Introduction and Scope
This document is a privacy notice to users and data subjects about the use and processing of their personal data. It is recommended that a thorough review of all privacy and other legal requirements is considered when drafting the formal privacy notice and publishing it for data subjects to review before the collection of their personal information.
Data Controller and Data Processor
PragmaClin’s business customers are the data controllers for most of the information that is entered into the PragmaClin web application, website, and supporting systems or that is shared periodically with PragmaClin employees to deliver services. This positions PragmaClin as the data processor for most information stored and processed by PragmaClin. There are some pieces of information that are collected directly by PragmaClin to facilitate security, logging, and application performance. These items include IP address and behaviour within the PragmaClin platform. For these pieces of information, PragmaClin acts as the data controller and processor. Additionally, PragmaClin employs a variety of technologies and partners that periodically act as sub-processors (detailed list below). If users have any questions or concerns about the processing and handling of their personal information, they may reach out to PragmaClin directly by email at firstname.lastname@example.org.
Types of Data Collected
Mode, Place, and Methods of Processing the Data
PragmaClin takes appropriate security measures to prevent unauthorized access, disclosure, modification, or data destruction. Data is processed using computers or tech-enabled tools, following organizational policies and procedures strictly related to the purposes indicated. In some cases, data may be accessible to PragmaClin employees involved with the PragmaClin website’s operation, the PragmaClin web application (platform), and supporting applications. Data may also be accessible to external parties appointed, if necessary, as data processors or sub-processors by PragmaClin. External parties may include third-party technical service providers, hosting providers, and IT companies.
Legal Basis of Processing
PragmaClin may process personal data relating to users if one of the following applies: Users have given their consent for one or more specific purposes. Provision of data is necessary for the performance of an agreement with the user. Processing is necessary for compliance with a legal obligation. Processing is necessary for the legitimate interests pursued by the controller or by a third party. In any case, PragmaClin will gladly help clarify the specific legal basis that applies to the processing, mainly whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract.
The data is processed at PragmaClin’s operating offices, hosting facilities, and, for some data, third-party sub-processors. The majority of data is stored and processed within Canada. In some cases, data may be stored within the US or EU via third-party sub-processors. Depending on the user’s location, data transfers may involve transferring the user’s data to a country other than their own. To find out more about the processing of such transferred data, users can consult the section containing details about the processing of personal data. Users are entitled to learn about cross-border data transfers. If any such transfer occurs, users can find out more by checking the relevant sections of this document or inquiring directly with PragmaClin.
Personal data is processed and stored for as long as required to fulfill the purpose for which it is collected. Therefore: Personal data collected for the performance of a contract between PragmaClin and a business customer is retained until such contract has been entirely performed or the business customer asks for the data to be deleted. Personal data collected for PragmaClin’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding PragmaClin’s legitimate interests within the relevant sections of this document or by contacting PragmaClin. PragmaClin may be allowed to retain personal information for a more extended period whenever the user has given consent to such processing, as long as such consent is not withdrawn. Furthermore, PragmaClin may be obliged to retain personal data for a more extended period whenever required to perform a legal obligation or upon order of an authority. Once the retention period expires, the user’s personal data will be securely deleted.