ActiGraph Privacy Policy
Your privacy is important to us, and we are committed to protecting it. We have established policies and procedures to ensure that your personal information is handled responsibly and in accordance with applicable data protection and privacy laws.
Privacy Policy
Terminology
“Data Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. The organization using Services to conduct the trial or study is the Data Controller.
“Data Processor” means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller. When providing Services ActiGraph is the Data Processor.
“Data Subject” means an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
"Personal Data" means any information relating to an identified or identifiable natural person.
“Services” means an ActiGraph product, service, or software.
“Subprocessor” means a third-party processing Personal Data on behalf of, and under the instruction of ActiGraph.
Types of Information and How We Collect It
ActiGraph collects your information when you communicate with us, visit our website, and when Services are used. Information is made available by web browsers such as the browser type, language preference, referring site, and the time of each visit, etc. We collect this non-personally identifying information in order to better understand how visitors use the web content we publish to improve their experience. We use cookies to help track use of the Services and their preferences. If you do not wish to have cookies placed on your computer, you should set your browser to refuse cookies, but be aware that certain features of our Services may not function properly without them.
In the process of supporting our Services, we may collect Personal Data associated with your account and communications, including your email address, name, and the names of any organizations to which you belong. ActiGraph collects Personal Data in the form of Internet Protocol (IP) addresses, the Uniform Resource Locator (URL) accessed, and the unique identification number associated with the account for the purpose of diagnostics and system protection. We do not use that information to identify you unless there is an indication of abuse of the Services.
For Services such as CentrePoint, we also collect Personal Data provided to us directly. ActiGraph provides Services that are used by organizations conducting research studies and clinical trials. The amount and type of information provided depends on the nature of the interaction.
Data Subjects and associated categories of Personal Data typically consist of the following:
- trial investigators: first and last name, site (location of trial), and investigator identification number
- trial participant: trial data, including but not limited to date of birth, gender, weight, biometric data relating to physical activity, mobility, sedentary behavior, and sleep, protocol information, adverse experiences related to the products, time zone and location (including IP address) of products worn by participants. ActiGraph does not collect or process the direct identity (names) of participants.
- client personnel: first and last name, business telephone number, business email address. business mailing address, IP address, job title, other business-related information
This Data Subject information is appropriately secured within CentrePoint and is utilized for analytical processing as instructed by the Data Controller (organization conducting the study). The Data Controller is responsible for obtaining the Data Subject’s consent and allowing Data Subjects to opt out.
Purpose: How We Use Information
- Allow you to register for our Services and to administer and process the registration
- To communicate with you about the Services and related issues
- To fulfill, as a Data Processor, contractual obligations and instructions of the Data Controller
- To maintain and administer our websites and comply with our legal or internal obligations and policies
- To transfer information to others as described in this policy or to satisfy our legal, regulatory, compliance, or auditing requirements
- To better understand how visitors use the web content we publish to improve their experience
Third Parties
ActiGraph does not provide information to third parties other than Subprocessors that meet or exceed ActiGraph’s data privacy requirements. ActiGraph only discloses Personal Data as instructed by the Data Controller or as required by applicable law. In some cases, we may use Subprocessors to assist us in providing or developing our platform or applications to our customers, such as to offer support to our customers and their authorized users and employees and to provide technical or operational support such as data hosting, transmission, and storage. Subprocessors may access, process, or store Personal Data in the course of providing their services to ActiGraph. ActiGraph maintains contracts with these Subprocessors restricting their access, use and disclosure of Personal Data in compliance with our customer and legal obligations. CentrePoint is implemented within the cloud infrastructure of Amazon Web Services (AWS) and Microsoft Azure, whose qualifications have been verified by third party assessments.
Access
Data Subjects whose Personal Data is covered by this policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data. For Data Subject participating in clinical trials, contact the trial sponsor not ActiGraph with requests for access, correction, amendment, or deletion. ActiGraph does not have the information to identify Data Subjects and works under the instructions of the Data Controller (trial sponsor). For other non-trial participants, requests for access, correction, amendment, or deletion should be sent to ActiGraph: privacy@theactigraph.com
Accountability for Onward Transfer
Prior to providing Subprocessors, with any Personal Data we will obtain assurances that they will safeguard it in accordance with this policy. In cases of onward transfer to third parties of Personal Data of EU individuals ActiGraph will remain liable.
