Privacy Statement

Privacy Statement

MERIT CRO, Inc. (“MERIT,” “we,” “us” or “our”) owns, operates and provides the web site located at meritcro.com (the “Site”). This Privacy Policy applies to the information that MERIT CRO, Inc and its subsidiaries (EKCW, Inc) collect through the Site.

PERSONAL DATA, DEFINED

For purposes of this Privacy Statement, “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Please note this Privacy Statement also does not apply to Personal Data processed when you access third party sites through our Site. We have no control over these external sites or their content and are not responsible for any actions that they may take or any information they may collect. You may arrive at such sites through clicking on an image or graphic, as part of a co-branding arrangement, or simply by selecting a link on another website. You should be aware that this Privacy Statement does not apply to your use of these sites and services. If you provide any information to such sites or services, different rules regarding the collection and use of your information and other information may apply. Before using these linked sites or services, you may wish to review their privacy policies to understand how they treat privacy, security, data collection, disclosure, distribution, and use. MERIT accepts no liability for third party websites.

 

WHAT INFORMATION DO WE COLLECT?

You provide information when you post or transmit content (including any text, graphic, audio, video, or other content) to us, participate in trade shows or other events, respond or subscribe to surveys, newsletters or mailing lists, or otherwise use or access the Site. The information you provide or that we may collect may include your name, address, phone number, email address, company name, job title, IP address, content of messages transmitted to us via the Site, and other information that personally identifies you or can otherwise be linked to you. If required by applicable law, we will seek your explicit consent to process such information we collect.

 

When you access or use the Site, we may send one or more cookies – small files – to your computer or other device. We may be able to uniquely identify your browser with such cookies. We may use “session cookies” and/or “persistent cookies.” Session cookies provide information to us while your browser is open. Persistent cookies provide information to us after you close your browser and later re-open it. If you disable cookies in your browser, some features of the Site may not function. For more information regarding our use of cookies and similar technologies, see our Cookie Policy.

 

We may also record certain information that your device sends or makes available whenever you use or access the Site. Such information may include your location, your device type and its specifications, your referring page or service and URL, IP address, browser type and language, operating system specifications, pages viewed, the time you spend on each page, the order in which you view pages, the date and time of your use or access, the exit page or service and URL, application crashes, and similar information.

 

We may also use technology, such as web beacons and clear gifs, to track your use of and access to the Site. We may also use this technology in emails we send to you to track whether you opened the email.

 

WHAT DO WE USE YOUR INFORMATION FOR AND WHO DO WE SHARE IT WITH?

We use collected information, and share collected information with categories of recipients, including affiliates, other businesses, suppliers, vendors, licensors, and agents, to operate, maintain and provide the features and functionality of the Site, and to engage in our marketing efforts, including to:

 

  • fulfill or meet the reason for which you provided the information;
  • provide you and our customers with support and respond to your and their inquiries, including to investigate and address concerns, and monitor and improve our responses;
  • personalize your Site experience, including customizing product and service offerings relevant to your interests;
  • alert customers and users to new features and functionality, or to products and services offered by us or by third parties;
  • help maintain the safety, security, and integrity of our Site, products and services, databases and other technology assets, and business;
  • transfer data to enhance user experience and provide the services available through the Site;
  • enforce this Privacy Statement;
  • conduct testing, research, analysis, and product development;
  • monitor the effectiveness of our marketing activity;
  • monitor aggregate use of and access to the Site, including potential use of third party analytics tools or services; and
  • for any other purpose, with your consent.

 

We may also disclose collected information if we believe disclosure is required to comply with applicable law, or to protect us or the Site.

 

In the event that we are involved in a merger, acquisition, sale, bankruptcy, insolvency, reorganization, receivership, assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, or a change of control, there may be a disclosure of your Personal Data to another entity related to such event.

 

We may share your information in response to lawful requests by public authorities, including to meet national security or other lawful enforcement requirements.

 

HOW DO WE PROTECT YOUR INFORMATION?

