<!DOCTYPE html>
<html>
<head>
<title>Ethics Review Manager Privacy Policy</title>
</head>
<body>
<h1>Ethics Review Manager Privacy Policy</h1>
<h2>Introduction</h2>
<p>Infonetica Ltd ("Infonetica") provides the Ethics Review Manager service (also referred to as Ethics RM and/or ERM) to its customers. In doing so, we hold the personal information of registered Ethics RM users.</p>
<p>Infonetica acts as a <strong>data processor</strong> under the UK GDPR and the Data Protection Act 1998 ("the Act"). We have specific obligations regarding the processing of personal information. This privacy policy outlines how Infonetica handles personal data related to the provision of the Ethics RM service. <strong>Please note that our Customer is the data controller.</strong></p>
<p>For services where Infonetica acts as a data controller, please refer to our General Privacy Policy (<a href="http://infonetica.net/general-privacy-policy/">http://infonetica.net/general-privacy-policy/</a>).</p>
<h2>Who we are and how you can contact us</h2>
<p>We are Infonetica Ltd (company number 04503405), with a registered address at: The Lower Ground Floor Office, The Civic Centre, High Street, Esher, Surrey, KT10 9SD.</p>
<p>You can contact us:</p>
<ul>
<li><strong>In writing:</strong> At the address above.</li>
<li><strong>By email:</strong> <a href="mailto:enquiries@www.infonetica.net">enquiries@www.infonetica.net</a></li>
<li><strong>By phone:</strong> 0208 334 6900</li>
</ul>
<h2>Ethics RM</h2>
<p>Ethics Review Manager (also known as Ethics RM and/or ERM) is a software application that is owned and operated by Infonetica. Organisations wishing to use the Ethics RM service ("Customers") are required to register with Infonetica. Once registered, Ethics RM accounts are created for individuals within or affiliated with the Customer.</p>
<h2>Registered Users</h2>
<p>When an Ethics RM account is created, the registered user is required to provide a small amount of personal data either:</p>
<ul>
<li><strong>Directly:</strong> Via the Customer's Ethics RM access webpage (provided by Infonetica).</li>
<li><strong>To the Customer's systems administrator:</strong> Who will create the Ethics RM account and transmit the relevant personal information to Infonetica.</li>
</ul>
<p>This personal data is held by Infonetica in a database on servers located at Infonetica's principal place of business and at least one other location within the United Kingdom. The personal data held includes name, organisational identifier, department, email address, username, role and other information which Infonetica requires to provide the Ethics RM service. No data that is not necessary to provide the Ethics RM service is stored in the database.</p>
<p>Personal information about an account is available to the relevant Ethics RM system administrators via the Ethics RM Administration Interface. This information is used by the administrator to:</p>
<ul>
<li>Identify and contact the individual.</li>
<li>Generate statistics about the usage of Ethics RM accounts.</li>
</ul>
<p>Ethics RM system administrators are appointed by Infonetica and the Customer through a joint approval process. They are subject to terms and conditions that include adhering to appropriate privacy legislation. These terms are outlined in a separate contract but are summarized below:</p>
<h3>Administrator Responsibilities:</h3>
<ul>
<li>Ensure that access to a resource is only given to authorized individuals under the terms of the resource license.</li>
<li>Terminate Ethics RM access promptly when appropriate.</li>
<li>Keep Ethics RM usernames, passwords, and other personal information confidential.</li>
<li>Ensure that information concerning Ethics RM account holders is accurate.</li>
<li>Investigate cases of suspected abuse or inappropriate content.</li>
</ul>
<h3>Individual User Responsibilities:</h3>
<ul>
<li>Keep their account confidential and do not permit any third-party access.</li>
<li>Use their account only for the purpose for which it was issued by the Customer.</li>
<li>Accept the terms of this Ethics RM Privacy Policy.</li>
</ul>
<p><em>These lists highlight the core obligations related to personal privacy but do not represent the entirety of Administrator and User responsibilities.</em></p>
<h2>Ethics RM Administrators</h2>
<p>Each Ethics RM administrator is required to provide Infonetica with the following personal data:</p>
<ul>
<li>Name</li>
<li>Email address</li>
<li>Telephone numbers (working and non-working hours, where requested by the Customer).</li>
</ul>
<p>Infonetica will hold this personal information on the Ethics RM database and use it to contact system administrators regarding the Ethics RM accounts for which they are responsible.</p>
<p>Customers must also input at least two of the following identifiers into the Ethics RM application:</p>
<ul>
<li>A contact name</li>
<li>A telephone number</li>
<li>An email address or URL </li>
</ul>
<p>This enables registered users to contact their Ethics RM administrator with Ethics RM-related inquiries. This information is visible to registered users on the Ethics RM website.</p>
<h2>Data Retention</h2>
<p>Infonetica will retain the personal data of system administrators for as long as they remain the nominated Ethics RM administrator for the Customer. Data will be deleted upon account deletion.</p>
