Privacy Policy
Privacy Statement Summary
This Privacy Policy (“Policy”) explains how your information is collected, used, and disclosed by ZoomRx Inc. (“We” or “Us" or “Our”). This policy applies where we are acting as a Data Controller with respect to the personal data of the doctors, healthcare professionals, and other participants involved in our market research activities. This also applies to data relating to individuals who visit our website and use other services; in other words, where we determine the purposes and means of the processing of that personal data.
At ZoomRx, we take all reasonable measures to ensure that the privacy of all visitors to the Ferma.AI website is protected. This privacy policy explains how ZoomRx collects, processes and uses data collected from the users. We will never sell, share, or use your personal information other than as described here.
By using our platform, you consent to this policy. Please do not use the platform if you do not agree to the terms laid out in this policy. Your continued usage of the platform following changes to this policy will be deemed your acceptance to those changes.
We are a full-service strategic healthcare consulting agency providing primary market research across all stages of the drug lifecycle.
We are market leaders in Promotional Effectiveness Tracking; ATU and Brand Equity Tracking; and Chart Audits with integrated Health Care Professionals [HCPs]-Patient recorded dialogue. We also provide advanced market demand and opportunity assessment and communication testing. Our Customer Engagement Center of Excellence team offers advanced analysis, secondary data integration, and interactive real-time dashboards. Our Ferma.AI team offers an Artificial Intelligence tool for conference coverage and competitive intelligence.
We collect, store, and process data in order to provide our AI tooling services for conference coverage and competitive intelligence.
If you contact us using our Schedule a Demo form, by email, or by any other means, we will respond to your enquiry and may also send you information that we think you will be interested in.
By using our platform, you consent to this policy. We will not use or share your data with anyone except as described in this Privacy Policy.
As per our legal obligations, we may need to send details to relevant authorities or any other organisation that requires them by law.
Most of the personal information we process is provided directly by you. For example:
- If you sign up and create an account on our website
- If you send us direct messages through ZoomRx’s social media platforms (Facebook, Twitter, Linkedin, Instagram)
- Or based on the information collected by cookies and similar technologies when you visit our website
- We receive, collect and store any information you enter on our platform during onboarding or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet.
- We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.
If you contact us, we will use your data to send you the information that you have requested and updates, and other information that we think you will be interested in.
The data we collect is used by ZoomRx Inc. to provide our services to you. Unless required to do so by law, we will not otherwise share, sell, or distribute any of the information you provide to us without your consent.
We collect and store only a limited amount of data – we collect only the data we require to manage our relationship with you.
If you choose to use this platform, we will collect and store information such as:
- Any information you enter on our platform during onboarding or provide us in any other way.
- The Internet protocol (IP) address used to connect your computer to the Internet.
- We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.
- Any other information that you choose to share with us.
We will not share your data with any third parties other than as described here and as you would reasonably expect. We may need to share your information with regulators or legal bodies that request it.
Your data will be stored only for as long as strictly necessary to provide our services, to meet our obligations to you, and to meet our legal obligations. For more information, please contact us about our Data Retention Policy.
- We will never sell, share, or otherwise distribute your data to any other third party other than as described here.
- We will share your information with any regulator or legal body that requests it, as well as any parties relevant to the application process.
- We ensure access is restricted to only those persons authorised by us to access your data.
- Access to your data is strictly controlled. For more information, please contact us about our Information Security Policy.
Personally Identifiable Information will not be shared with any third parties, except that we may disclose your information if we believe we are required to do so by law, if we need to do so to protect someone's safety or our rights or property, or in order to comply with this policy or other policies that may be applicable.
Under Article 26 GDPR, ZoomRx Inc. (based in USA) and ZoomRx Healthcare Technology Solutions Private Ltd (based in India) are two controllers jointly determining the purposes and means of processing personal data.
Information will generally be stored in our secure databases, which are located in the United States. We use industry-standard security protocols/technology to secure your data.
Where data is transferred from the UK and/or EU to other countries we will take all appropriate precautions to protect your data including establishing DPA/SCC’s and completing risk assessments.
About This Privacy Policy
This policy sets out how we will use and share the information that you give us. By using our platform, you consent to this policy. Please do not use the platform if you do not agree to the terms laid out in this policy. Your continued usage of the platform following changes to this policy will be deemed your acceptance to those changes.