We take the protection of your Personal Data seriously. We protect such information against loss and theft, as well as unauthorized access, disclosure, copying, use, and modification using security safeguards, including physical, organizational, and technological measures, commensurate with the sensitivity of such information. Employees who have access to your information are made aware of the importance of keeping it confidential.

 

Where we use service providers or otherwise disclose your Personal Data to unaffiliated third parties in accordance with this Privacy Statement, we require them to have privacy and security standards that are comparable to ours. We use contracts and other measures with such persons to maintain the confidentiality and security of your Personal Data and to prevent it from being used for any other purpose.

 

We will limit access to Personal Data to authorized persons having a justified need to access such information and limit retention periods to retain such Personal Data for no longer than necessary.

 

Please be aware that no data security measures can guarantee 100% security. You should also take steps to protect against unauthorized access to information.

 

WHAT ARE YOUR RIGHTS AND CHOICES?

You have the right to exercise certain controls and choices regarding our collection, use and sharing of your information. Your controls and choices include the following:

 

  • you may access, correct, update, and delete your information as described below;
  • you may change your choices for newsletters, emails, and alerts as described in the applicable newsletter, email, or alert; and/or
  • you may obtain information from us regarding our policies and practices as they relate to the collection, use and disclosure of your information, including those with respect to the transfer and storage of your information outside of your jurisdiction of residence.

 

You may also decline to submit Personal Data to us, in which case we may not be able to provide certain services to you.

 

Subject to certain exceptions and limitations, by law you may have a right to:

 

  • request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you.
  • request correction of the Personal Data that we hold about you. This enables you to correct incomplete or inaccurate data that we hold about you.
  • request erasure of your Personal Data. This enables you to ask us to delete your Personal Data where there is no legal basis for us to continue processing it. This is sometimes referred to as the “right to be forgotten.”
  • request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data, such as during the period of time it might take us to respond to a claim by you that the data is inaccurate or that our legitimate interest in processing it is outweighed by yours.
  • request us to transfer Personal Data that you gave us to you in a commonly used electronic format. This is known as the “right to portability.”
  • object to the processing of your Personal Data.
  • request a list of all third parties to which we have disclosed your Personal Data.

 

To exercise any of these rights, please contact our Data Protection Officer by emailing privacy@meritcro.com.  We will respond to your request in as timely a manner as possible. Where it is not possible to respond within thirty (30) days, we will notify you and include in such notification the reason(s) for the delay. We reserve the right to take reasonable steps to verify your identity when responding to such requests.

 

CHILDREN UNDER THE AGE OF 13.

The Site is not intended for children under 13 years of age. Absent parental consent, no one under age 13 may provide information to the Site. We do not knowingly collect Personal Data from children under age 13 and do not monitor information provided to the Site. If you are under age 13, do not use or provide any information on the Site or provide us with your name, address, telephone number, email address, any screen name or username you may use, or any other information about yourself. If we learn we have collected or received Personal Data from or about a child under age 13 without verification of parental consent, we will delete that information. If you believe we might have information from or about a child under age 13 without parental consent, please contact us at privacy@meritcro.com

 

YOUR CALIFORNIA PRIVACY RIGHTS.

Residents of the State of California, under the California Civil Code, have the right to request from certain companies conducting business in California a list of all third parties to which the company has disclosed personal information during the preceding year for direct marketing purposes and a disclosure of the shared information. To make such a request, please contact us at privacy@meritcro.com. Please note, that as of the date this Privacy Statement was last modified, we are not a “business” under the California Consumer Privacy Act or the California Privacy Rights Act with respect to the information within the scope of this Privacy Statement.

 

Please note that some web browsers and devices permit you to broadcast a preference to websites and online services that they “do not track” your online activities. At this time, we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received.

 

TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY.

Personal Data collected by MERIT may be stored or processed in the United States or in any other country where we or our affiliates, subsidiaries, or third party service providers maintain facilities. Data subjects who provide Personal Data to us consent to the processing and transfer of that data to the United States and around the world.

 

Please note if you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), we may also execute agreements with third parties for the transfer of Personal Data outside of the EEA or UK using European Commission-approved Standard Contract Clauses or other transfer mechanisms pursuant to applicable law.

