you provide in a secure electronic database in order to provide you with the information and/or services you request or to comply with regulations and legal requirements. This site and the electronic database have security measures in place to protect the loss, misuse, unauthorized access or disclosure, alteration or destruction of the information under our control. 

The handling of health/medical information obtained in clinical research is governed by national and international data protection regulations, laws and rules regarding the development of medicinal products and medical confidentiality. Any medical information collected is maintained under these regulations. 

Veristat has put in place security measures to protect manual and electronic processing of Personal Data and prevent its misuse, subject to local legal requirements. 

Veristat also ensures adequate security is observed by third parties and affiliates processing Personal Data on behalf of Veristat, subject to local legal requirements.

Data Retention

We will only keep Personal Data as long as necessary for the fulfilment of the purposes outlined above, except if otherwise required by applicable laws or court orders.

We will retain your Personal Data as necessary to comply with our legal obligations, process your job application, resolve disputes, and enforce our agreements; or to the extent otherwise permitted by applicable law.

At the end of the defined retention period, Veristat will delete your Personal Data unless Veristat has the right to keep your Personal Data under a different legal basis which allows a longer retention period.

Data Privacy Framework

Veristat and its U.S. operating subsidiary, Instat Clinical Research (collectively referred to as “Veristat”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Veristat has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Veristat has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.

Onward Transfers

Veristat will endeavor to only transfer personal information to a third party/agent where such third party/agent has given assurances that it provides at least the same level of privacy protection as required by the DPF Principles and this Policy and will notify Veristat if it makes a determination that it can no longer meet this obligation.

Where Veristat has knowledge that a third party/agent is using or disclosing personal information in a way that is contrary to the DPF Principles and/or this Privacy Policy, Veristat will take reasonable steps to prevent or stop the use or disclosure. With respect to onward transfers to third parties/agents, the DPF requires that, to the extent it is responsible for the event, Veristat shall remain liable should its agents’ process personal information in a manner inconsistent with the DPF Principles, and Veristat accepts and shall follow this principle.

Veristat’s accountability for personal information that it receives under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and subsequently transfers to a third party is described in the EU-U.S. Data Privacy Framework (EU-U.S. DPF) Principles.  In particular, Veristat remains responsible and liable under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) Principles if third party agents that it engages to process the personal information on its behalf does so in a manner inconsistent with EU-U.S. Data Privacy Framework (EU-U.S. DPF) Principles, unless Veristat proves that it is not responsible for the event giving rise to the damage

Recourse, Enforcement and Liability

Any complaints or concerns regarding the use, disclosure or transfer of Personal Data from the EU or Switzerland and the United Kingdom to the US by Veristat should in the first instance be directed to the Veristat DPO at data_privacy@veristat.com.  Veristat will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of Personal Data in accordance with the DPF Principles.

Complaints that cannot be resolved internally by Veristat will be referred to the applicable independent dispute resolution body/Supervisory designated to address complaints and provide appropriate recourse, which will be provided free of charge to the individual ((1) the panel established by the EU DPAs and, as applicable, the UK Information Commissioner’s Office (ICO) (and the Gibraltar Regulatory Authority (GRA)), and/or (2) the Swiss Federal Data Protection and Information Commissioner (FDPIC), an alternative dispute resolution provider based in the European Union and, as applicable, the United Kingdom, and/or Switzerland for HR, or (3) the International Centre for Dispute Resolution-American Arbitration Association (ICDR-AAA), an alternative dispute resolution provider based in the United States

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Veristat commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the International Centre for Dispute Resolution-American Arbitration Associate (ICDR-AAA), an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint.  The services of ICDR-AAA are provided at no cost to you.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Veristat commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms.  To learn more, please visit:   ANNEX-I-introduction.  The Federal Trade Commission (FTC) has jurisdiction over Veristat’s compliance with the DPF.

International Transfer

Veristat is a United States headquartered global organization. To operate as a global business, it may be necessary to process and transfer Personal Data within Veristat’s group of companies. The Personal Data will be processed, transferred, and stored on servers in the European Economic Area (EEA), UK, Switzerland and in the USA. This may include transferring Personal Data to countries that have different data protection regimes, and that are not deemed to provide an adequate level of protection for Personal Data. When Personal Data collected by our affiliates in the EEA, Switzerland, or the UK is transferred outside the EEA to a country that is not subject to an adequacy decision by the European Commission, the Swiss or UK governments we use appropriate safeguards required by the EU Regulation 2016/679, the Swiss FADP, UK GDPR and the UK Data Protection Act 2018, as applicable, before the transfer of your Personal Data to a third country that does not provide the same level of protection of your Personal Data. 

Please note there might be additional safeguards or other legal instruments which allows the transfer of Personal Data outside the EEA also without your express consent, for example the application of Standard Contractual Clauses (SCCs) and any additional safeguards which would allow Veristat to transfer data without the consent of the data subject. Veristat reserves the right to use those safeguards and legal instruments to transfer Personal Data abroad for its business purposes.

If you wish to know what safeguards we use to transfer your Personal Data, please contact us using the contact information set out below.

Disclosure to Third Parties

We do provide some of our services through contractual arrangements with third parties. In particular, we share your Personal Data with:  

Veristat Group of Companies 

We may share your Personal Data with Veristat affiliates, which adhere to our privacy and data-security requirements. In addition, during negotiations of corporate transactions, including any merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including as part of any bankruptcy or similar proceedings), we may transfer your Personal Data to third parties involved in these transactions. Under these circumstances, such third parties will enter into a confidentiality agreement with us and are obligated to protect any information and Personal Data provided as part of the transaction. 

