NCare
BioTech Inc. ("NCare BioTech Inc.") has adopted
this Privacy Policy ("Policy") to establish and maintain an adequate
level of Personal Data privacy protection. This Policy applies to the processing
of Personal Data that NCare BioTech obtains from Individuals and Clients.
NCare complies with the US-EU Privacy
Shield Framework and Swiss-US Privacy Shield Framework as set forth by the US
Department of Commerce regarding the collection, use, and retention of personal
information from Individuals . NCare has
certified that it adheres to the Privacy Shield Privacy Principles of notice,
choice, accountability for onward transfer, security, data integrity and
purpose limitation, access, recourse, enforcement and liability. If there is
any conflict between the policies in this privacy policy and the Privacy Shield
Privacy Principles, the Privacy Shield Privacy Principles shall govern.
The Federal
Trade Commission (FTC) has jurisdiction over NCare's
compliance with the Privacy Shield. All NCare
employees who handle Personal Data are
required to comply with the Principles stated in this Policy.
I. SCOPE
This Policy
applies to the processing of Individual Personal Data that NCare receives .
II. RESPONSIBILITIES
AND MANAGEMENT
NCare has designated the legal Department to oversee its information security
program, including its compliance with International rules.
NCare will maintain, monitor, test, and upgrade
information security policies, practices, and systems to assist in protecting
the Personal Data that it collects. NCare
personnel will receive training, as applicable, to effectively implement this
Policy.
III.
COLLECTION AND USE OF PERSONAL DATA
NCare might collect certain personal data from Individual
Clients who visit our site.
NCare may
collect personal data from Customers,
and employees, and personal sensitive information on general business activities. Ncare takes appropriate action where unsolicited
confidential data is received to prevent / minimize the risk of recurrence.
The
information that we collect from Customers /Visitors is used for exploring the
potential benefit of NCare BioTech Inc. pipeline of therapeutic product
candidates.
Ncare does not disclose personal
information to third parties for purposes that are materially different than
what it was originally collected for. Should this change in the future, we will
provide individuals with the option to opt-out.
IV.
DISCLOSURES/ONWARD TRANSFERS OF PERSONAL DATA
NCare also may disclose Personal Data for
other purposes or to other Third Parties when a Data Subject has consented to
or requested such disclosure. Please be aware that NCare
may be required to disclose an individual's personal information in response to
a lawful request by public authorities, including to meet national security or
law enforcement requirements. NCare is liable
for appropriate onward transfers of personal data to third parties.
V.
SENSITIVE DATA
An
organization is not required to obtain affirmative express consent (opt in)
with respect to sensitive data where the processing is:
i. in the
vital interests of the data subject or another person;
ii.
necessary for the establishment of legal claims or defenses;
iii.
required to provide medical care or diagnosis;
iv. carried
out in the course of legitimate activities by a foundation, association or any
other non-profit body with a political, philosophical, religious or trade-union
aim and on condition that the processing relates solely to the members of the
body or to the persons who have regular contact with it in connection with its
purposes and that the data are not disclosed to a third party without the
consent of the data subjects;
v.
necessary to carry out the organization’s obligations in the field of
employment law; or
vi. related
to data that are manifestly made public by the individual.
VII. DATA
INTEGRITY AND SECURITY
NCare
uses reasonable efforts
to maintain the accuracy and integrity of Personal Data and to update it as
appropriate. NCare has implemented physical and
technical safeguards to protect Personal Data from loss, misuse, and
unauthorized access, disclosure, alternation, or destruction. For example,
electronically stored Personal Data is stored on a secure network with firewall
protection, and access to NCare's electronic
information systems requires user authentication via password or similar means.
NCare also employs access restrictions, limiting the
scope of employees who have access to Individual Patient Personal Data.
Further, NCare uses secure encryption technology to protect
certain categories of personal data. Despite these precautions, no data
security safeguards guarantee 100% security all of the time.
VIII. ACCESSING PERSONAL DATA
NCare personnel may access and use
Personal Data only if they are authorized to do so and only for the purpose for
which they are authorized.
IX. RIGHT
TO ACCESS, CHANGE OR DELETE PERSONAL DATA
A. Right to
Access. Individuals have the right to know what Personal Data about them is
included in the databases and to ensure that such Personal Data is accurate and
relevant for the purposes for which it was
collected . Individuals may request to review their own Personal Data
stored in the databases and request correction, erasure, or deletion of any
data, as permitted by applicable law and NCare’s policies. Upon reasonable request and
as required by the Privacy Shield principles, Ncare
allows Individual Customers access to
their Personal Data, in order to correct or amend such data where inaccurate.
Individual Customer may request access by contacting NCare by phone
or email. To request access of Personal Data, Individual Customer should submit a written request to Ncare by emailing privacy@NCare.ca.
B. Requests
for Personal Data. NCare will track each of the
following and will provide notice to the appropriate parties under law and
contract when either of the following circumstances arise: (a) legally binding
request for disclosure of the Personal Data by a law enforcement authority
unless prohibited by law or regulation; or (b) requests received from the Data
Subject or Individual.
C.
Satisfying Requests for Access, Modifications, and Corrections. NCare will endeavor to respond in a timely manner to
all reasonable written requests to view, modify, or inactivate Personal Data.
X. CHANGES
TO THIS POLICY
This Policy
may be amended from time to time, consistent with the Privacy Shield Principles
and applicable data protection and privacy laws and principles. We will make
employees available of changes to this policy either by posting to our
intranet, through email, or other means. We will notify Individuals if we make
changes that materially affect the way we handle Personal Data previously
collected, and we will allow them to choose whether their Personal Data may be
used in any materially different manner.
XI.
QUESTIONS OR COMPLAINTS
Customers may contact NCare
with questions or complaints concerning this Policy at the following address: privacy@NCare.ca
XII.
ENFORCEMENT AND DISPUTE RESOLUTION
In compliance with the US-EU and Swiss-US Privacy
Shield Principles, NCare commits to resolve
complaints about your privacy and our collection or use of your personal
information. EU and Swiss individuals with questions or concerns about the use
of their Personal Data should contact us at: privacy@NCare.ca.
XIII.
DEFINED TERMS
Capitalized terms in this Privacy Policy have
the following meanings:
"Individual
" means an Individual from EU or Switzerland. The term also shall include
any individual Customer, or an individual connected with the collection of data
where NCare has obtained his or her personal
data as part of its business relationship with NCare.
"Data
Subject" means an identified or identifiable natural living person. An
identifiable person is one who can be identified, directly or indirectly, by
reference to a name, or to one or more factors unique to his or her personal
physical, psychological, mental, economic, cultural or social characteristics.
"Employee"
means an employee (whether temporary, permanent, part-time, or contract),
former employee, independent contractor, or job applicant of NCare or any of
its affiliates or subsidiaries
“Personal
data” and “personal information” are data about an identified or identifiable
individual that are within the scope of the Directive, received by an
organization in the United States from the European Union, and recorded in any
form.
"Sensitive
Data" means Personal Data that discloses a Data Subject's medical or
health condition, race or ethnicity, political, religious or philosophical
affiliations or opinions, sexual orientation, or trade union membership.
"Third
Party" means any individual or entity that is neither NCare nor an NCare employee, agent, contractor, or
representative.
Effective
Date: 20 October 2020