GDPR Privacy Statement
GDPR Privacy Statement
Certara is a global corporation and personal information is processed globally. As such, we adhere to the Privacy Principles detailed in the General Data Protection Regulation ((EU 2016/679) (“GDPR”), the European Commission’s standard contractual clauses, and any other directly applicable European Union regulation relating to privacy. Certara also complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area (“EEA”) or Switzerland. With respect to personal information received or transferred under the Privacy Shield Framework, Certara is subject to the regulatory enforcement powers of the US Federal Trade Commission and commits to cooperate with the EU data protection authorities. Any laws and regulations that Certara is subject to that relate to the control, processing, or protection of personal data are referred to in this document as “Data Protection Regulations.” Terms such as “personal data,” “processing,” “controller” and “processor” are as defined in the GDPR.
If you are resident in a member state of the EEA, personal data regarding you may be processed outside the EEA, and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as the EEA. In this event, we will ensure that the recipient of your personal data offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.
Certara is the Controller of your personal data as described in this Privacy Statement, unless expressly specified otherwise. Controller is defined in the GDPR and is the entity that determines the purposes and means of the processing of personal data. The other members of the Certara group of companies ordinarily act as processors on behalf of Certara. Certara (or its affiliates) often acts as processor of personal data on behalf of its clients. This is not addressed in the Privacy Statement.
I. What Information We May Collect from You
A. Your Data
We may collect and process the following data about you:
- Information that you provide by filling in forms. This includes information provided at the time of registering to use any of the sites operated by members of the Certara group of companies, logging on to one or more of those sites, subscribing to our services, or posting material or requesting further services. We may also ask you for information when you report a problem;
- If you contact us, we may keep a record of that correspondence;
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
- Details of contracts fulfilled between you (or your company) and Certara; and
- Details of your visits to our sites including traffic data, location data, weblogs and other communication data, and the resources that you access.
We also collect information about you from other publicly available sources, including third parties from whom we purchase personal data, and combine this information with personal data provided by you. This helps us to update, expand and analyze our records, identify new customers and create more tailored advertising to provide services that may be of interest to you. In particular, we collect personal data from the following sources:
- Third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling.
If you provide us (or our service providers) any personal data relating to other individuals, you represent that you have the authority to do so and permit us to use the personal data in accordance with this Privacy Statement.
B. Activity Data
When accessing our websites, we may collect information about your computer, including where available your IP address, operating system and browser type for system administration.
We may also obtain information about your general internet usage by using a cookie file, which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalized service. They enable us to:
- Estimate our audience size and usage pattern;
- Store information about your preferences, and so allow us to customize our site according to your individual interests;
- Speed up your searches; and
- Recognize you when you return to our site.
In accordance with all Data Protection Regulations, personal data will be collected and processed for one or more of the following reasons; for performance of a contract, compliance with a legal obligation, for the legitimate business purposes of Certara, in the vital interests of an individual, to perform a task in the public interest or where we have received explicit consent.
You can exercise the right to review your personal data collected by Certara at any time to ensure it is complete and rectify any inaccuracies by contacting us in the manner detailed below.
II. Where We Store Your Personal Data
Your personal data may be collected, transferred to and stored by Certara and its affiliates in all countries where we operate, under the frameworks and legal requirements outlined above. It may also be processed by us for, among other things, performance of contracts. We will take all steps reasonably necessary to ensure that your data are treated securely and in accordance with the all Data Protection Regulations, including ensuring all third parties we use comply with accepted equivalents.
We take precautions including organizational, technical and physical measures to help safeguard your personal data against the accidental or unlawful destruction, loss, alteration and unauthorized disclosure of, or access to, the personal data we process or use.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorized access.
III. How We Make Use of the Information
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer;
- To provide you with marketing information, products or services that you request from us or which we feel may interest you (either with your consent or on the basis of the “legitimate interests” lawful basis), and which you may opt-out from at any time;
- To notify you of important Certara announcements;
- To carry out our obligations arising from any contracts entered into between you (or your company) and us;
- To allow you to participate in interactive features of our service, when you choose to do so; and
- To notify you about changes to our service.
You can exercise the right to prevent such processing at any time by contacting us in the manner detailed below.
IV. When We May Disclose Your Information
We may share your personal data as follows:
- With our contracted service providers, consistent with the original purpose of collection, who provide services such as system administration and hosting, credit card processing, research and analytics consultancy, marketing, customer support and data enrichment; such service providers comprise companies located in the countries in which we operate (see list of relevant countries here: https://www.certara.com/company/our-locations/);
- In individual instances, with professional advisers acting as processors or joint controllers who provide services such as business consultancy, banking, legal, insurance and accounting services in the countries in which we operate (see list of relevant countries here: https://www.certara.com/company/our-locations/), and to the extent we are legally obliged to share or have a legitimate business interest in sharing your personal data;
- With affiliates within the Certara corporate group and companies that we acquire in the future when they are made part of the Certara corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for customer support, marketing, technical operations, consultancy, and account management purposes; and
- If we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by third party, with such third party. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of personal data to an unaffiliated third party.
Any personal data or other information you choose to submit in communities, forums, blogs or chat rooms on our websites may be read, collected and used by others who visit these forums, depending on your account settings.
V. Other Websites
Our site may from time to time contain links to and from other websites (particularly those of our affiliates). If you follow a link to any of these websites, please note that the websites of these parties (other than our affiliates) have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
VI. Access to Your Information
All Data Protection Regulations that Certara adheres to provides you the right to access information held about you. Your rights of access, rectification and erasure can be exercised in accordance with the Data Protection Regulations by contacting us in the manner detailed below.
VII. Retention of Information
All Data Protection Regulations that Certara adheres to provide direction on the retention of data. Personal data that Certara holds about you are retained only for as long as you consent, for legitimate business interests or for the duration consistent with the original purpose of collection or of a contractual or legal obligation. After expiry of the applicable retention periods, your personal data will be deleted. You also have the right to have any data we hold about you deleted by contacting us in the manner detailed below.
VIII. Changes to Our Privacy Statement
We will update this Privacy Statement from time to time to reflect changes in our practices, technologies, legal requirements and other factors. If we do, we will update the “effective date” at the top of this Privacy Statement. If we make an update, we may provide you with notice prior to the update taking effect, such as by posting on our website or by contacting you using the email address you provided.
We encourage you to periodically review this Privacy Statement to stay informed about our collection, processing and sharing of your personal data.
Questions, comments and requests regarding this Privacy Statement are welcomed and should be addressed to Certara at firstname.lastname@example.org.
Last Updated 25 January, 2019