MERIT CRO, Inc. (“MERIT,” “we,” “us” or “our”) owns, operates and provides the web site located at meritcro.com (the “Site”). This Privacy Policy applies to the information that MERIT CRO, Inc and its subsidiaries (EKCW, Inc) collect through the Site.
For purposes of this Privacy Statement, “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Please note this Privacy Statement also does not apply to Personal Data processed when you access third party sites through our Site. We have no control over these external sites or their content and are not responsible for any actions that they may take or any information they may collect. You may arrive at such sites through clicking on an image or graphic, as part of a co-branding arrangement, or simply by selecting a link on another website. You should be aware that this Privacy Statement does not apply to your use of these sites and services. If you provide any information to such sites or services, different rules regarding the collection and use of your information and other information may apply. Before using these linked sites or services, you may wish to review their privacy policies to understand how they treat privacy, security, data collection, disclosure, distribution, and use. MERIT accepts no liability for third party websites.
You provide information when you post or transmit content (including any text, graphic, audio, video, or other content) to us, participate in trade shows or other events, respond or subscribe to surveys, newsletters or mailing lists, or otherwise use or access the Site. The information you provide or that we may collect may include your name, address, phone number, email address, company name, job title, IP address, content of messages transmitted to us via the Site, and other information that personally identifies you or can otherwise be linked to you. If required by applicable law, we will seek your explicit consent to process such information we collect.
When you access or use the Site, we may send one or more cookies – small files – to your computer or other device. We may be able to uniquely identify your browser with such cookies. We may use “session cookies” and/or “persistent cookies.” Session cookies provide information to us while your browser is open. Persistent cookies provide information to us after you close your browser and later re-open it. If you disable cookies in your browser, some features of the Site may not function. For more information regarding our use of cookies and similar technologies, see our Cookie Policy.
We may also record certain information that your device sends or makes available whenever you use or access the Site. Such information may include your location, your device type and its specifications, your referring page or service and URL, IP address, browser type and language, operating system specifications, pages viewed, the time you spend on each page, the order in which you view pages, the date and time of your use or access, the exit page or service and URL, application crashes, and similar information.
We may also use technology, such as web beacons and clear gifs, to track your use of and access to the Site. We may also use this technology in emails we send to you to track whether you opened the email.
We use collected information, and share collected information with categories of recipients, including affiliates, other businesses, suppliers, vendors, licensors, and agents, to operate, maintain and provide the features and functionality of the Site, and to engage in our marketing efforts, including to:
We may also disclose collected information if we believe disclosure is required to comply with applicable law, or to protect us or the Site.
In the event that we are involved in a merger, acquisition, sale, bankruptcy, insolvency, reorganization, receivership, assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, or a change of control, there may be a disclosure of your Personal Data to another entity related to such event.
We may share your information in response to lawful requests by public authorities, including to meet national security or other lawful enforcement requirements.
We take the protection of your Personal Data seriously. We protect such information against loss and theft, as well as unauthorized access, disclosure, copying, use, and modification using security safeguards, including physical, organizational, and technological measures, commensurate with the sensitivity of such information. Employees who have access to your information are made aware of the importance of keeping it confidential.
Where we use service providers or otherwise disclose your Personal Data to unaffiliated third parties in accordance with this Privacy Statement, we require them to have privacy and security standards that are comparable to ours. We use contracts and other measures with such persons to maintain the confidentiality and security of your Personal Data and to prevent it from being used for any other purpose.
We will limit access to Personal Data to authorized persons having a justified need to access such information and limit retention periods to retain such Personal Data for no longer than necessary.
Please be aware that no data security measures can guarantee 100% security. You should also take steps to protect against unauthorized access to information.
You have the right to exercise certain controls and choices regarding our collection, use and sharing of your information. Your controls and choices include the following:
You may also decline to submit Personal Data to us, in which case we may not be able to provide certain services to you.
Subject to certain exceptions and limitations, by law you may have a right to:
To exercise any of these rights, please contact our Data Protection Officer by emailing privacy@meritcro.com. We will respond to your request in as timely a manner as possible. Where it is not possible to respond within thirty (30) days, we will notify you and include in such notification the reason(s) for the delay. We reserve the right to take reasonable steps to verify your identity when responding to such requests.