<p>We will keep the personal data of registered users while they remain registered. This information is deleted when:</p>
<ul>
<li>The account is deleted by the system administrator.</li>
<li>6 years after the contract with our Customer has ended (whichever is later).</li>
</ul>
<p>Following account deletion, Ethics RM will still hold statistical information about the account. However, this information is linked only to the username and/or a persistent ID. This link does not allow access to any personal information about the individual.</p>
<h2>Business Transfer</h2>
<p>If Infonetica or the Ethics RM service is sold or integrated with another business, details of all registered users within Ethics RM would be passed on to the new owners of the business.</p>
<h2>Cookies</h2>
<p>A "cookie" is a small text file that a website transfers to your browser on your computer's hard drive. Cookies enable the website to recognize your browser and remember certain information.</p>
<p>The Ethics RM application uses or may use the following two types of cookies:</p>
<ul>
<li><strong>Session Cookies:</strong> These remain in your browser's cookie file for a maximum of eight hours after creation or until you close your browser. They contain the Ethics RM username and an Ethics RM token, facilitating the Ethics RM single sign-on service. This allows access to all Ethics RM registered resources to which a user is entitled.</li>
<li><strong>Persistent Cookies:</strong> These remain in your browser's cookie file until deleted or for eighteen (18) months from their creation. <strong>At the time of writing, this type of cookie is not used by Ethics RM, but Infonetica foresees situations where it may be required in the future.</strong></li>
</ul>
<p>You can set your browser to warn you before accepting cookies and refuse them when alerted.</p>
<h2>Refusal/Deletion of Cookies</h2>
<p>You can refuse cookies by adjusting your browser settings; however, this may limit your ability to use all of the Ethics RM features. You can easily delete any cookies that have been installed. Please consult your browser's documentation for instructions on managing cookies.</p>
<h2>Access to your personal information</h2>
<p>Registered users can view their personal information held by logging into Ethics RM with their username and password. Users are responsible for maintaining their information; however, administrators can also update and monitor it.</p>
<h2>Scope of this privacy policy and updates</h2>
<p>This privacy policy applies only to the use of your personal information by Infonetica in connection with the Ethics RM service. The use of personal information by the Customer or any resource provider is governed by their own privacy policies. <strong>Infonetica are unable to accept responsibility for the use of any of personal data or information by the Customer or any resource provider.</strong></p>
<p>Infonetica may update this privacy policy from time to time. Any changes shall be notified by posting on the Infonetica website or a location as chosen by the Customer. Regularly reviewing this information ensures the user is always aware of the personal data Infonetica has access to and how it is used.</p>
<h2>Security of your personal information</h2>
<p>Infonetica is required to take appropriate technical and organisational measures to secure personal data. In order to comply with this requirement, the servers containing personal data are located in secure data centre locations with physical access limited to authorised staff. All data transmissions to and from the Ethics RM database are encrypted.</p>
<p>Furthermore, password information sent to Ethics RM is hashed (a form of one-way encryption that produces a result from which it is computationally infeasible to deduce the original text) before it is stored in the Ethics RM database. The data is processed automatically by Infonetica’s systems without any human intervention. Only in the event of a technical problem will any Infonetica staff become involved.</p>
<p>All Infonetica’s staff are instructed in the importance of and adherence to the principles and requirements of the Act, and Infonetica itself endeavours to ensure they comply with the terms of this privacy policy. The personal data which Infonetica holds is never modified or disclosed to a third party other than as described in this policy. Infonetica continually monitors measures which seek to ensure the security and confidentiality of the information that Infonetica collects and its proper use.</p>
<h2>Queries or complaints</h2>
<p>Users should contact the Customer in the first instance with any enquiries (since the Customer is the data controller for the purposes of the Act).</p>
<p>Any questions or enquiries about this privacy policy or Infonetica's compliance with the Act should be addressed in the first instance to: Infonetica, The Lower Ground Floor Office, The Civic Centre, High Street, Esher, Surrey KT10 9SD, or by emailing <a href="mailto:enquiries@www.infonetica.net">enquiries@www.infonetica.net</a> or by telephoning +44 (0) 208 334 6900.</p>
<h2>Disclaimer</h2>
<p>This document is designed as a brief on the underlying principles of privacy for the Ethics RM System. It is possible for our Customers to specify different criteria, and therefore not everything within this document may be applicable.</p>
</body>
</html>