EU-U.S PRIVACY SHIELD PRIVACY STATEMENT
Effective date: September 27, 2017
To learn more about the EU-U.S. Privacy Shield program, and to view our certification,
please visit privacyshield.gov/welcome.
“Personal Information” or “Information” means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.
Collection & Use
CML is a privately held clinical testing laboratory offering services in the areas of Employee Wellness, Pharmaceutical/Clinical Trials, Insurance Risk Assessment, and Drugs of Abuse Testing.
CML will collect only as much Personal Information as we need for the specific purposes for which it was collected. CML will not use it for other purposes without obtaining your consent, and keep your Personal Information only as long as we need it for the purposes for which we collected it, or as permitted by law.
CML may collect a person’s name or initials, gender, race/creed/national origin, date of birth, email address, mailing address, telephone number, personal identification number, group/health insurance policy numbers and amounts, and medical information (including test results).
CML may share your Personal Information pursuant to a lawful request or for national security.
CML will use your Personal Information in support of the services we offer, communicating with corporate business partners, processing on behalf of our business customers, complying with contractual and legal obligations, and conducting related tasks for legitimate business purposes.
Accountability of Onward Transfer
CML recognizes potential liability in cases of onward transfer to third parties. CML may provide Personal Information to third parties acting as agents, consultants, and contractors to perform tasks on behalf of and under our instructions. CML will not transfer any personal information to a third-party without first ensuring that the thirdparty adheres to the Principles.
CML does not transfer Client Personal Information to unrelated third parties, unless lawfully and contractually directed by a client, or in certain limited or exceptional circumstances in accordance with the EU-U.S. Privacy Shield Framework. For example, such circumstances would include disclosures of Personal Information required by law or legal process, or disclosures made in the vital interest of an identifiable person such as those involving life, health or safety.
In the event that CML transfers Personal Information to an unrelated third party, CML will ensure that such party is either subject to the EU-U.S. Privacy Shield Framework, subject to similar laws providing an adequate and equivalent level of privacy protection, or will enter into a written agreement with the third party requiring them to provide protections consistent with the EU-U.S. Privacy Shield Framework and CML’s
EU-U.S. Privacy Shield policy.
Should CML learn that an unrelated third party to which Personal Information has been transferred by CML is using or disclosing Personal Information in a manner contrary to this Policy, CML will take reasonable steps to prevent or stop the use or disclosure.
Personal Information is accessible only by those CML employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into strict confidentiality agreements, and/or have been subjected to thorough criminal background checks.
Data Integrity & Security
CML uses reasonable efforts to maintain the accuracy and integrity of Personal Information and to update it as appropriate. CML has implemented physical and technical safeguards to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alternation, or destruction.
Upon reasonable request and as required, CML allows individuals access to their Personal Information, in order to correct or amend such information where inaccurate. To submit such requests or raise any other questions, please contact the business that provided your Personal Information. You may also contact our EU-U.S. Privacy Shield Contact listed at the end of this notice. We reserve the right to take appropriate steps to authenticate an applicant’s identity, to charge an adequate fee before providing access and to deny requests, except as required by the EU-U.S. Privacy
To request erasure of Personal Information, Individual Customers should submit a written request to CML’s EU-U.S. Privacy Shield Contact.
CML will renew its EU-U.S. Privacy Shield certifications annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism. Prior to the re-certification, CML will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of Personal Information are accurate and that the company has appropriately implemented these practices.
CML’s EU-U.S. Privacy Shield Contact Information
CoreMedica Laboratories Inc.
Attn: Privacy Officer
200 NE Missouri Road #304
Lee’s Summit Missouri 64086
If your inquiry is not satisfactorily addressed, you may contact the JAMS International Dispute Resolution Process. JAMS International will serve as a liaison with the CML to resolve your concerns. jamsadr.com/eu-us-privacy-shield.
EU Persons (EU Data Subjects) may complain to their home data protection authority and can invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
If you have a comment or concern that cannot be resolved with us directly, you may contact the competent local data protection authority.
EU-U.S. Privacy Shield Policy Effective Date: 9/27/2017