 

Eu-U.s. data privacy framework.

MERIT complies with the EU-U.S. Data Privacy Framework (“DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF (collectively, the “DPF Principles”), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (“EU”), the UK, and Switzerland to the United States. MERIT has certified to the Department of Commerce that it adheres to the DPF Principles with respect to such information. If there is any conflict between the terms in this Privacy Statement and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF and to view our certification, please visit https://www.dataprivacyframework.gov/s/.

 

In compliance with the DPF Principles, MERIT commits to resolve complaints about our collection or use of your personal information. EU, UK (and/or, as applicable, Gibraltar), or Swiss individuals with inquiries or complaints regarding our DPF policy should first contact MERIT at privacy@meritcro.com.

 

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, MERIT commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you. You may also be able to invoke binding arbitration for unresolved complaints, but prior to initiating such arbitration, a resident of a European country participating in the DPF must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS Mediation, Arbitration and ADR Services; and (3) contact the U.S. Department of Commerce (either directly or through an EU DPA) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the DPF, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the DPF Principles with respect to the resident.

 

MERIT is responsible for the processing of Personal Data that it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. MERIT complies with the DPF for all onward transfers of Personal Data from the EU, UK (and/or, as applicable, Gibraltar), and Switzerland, including the onward transfer liability provisions. With respect to Personal Data received or transferred pursuant to the DPF, MERIT is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

 

If a third party providing services on MERIT’s behalf processes Personal Data from the EU, UK (and/or, as applicable, Gibraltar), or Switzerland in a manner inconsistent with the DPF Principles, MERIT will be liable unless we can prove that we are not responsible for the event giving rise to the damages.

 

In relation to third parties other than third party service providers, MERIT will enter into a contract with such third parties that provides that Personal Data may only be processed for limited and specified purposes, that the third party will comply with these DPF Principles or equivalent obligations, and that the third party will notify MERIT if it can no longer meet these obligations. This shall be MERIT’s entire liability with respect to the processing of Personal Data by such third parties.

 

The Site is hosted in the United States. If you are accessing the Site from outside the United States or any other region with laws or regulations governing Personal Data collection, use, and disclosure that differ from the United States laws, please be advised that through your continued use of or access to the Site, which is governed by U.S. law, you are transferring personal information to the United States and you consent to that transfer. We also store the information we obtain about you at trade shows and other events in the United States.

 

Your European Privacy Rights.

If you are located in the EEA or UK, you have the additional rights described below.

 

  • You may request access to the Personal Data we maintain about you, update and correct inaccuracies in your Personal Data, restrict or object to the processing of your Personal Data, have the Personal Data anonymized or deleted, as appropriate, or exercise your right to data portability to easily transfer your Personal Data to another company. In addition, you also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where an incident took place.
  • You may withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.

 

Regulation specifies certain lawful bases for which we are allowed to use your Personal Data. We will rely on one or more of the following legal bases for processing your Personal Data:

 

  • where you have given consent to the processing of the Personal Data;
  • where it is necessary for compliance with a legal obligation to which we are subject; and/or
  • where it is necessary for the purposes of the legitimate interests pursued by us or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data. We have a legitimate interest in using your information for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of our Site.

 

CHANGES TO THIS PRIVACY STATEMENT.

We reserve the right at our discretion to change this Privacy Statement at any time. We will post the most current version of this Privacy Statement to the privacy policy pages on the Site.

 

If we make a material change to this Privacy Statement, we will notify you by posting a notice on the Site for a reasonable period of time after such changes are made and by changing the last modified date listed in the heading of this Privacy Statement.

 

Changes will take effect as described in the notice. If you use or access the Site after the change takes effect, you accept the Privacy Statement as modified.

 

CONTACTING US.

You can contact us via email at privacy@meritcro.com or by United States mail at the following address:

 

MERIT CRO

Attention: Privacy
6527 Normandy Lane, Suite 100
Madison, WI 53719

 

Please include your name, address, and any other information necessary to respond to you.