The General Data Protection Regulation (GDPR) describes how organisations must collect, handle, process, and store personal information. These rules apply regardless of whether data is stored electronically, on paper, or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. GDPR is underpinned by eight important principles. These say that personal data must:
- Be processed fairly and lawfully
- Be obtained only for specific, lawful purposes
- Be adequate, relevant, and not excessive
- Be accurate and kept up to date
- Not be held for any longer than is necessary
- Be processed in accordance with the rights of the data subjects
- Be protected in appropriate ways
- Not be transferred outside our borders, unless that country or territory also ensures an adequate level of protection
We take these responsibilities seriously; this document describes our approach to data protection. This policy helps to protect us from data security risks, including:
- Breaches of confidentiality. For instance, information being given out inappropriately.
- Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
- Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.
- Any other loss or damage caused as a result of our failure to meet our data protection obligations
- Any other risk associated with processing your data
Who We Are And How To Contact Us
ZoomRx Inc. is registered in the US and India. The Data Protection Lead is Kendall Anderson. You can contact us in any of the following ways:
Email: [email protected]
US Address: ZoomRx, 245 Main Street, Floor 2, Cambridge, Massachusetts 02142, USA
India Address: ZoomRx, No-73, 2nd Street, Karpagam Avenue, Raja Annamalaipuram, Chennai – 600 028, IN
Our UK Representative:
Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd.
Adam Brogden: [email protected]
Tel +44 1772 217800
1st Floor Front Suite, 27-29 North Street, Brighton, England, BN1 1EB
Who This Privacy Policy Applies To
Processing of your data is required in order to offer you our services. This policy relates to every data subject that chooses to share their personal data with us; data subjects where we collect, store, or process their data in order to provide our services; and all other data subjects whose data we process in order to operate and develop our company.
This policy applies to individuals who have shared their data with ZoomRx Inc. as a participant in any capacity.
It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the GDPR. This can include:
- Names of Individuals
- Contact details
- Email addresses
- Telephone/mobile numbers
- Any other information relating to individuals as required to provide our services and to run and develop our company
Our Lawful Basis
This section describes our lawful basis for processing:
We will only use your personal data for the purposes for which we collected it and as you would reasonably expect your data to be processed and only where there is a lawful basis for such processing, for example:
| Purpose/Activity | Type of data | Lawful basis for processing |
|---|---|---|
| To process and deliver the products and services you request |
|
|
| To manage our ongoing relationship with you which will include notifying you about changes to our terms, services or privacy policy, to maintain our records |
|
|
| To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
|
|
| To use data analytics to improve our website, services, marketing, customer relationships and experiences |
|
|
| To make suggestions and recommendations to you about services that may be of interest to you |
|
|
Personal data we receive will be used for the purposes it was provided, including but not limited to:
- To operate our consulting and market research services
- To respond to queries from you regarding our services
- To manage and administer the relationships between you and us
- To notify you about changes to our services and to otherwise communicate with you
- To obtain feedback from you regarding us and our services
- To operate, develop, protect our business
In accordance with your preferences, we may also use your personal information to provide you with information about services, promotions, and offers that may be of interest to you. This document explains how you can change whether to receive this information. Please note that, even if you choose not to receive this information, we may still use your personal information to provide you with important services and communications, including communications in relation to any purchases you make or services you use.
How To Change Your Preferences
We operate in line with GDPR data protection guidelines. We respect your rights and will respond to any request for access to personal information and requests to delete, rectify, transfer, data and to stop processing. We will also advise you on how to complain to the relevant authorities. Any requests or objections should be made in writing to the Data Controller, or you can visit our website or email us to contact us to change your preferences at any time.
Where you give your consent for us to process your data you can contact us to amend or withdraw your consent at any time. You can also choose to object to processing and request deletion of your data. We respect all user rights as defined in GDPR. If you have any comments or wish to complain, please contact us.
How We Store & Process Your Data
Your data will be collected, stored, and processed primarily in the US and India. Information will generally be stored in our databases, which are located in the United States. Where we transfer your data outside the UK, we will ensure we take appropriate precautions to protect this data. Your data will be stored only for as long as strictly necessary to ensure we have records of services and other interactions. For more information, please contact us about our Data Retention Policy.
We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground for processing. Information may be used in the following ways:
- We may use your data to notify you about our products or services or keep you updated on issues that we think are of interest to you, where permissible or if you have opted in to receiving such notifications.
