1. Home
  2. Privacy Notice

Privacy Notice

Collection and use of personal information

You may be asked to provide personal information in certain fields on this website. The personal information collected on this site is used for the purpose for which it is requested:

Professional Information and CV’s are requested for site applicants and are used to evaluate and qualify the applicant. This information is not used for any other purpose and is not shared with any entity unrelated to RadMD. Information regarding individuals no longer using the services of RadMD is disposed of when they are either no longer under consideration or are considered outdated (usually no longer than one year).

Data Privacy Framework Policy 

This privacy policy explains the principles which RADMD follows with respect to transfers of personal data from the European Union (EU) and Switzerland and the United Kingdom to the United States.  This policy includes the transfer of personal data relating to potential employees, sponsors, and vendors, in addition to personal information regarding clinical study participants where RADMD is providing services to its sponsors as an Imaging Clinical Research Organization.   

1. Data Privacy Framework 

RadMD complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  RadMD has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  RadMD has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/ 

2. Scope 

This Data Privacy Framework Policy (the “Policy”) sets forth the privacy principles that RadMD follows when processing Personal Data received from customers or prospective customers located in the European Economic Area (“EEA”), Switzerland, and the United Kingdom while providing services from the United States (“U.S.”).  For purposes of this Policy, Personal Data means data about an identified or identifiable individual that is received by RadMD in the United States from the EEA, Switzerland, or the United Kingdom, and recorded in any form, and is within the scope of Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), the Swiss Federal Data Protection Act, or the UK Data Protection Act 2018, respectively. 

3. Definitions 

For the purposes of the Policy, the following definitions shall apply: 

Agent: any third-party processing personal information on behalf of, and under the instruction of RADMD. 

Data Subject: the individual to whom any given Personal Data covered by this DPF Policy refers. 

Personal Data: any information relating to an individual residing in the European Union, European Economic Area, the United Kingdom (including Gibraltar), and Switzerland that can be used to identify that individual (either on its own or in combination with other readily available data). 

Processing: any operation or set of operations which is performed upon personal data, whether by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction. 

Sensitive Personal Data: Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or information specifying the sex life of an individual. 

4. Privacy Principles 

RadMD commits to applying the DPF’s principles to all Personal Data that RadMD in the U.S. receives from European Economic Area member countries, the United Kingdom, and Switzerland in reliance on the respective DPF.  

4.1 Notice 

Where RADMD collects personal information directly from individuals in the EU, the UK or Switzerland, we will inform them about the purposes for which it collects and uses such Personal Data, the types of third parties to which it discloses such Personal Data and the purposes for which it does so, the rights of Data Subjects to access their Personal Data, the choices and means that RadMD offers for limiting its use and disclosure of such Personal Data, how RadMD’s obligations under the DPF are enforced, and how Data Subjects can contact RadMD with any inquiries or complaints. Where RADMD receives personal information from its sponsors, agents acting on behalf of sponsors, or other or data controllers, it will use such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates. 

Personal information collected and/or processed may be disclosed to a particular study sponsor, third party service provider, business partner and/or where required, regulators. RADMD may not need to furnish notice where processing is necessary to respond to a government inquiry, is required or authorized by applicable laws, court orders or government regulations, or is necessary to protect RADMD’s legal interests and providing notice would interfere with the above requirements. 

4.2 Choice 

In accordance with the DPF, RadMD limits the use and disclosure of Personal Data of Data Subjects and provides an opt-in choice for Sensitive Personal Data collected. If Personal Data covered by this DPF Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized or is to be disclosed to a non-agent third party, RadMD will provide Data Subjects with an opportunity to choose whether to have their Personal Data so used or disclosed. 

RadMD will obtain affirmative consent (i.e., opt-in) from Data Subjects before any Sensitive Personal Data is disclosed to a third party. If Sensitive Personal Data covered by this DPF Policy is (i) disclosed to a third party, or (ii) used for a new purpose that is different from that for which the Personal Data was originally collected or subsequently authorized, RadMD will obtain the Data Subject’s affirmative express consent (i.e., opt in) prior to such use or disclosure. 