Third Parties Service Providers 

We share certain information with selected service providers, vendors, hosting companies, consultants, and other providers that carry out functions or services on our behalf and that enable our business operations, including the protection and securing of our systems and services. Such service providers must abide by our privacy and data-security requirements and are not allowed to use Personal Data they receive from us for any other purpose.  

Client Sponsor of Clinical Research Studies 

If you apply to participate in a clinical research study as an investigator or a clinical site, we may share your Personal Data with our client sponsors, whose clinical research studies are within your stated area of interest, as part of the contracted services that we provide to them. 

Disclosure to Protect Veristat and to Comply with Legal Requirements 

Occasionally we may be required by law enforcement or judicial authorities to provide Personal Data to governmental authorities. We may disclose Personal Data upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation. We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful. 

Veristat may be obliged to disclose certain Personal Data to third parties such as Government Authorities.  It may also be necessary to disclose Personal Data so as to protect the legal interests and exercise other rights of Veristat, subject to local legal requirements. 

A complete list of third parties to whom the Personal Data are shared can be obtained by contacting Veristat’s DPO at data_privacy@veristat.com.

Sensitive or Special Category of Personal Data

Veristat ensures special protection for Sensitive or Special Category of Personal Data.  This includes Personal Data relating to: 

• racial or ethnic origin 
• political opinions 
• religious or philosophical beliefs 
• trade union membership 
• genetic data 
• biometric data 
• data concerning health 
• data concerning a natural person's sex life or sexual orientation 
• health data  

Veristat may process this type of Personal Data for the purposes of equal opportunities monitoring, or if it is prescribed by applicable law, or it is needed for the protection of life, health or freedom, or if it is required for the performance of your employment contract, subject to appropriate security safeguards and local legal requirements. 

If required by local law, your explicit consent may be obtained to the processing of this type of Personal Data.

Exceptions

1. to correct technical errors and to technically process your Personal Data;
2. to protect the security and integrity of Veristat.com;
3. to protect any Veristat property or rights or obligations and/or the property, rights or obligations of third parties where Veristat may have an obligation or liability in respect of these;
4. to take precautions against potential liability on the part of Veristat;
5. to any extent required by law, applicable regulation or judicial process;
6. to any extent permitted under any other applicable legal or regulatory provisions to provide information to law enforcement agencies or to provide information in respect of a matter related to public safety.

Use of Cookies

When you use our website, we will store cookies on your computer in order to facilitate and customize your use of our website. A cookie is a small data text file, which a website stores on your computer's hard drive (if your web browser permits) that can later be retrieved to identify you. Our cookies store randomly assigned user identification numbers and identify the country where you are located, The cookies make your use of the site easier, make the site run more smoothly and help us to maintain a secure site. You are free to decline cookies, but some parts of our site may not work properly in that case.

Veristat may use social media plug-ins (e.g., the Facebook “Like” button, “Share to X” button) to enable you to easily share information with others. When you visit our Veristat site, the owner or service provider of the social plug-in can place a cookie on your computer or other electronic device that enables that operator to recognize individuals who have previously visited our site. If you are logged into a social media website (e.g. Facebook, LinkedIn, X) while browsing on our site, the social media plug-in allows that social media website to receive information that you have visited our Veristat site. The social media plug-in also allows the social media website to share information about your activities on our Veristat site with other users of their social media website. These sharing settings are managed by the social media website and governed by its privacy policy.

For detailed information on the cookies used by Veristat site and purposes for which they are used, please our Cookie Policy.

Your Privacy Choices

Inquiries and Complaints

Veristat commits to resolve inquiries and complaints about its Processing of Personal Data in compliance with this Policy and applicable Data Protection Laws.

You may first contact Veristat to ask questions, discuss privacy matters, exercise your rights (to the extent applicable) or report your concerns. In particular, you may contact us by either:

• Sending an email to  data_privacy@veristat.com, Attn:  Data Privacy Officer (“DPO”) 
• Sending a written request to Veristat, 134 Turnpike Road, Suite 200, Southborough, MA 01772, for the attention of our Data Privacy Officer (“DPO”). 

Please provide sufficient detail for Veristat to properly assess and respond to your request. Veristat may be unable to respond to incomplete or vague requests. Veristat will require you to provide a proof of identity and a proof of address before proceeding with your request. If more information is required, such as the provision of one or more forms of valid government identification, we will contact you and request additional verification.  

You may authorize a third-party representative to make a request on your behalf. Any third-party representative making a request on your behalf must indicate that they are  acting as your representative and provide the name, email address and description of the relationship with you, and a certification that they have  permission to submit a request on your behalf.  Veristat may require proof of the delegation of authority to the third-party representative, including your written permission to the third-party representative, and/or a valid power of attorney. Veristat reserves the right not to respond to requests that failed to show a valid proof of identity, address and/or delegation of authority.

Protection of Personal Data of Children

Veristat does not knowingly collect or use any Personal Data directly of children on veristat.com. We do not knowingly allow children to communicate with us, or to use any of our online services. It is Veristat’s view that the nature of the subject matter is unlikely to be of general interest to children. If you are a minor, please do not use the site or send any Personal Data about yourself to us. If you are a parent or the authorized legal guardian of a minor and become aware that your child has provided us with Personal Data or other information, please contact us using one of the methods specified in the section “Your Privacy Choices”, and we will work with you to address this issue.

