Infonetica Products - Privacy Policy

Introduction

In providing its services to its customers, Infonetica Limited holds the personal data of registered Users of those products.

As such, Infonetica is a data processor for the purposes of the UK GDPR and the Data Protection Act 1998, and is subject to certain obligations with respect to he processing of that personal data. This privacy policy sets out the basis on which Infonetica holds personal data in relation to the provision of any of its software, products and/or services (“Products”). Each of our customers (“Customer”) is the data controller of their Users’ personal data.  

Where we may provide any of our services directly to you, and we act as a data controller,please see our General Privacy Policy (https://www.infonetica.net/general-privacy-policy/).

Who we are and how you can contact us

We are Infonetica Limited, company number 04503405, registered address – The Lower Ground Floor Office, The Civic Centre, High Street, Esher, Surrey, KT10 9SD (“Infonetica”).

You can contact us in writing at the above address, by emailing enquiries@infonetica.net, or by phone on 0208334 6900.

Products

The following Products are owned and operated by Infonetica, and offered to its Customers.

<li> Research Flow

<li> Pre-Award

<li> Ethics RM

<li>  Contracts

<li> Data Management Plan

<li> Export Controls

<li> Due Diligence

<li>  ReDA

<li> Post Award

<li> Open Flow

When a Customer contracts with us to use any of our Products, accounts are created for individuals within or affiliated to that Customer (“Users”).  

Registered Users

When an individual account is created, the User is required to provide a small amount of personal data either:

(a)    directly into the Product’s access web page; or

(b)    to the systems administrator of the Customer, who will create the account and transmit the relevant personal data to Infonetica.  

The personal data held includes the User’s name, organisational identifier, department, email address, username, role and other information which the Customer may require so that it can fully make use of the Product and its capabilities.

Personal data held within a User’s account is available to the relevant Customer’s systems administrators via the Product interface. This information is used by the systems administrator to identify and contact the User and to generate usage information and statistics. System administrators are appointed by the Customer.

Users must:

(a)    Keep their account confidential and not permit any third party to use their account or account information;

(b)    Use their account only for the purpose for which it was issued by the Customer;

(c)    Accept the terms of this Privacy Policy.  

Systems Administrators

Each systems administrator is a User with additional privileges and access to the Product. Systems administrators are required to provide Infonetica with the following personal data:  

(a)   Name

(b)   E-mail address

(c)   Telephone numbers

Infonetica will hold this personal data within the relevant Product database and use it to contact system administrators in relation to the Products and accounts for which they are responsible.

Customers must also submit at least two of the following identifiers to appear on the Product access website for registered Users to see:

(a)    A contact name

(b)   A telephone number

(c)    An e-mail address or URL to enable registered Users to contact their Ethics RM administrator with Ethics RM-related enquiries.

Infonetica will retain the personal data of systems administrators whilst they remain as Users or systems administrators for the Customer, and will delete such personal data when the account is deleted or when requested to by the Customer.

Account Deletion

Infonetica will keep the personal data of registered Users whilst they remain registered Users. Such information is deleted when the account is deleted by the system administrator, or when requested to by our Customer, or when our contract with our Customer ends, whichever is earlier.

Following account deletion, the relevant Product may still hold statistical information about the account. However, this information is linked only to the username and/or a persistent ID. Such a link does not allow access to any personal data about the individual.

Third Party Access

We do not allow third parties to view, access or use any of your personal data, except for those companies we use to provide products or services which maintain or help improve our Products or internal business operations. These companies are considered sub-processors. They are all bound by a duty of confidence and required to comply with all applicable data protection laws. A list of our sub-processors (which may be updated from time to time) is here: https://www.infonetica.net/policies/subprocessors.

Business Transfer

If Infonetica or any of its Products are sold or integrated with another business, details within the Product of all registered Users would be passed on to the new owners of the business.

Cookies

A "cookie" is a text-only string of information that a web site transfers to the cookie file of the browser on a computer's hard disk so that the web site can record and read a small amount of information.

Our Products either use, or may in the future use, the following two types of cookie:

(a)   Session Cookies which remain in the cookie file of a computer system for a maximum of eight hours after they were initially created or are automatically removed if the browser session is terminated before the eight-hour period has elapsed. These cookies contain the User’s username and a token, and are used to facilitate the single sign on service for the relevant Product, enabling access to all of the Product resources which a User is entitled to access using their account.

(b)  Persistent Cookies which remain in the cookie file of the browser until they are deleted or if earlier, eighteen (18)months from their creation. At the time of writing this type of cookie is not used by any of our Products but we foresee situations where it may be required in the future.

 

Users can set their browser to warn them before accepting cookies and refuse the cookie when the browser alerts the User to its presence.

Refusal/Deletion of Cookies

A User may refuse cookies by adjusting the appropriate setting in their browser,but they will not be able to use all the facilities and capabilities of our Products. Users can easily delete any cookies that have been installed in the cookie folder of their browser. Users should consult the documentation for their choice of browser on how to manage cookies.

Access to your personal data

Users can view the personal data held about them by logging in to the Product with their username and password. Users are responsible for maintaining their own information, but this can also be updated and monitored by a systems administrator.

Scope of this privacy policy and updates

This privacy policy applies only to the processing of your personal data by Infonetica when you are using any of our Products. The processing of personal data by any Customer or their resource providers is governed by their own privacy policies.

Infonetica may update this privacy policy from time to time. Any changes shall be notified by posting on the Infonetica website or a location as chosen by the Customer. Regularly reviewing this information ensures the User is always aware of the personal data Infonetica has access to and how it is used.

Security of your personal data

Infonetica is required to take appropriate technical and organisational measures to secure personal data. We are ISO 27001 certified and have robust security procedures in place to protect your personal data. The servers containing personal data are located in secure data centre locations with physical access limited to authorised staff and all data transmissions to and from any of our Products are encrypted.

Furthermore, password information sent to any Product is hashed (a form of one-way encryption that produces a result from which it is computationally infeasible to deduce the original text) before it is stored in the Product database. The data is processed automatically by Infonetica's systems without any human intervention. Only in the event of a technical problem will any Infonetica staff become involved.

All Infonetica’s staff are instructed in the importance of data protection and privacy including compliance with the terms of this privacy policy. The personal data which Infonetica holds is never modified or disclosed to a third party other than as described in this policy. Infonetica continually monitors measures which seek to ensure the security and confidentiality of the information that Infonetica collects and its proper use.  

Queries or complaints

Users should contact the Customer in the first instance with any enquiries (since the Customer is the data controller for any User personal data).

Any questions or enquiries about this privacy policy should be addressed in the first instance to: Infonetica, The Lower Ground Floor Office, The Civic Centre,High Street, Esher, Surrey KT10 9SD, or by emailing enquiries@infonetica.net or by telephoning +44 (0) 208 334 6900.

Disclaimer

This document is designed as a brief on the underlying privacy principles for our Products. It is possible for our Customers to specify different criteria when implementing our Products, and therefore not everything within this document may be applicable.