Cerner Enviza, Privacy Notice
Last updated: 26 October 2021, Version 1.
This notice explains how we process your Please read this Privacy Notice carefully to understand our activities and practices regarding your personal data. When you visit our website or request services from us, we assume you agree with the terms presented in this notice.
As a global business, we are committed to your privacy, and our obligations under data protection laws. For the purpose of this Privacy Notice, “personal data” means any information which relates to an identifiable individual.
2. Processing of your Personal Data
Cerner Enviza processes your personal data in several different ways and for different purposes.
We collect personal data directly from you, when you voluntarily visit our website or engage with us through other channels, e.g., mobile apps, social media, event registration, email etc.,
The categories we collect directly from you are e.g., your contact details, scope of interest as well as any other details you provide to us. We will use your information to provide you with the requested services or information. The legal basis for this category of processing is your consent, which you can withdraw at any time with effect for the future. Please see how to contact us below.
We will further use this personal to stay in contact with you, e.g., we would like to keep you informed about our services, offerings and study invitations. If you no longer wish to be part of our direct marketing activities, you can opt-out any time by contacting us here.
Do Not Track
Do Not Track mechanisms are signals to websites or mobile applications that indicate the user does not want the website operator to track his or her visit across different websites. Tracking refers to collecting personally identifiable information about a user as he or she moves across websites; it does not refer to using or collecting information about a user within a single website. The Cerner Enviza website does not track your actions across websites and therefore does not respond to Do Not Track signals that may be incorporated into certain web browsers. The Cerner Enviza website does not allow third parties to collect personally identifiable information about your online activities as you navigate across different websites over time
If you choose to participate in a research study conducted by Cerner Enviza or by a third-party acting in cooperation with Cerner Enviza, we process personal data provided by you voluntarily in the context of the study and for the study purpose. The scope of our studies could e.g., be to understand your views about certain products and services or to understand your behaviour in different situations. The personal data we collect and process will depend on the selected study but could be, e.g. a unique identifier, contact details, email address, mobile number, voice, image, personal opinions, perceptions, behaviours, and demographic information, such as your age and household composition., your health status, such as condition you may suffer or diagnose and treatments. As the legal basis for this processing is your consent, you have the right to withdraw your consent with effect to the future.
Cerner Enviza may collect personal data that is classified as “special categories” of personal data. This includes racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. You can choose whether or not to provide this data to us.
In most cases, the legal basis for processing personal data in the context of Research Studies is your consent. However, may also conduct or contract third parties to conduct scientific research studies. Scientific studies may be conducted without your consent. Instead, the law allows for them to be conducted without your consent but within the strict boundaries of the applicable laws and the public interest. The data categories we process could e.g., be unique identifier, contact details, email address, health data, e.g., disease, health status, diagnose, treatment pattern, unmet needs, etc.
Cerner Enviza may ask a group of people who do they consider are the Influencer/Key Opinion Leaders (KOLs) in a given disease, therapeutic or expertise areas. We will then use publicly available resources (e.g., social media or publications) to validate the Influencers/KOLs’ personal details, could e.g., be name, contact details, email address, publications, professional affiliations, credentials, etc. to build a database for better understand prescribing and treatment patterns and influence in given disease, therapeutic or expertise areas, and share with industry sponsors who may use it for understand the sharing of knowledge between healthcare system and possible purposes of participation in educational programs, speaker opportunities, or clinical trials, etc.
In order to prevention of multiple entries in studies by the same individuals, or to assign the correct study to you (e.g., we may have a longitudinal study require regular participation over a period of time), we will assign you an ID or use your IP address, browser specification or unique identifiers such as Medical Education (ME) number or National Provider Identifier (NPI). If so, we will make this clear at the beginning of each of these studies. As the legal basis for this processing is your consent, you have the right to withdraw your consent with effect to the future. Such projects will contain a notice on the very first page of the survey, so that you can identify them and decide whether or not to take part
We need to process your data to fulfil several legal obligations. For example, we need to report Adverse Events during our studies to sponsors and/or to competent authorities (Pharmacovigilance); to share or disclose pursuant to judicial or other government subpoenas, warrants, orders or pursuant to similar and other legal or regulatory requirements (Public Disclosure); to protection of our business interests against fraudulent behaviour or behaviour not in line with our code of conduct (Fraud Prevention).
We will never misrepresent ourselves or what we are doing. If you receive an email that concerns you, purporting to be from us, please let us know as shown below in ‘How to Contact Us’.