Data Collected from Other Sites

Except as otherwise discussed in this Website Privacy Policy, this document only addresses the use and disclosure of information we collect from you. Other sites accessible through our site have their own privacy policies and data collection, use and disclosure practices. Please consult each site’s privacy policy if you want to receive information on third parties’ online activities.

Additionally, our website may provide links to other sites. When you click on one of these links, you are leaving our site and entering another site that we do not control and for which we cannot be responsible. The companies linked or referenced on our site may collect Personal Data and other information about you when you view or click on their sites through the use of cookies. You should contact these companies directly if you have any questions about their use of the information that they collect.

Intellectual Property Notice

The graphics, documents and articles contained on this website are the copyrighted work of Veristat and contain proprietary trademarks and trade names of Veristat. We reserve the right to take appropriate legal action, including without limitation, referral to law enforcement, for any illegal or unauthorized use of this website. We also reserve to right take any action to prevent the unauthorized use of our intellectual property rights.

Additional details for Residents of the European Economic Area ("EEA") and UK Residents

This section supplements the Website Privacy Policy and applies solely to residents of the European Economic Area (“EEA”) and UK residents.

Data Controller and Data Privacy Officer (“DPO”) 

The Data Controller of your Personal Data, meaning the person who determines purposes and means of data processing, is Veristat LLC, with a registered office at 134 Turnpike Road, Suite 200, Southborough, MA 01772. 

 Veristat has also appointed a Data Privacy Officer (“DPO”), who is responsible for overseeing compliance with the EU Regulation 2016/679, the UK GDPR and the UK Data Protection Act 2018, in relation to the personal data processed by Veristat. You can contact the DPO by email at data_privacy@veristat.com or by writing to:

Veristat LLC 
134 Turnpike Road, Suite 200 
Southborough, MA 01772

Veristat International Limited 
27 Old Gloucester Street 
London, United Kingdom, WC1N 3AX

Legal Bases for Processing of Personal Data  

We rely on different legal basis for the processing of your Personal Data, which also depend on the context of your interactions with Veristat. Such legal basis may be your consent, a company legitimate business interest, a legal or contractual obligations. 

In some cases, we process your Personal Data to comply with a contractual obligation we have with you, or to take steps that you request before we enter into that contract. We may also process your Personal Data where necessary for our compliance with a legal obligation.  

If we process your Personal Data under consent provided by you, you have the right to withdraw that consent at any time as set out in the section below “Data Subjects Rights”.  Your withdrawal of consent, however, will not affect the lawfulness of any processing we have undertaken before the withdrawal.  

Finally, we process Personal Data we collect through the site for certain legitimate business interests. These legitimate interests relate to conducting and managing our business. When we process Personal Data for these purposes, we will ensure that we take into account your interests and privacy rights. You can object to this processing as described in section below “Data Subjects Rights”.

Data Privacy Principles  

Personal Data will be collected for the purposes specified in this Privacy Policy and used accordingly. The collection and processing of Personal Data will be limited to what is strictly necessary to fulfil these purposes and you are hereby informed in advance of the purposes and uses of such data. 

Personal Data will be adequate, relevant and not excessive and relating to the purposes for which they are processed. 

Personal Data will be as accurate as possible and, where necessary, kept up to date. 

Personal Data will not be kept longer than is appropriate or necessary for the purposes for which it is being processed or local legal requirements. 

Personal Data will be collected, used and retained in accordance with the legal rights available to the data subjects.

Data Subjects Rights 

Veristat would like to make sure you are fully aware of all of your data protection rights. In particular, you are entitled to the following: 

• The right to access: You have the right to request Veristat to have access to your Personal Data or receive copies of your Personal Data or a description of the categories of Personal Data we process and the processing activities we perform.  
• The right to rectification: You have the right to request that Veristat correct any information you believe is inaccurate. You also have the right to request Veristat to complete information you believe is incomplete. 
• The right to erasure: You have the right to request that Veristat erase/delete your Personal Data under certain conditions (i.e., when the Personal Data is no longer necessary for the purpose of the processing). We inform you that requests for deletion of Personal Data are subject to current legal requirements to retain documents imposed on us by laws or regulations, if applicable. 
• The right to restrict processing: You have the right to request that Veristat restrict the processing of your Personal Data, under certain conditions, for example when you have issues with the content of the information we hold or how we have processed your personal data. 
• The right to object to processing: You have the right to object to Veristat’s processing of your Personal Data that are based on legitimate interests, under certain conditions.  
• The right to data portability: You have the right to receive a copy of Personal Data in a structured, commonly used and readable by automatic devices and, where possible, request that Veristat transmit the Personal Data that we have collected to another data controller, or directly to you (if technically feasible). 
• The right to withdraw consent: Where given, you have the right to withdraw consent at any time and without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal. 
• The right to refuse automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. 

Under the European Data Protection Regulation 2016/679, the Swiss FADP, the UK GDPR and the UK Data Protection Act 2018, you have also the right to lodge a complaint directly with the Supervisory Authority of the country where you live, work or where an alleged infringement has occurred.

Please see the Your Privacy Choices section if you would like to exercise any of your rights. 

When contacting us, please make sure that you include your name, email address, postal address and/or telephone number to make sure we can handle your request correctly. 

If you exercise any of your rights, we have one month to respond to you.  If Veristat is unable to provide the requested information or make the change you request, you will be provided with reasons for such decision. 

