What Are Cookies?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to manage and delete cookies, please visit www.allaboutcookies.org. Please note, however, that preventing cookies from being stored could downgrade or ‘break’ certain elements of the site’s functionality. We therefore recommend that you keep all cookies enabled even if you are not sure whether you need them, as disabling them may adversely impact the functionality of the site or even prevent us from providing a service that you use.
Our cookies cannot be used to identify you personally.
What Cookies Do We Use?
When you submit data to us by filling in a form (e.g. a comment form or contact form), cookies may be set to remember your user details for future correspondence.
This site also uses third party “analytical” cookies which recognise and count the number of visitors, and how and for how long those visitors move around our site when they are using it. This information then allows us to improve the way the site works..
RWS Life Sciences: Data Safeguards, Privacy, and Destruction
Data Safeguards Policy
RWS Life Sciences (“Organization”) has implemented the following safeguards to protect the Organization, client, and personal information it obtains, uses, accesses, or processes in connection with its performance of translation services.
Network and Computer Security
The Organization uses up-to-date virus protection software on all computers used by the Organization.
The Organization uses a firewall product, such as a firewall built into its operating system, a network appliance, or a personal firewall software package
The Organization’s vendors keep all applications, including operating systems, patched with any software patch product, including automatic update services, that are recommended for any application or operating system used in performance of translation services.
The Organization does not run or send programs of unknown origin.
The Organization disables hidden filename extensions.
The Organization makes regular backups of critical data, keeps a copy of important files on removable media, and uses a software backup tool if available. The Organization stores its backup disks in a secure location.
The Organization keeps a recovery disk in case its computers are damaged or compromised.
The Organization encrypts its wireless connection.
The Organization requires any vendor with which it works to affirm in writing its compliance with the above network and computer safeguards.
Protected information includes confidential and non-public Organization, client, and/or personal information gathered and /or utilized in the course of establishing and maintaining business relationships and/or in the performance of translation services. Access to protected information is limited.
Personal Information in Client Documents
The Organization utilizes a procedure by which it takes reasonable and appropriate steps to identify and redact personal information from documents supplied by clients. This information may include individual or patient names, addresses, phone numbers, fax numbers, email addresses, birth dates, social security numbers, medical record numbers, health plan beneficiary number, account numbers, photographs or other images, and any other unique information by which an individual or patient may be identified. Access to the client documents that may contain such personal information is limited to the Organization’s production staff assigned to the client’s projects. When such information is discovered, the information will be redacted so that the information is no longer visible unless the client has requested otherwise in writing. The original document containing the information shall either be stored with the client’s original documents and access to it shall be limited to certain Organization associates, or shall be returned to the client and the redacted version shall be retained by the Organization.
Protection of Documents
Any documents that the Organization receives or obtains in connection with its performance of translation services, including paper copies, computer disks, removable media, or electronic submission, which contains protected information, are stored in a secure location, accessible only by those Organization employees with a need for such access. Physical documents containing protected information are retained by the Organization only until the assignment is complete, and are then returned to the client. Any copies or backup files (including electronic copies) are not maintained and will be destroyed.
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. Please see The Privacy Shield website (https://www.privacyshield.gov/) for more information.
This Privacy Shield Policy Statement applies to all personal information received by the Organization in the United States from the EU and from Switzerland, in any format, including electronic, paper, or verbal.
The privacy principles in this Policy have been developed based on the Privacy Shield Principles.
Notice: Where the Organization collects personal information directly from individuals in the EU and Switzerland, it will inform them about the purposes for which it collects and uses personal information about them, the types of non–agent third parties to which the Organization discloses that information, the choices and means, if any, the Organization offers individuals for limiting the use and disclosure of personal information about them, and how to contact the Organization. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to the Organization, or as soon as practicable thereafter, and in any event before the Organization uses or discloses the information for a purpose other than that for which it was originally collected.
Where the Organization receives personal information from its parent, affiliates or other entities in the EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
Choice: The Organization will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual or client.
For sensitive personal information, the Organization will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual or client.
The Organization will provide individuals with reasonable mechanisms to exercise their choices.
