While we are based in the United States, our Services may be accessed by residents of the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”). The following European Privacy Notice applies to our processing of personal data of residents of the EEA, Switzerland, and the UK (“you”).
Elevar is the controller of the personal data we hold about you in connection with your use of the Services. This means we determine and are responsible for how your personal data is used.
We will generally use and process your information on the basis of your explicit consent, our legitimate interests or legal obligations, and for scientific research purposes or for reasons in the public interest in conducting clinical trials and performing valuable scientific and medical research pursuant to Articles 6 and 9 of the General Data Protection Regulation (“GDPR”) and/or the UK GDPR.
We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.
The criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process the personal data:
In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of your personal data.
Your personal data may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including the United States. In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this European Privacy Notice.
You have the right to make the following requests with respect to the personal data that we hold:
We may not be able to fulfill requests in all instances, and where we are unable to fulfill a request, we will provide an explanation as to why. In any case, we will respond to your request in accordance with the requirements of applicable law.
Where we rely on your consent for processing of your personal data, you also have the right to withdraw your consent to such processing, subject to certain limitations at law. Where applicable, you may withdraw your consent by contacting us at email@example.com.
Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
All communications, inquiries or requests surrounding your information rights or complaints under European Union General Data Protection Regulation (European commission Regulation 2016/679 or “GDPR”) can be addressed to the attention of our privacy team at firstname.lastname@example.org or by postal mail to:
VeraSafe Internal Legal Department
100 M Street S.E., Suite 600
Washington, D.C. 20003
We may need to verify your identity before processing your request, which may require us to obtain additional personal data from you. In certain circumstances, we may decline a request to exercise the rights described above.
You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner’s Office and the Swiss Federal Data Protection and Information Commissioner.