Please be advised that if you are a patient in a clinical trial, Veristat has no means by which to identify you and therefore cannot respond to privacy rights request. You should contact the doctor/medical provider who is treating you from the clinical trial site for any requests.

Additional Information for Residents of the State of California 

This section supplements the Website Privacy Policy and applies solely to residents of the State of California, to the extent the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CPRA”)  (collectively the “CCPA”),applies to Veristat’s for the processing of their Personal Information (these individuals are referred to in this section as “California Consumers”). As of 1 January 2023, the CPRA included personal information of employees and business contact information for residents of California into the list of rights regarding personal information listed below.  Specific privacy requirements under CCPA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to California Consumers: the term “Personal Information,” when used in this CCPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the CCPA. Personal Information does not include de-identified or aggregated information, or any other information the CCPA excludes from its scope.  

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Information under CCPA. As detailed above, we may collect such Personal Information directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Information to others.

CCPA Rights of California Consumers  

CCPA provides California Consumers with certain rights relating to their Personal Information.  Veristat will honour verified requests to exercise those rights, and will not unlawfully deny you services, charge you different prices, or provide you a different quality of service for exercising those rights. In particular, you have the right to:  

• Request information about the Personal Information that Veristat has collected, used and disclosed about you over the previous 12 months, including: 
  • the categories of Personal Information collected;
  • the categories of sources from which your Personal Information was collected;
  • the business or commercial purposes for which Veristat collected your Personal Information;
  • the categories of your Personal Information that was disclosed for a business or commercial purpose;
  • and the categories of third parties with whom Veristat shared your Personal Information; 
  • the specific pieces of Personal Information collected; and
  • information about any sales of your Personal Information.

Upon request, Veristat will provide you with a copy of all of your personal information (Data Portability).

Exercising Your Rights

You have the right to request to have your Personal Information corrected or deleted. This right is not absolute, however, and under some circumstances Veristat may decline to correct or delete your Personal Information where permitted by the CCPA.  Following receipt of your request and confirmation of your identify, Veristat will correct or delete your Personal Information from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception.

You may only make a request for access or data portability twice within a 12-month period and your request must provide:

• Sufficient information to allow Veristat to complete reasonable verification that you are the individual or an authorized representative;
• Your contact details; and
• Sufficient detail to allow Veristat to understand, evaluate and respond to your request

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your CCPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Contact

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights

Additional Information for Residents of the State of Colorado

Effective 1 July 2023, this section supplements the Website Privacy Policy and applies solely to Colorado consumers (residents), to the extent the Colorado Privacy Act, (“CPA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “Colorado Consumers”).  Specific privacy requirements under CPA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to Colorado Consumers: the term “Personal Data,” when used in this CPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the CPA.

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under CPA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Data to others.  

CPA Rights of Colorado Consumers  

CPA provides Colorado Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights, and will disclose the information requested, including:

• the categories of Personal Data collected;
• the categories of sources of the Personal Data collected about you;
• the business or commercial purposes for which Veristat collected your Personal Data;
• the categories of third parties with whom Veristat shares that Personal Data;
• the specific pieces of Personal Data collected by Veristat; and
• information about any sales of your Personal Data,

Upon request, Veristat will also provide you with a copy of your Personal Data provided by you to Veristat (Data Portability).

Exercising Your Rights

You have the right to request to have your Personal Data corrected or deleted. This right is not absolute, however, and under some circumstances Veristat may decline to correct or delete your Personal Data where permitted by the CPA.  Following receipt of your request and confirmation of your identify, Veristat will correct or delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

You may only make a request for access or data portability, free of charge, once within a 12-month period.

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your CPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Should your request for access, data portability, correction or deletion be declined by Veristat, you have the right to appeal our decision.  Veristat will endeavour to respond to your verified Colorado Consumer appeal within 45 days of receipt of your appeal.  If your appeal is denied, Veristat will provide you with a method through which the Colorado Consumer may contact the Colorado Attorney General to submit a complaint.

Following the decline of a previous request, an appeal request may be submitted to Veristat, providing the verification, contact and request details so that this may be processed and reviewed.

Exercising Your Rights

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.

Additional Information for Residents of the State of Connecticut

Effective 1 July 2023, this section supplements the Website Privacy Policy and applies solely to Connecticut consumers (residents), to the extent the Connecticut Data Privacy Act, (“CTDPA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “Connecticut Consumers”).  Specific privacy requirements under CTDPA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to Connecticut Consumers: the term “Personal Data,” when used in this CTDPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the CTDPA.

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under CTDPA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Data to others.  

CTDPA Rights of Connecticut Consumers  

CTDPA provides Connecticut Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights, and will disclose the information requested, including:

• the categories of Personal Data collected;
• the categories of sources of the Personal Data collected about you;
• the business or commercial purposes for which Veristat collected your Personal Data;
• the categories of third parties with whom Veristat shares that Personal Data;
• the specific pieces of Personal Data collected by Veristat; and
• information about any sales of your Personal Data,

Upon request, Veristat will also provide you with a copy of your Personal Data provided by you to Veristat (Data Portability).

Exercising Your Rights

You have the right to request to have your Personal Data corrected or deleted. This right is not absolute, however, and under some circumstances Veristat may decline to correct or delete your Personal Data where permitted by the CTDPA.  Following receipt of your request and confirmation of your identify, Veristat will correct or delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

You may only make a request for access or data portability, free of charge, once within a 12-month period.  If Veristat is unable to authenticate the request, Veristat is not required to comply.

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your CTDPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Exercising Your Rights

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.