- Provide Ferma.AI services, which includes updating, securing and troubleshooting, as well as providing support. We will not utilize this data in ways incompatible with the primary purpose why this data was collected and authorized.
- We will use your data to administer and optimize your experience on our website and send you information and materials you request.
- We may use your data to comply with applicable laws or regulations
We may be legally obliged to disclose your personal information without your knowledge to the extent that we are required to do so by law; in connection with any ongoing or prospective legal proceedings; in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Data Security & Integrity:
We implement commercially reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. We restrict access to data collected on the Ferma.AI platform to individuals who may need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. Any personal information submitted by you will be dealt with in accordance with our terms and conditions set forth herein.
To enhance the protection of information sent to or from our Website over the Internet, we implement the following security features:
- HTTPS - We require that a "secure session" be established through the use of Hypertext Transfer Protocol Secure (HTTPS), which is a combination of the Hypertext Transfer Protocol (HTTP) and the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protocol. This is done any time you supply or access information in one of our secure online areas. HTTPS creates a private conversation that only your computer and our systems can understand. HTTPS encodes information as it is being sent over the Internet between your computer and our systems helping to ensure that the transmitted information remains confidential.
You will only receive marketing communications from us if you have:
- Requested information from us
- Used our services previously
- Provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications
- Not opted out of receiving marketing
- Where we believe you will be interested in our services and we have a valid legitimate interest to process your information
Our Obligations
We are a Data Controller. In relation to the information that you provide to us, we are legally responsible for how that information is handled. We will comply with the GDPR in the way we use and share your personal data.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Withdraw consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
Third Parties
Personally Identifiable Information will not be shared with any third parties, except that we may disclose your information if we believe we are required to do so by law, if we need to do so to protect someone's safety or our rights or property, or in order to comply with this policy or other policies that may be applicable.
Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees who have a business need to know such data. They will only process your personal data per our instruction, and they are subject to a duty of confidentiality.
We will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours. If you have any queries or concerns about your data usage, please contact us.
Cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes, and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes, and then the data is removed from the system.
Overall, cookies help us provide you with a better website experience by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
As well as your ability to accept or reject cookies, we also require your permission to store cookies on your machine, which is why when you visit our site, you are presented with the ability to accept our terms of use, including the storage of cookies on your machine. Should you not accept, then you are free to leave our website, at any time.
OpenAI APIs - Terms & Conditions
- Limitations of Liability: ZoomRx is not liable for any damages or losses that may arise from the use of OpenAI APIs.
- Intellectual Property Rights: OpenAI APIs are the property of OpenAI and ZoomRx does not own any intellectual property rights in the APIs.
- API Usage: ZoomRx is using the OpenAI APIs under OpenAI's terms of service and agrees to comply with these terms.
- API Limitations: The OpenAI APIs are subject to limitations, such as usage limits or access restrictions, that may affect the performance of the application.
- API Changes: OpenAI may make changes to the APIs, including changes to functionality, terms of service, or pricing, and ZoomRx may need to make corresponding changes to the application.
API Data Collection: The OpenAI APIs may collect data from the application, such as user input or usage data; this data is subject to OpenAI's privacy policy.
API Data Sharing & Security: OpenAI implements commercially reasonable technical, administrative, and organizational measures to protect Personal Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.
Please see OpenAI’s Privacy Policy for more information: https://openai.com/policies/privacy-policy
For California, Virginia, Colorado, Utah, and Connecticut residents
Your Rights Under the California Consumer Protection Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, Utah Consumer Privacy Act, and Connecticut Data Privacy Act pursuant to the state regulations, and subject to certain exceptions and limitations, residents of the above states can contact ZoomRx to exercise the rights described below with respect to certain personal information that ZoomRx holds about them. To the extent those rights apply to you, they are described below. ZoomRx also handles certain personal information on behalf of ZoomRx customers. You should contact those customers to exercise any rights you may have with respect to that personal information.
Right to Know About Personal Information Collected, Used, or Disclosed
You have the right to request that we provide you with details about the personal information we collect, use, and disclose. ZoomRx reserves the right to verify your identity to our satisfaction, including by asking you to log into your account if you have one.
