EU-US Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework, and Swiss Data Privacy Framework

Caidya does not rely on the Data Privacy Framework but continues to keep the commitments below for Data Privacy Framework certification:

Caidya (herein as Clinipace, Inc. D/B/A/ Caidya and its US affiliate DmedScience, LLC) complies with the EU-U.S. Data Privacy Framework, the UK extension to the EU-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, and the United Kingdom, and Switzerland to the United States. Caidya has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in Caidya’s privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.

In compliance with the Data Privacy Framework Principles, Caidya commits to resolve complaints about our collection or use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Caidya at: DPO@Caidya.com. Caidya has further committed to refer unresolved Data Privacy Framework complaints to the International Center for Dispute Resolution American Arbitration Association (“ICDR AAA”), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR AAA are provided at no cost to you. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Caidya commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.If Caidya fails to resolve your complaint, you may pursue binding arbitration through the Data Privacy Framework Panel. To learn more about the Data Privacy Framework Panel, visit here.

Caidya sometimes provides personal information to third parties as explained here. If we transfer personal information received under the Data Privacy Framework to a third party, the third party’s access, use, and disclosure of the personal information must also be in compliance with our Data Privacy Framework obligations, and we will remain liable under the Data Privacy Framework for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.

You can learn more about the Data Privacy Framework Principles and review our Data Privacy Framework registration here. Caidya is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose personal information that we handle under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.