Additional Information for Residents of the State of Delaware

Effective 1 January 2025, this section supplements the Website Privacy Policy and applies solely to Delaware consumers (residents), to the extent the Delaware Personal Data Privacy Act, (“DPDPA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “Delaware Consumers”).  Specific privacy requirements under DPDPA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to Delaware Consumers: the term “Personal Data,” when used in this DPDPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the DPDPA.

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under DPDPA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Data to others.  

DPDPA Rights of Delaware Consumers  

DPDPA provides Delaware Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights, and will not unlawfully deny you services, charge you different prices, or provide you a different quality of service for exercising those rights. In particular, you have the right to:  

• Request information about the Personal Data that Veristat has collected, used and disclosed about you over the previous 12 months, including: 
  • the categories of Personal Data processed;
  • the business or commercial purposes for which Veristat processed your Personal Data;
  • the categories of Personal Data shared with third parties, if any; and
  • the categories of third parties with whom Veristat share Personal Data, if any

Upon request, Veristat will also provide you with a copy of all of your Personal Data (Data Portability).

Exercising Your Rights

You have the right to request to have your Personal Data corrected or deleted. This right is not absolute, however, and under some circumstances Veristat may decline to correct or delete your Personal Data where permitted by the DPDPA.  Following receipt of your request and confirmation of your identify, Veristat will correct or delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

You may only make a request for access or data portability, free of charge, once within a 12-month period.

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your DPDPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Should your request for access, data portability, correction or deletion be declined by Veristat, you have the right to appeal our decision.  Veristat will endeavour to respond to your verified Delaware Consumer appeal within 60 days of receipt of your appeal.  If your appeal is denied, Veristat will provide you with a method through which the Delaware Consumer may contact the Delaware Department of Justice to submit a complaint.

Following the decline of a previous request, an appeal request may be submitted to Veristat, providing the verification, contact and request details so that this may be processed and reviewed.

Exercising Your Rights

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.

Additional Information for Residents of the State of Iowa

Effective 1 January 2025, this section supplements the Website Privacy Policy and applies solely to Iowa consumers (residents), to the extent the Iowa Consumer Data Protection Act, (“ICDPA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “Iowa Consumers”).  Specific privacy requirements under ICDPA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to Iowa Consumers: the term “Personal Data,” when used in this ICDPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the ICDPA.

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under ICDPA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Data

Veristat does not rent or sell your Personal Data to others.  

ICDPA Rights of Iowa Consumers  

ICDPA provides Iowa Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights in relation to the collection and use of your Personal Data including:  

• the categories of Personal Data processed;
• the business or commercial purposes for which Veristat is processing your Personal Data;
• the categories of Personal Data shared with third parties, if any; and
• the categories of third parties with whom Veristat shared your Personal Data, if any

Upon request, Veristat will also provide you with a copy of all of your Personal Data provided to us by you (Data Portability), if feasible.

Exercising Your Rights

You have the right to request to have your Personal Data deleted. This right is not absolute, however, and under some circumstances Veristat may decline to delete your Personal Data where permitted by the ICDPA.  Following receipt of your request and confirmation of your identify, Veristat will delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

You may only make a request for access or data portability, free of charge, twice annually.

Veristat will endeavour to respond to your verified request within 90 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your ICDPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Should your request for access, data portability, or deletion be declined by Veristat, you have the right to appeal our decision.  Veristat will endeavour to respond to your verified Iowa Consumer appeal within 60 days of receipt.  If your appeal is denied, Veristat will provide you with a method through which the Iowa Consumer may contact the Iowa Attorney General to submit a complaint.

Following the decline of a previous request, an appeal request may be submitted to Veristat, providing the verification, contact and request details so that this may be processed and reviewed.

Contact

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights to access, data portability and/or deletion.

Additional Information for Residents of the State of Massachusetts

This Website Privacy Policy will also ensure that timely notice is provided whenever confidential information (including, but not limited to, “Personal Information” protected under applicable data security laws such as M.G.L. c. 93H and 201 CMR 17.00 et seq.) has been compromised as a result of a breach of Veristat’s internal and external data security measures. 

Specifically, this includes the following: 

Data Security Breaches Involving Confidential Information Owned or Licensed by a Third Party 

For data security breaches involving confidential information that is owned or licensed by a third-party, Veristat DPO shall provide prompt written notice to the affected owners and licensors when Veristat knows or has reason to know of a breach of Veristat’s security measures or upon learning that confidential information of a resident of the Commonwealth of Massachusetts has been acquired or used by an unauthorized person or used for an unauthorized purpose. Said written notice to the affected owner/licensor shall include the following information:  

• The date or approximate date of the data security breach incident and the nature thereof; and 
• The steps that Veristat has taken or plans to take, if any, relating to the data security breach incident. 

In providing notice to affected owners and licensors of the confidential information, Veristat is not required to disclose confidential business information or trade secrets or to provide notice to any affected resident of the Commonwealth of Massachusetts who may be affected by the data security breach or unauthorized acquisition or use of his or her confidential information. 

Data Security Breaches Involving Confidential Information Owned or Licensed by Veristat 

For data security breaches involving confidential information that is owned or licensed by Veristat, Veristat shall provide prompt written notice to the Massachusetts Attorney General, the Director of Consumer Affairs and Business Regulation, and to any affected resident of the Commonwealth of Massachusetts, when Veristat knows or has reason to know of a data security breach or that the confidential information of a resident of the Commonwealth of Massachusetts was acquired or used by an unauthorized person or for an unauthorized purpose. 

