Privacy Policy

Medical Metrics, Inc. and its subsidiaries and affiliates (collectively, “MMI,” the “Company,” “we,” or “us”) want you to be familiar with how we collect, use, and disclose information.

This Privacy Policy describes our practices in connection with information that we collect through:

  • Our website at medicalmetrics.com and other websites operated by us from which you are accessing this Privacy Policy (the “Websites”);
  • Our social media pages that we control from which you are accessing this Privacy Policy (collectively, our “Social Media Pages”);
  • HTML-formatted email messages that we send to you that link to this Privacy Policy or other communications with you; and
  • Offline business interactions you have with us.

Collectively, we refer to the Websites, Social Media Pages, emails, and offline business interactions as the “Services.”

PERSONAL INFORMATION

  • “Personal Information” is information that identifies you as an individual or relates to an identifiable individual. MMI’s Services require collection of Personal Information, which may include:
    • Name*
    • Company*
    • Job title
    • Zip code*
    • City*
    • Country*
    • Telephone number*
    • Email address*
    • IP address (we may also derive your approximate location from your IP address)
    • Service interest

* Denotes information typically required to provide a requested service.

  • We may also receive the following types of information in connection with provision of MMI’s Services and Products:
    • Patient name
    • Medical record number
    • Research subject ID
    • Patient/subject initials
    • Medical imaging
    • Image acquisition dates
    • Visit dates
    • Operative information
    • Patient demographics (e.g., age, sex, race, height, weight, etc.)
    • Transaction-related details
  • Collection of Personal Information.  We collect Personal Information in a variety of ways, including:
    • Through the Services.  We collect Personal Information through the Services, for example, when you request information regarding the services we provide; or register for an account to access the Services, enter into a transaction with us, or contact us for support.
    • From Other Sources.  We may receive Personal Information from other sources in connection with clinical research studies or other MMI products or services. For example:
      • Sponsors of clinical trials and other research studies
      • Third-parties such as CROs and clinical sites
      • Physicians and other healthcare providers
      • Publicly available databases

We need to collect Personal Information in order to provide certain Services. If you do not provide the information requested, we may not be able to provide the Services. If you disclose any Personal Information relating to other people (e.g., patients, research subjects, your partners or vendors, etc.) in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy. MMI will only process your Personal Data for the purposes described in this Privacy Policy or as otherwise permitted under applicable law, including the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (“GDPR”).

  • Use of Personal Information. We and our vendors use Personal Information for the following purposes:
  • We utilize or disclose Personal Information to a natural or legal person, public authority, agency, or another body, as follows:
    • To provide the Services to you or on behalf of clinical trial sponsors, CROs, or other parties that have engaged MMI to perform the Services for which the Personal Information was sent.
      • To respond to your inquiries and to fulfill your requests when you contact us via one of our online contact forms. For example, when you request information about our products and Services.
      • To enter into transactions, verify your information, and provide you with related benefits and support.
      • To send administrative information to you, such as changes to our terms, conditions, legal agreements, and policies.

We will engage in these activities to manage our contractual relationships and/or to comply with a legal obligation.  Art. 6 para. 1 lit. (c) GDPR; Art. 6 para. 1 lit. (f) GDPR. 

  •  Aggregating and/or anonymizing Personal Information.
    • As permitted by other contractual agreements, we may aggregate and/or anonymize Personal Information so that it is no longer considered Personal Information. We do so to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual.
    •  Accomplishing our business purposes.
      • For reviews and audits, to verify that our internal processes function as intended, and to address legal, regulatory, or contractual requirements;
      • For fraud prevention and fraud security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
      • For data analysis, for example, to improve the efficiency of our Services;
      • For repairing, maintaining, enhancing, or modifying our current products and Services, as well as undertaking quality and safety assurance measures;
      • For developing new products and services;
      • For identifying usage trends, for example, understanding which parts of our Services are of most interest to users; and

We engage in these activities to manage our contractual relationships, to comply with legal obligations, and/or based on our legitimate business interest. Art. 6 para. 1 lit. (c) GDPR; Art. 6 para. 1 lit. (f) GDPR; Art. 6 para. 1 lit. (b) GDPR.

OTHER INFORMATION

  • “Other Information” is any information that does not reveal a person’s specific identity. The Services may collect, use, and disclose Other Information.
    • As permitted by other contractual agreements, we may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Information under applicable law, we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Policy. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information. Art. 6 para. 1 lit. (c) GDPR; Art. 6 para. 1 lit. (f) GDPR; Art. 6 para. 1 lit. (b) GDPR.

SECURITY

  • We seek to use reasonable organizational, technical, and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.

CHOICES AND ACCESS

  • Your choices regarding our use and disclosure of your Personal Information.  We give you choices regarding our use and disclosure of your Personal Information for marketing purposes. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of emails from us, we may still send you important administrative messages, from which you cannot opt out.
  • How you can access, change, or delete your Personal Information. If you would like to request to access, correct, update, suppress, restrict, or delete Personal Information, object to or opt out of the processing of Personal Information, or if you would like to request to receive a copy of your Personal Information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us in accordance with the “Contacting Us” section below. We will respond to your request consistent with applicable law.In your request, please make clear what Personal Information you would like to have changed or whether you would like to have your Personal Information suppressed from our database. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
    • In your request, please make clear what Personal Information you would like to have changed or whether you would like to have your Personal Information suppressed from our database. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
  • Please note that we may need to retain certain information for recordkeeping purposes, to maintain compliance with applicable regulations, and/or to complete any transactions that you began prior to requesting a change or deletion.

RETENTION PERIOD

  • We retain Personal Information for as long as needed in light of the purpose(s) for which it was obtained and consistent with applicable law. Record retention periods are further defined in the MMI SOP, QS-1022 “Records Control.”

THIRD PARTY SERVICES

  • This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
  • In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, LinkedIn, Apple, Google, Microsoft, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with our Social Media Pages.

JURISDICTION AND CROSS-BORDER TRANSFER

  • Your Personal Information may be stored and processed in any country where we have facilities or in which we are engaged to provide Services, and by using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Information.  Art. 46 GDPR.
  • ADDITIONAL INFORMATION REGARDING THE EEA: Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en).

SENSITIVE INFORMATION

  • We insist that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us.

UPDATES TO THIS PRIVACY POLICY

  • We may review and update this Privacy Policy periodically. The “LAST UPDATED” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we release the revised Privacy Statement on the Services.

CONTACTING US

  • MMI, located at 2121 Sage Road, STE 300, Houston, Texas 77056, is the company responsible for collection, use, and disclosure of Personal Information under this Privacy Policy.
  • MMI’s Data Protection Officer is Darren Alch, JD, MBA.
  • If you have any inquiries, complaints, requests, questions, or comments about this Privacy Policy, please contact our Data Protection Officer via post at the mailing address above or at privacy@medicalmetrics.com. You may also contact the relevant data protection authority in your country or jurisdiction. Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.