The Site is not intended for children under 13 years of age. Absent parental consent, no one under age 13 may provide information to the Site. We do not knowingly collect Personal Data from children under age 13 and do not monitor information provided to the Site. If you are under age 13, do not use or provide any information on the Site or provide us with your name, address, telephone number, email address, any screen name or username you may use, or any other information about yourself. If we learn we have collected or received Personal Data from or about a child under age 13 without verification of parental consent, we will delete that information. If you believe we might have information from or about a child under age 13 without parental consent, please contact us at privacy@meritcro.com
Residents of the State of California, under the California Civil Code, have the right to request from certain companies conducting business in California a list of all third parties to which the company has disclosed personal information during the preceding year for direct marketing purposes and a disclosure of the shared information. To make such a request, please contact us at privacy@meritcro.com. Please note, that as of the date this Privacy Statement was last modified, we are not a “business” under the California Consumer Privacy Act or the California Privacy Rights Act with respect to the information within the scope of this Privacy Statement.
Please note that some web browsers and devices permit you to broadcast a preference to websites and online services that they “do not track” your online activities. At this time, we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received.
Personal Data collected by MERIT may be stored or processed in the United States or in any other country where we or our affiliates, subsidiaries, or third party service providers maintain facilities. Data subjects who provide Personal Data to us consent to the processing and transfer of that data to the United States and around the world.
Please note if you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), we may also execute agreements with third parties for the transfer of Personal Data outside of the EEA or UK using European Commission-approved Standard Contract Clauses or other transfer mechanisms pursuant to applicable law.
MERIT complies with the EU-U.S. Data Privacy Framework (“DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF (collectively, the “DPF Principles”), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (“EU”), the UK, and Switzerland to the United States. MERIT has certified to the Department of Commerce that it adheres to the DPF Principles with respect to such information. If there is any conflict between the terms in this Privacy Statement and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF and to view our certification, please visit https://www.dataprivacyframework.gov/s/.
In compliance with the DPF Principles, MERIT commits to resolve complaints about our collection or use of your personal information. EU, UK (and/or, as applicable, Gibraltar), or Swiss individuals with inquiries or complaints regarding our DPF policy should first contact MERIT at privacy@meritcro.com.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, MERIT commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you. You may also be able to invoke binding arbitration for unresolved complaints, but prior to initiating such arbitration, a resident of a European country participating in the DPF must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS Mediation, Arbitration and ADR Services; and (3) contact the U.S. Department of Commerce (either directly or through an EU DPA) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the DPF, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the DPF Principles with respect to the resident.
MERIT is responsible for the processing of Personal Data that it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. MERIT complies with the DPF for all onward transfers of Personal Data from the EU, UK (and/or, as applicable, Gibraltar), and Switzerland, including the onward transfer liability provisions. With respect to Personal Data received or transferred pursuant to the DPF, MERIT is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
If a third party providing services on MERIT’s behalf processes Personal Data from the EU, UK (and/or, as applicable, Gibraltar), or Switzerland in a manner inconsistent with the DPF Principles, MERIT will be liable unless we can prove that we are not responsible for the event giving rise to the damages.
In relation to third parties other than third party service providers, MERIT will enter into a contract with such third parties that provides that Personal Data may only be processed for limited and specified purposes, that the third party will comply with these DPF Principles or equivalent obligations, and that the third party will notify MERIT if it can no longer meet these obligations. This shall be MERIT’s entire liability with respect to the processing of Personal Data by such third parties.
The Site is hosted in the United States. If you are accessing the Site from outside the United States or any other region with laws or regulations governing Personal Data collection, use, and disclosure that differ from the United States laws, please be advised that through your continued use of or access to the Site, which is governed by U.S. law, you are transferring personal information to the United States and you consent to that transfer. We also store the information we obtain about you at trade shows and other events in the United States.
If you are located in the EEA or UK, you have the additional rights described below.
Regulation specifies certain lawful bases for which we are allowed to use your Personal Data. We will rely on one or more of the following legal bases for processing your Personal Data:
We reserve the right at our discretion to change this Privacy Statement at any time. We will post the most current version of this Privacy Statement to the privacy policy pages on the Site.
If we make a material change to this Privacy Statement, we will notify you by posting a notice on the Site for a reasonable period of time after such changes are made and by changing the last modified date listed in the heading of this Privacy Statement.
Changes will take effect as described in the notice. If you use or access the Site after the change takes effect, you accept the Privacy Statement as modified.
You can contact us via email at privacy@meritcro.com or by United States mail at the following address:
MERIT CRO
Attention: Privacy
6527 Normandy Lane, Suite 100
Madison, WI 53719
Please include your name, address, and any other information necessary to respond to you.