The notice to the Attorney General and Director of Consumer Affairs and Business Regulation shall include the following information: 

• The date or approximate date of the data security breach incident and the nature thereof; 
• The approximate number of residents of the Commonwealth of Massachusetts affected by the data security breach incident; and 
• The steps that Veristat has taken or plans to take, if any, relating to the data security breach incident. 

The notice to be provided to the resident of the Commonwealth of Massachusetts shall include the following information: 

• The individual’s right to obtain a police report; 
• How to request a security freeze on his or her credit report; and 
• Any fees required to be paid to any consumer reporting agencies. 

The notice to affected residents shall not include the nature of the data security breach or the number of affected residents of the Commonwealth of Massachusetts. 

Notification during Criminal Investigation 

If a law enforcement agency responding to a data security breach incident determines that the provision of the above notices would impede an ongoing criminal investigation, Veristat shall delay notification until informed by law enforcement that notification no longer poses a risk of impeding the investigation. 

Veristat shall cooperate with law enforcement in its investigation of any data security breach incident and shall share all information relevant to the incident, with the exception of confidential business information and trade secrets.

Additional Information for Residents of the State of Montana

Effective 1 October 2024, this section supplements the Website Privacy Policy and applies solely to Montana Consumers (Residents), to the extent the Montana Consumer Data Privacy Act, (“MCDPA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “Montana Consumers”).  Specific privacy requirements under MCDPA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to Montana Consumers: the term “Personal Data,” when used in this MCDPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the MCDPA.

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under MCDPA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Data to others.  

MCDPA Rights of Montana Consumers  

MCDPA provides Montana Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights in relation to the collection and use of your Personal Data including:  

• providing confirmation if Veristat is processing your Personal Data; 
• the categories of Personal Data collected;
• the business or commercial purposes for which Veristat processed your Personal Data;
• the categories of Personal Data shared with third parties, if any; and
• the categories of third parties with whom Veristat share Personal Data

Upon request, Veristat will also provide you with a copy of your Personal Data provided to Veristat by you (Data Portability).

Exercising Your Rights

You have the right to request to have your Personal Data corrected or deleted. This right is not absolute, however, and under some circumstances Veristat may decline to correct or delete your Personal Data where permitted by the MCDPA.  Following receipt of your request and confirmation of your identify, Veristat will correct or delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

You may only make a request for access or data portability, free of charge, once within a 12-month period.

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your MCDPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Should your request for access, data portability, correction or deletion be declined by Veristat, you have the right to appeal our decision.  Veristat will endeavour to respond to your verified Montana Consumer appeal within 60 days of receipt.  If your appeal is denied, Veristat will provide you with a method through which the Montana Consumer may contact the Montana Attorney General to submit a complaint.

Following the decline of a previous request, an appeal request may be submitted to Veristat, providing the verification, contact and request details so that this may be processed and reviewed.

Exercising Your Rights

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.

Additional Information for Residents of the State of Nebraska

Effective 1 January 2025, this section supplements the Website Privacy Policy and applies solely to Nebraska consumers (residents), to the extent the Nebraska Data Privacy Act, (“NDPA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “Nebraska Consumers”).  Specific privacy requirements under NDPA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to Nebraska Consumers: the term “Personal Data,” when used in this DPDPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the NDPA.

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under NDPA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Data to others.  

NDPA Rights of Nebraska Consumers  

NDPA provides Nebraska Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights, and will not unlawfully deny you services, charge you different prices, or provide you a different quality of service for exercising those rights. In particular, you have the right to:  

• the categories of Personal Data processed;
• the business or commercial purposes for which Veristat processed your Personal Data;
• the categories of Personal Data shared with third parties, if any; and
• the categories of third parties with whom Veristat share Personal Data, if any

Upon request, Veristat will also provide you with a copy of your Personal Data provided to Veristat by you, (Data Portability), if feasible.

Exercising Your Rights

You have the right to request to have your Personal Data corrected or deleted. This right is not absolute, however, and under some circumstances Veristat may decline to correct or delete your Personal Data where permitted by the NDPA.  Following receipt of your request and confirmation of your identify, Veristat will correct or delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

You may only make a request for access or data portability, free of charge, twice annually.

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your NDPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Should your request for access, data portability, correction or deletion be declined by Veristat, you have the right to appeal our decision.  Veristat will endeavour to respond to your verified Nebraska Consumer appeal within 60 days of receipt of your appeal.  If your appeal is denied, Veristat will provide you with a method through which the Nebraska Consumer may contact the Nebraska Attorney General to submit a complaint.

Following the decline of a previous request, an appeal request may be submitted to Veristat, providing the verification, contact and request details so that this may be processed and reviewed.

Exercising Your Rights

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.

Additional Information for Residents of the State of New Hampshire

Effective 1 January 2025, this section supplements the Website Privacy Policy and applies solely to New Hampshire Consumers (Residents), to the extent the New Hampshire Data Privacy Act, (“NHDPA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “New Hampshire Consumers”).  Specific privacy requirements under NHDPA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to New Hampshire Consumers: the term “Personal Data,” when used in this NHDPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the NHDPA.

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under NHDPA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Data to others.  

