The purpose of this policy is to provide a description of Dacima’s privacy and security policy and procedures.
This policy is applicable to every employee of Dacima, including officers, and to members of the Dacima Board of Directors.
Personal Information Definition: Personal Information is (1) any non-public data that (2) identifies or may identify an individual, as set forth under the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, or any successor laws or regulations.
4.1 Individuals who visit our website
4.1.1 What information we collect and how we use that information
Contact Information – Some areas of our websites request or require contact and other information.
Internet Protocol (IP) Address – We may collect an IP address from visitors to our sites. We may use IP address to help diagnose problems with our server(s), to administer our websites, and to monitor activities on and interactions with our websites, user preferences, and other computer and connection information relating to your use of our sites. We may also use log files, cookies and similar technologies to collect information about the pages you view, links you click on, and other actions you may take when accessing our sites.
Use and Sharing of Visitor Personal Information – Dacima uses the Personal Information we collect from visitors to our website:
- to contact you in connection with your registration or your use of the site or our products or services;
- to contact you in response to your inquiries, comments and suggestions;
- to contact you otherwise when necessary;
- for the specific purpose for which it was volunteered;
- to ask for your participation in brief surveys;
- to complete any purchases or other transactions you may perform;
- to notify you about updates, promotions, special offers, etc., regarding products and services provided by us or our affiliates or partners;
- to be provided to our affiliates or third parties (e.g., data processors or other service providers) in connection with our legitimate business purposes;
- to generate aggregate statistical studies;
- as further described to you when we collect the information;
- as required by law or regulation, or as requested by government authorities;
- in connection with an acquisition, merger, sale or other transfer of all or substantially all of our business or portion thereof; and
- for our other business purposes.
Dacima does not share, sell, rent, or trade your Personal Information collected through our sites with third parties for their sole promotional purposes without your express consent. As set forth above, Dacima may share your personal information with third-party service providers contracted by us to provide services on our behalf; these providers may only use information we provide to them as instructed by us.
4.2 Access, choice and opt out
Website visitors, at any time, “opt out” of receiving communications from us related to our products and services and/or to request the removal of their contact information from our database by writing to us. However, Dacima cannot withdraw any previous disclosures made with your authorization, and we reserve the right to retain and disclose your information as permitted or required by law or regulation.
4.3 Individuals who use our applications (customer data)
As part of Dacima’s electronic data capture platform, applications and services, our customer’s employees and authorized users may enter Personal Information, including Personal Information from or about their authorized users, employees, and subjects (together, “Customer Data”), into our servers.
Dacima processes customer data as instructed by our customers, and has no direct control or ownership of the Personal Information it processes. Our customers are responsible for complying with regulations or laws regarding notice, disclosure and/or obtaining consent prior to transferring the data to Dacima for processing purposes.
Dacima will not share or distribute customer data except as provided in the contractual agreements between Dacima and our customers. These agreements may provide Dacima with the rights to process or use Personal Information for Dacima’s business purposes including providing or developing the Dacima platform and applications, preventing or addressing service issues, support or technical problems, responding to our customer’s instructions, or as may be required by law.
5.1 Physical Security of servers
Data for Internet version of Dacima Software’s data management platform are stored in a secure data facility. Various measures are in force to guarantee the security of stored data, including:
- Premises are located in a building whose access is protected and are under permanent surveillance (video surveillance cameras).
- Premises are themselves protected in an independent manner and under remote surveillance (cameras, motion detections).
- Local and remote alarms are in place for:
- Temperature increase,
- Smoke detection,
- Power outages,
Servers are located on the premises in an isolated room in locked cages with an independent protection system. This room’s temperature is closely monitored and air-conditioned with an independent system. There is a backup system in case of a system failure.
The servers are on a protected power supply with 72 hours of immediate backup battery power. In case of a power failure, a generator starts automatically and a remote alarm activates.
Technical support is continuously available to respond to alerts. The support team helps resume activities in case of an extended power supply failure and intervenes in case of a software failure. A diesel generator provides backup power.
The following server management processes are in place to protect the privacy of data stored on the secure servers:
- Dedicated Firewall
- Backup services
- Antivirus protection
- OS Patch Management
Servers also protected by restricted access. Only authorized users can access the servers. Separate database and web servers
The HITECH Act requires private accessibility whenever you or your patients request it. As your managed data centre operator, Online Tech never accesses your sensitive data; we only provide a secure infrastructure and high availability hosting with HIPAA-audited facilities.
Employees are trained to understand and follow standards and the importance of protecting sensitive information.
5.1.1 Digital Security
Confidentiality of data
The DACIMA SOFTWARE uses multiple servers and firewalls to provide maximum security and confidentiality of clinical data. Redundant servers ensure that down time due to the failure of any one server is minimized.
Integrity of data
DACIMA SOFTWARE guarantees that the clinical data captured will be kept and transmitted without transformation or alteration:
- Encryption of data transmitted between the investigators’ computer system and that of DACIMA SOFTWARE
- Daily monitoring of transactions between users and the computer system.
- Monitoring of the system and corrections of software and hardware anomalies, where needed
- Installation and updating of antivirus software on the servers to prevent viruses from altering the data.
Authentication of users of the clinical data management application is used to check a user’s identity and to guarantee the origin and integrity of data entered into DACIMA SOFTWARE computer systems.
Access to the CRF data entry application is only authorized through a username and password. The password is created by the user and must conform to the software’s complexity requirements.
NOTE: The Client is responsible for ensuring a username and password policy is in place and that users are aware that usernames and passwords should not be shared.
Data is transmitted over a secure encrypted SSL web connection.