Accountability for Onward Transfer: The Organization will obtain assurances from its agents that they will safeguard personal information consistently with this Policy. Where the Organization has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, the Organization will take reasonable steps to remediate.
Security: The Organization will take reasonable and appropriate measures to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation: The Organization will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual or client. The Organization will not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual or client. The Organization will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
Access: Upon request, the Organization will grant individuals reasonable access to personal information that it holds about them. In addition, the Organization will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
Recourse, Enforcement, and Liability: The Organization will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that the Organization determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment. Any questions or concerns regarding the use or disclosure of personal information should be directed to the RWS Life Sciences Headquarters at the address given below. The Organization will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the principles contained in this Policy. For complaints that cannot be resolved between the Organization and the complainant, the Organization has agreed to participate in dispute resolution procedures in the investigation and resolution of complaints to resolve disputes pursuant to the Privacy Shield Principles. For disputes involving personal information received by the Organization from its clients, the Organization will employ a licensed moderator to mitigate and resolve.
In reference to Data Privacy, the Organization is subject to the investigatory and enforcement powers of the FTC, the Department of Transportation or any other U.S. authorized statutory body.
In the context of an onward transfer, the Organization has responsibility for the processing of personal information it receives and transfers on its behalf. The Organization shall remain liable under the Privacy Shield Principles if its agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless the Organization proves that it is not responsible for the event giving rise to the damage.
Independent Dispute Resolution Provider
International Centre for Dispute Resolution Case Filing Services
1101 Laurel Oak Road, Suite 100
Voorhees, NJ, 08043
Email: [email protected]
Limitation on Application of Privacy Shield Principles
Adherence by the Organization to these Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.
The Organization sees the Internet and the use of other technology as valuable tools to communicate and interact with consumers, employees, healthcare professionals, business partners, and others. The Organization recognizes the importance of maintaining the privacy of information collected online and has standard operating procedures to govern the information collected through the web sites it operates.
Questions or comments regarding this Policy should be submitted to the Organization by mail to:
RWS Life Sciences
101 East River Drive, 2nd Floor
East Hartford, CT 06108
Changes to this Policy
This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles.
1. Client data maintained in paper format will be destroyed upon request by authorized clients.
2. All paper documents that contain client data will be destroyed using an acceptable method of destruction.
3. Acceptable methods of destruction include shredding, incineration, pulverization and use of a bonded recycling company.
Computer Data Storage Media
1. Computers, laptops, servers and hard drives are used to store client data. Data may be stored in a number of areas on a computer hard drive. For example, data may be stored in “Folders” specifically designated for storage of this type of information, in temporary storage areas and in cache. Simply deleting the files or folders containing this information does not necessarily erase the data.
a. To ensure that any client data has been removed, a utility that overwrites the entire disk drive with “1”s and “0”s must be used.
b. If the computer is being disposed of due to damage and it is not possible to run the utility to overwrite the data, then the hard drive must be removed from the computer and physically destroyed. Alternatively, the drive can be erased by use of magnetic bulk eraser. This applies to PC workstations, laptops and servers.
2. Backup or Data Tapes: Tapes, USB drives or diskettes that are being decommissioned must be degaussed before disposal. This can be accomplished using a bulk tape eraser. Alternatively, the media may be pulverized or shredded.
3. Compact Disks (CDs) and Diskettes: CDs containing resident health information must be cut into pieces or pulverized before disposal.
4. If a service is used for disposal, the vendor should provide a certificate indicating the following:
a. Computers and media that were decommissioned have been disposed of in accordance with environmental regulations as computers and media may contain hazardous materials.
b. Data stored on the decommissioned computer and/or media was erased or destroyed per the previously stated method(s) prior to disposal.
The Organization provides the client with a destruction certificate upon completion of the data destruction. These certificates are signed and notarized by the appropriate member of the management staff and stored indefinitely. The client requesting the data be destroyed must also sign the certificate. A Destruction Log is maintained to identify the destroyed records. At a minimum, the Destruction Log must capture the information listed below.
a. Date of destruction (date/s records are destroyed),
b. Destroyed by (name/s of the individuals responsible for destroying the records),
c. Method of destruction (method used to destroy records), and
d. Description of destroyed item (file name, document title).
Effective Date: February 5, 2018