NHDPA Rights of New Hampshire Consumers  

NHDPA provides New Hampshire Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights, and will not unlawfully deny you services, charge you different prices, or provide you a different quality of service for exercising those rights. In particular, you have the right to:  

• Request information about the Personal Data that Veristat has collected, used and disclosed about you, including: 
  • the categories of Personal Data processed;
  • the business or commercial purposes for which Veristat processed your Personal Data;
  • the categories of Personal Data shared with third parties, if any; and
  • the categories of third parties with whom Veristat share Personal Data, if any

Upon request, Veristat will also provide you with a copy of all of your Personal Data provided to Veristat by you (Data Portability).

Exercising Your Rights

You have the right to request to have your Personal Data corrected or deleted. This right is not absolute, however, and under some circumstances Veristat may decline to correct or delete your Personal Data where permitted by the NHDPA.  Following receipt of your request and confirmation of your identify, Veristat will correct or delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

You may only make a request for access or data portability, free of charge, once within a 12-month period.

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your NHDPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Should your request for access, data portability, correction or deletion be declined by Veristat, you have the right to appeal our decision.  Veristat will endeavour to respond to your verified New Hampshire Consumer appeal within 60 days of receipt.  If your appeal is denied, Veristat will provide you with a method through which the New Hampshire  Consumer may contact the New Hampshire Attorney General to submit a complaint.

Following the decline of a previous request, an appeal request may be submitted to Veristat, providing the verification, contact and request details so that this may be processed and reviewed.

Exercising Your Rights

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.

Additional Information for Residents of the State of New Jersey

Effective 15 January 2025, this section supplements the Website Privacy Policy and applies solely to New Jersey Consumers (Residents), to the extent the New Jersey Data Protection Act, (“NJDPA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “New Jersey Consumers”).  Specific privacy requirements under NJDPA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to New Jersey Consumers: the term “Personal Data,” when used in this NJDPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the NJDPA.

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under NJDPA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Data to others.  

NJDPA Rights of New Jersey Consumers  

NJDPA provides New Jersey Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights, and will not unlawfully deny you services, charge you different prices, or provide you a different quality of service for exercising those rights. In particular, you have the right to:  

• Request information about the Personal Data that Veristat has collected, used and disclosed about you, including: 
  • the categories of Personal Data processed;
  • the business or commercial purposes for which Veristat processed your Personal Data;
  • the categories of Personal Data shared with third parties, if any; and
  • the categories of third parties with whom Veristat share Personal Data, if any

Upon request, Veristat will also provide you with a copy of all of your Personal Data provided to Veristat by you (Data Portability).

Exercising Your Rights

You have the right to request to have your Personal Data corrected or deleted. This right is not absolute, however, and under some circumstances Veristat may decline to correct or delete your Personal Data where permitted by the NJDPA.  Following receipt of your request and confirmation of your identify, Veristat will correct or delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

You may only make a request for access or data portability, free of charge, once within a 12-month period.

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your NJDPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Should your request for access, data portability, correction or deletion be declined by Veristat, you have the right to appeal our decision.  Veristat will endeavour to respond to your verified New Jersey Consumer appeal within 45 days of receipt.  If your appeal is denied, Veristat will provide you with a method through which the New Jersey Consumer may contact the New Jersey Division of Consumer Affairs in the Department of Law and Public Safety to submit a complaint.

Following the decline of a previous request, an appeal request may be submitted to Veristat, providing the verification, contact and request details so that this may be processed and reviewed.

Exercising Your Rights

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.

Additional Information for Residents of the State of Oregon

Effective 1 July 2024, this section supplements the Website Privacy Policy and applies solely to Oregon Consumers (Residents), to the extent the Oregon Consumer Privacy Act, (“OCPA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “Oregon Consumers”).  Specific privacy requirements under OCPA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to Oregon Consumers: the term “Personal Data,” when used in this OCPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the OCPA.

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under OCPA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Data to others.  

OCPA Rights of Oregon Consumers

OCPA provides Oregon Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights, and disclose:  

• the categories of Personal Data processed;
• the business or commercial purposes for which Veristat processed your Personal Data;
• the categories of Personal Data shared with third parties, if any; and
• the categories of third parties with whom Veristat share Personal Data, if any; and
• any processing for the purpose of targeted advertising

Upon request, Veristat will also provide you with a copy of all of your Personal Data provided to Veristat by you (Data Portability).

Exercising Your Rights

You have the right to request to have your Personal Data corrected or deleted. This right is not absolute, however, and under some circumstances Veristat may decline to correct or delete your Personal Data where permitted by the OCPA.  Following receipt of your request and confirmation of your identify, Veristat will correct or delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

You may only make a request for access or data portability, free of charge, once within a 12-month period.

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your OCPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Should your request for access, correction or deletion be declined by Veristat, you have the right to appeal our decision.  Veristat will endeavour to respond to your verified Oregon Consumer appeal within 45 days of receipt.  If your appeal is denied, Veristat will provide you with a method through which the Oregon Consumer may contact the Oregon Attorney General to submit a complaint.

Following the decline of a previous request, an appeal request may be submitted to Veristat, providing the verification, contact and request details so that this may be processed and reviewed.

Exercising Your Rights

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.

Additional Information for Residents of the State of Texas

Effective 1 July 2024, this section supplements the Website Privacy Policy and applies solely to Texas Consumers (Residents), to the extent the Texas Data Privacy and Security Act, (“TDPSA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “Texas Consumers”).  Specific privacy requirements under TDPSA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to Texas Consumers: the term “Personal Data,” when used in this TDPSA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the TDPSA.

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under TDPSA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Data to others.  