3. Where We Process Your Personal Data
The personal data that we collect from you may be transferred to and processed by the Cerner group of companies established outside your territory. It may also be processed by staff operating outside your territory who work for us or for one of our suppliers. If your personal data is transferred to, stored at or otherwise processed outside your country or territory, and that country or territory has not been recognised by competent governmental bodies as providing an adequate level of data protection, we will put in place additional safeguards to protect your personal data, as required by applicable law.
Please contact us to get further information or a copy of respective safeguard documentation. documentation.
4. Confidentiality, Security and Industry Requirements:
We take appropriate technical and organisational measures to protect the personal information submitted to us, both during transmission and once we receive it. Our security procedures are consistent with generally accepted commercial standards used to protect personal information.
Cerner Enviza has security measures in place to protect the loss, misuse and alteration of the information under Cerner Enviza’s control. Cerner Enviza employs strict security measures to safeguard data processing. All personal information is stored in a secured database.
All our third-party contractors, site service providers and employees are contractually obliged to follow our policies and procedures regarding confidentiality, security and privacy.
We take all reasonable steps to keep personal information in our possession or control, which is used on an on-going basis, accurate, complete, current and relevant, based on the most recent information made available to us by you and/or by our client.
We rely on you to help us keep your personal information accurate, complete and current by answering our questions honestly and you are responsible for ensuring that the data controller (which may be us or - more often - our client) is notified of any changes to your personal data.
6. Children’s Data Collection:
This website does not address minors under the age of 16 and we do not encourage minors to engage wit our online offerings. Cerner Enviza recognizes the need to provide further privacy protections with respect to personal data collected from children and will provide such information in due course when required..
7. Rights of Individuals:
To request access to personal data that we process about you, you should submit your request in writing to the e-mail address or postal address shown below in “How to Contact Us”.
To request access or deletion of personal data that we process about you, you should submit your request in writing to the e-mail address or postal address shown below in “How to Contact Us”. If you contact us using an email address or contact details for which we do not hold a record of, we may request a copy of a valid government issued or official identification (such as drivers licence or passport).
Where Cerner Enviza is acting as controller You have the following rights in relation to your personal data:
- Right to change your mind and to withdraw your consent
- Right to access your personal data
- Right to rectify your personal data
- Right to erase your personal data from our systems, unless we have legitimate interest reasons for continuing to process the information
- Right to port your personal data (portability right)
- Right to restrict processing of your personal data
- Right to object to the processing of your personal data
- Right to opt out of the sale of your personal data if we sell your data.(See section 2)
- Right to not be discriminated against for exercising any of the rights available to you under applicable data protection laws
- If you wish to exercise any of these rights (for example you no longer wish to receive marketing from us), you can use the link or unsubscribe button provided in our email correspondence, or see our contact details below in the “How to contact us” section.
If necessary, we will also notify third parties to whom we have transferred your personal data of any changes that we make on your request. Note that while Cerner Enviza communicates to these third parties, Cerner Enviza is not responsible for the actions taken by these third parties to answer your request. You may be able to access your personal data held by these third parties and correct, amend or delete it where it is inaccurate.
8. Data Storage and Retention
Personal information will be retained only for such period as is appropriate for its intended and lawful use, unless otherwise required by law. . Personal information that is no longer required will be disposed of in ways that ensure their confidential nature is not compromised.
As part of the Company Business Continuity plan and as required by ISO 27001, ISO 9001, ISO 20252 and in certain instances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and the physical media destroyed to ensure the data is erased completely.
9. Updates to our Privacy Notice:
We keep our privacy notice under regular review and it may be amended from time to time. We will always have the most up-to-date notice on this web page. We will record when the policy was last revised.
Date created: 26 October 2021
Last updated: 26 October 2021
10. How to Contact Us:
You can reach out to us on our contact us page
You can send mail to the following postal address:
Cerner Corporation c/o Privacy Office
2800 Rock Creek Parkway
North Kansas City, Missouri 64117-2551
11. Complaints & Country Specific Disclosures:
If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state or jurisdiction of your habitual residence, your place of work or the place of the alleged infringement. To find the contact details of your country supervisory authority, please consult our dedicated page: [https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-are-data-protection-authorities-dpas-and-how-do-i-contact-them_en]
1Cerner Enviza stands for a group of companies in detail: Kantar Health LLC. (US), Diamond (KH) China AssetCo, Diamond (KH) Germany HoldCo GmbH, Diamond (KH) Israel Employerco Ltd., Diamond (KH) Singapore AssetCo Private Limited, Diamond (KH) Spain LocalCo, S.L., Diamond (KH) Taiwan HoldCo Limited, Diamond (KH) UK AssetCo Limited, Diamond Korea AssetCo Ltd, Kantar Health do Brasil Pesquisa e Consultoria em Saúde Ltda., Kantar Health S.r.l. (Italy) and Kantar Health SAS (France).