Choice
You have the ability to control how we share your Personal Data with others. If you are a Data Subject participating in a study or trial hosted on CentrePoint, the Data Controller is responsible for obtaining your consent and allowing you to opt out. Personal Data is not processed for purposes which are materially different than which it was originally collected. If this were ever to be the case, ActiGraph would provide the individuals an opportunity to opt out.
Your Personal Data will not be shared with third parties unless we are required to do so by law, or if we believe in good faith that disclosure is reasonably necessary to protect our property, rights, or those of third parties, or the public at large.
If you are a registered user of our Services and have supplied your email address, we may occasionally send you informational emails. If we send informational emails as part of the Services, we will provide you with a way to request to not receive any similar notices in the future (opt-out, unsubscribe, etc.).
Security
ActiGraph takes reasonable and appropriate measures to protect Personal Data covered by this policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.
Data Integrity and Purpose Limitation
ActiGraph limits the collection of Personal Data covered by this policy to information that is relevant for the purposes of processing and does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.
ActiGraph takes reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. ActiGraph takes reasonable and appropriate measures to retain Personal Data in identifiable form only for as long as it serves a purpose of processing, which includes ActiGraph’s obligations to comply with professional standards and business purposes and unless a longer retention period is permitted by law.
Changes to this Policy
Although most changes are likely to be minor, we may occasionally need to change this policy. If we do update it, we'll notify you either by posting the new policy on our Services, their blogs, or by emailing you the changes or a link to the modified document.
Contact Us
For all inquiries about this policy please contact us at: privacy@theactigraph.com
ActiGraph, LLC
70 North Baylen Street, Suite 400
Pensacola, FL 32502
850.332.7900
Data Privacy Framework
Data Privacy Framework Commitment
ActiGraph, L.L.C. (“ActiGraph”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. ActiGraph has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) regarding the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. ActiGraph has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) regarding the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. For additional information about the Data Privacy Framework program and our certification, please visit https://www.dataprivacyframework.gov/.
Data Processed and Data Processing Purposes
ActiGraph provides our customers wearable devices, an online platform, and applications for collection, processing, and storage of clinical trial data. ActiGraph’s customers decide what data to submit to our platform or applications, which may include information about their authorized users, employees, and clinical trial participants. ActiGraph processes this data as instructed by our customers and does not control or own its customer’s personal data. Our customer instructions may include processing or using personal data for purposes of providing or developing the ActiGraph platform, applications, and services, preventing or addressing service or technical problems, responding to support issues, responding to our customer’s instructions, or as may be required by law.
Third-Party Access to Personal Data
ActiGraph only discloses personal data as instructed by our customers. In some cases, we may use third-party providers to assist us in providing or developing our platform or applications to our customers, such as to offer support to our customers and their authorized users and employees and to provide technical or operational support such as data hosting, transmission, and storage. These providers may access, process, or store personal data in the course of providing their services to ActiGraph. ActiGraph maintains contracts with these providers restricting their access, use and disclosure of personal data in compliance with our DPF obligations. ActiGraph may be liable if these third parties fail to meet those obligations and we are responsible for the event giving rise to the damage.
Individuals Rights to Access Their Personal Data
As ActiGraph is a data processor, individuals who seek to access, correct, amend, or delete personal data, should contact the ActiGraph customer (the data controller) who submitted your personal data to our platform or applications. ActiGraph has limited access to personal data as research site staff, investigators, or our business partners/customers control the key-coded data. If you wish to access, restrict use, or limit disclosure of your personal data, please identify the research site staff, investigators, or ActiGraph business partner/customer who submitted your information. ActiGraph will direct your request to them and provide necessary support in addressing it. If ActiGraph’s customer requests ActiGraph to remove the personal data to comply with data protection regulations, ActiGraph will respond to such requests within 30 days.
Inquiries or Complaints
In compliance with the EU-US Data Privacy Framework Principles, ActiGraph commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact privacy@theactigraph.com.
You may also refer any inquiries or complaints by mail to ActiGraph at:
ActiGraph, LLC
70 North Baylen Street
Suite 400
Pensacola, Florida 32502
Attention: Data Protection Officer
ActiGraph has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by the JAMS Foundation, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information and to file a complaint. This service is provided free of charge to you. Under certain circumstances, an individual may choose to invoke binding arbitration to resolve any disputes that have not been resolved by other means.
Compelled Disclosure
ActiGraph may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. ActiGraph will notify our customer of any such requests unless prohibited by law.
U.S. Federal Trade Commission Investigation and Enforcement
ActiGraph’s commitments under the DPF are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.