To opt out of such uses or disclosures of Personal Data or Sensitive Personal Data, Data Subjects may contact RadMD by or e-mailing: data.privacy@Rad-MD.net. 

4.3 Accountability for onward transfer 

Transfers of personal information to a third party acting as a controller are covered by the provisions of this Policy regarding Notice and Choice principles listed above.  RADMD holds contracts with third-party data controllers that provide that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as outlined in the principles and will notify RADMD if it makes a determination that it can no longer meet this obligation.  The contract shall provide that when such a determination is made the third-party controller ceases processing or takes other reasonable and appropriate steps to remediate. 

When transferring personal information to a third party acting as an Agent, RADMD: (i) transfers such data only for limited and specified purposes; (ii) has ascertained that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) takes reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the RADMD’s obligations under the principles; (iv) requires the agent to notify RADMD if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the principles; (v) upon notice, including under (iv), RADMD will take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) will provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request. 

We remain responsible for all the personal information we receive under the DPF and that we subsequently transfer to third parties acting as agents on our behalf if they process personal information in a manner inconsistent with the DPF principles. 

4.4 Security 

RADMD takes reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. 

4.5 Data integrity and purpose limitation 

RadMD limits the collection of Personal Data to information that is relevant for the purposes of processing. RadMD does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject. 

RadMD takes reasonable and appropriate measures to comply with the requirement under the DPF to retain Personal Data in identifiable form only for as long as it serves a purpose of processing.  Personal Data will only be retained in accordance with our business purposes and our obligations to comply with legal requirements and professional standards, unless a longer retention period is otherwise required by law and its retention adheres to the DPF Principles. 

4.6 Access and correction 

Upon request, RADMD will grant individuals reasonable access to the personal information it holds about them. In addition, RADMD will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or has been processed in violation of the principles.  

Please contact: 

RadMD Data Protection Officer: data.privacy@Rad-MD.net 

4.7 Verification 

RADMD will use a self-assessment verification approach and conduct compliance audits of its applicable privacy practices to verify adherence to this policy. RADMD’s employees receive ongoing privacy awareness training on RADMD’s privacy principles and practices. 

4.8 Recourse, enforcement and liability 

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, RadMD commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. 

The Federal Trade Commission has jurisdiction over RadMD’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.  In compliance with the DPF Principles, RadMD commits to resolve DPF Principles-related complaints about our collection or use of Personal Data. Data Subjects with inquiries or complaints regarding our handling of Personal Data received in reliance on the DPF should first contact RadMD by e-mailing the RadMD Data Protection Officer: data.privacy@Rad-MD.net. 

Where a DPF complaint cannot be resolved through the above channels, under certain conditions, individuals may be able to invoke binding arbitration for some residual claims not resolved by other redress mechanisms. (See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf for further information.) 

RadMD agrees to periodically review and verify its compliance with the DPF Principles, and to remedy any issues arising out of failure to comply with the DPF Principles. RadMD acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of DPF participants. 

Any employee that RADMD determines is in violation of this policy will be subject to disciplinary action. 

4.9 Limitation on scope of principles 

Adherence by RADMD to this policy may be limited to the extent required to meet legal, governmental, or national security obligations, including requirements to cooperate with law enforcement. 

5. Changes to this policy 

This policy may be amended from time to time, consistent with the requirements of applicable laws and regulations. The revisions will take effect on the date of publication of the amended policy, as stated.  

6. Contact information 

Questions, complaints or comments related to this policy, data processing or data collection should be submitted to the RADMD Data Protection Officer: data.privacy@Rad-MD.net 

Changes in corporate structure

If all or part of the company is sold, merged or otherwise transferred to another entity, the information that you have provided at this site may be transferred as part of that transaction. However, RadMD will take reasonable steps to assure that such information is used in a manner consistent with the RadMD privacy policy under which it was collected.