TDPSA Rights of Texas Consumers

TDPSA provides Texas Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights, and provide confirmation that Veristat is a data controller and processing your Personal Data   

Upon request and under certain conditions, Veristat will also provide you with a copy of your Personal Data provided to Veristat by you (Data Portability) to the extent that it is technically feasible. 

You may make a request for this information, twice annually, without charge.

Exercising Your Rights

You have the right to request to have your Personal Data corrected or deleted. This right is not absolute, however, and under some circumstances Veristat may decline to correct or delete your Personal Data where permitted by the TDPSA.  Following receipt of your request and confirmation of your identify, Veristat will correct or delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your TDPSA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Should your request for access, correction or deletion be declined by Veristat, you have the right to appeal our decision.  Veristat will endeavour to respond to your verified Texas Consumer appeal within 45 days of receipt.  If your appeal is denied, Veristat will provide you with a method through which the Texas Consumer may contact the Texas Attorney General to submit a complaint.

Following the decline of a previous request, an appeal request may be submitted to Veristat, providing the verification, contact and request details so that this may be processed and reviewed.

Exercising Your Rights

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.

Additional Information for Residents of the State of Utah

Effective 31 December 2023, this section supplements the Website Privacy Policy and applies solely to Utah Consumers (Residents), to the extent the Utah Consumer Privacy Act, (“UCPA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “Utah Consumers”).  Specific privacy requirements under UCPA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to Utah Consumers: the term “Personal Data,” when used in this UCPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the UCPA.

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under UCPA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Data to others.  

UCPA Rights of Utah Consumers

UCPA provides Utah Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights. In particular, you have the right to request:  

• the categories of Personal Data we collected about you;
• the categories of sources of the Personal Data we collected about you;
• the business or commercial purposes for which Veristat processed your Personal Data;
• the categories of third parties with whom Veristat share that Personal Data;
• the specific pieces of personal information Veristat has collected; and
• information about any sales of your personal information

Upon request, Veristat will also provide you with a copy of all of your Personal Data (Data Portability) to the extent it is practicable and technically feasible.

Exercising Your Rights

You have the right to request to have your Personal Data deleted. This right is not absolute, however, and under some circumstances Veristat may decline to delete your Personal Data where permitted by the UCPA.  Following receipt of your request and confirmation of your identify, Veristat will delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your UCPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Exercising Your Rights

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.

Additional Information for Residents of the State of Virginia

Effective 1 January 2025, this section supplements the Website Privacy Policy and applies solely to Virginia consumers (residents), to the extent the Virginia Consumer Data Protection Act, (“VCPDA”) applies to Veristat’s for the processing of their Personal Data (these individuals are referred to in this section as “Virginia Consumers”).  Specific privacy requirements under VCPDA that are not addressed in other sections of this Privacy Notice are described in this section. 

As it relates to Virginia Consumers: the term “Personal Data,” when used in this VCDPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the VCPDA. Personal Data does not include publicly available information such as public records held by the government or any other information the VCDPA excludes from its scope.  

Consistent with the information provided in the section “Personal Data Collected from this Website” above, we collect certain information about individuals that are considered Personal Data under VCDPA. As detailed above, we may collect such Personal Data directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. 

Sale of Personal Information

Veristat does not rent or sell your Personal Data to others.  

VCDPA Rights of Virginia Consumers  

VCDPA provides Virginia Consumers with certain rights relating to their Personal Data.  Veristat will honour verified requests to exercise those rights, and will not unlawfully deny you services, charge you different prices, or provide you a different quality of service for exercising those rights. In particular, you have the right to:  

• Request information about the Personal Data that Veristat has collected, used and disclosed about you over the previous 12 months, including: 
  • the categories of Personal Data collected;
  • the categories of sources from which your Personal Data was collected;
  • the business or commercial purposes for which Veristat collected your Personal Data;
  • the categories of third parties with whom Veristat shared your Personal Data; 
  • the specific pieces of Personal Data collected; and
  • information about any sales of your Personal Data.

Upon request, Veristat will also provide you with a copy of all of your Personal Data (Data Portability).

Exercising Your Rights

You have the right to request to have your Personal Data corrected or deleted. This right is not absolute, however, and under some circumstances Veristat may decline to correct or delete your Personal Data where permitted by the VCDPA.  Following receipt of your request and confirmation of your identify, Veristat will correct or delete your Personal Data from our records, unless an exception applies.  If this is the case, Veristat will notify you accordingly, and will provide specific information about the basis for the exception. 

You may only make a request for access or data portability twice within a 12-month period and your request must provide:

• Sufficient information to allow Veristat to complete reasonable verification that you are the individual or an authorized representative;
• Your contact details; and
• Sufficient detail to allow Veristat to understand, evaluate and respond to your request

Veristat will endeavour to respond to your verified request within 45 days of its receipt.  Should further time be required to process your request, we will inform you of the reason and the extension period (up to an additional 45 days).

Veristat does not charge a fee to process or respond to your VCDPA request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will inform you why we have made that decision and provide you with a cost estimate before completing your request.

Should your request for access, data portability, correction or deletion be declined by Veristat, you have the right to appeal our decision.  Veristat will endeavour to respond to your verified Virginia Consumer appeal within 60 days of receipt of your appeal.  If your appeal is denied, Veristat will provide you with a method through which the Virginia Consumer may contact the Virginia Attorney General to submit a complaint.

Following the decline of a previous request, an appeal request may be submitted to Veristat, providing the verification, contact and request details as documented above so that this may be processed and reviewed.

Contact

Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights. 

Effective Date:  1 MARCH 2025.