You are entitled to receive the following:
- The categories of your personal information that ZoomRx has collected in the preceding 12 months
- The categories of sources from which that information was collected
- The business/commercial purpose for the collection
- The categories of third parties with whom ZoomRx shares personal information
- The specific pieces of personal information ZoomRx has collected about you (subject to some exceptions)
Because ZoomRx has disclosed personal information to third parties in the last 12 months, you are also entitled to receive:
- The categories of personal information that ZoomRx has disclosed in the past 12 months
Right to Request Deletion of Personal Information
You have the right to request deletion of the personal information we have collected about you (subject to some exceptions). You can submit your request as described above, and we reserve the right to conduct the verification described above.
Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You have the right not to receive unlawful discriminatory treatment by ZoomRx for the exercise of your privacy rights.
Right to Opt-Out of Collection, Use, and Disclosure of Personal Information
You have the right to opt-out of the collection, use, and disclosure of your personal information by ZoomRx. You may request to opt-out by sending an email to [email protected].
List of Categories of Personal Information to be Collected and May Have Been Disclosed
Categories of Personal Information Collected
ZoomRx collects personal information from research participants during and after registration with a panel, including, without limitation, during participation in a survey and in connection with the receipt and redemption of rewards and incentives and/or during the Application/Services registration and download process.
The categories of personal information we may collect include:
“Identifiers” such as:
- Name
- Address(es)
- Telephone number(s) (including home, cell, and/or business telephone numbers)
- Email address(es)
- Internet Protocol address
- Unique device identification number (such as identifiers for analytics or advertising)
- Network provider user ID (a number uniquely allocated to you by your network provider)
- Media Access Control (MAC) address
- In the iOS app, we collect a unique identifier provided by Apple for devices. This is not static (i.e., a new identifier is generated when OS updates and/or the device is reset).
- In the Android app, we collect a non-resettable hardware serial number for older devices (i.e., Android Oreo version). We will stop collecting this in the near future as we will remove support for Oreo.
- Unique cookie identifiers
- Internet or other electronic network activity information, and other information collected through automated means such as:
- Information about your device (e.g., device operating system, the other applications on your device, device network provider, device type, time zone, network status, browser type, browser identifier and other information that alone or in combination may be used to uniquely identify your device)
- Geolocation
- Cookies and similar technology
- Social media information
- Log files
- Digital fingerprinting
- Watermarking
- Browsing activity
- Other behavioral information
- Professional or employment-related information, including occupation
- Education information
- Additional content/material you submit, including photos, videos and/or similar content
- Characteristics of potentially protected classifications under federal or international law (e.g., health and medical conditions, sexual orientation or sexual life, political opinions/views, race/ethnic origin, gender, religious and philosophical beliefs and trade-union membership)
- Other medical information
- Demographic information
All of the information above was collected for the purposes described. These purposes, which are described further in that section of our Privacy Policy, include but are not limited to the following examples:
- Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
- Debugging to identify and repair errors that impair existing intended functionality;
- Short-term, transient uses;
- Performing or using services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing or using advertising or marketing services, providing or using analytic services, or providing or using similar services;
- Undertaking internal research for technological development and demonstration;
- Undertaking activities to verify or maintain the quality or safety of services and devices, and to improve, upgrade, or enhance services and devices; and
- Facilitating the operational purposes of ZoomRx or our service providers.
Categories of Personal Information that Were Disclosed
ZoomRx disclosed all of the above categories of personal information in the last 12 months.
Contacting Us, Exercising Your Information Rights and Complaints
If you have any questions or comments about this Privacy Policy, wish to exercise your information rights in connection with the personal data you have shared with us, or wish to complain, please contact:
Name: Kendall Anderson
Email: [email protected] or ZoomRx’s Ferma.AI Team at [email protected]
US Address: ZoomRx, 245 Main Street, Floor 2, Cambridge, Massachusetts 02142, USA
India Address: ZoomRx, No-73, 2nd Street, Karpagam Avenue, Raja Annamalaipuram, Chennai – 600 028, IN
We will process data protection requests within 30 days. Subject Access Requests (SARs) are usually free, but we reserve the right to charge for excessive or unfounded requests. We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.
If you remain dissatisfied, then you have the right to apply directly to the relevant Supervisory Authority.
This Privacy Policy may be revised periodically and this will be reflected by the "effective date" below. Please revisit this page to stay aware of any changes. Your continued use of the website constitutes your agreement to this Privacy Policy and any amendments.
