Cardiovascular Imaging Technologies Privacy Notice

Effective on: June 4, 2021

Introduction and Scope

Cardiovascular Imaging Technologies L.L.C. (“CVIT”, “we”, “us”, “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Notice (the “Notice”) addresses data subjects whose Personal Data we may receive from our customers in the course of delivering our laboratory research services through our Imaging Core Laboratory (collectively, the “Services”). This Notice does not apply to Personal Data we collect by other means, such as Personal Data that we receive directly through our website(s) or the Personal Data of our employees.

Controllership

CVIT acts as an agent, also known as a data processor, for the Personal Data we process for our customers when providing our Services. This means that our customers determine the type of Personal Data they provide for us to process on their behalf. We typically have no direct relationship with the individuals whose Personal Data we receive from our customers.

Basis of Processing

Within the scope of this Notice, we process Personal Data based on the instructions of our customers.

How We Receive Personal Data

We may receive your Personal Data when:

  • our customers (including their employees, contractors, and other representatives of the company) provide it to us; or
  • our service providers provide it to us.

Categories of Personal Data

We may process the following types of Personal Data:

  • contact information, solely for our customer contacts;
  • identifying information, such as key-coded patient identifier; and
  • health information, such as cardiovascular images and limited clinical data.

Purposes of Processing

We may process your Personal Data for the purposes of:

  • delivering the Services;
  • review of the provided Personal Data to identify applicable medical conditions;
  • drafting a findings report for the customer which provides visual and quantitative research observations; and
  • recording observations in a database.

Data Retention

We are required to retain the personal information for a period of 25 years per requirements relating to clinical trial regulations.

Sharing Personal Data with Third Parties

We may share Personal Data with our service providers, who process Personal Data on our behalf, and who agree to use the Personal Data only to assist us in providing our Services or as required by law. Our service providers may provide:

  • remote desktop services;
  • physical tape storage services;
  • cloud storage services; and
  • managed IT support.

Other Disclosure of Your Personal Data

We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary, for business purposes, as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal business purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

Data Integrity & Security

We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. This includes unauthorized access, disclosure, alteration, or destruction.

Access & Review

If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data.

Requests should be sent directly to the CVIT customer who provided your Personal Data to us. CVIT has limited rights to access Personal Data provided by our customers. Therefore, if you contact us with such a request, please provide the name of the CVIT customer who submitted your Personal Data to us. We will forward your request to that customer and provide any needed assistance as they respond to your request.

Changes to this Notice

If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date.

Contact Us

If you have any questions about this Notice or our processing of your Personal Data, please write to Staci Courter by email at scourter@cvit.com or by postal mail at:

Cardiovascular Imaging Technologies L.L.C.

Attn: Staci Courter

4320 Wornall Road, Suite 114

Kansas City, MO 64111

USA

Please allow up to four weeks for us to reply.