ActiGraph Privacy Policy

Your privacy is important to us, and we are committed to protecting it. We have established policies and procedures to ensure that your personal information is handled responsibly and in accordance with applicable data protection and privacy laws.


Terminology

“CentrePoint” system, the ActiGraph CentrePoint system ( https://actigraphcorp.com/centrepoint/ ); referred to here as the/our "Software" or the/our "Services."

“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For CentrePoint, this would be the organization using ActiGraph Services to conduct the trial or study.

“Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller. For CentrePoint, this is ActiGraph’s role.

“Data Subject” means the individual to whom any given Personal Data covered by this Privacy Shield Policy refers.

"Personal information" is any information that could be used to identify an individual. It does not include personal information that is encoded or anonymized, or publicly available information that has not been combined with non-public information.

"Sensitive personal information" is information that meets the "personal information" criteria and also a.) reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or b.) concerns health or sex orientation, information about Social Security benefits, or information on criminal or administrative proceedings other than in the context of pending legal proceedings.

“Services” refers to an ActiGraph product, service, or software; in this context, this typically refers to CentrePoint.

Notice

We provide this information publicly to notify you and explain our data practices regarding Personal Data received by ActiGraph in the U.S. from European Union member countries and Switzerland in reliance on the respective Privacy Shield framework as well as the choices you can make about the way your information is collected and used. This privacy policy describes what information we collect when you use our Services, how we use that information, and what choices we offer you to access, update, and control it.

If you are outside the United States, you should know that any personally identifiable information you enter into the Services will be transferred out of your country and into the United States. By using the Services, you consent to such transfer and are representing that you have the right to transfer such information outside your country.

Privacy Shield Participation

ActiGraph complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. ActiGraph has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov/

Types of Information and How We Collect It

We collect your information in two ways:

  1. When you contact us directly or visit our website,
  2. When you use our software products, like the CentrePoint system (referred to here as the/our "Software" or the/our "Services") and provide us information.
Information we obtain from your direct contact or website visit is primarily non-personally-identifying information. This is the information typically made available by web browsers such as the browser type, language preference, referring site, and the time of each visit, etc. We collect this non-personally-identifying information in order to better understand how visitors use the web content we publish to improve their experience. We use cookies to help track visitors' use of the Services and their preferences. If you do not wish to have cookies placed on your computer, you should set your browser to refuse cookies, but be aware that certain features of our Services may not function properly without them.

In the process of supporting our Services, we may discover personally identifiable information associated with your account and communication. The only personally identifiable information we may discover during the support process without your consent includes your email address, name, and the names of any organizations to which you belong. Any further information will not be discovered without your consent.

Information provided directly through your use of our Services. For Services such as CentrePoint, we also collect potentially personally identifying information provided to us directly. ActiGraph does not conduct clinical trials, but does provide a Service that is used by organizations conducting research studies and clinical trials.

The amount and type of information that is provided depends on the nature of the interaction. For example, the CentrePoint end-users (the people conducting the studies, never the subjects/patients) must provide an email address.

When you use the Services, we also collect potentially personal identifying information in the form of Internet Protocol (IP) addresses, the Uniform Resource Locator (URL) accessed, and the unique identification number associated with the account for the purpose of diagnostics and system protection. We don't use that information to identify you unless there is an indication of abuse of the system.

For data subjects (also known as “patients” or “participants”), each subject record is only required to have the following attributes:

  1. Subject Identifier (a unique identifier provided by the data controller; typically providing a reference to another system)
  2. Wear location of the activity monitor

At the request of the organization owning the study data, the CentrePoint system can be configured to allow data entry of the following information about the subject:

  1. Date of Birth (optional, but recommended)
  2. Timezone (optional, defaults to GMT-0)
  3. Gender (optional, but recommended)
  4. Weight (optional)

This subject information is appropriately secured within the ActiGraph system and utilized for analytical processing as instructed by the data controller (organization conducting the study). The data controller is responsible for consent and allowing data subjects to opt out.

ActiGraph does not process sensitive personal information, such as specific medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of the individual. However, ActiGraph will treat as sensitive any personal information received from a third party, or data controller, where the third party identifies and treats it as sensitive. In this scenario, the third party will be obligated to obtain affirmative express consent (opt in) from those individuals.

Purpose: How We Use Information

  1. Allow you to register for our Services and to administer and process the registration
  2. To communicate with you about our products, services, and related issues
  3. To fulfill, as a data processor, the statement of work and instructions of the data controller
  4. To maintain and administer our web sites and comply with our legal or internal obligations and policies
  5. To transfer information to others as described in this policy or to satisfy our legal, regulatory, compliance, or auditing requirements
  6. To better understand how visitors use the web content we publish to improve their experience

Contact Us

Note for clinical trial participants: For Data Subjects participating in clinical trials, contact the Principal Investigator first, followed by the Sponsor if needed, with requests for access, correction, amendment, or deletion. ActiGraph does not have the information to identify data subjects and works under the instructions of the data controller (trial investigator/sponsor) to service your request.

For all other inquiries about this policy please contact us at: privacy@theactigraph.com

ActiGraph, LLC
70 North Baylen Street, Suite 400
Pensacola, FL 32502
850.332.7900

Third Parties

ActiGraph does not provide information to third parties other than those which are acting on our behalf with our instructions. These entities must meet or exceed ActiGraph’s data privacy requirements and those of the Privacy Shield. Data is not processed for purposes that are materially different than which it was originally collected.

The CentrePoint system and data storage are implemented within the cloud infrastructure of Amazon Web Services (AWS) and Microsoft Azure. These entities’ qualifications have been verified by 3rd party assessments.

Access

Data Subjects whose Personal Data is covered by this Privacy Shield Policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or when the rights of persons other than the Data Subject would be violated). Access is provided by contacting the applicable data controller determined as follows:

Clinical trial participants: For Data Subject participating in clinical trials, contact the trial sponsor not ActiGraph with requests for access, correction, amendment, or deletion. ActiGraph does not have the information to identify data subjects and works under the instructions of the data controller (trial sponsor).

Other non-trial participants: Requests for access, correction, amendment, or deletion should be sent to ActiGraph: privacy@theactigraph.com

Choice

You have the ability to control how we share your personal information with others. If you are a data subject participating in a study or trial hosted on the CentrePoint platform, the data controller is responsible for eliciting your consent and allowing you to opt out. ActiGraph does not provide information to third parties other than those which are acting on our behalf with our instructions. Data is not processed for purposes which are materially different than which it was originally collected. If this were ever to be the case, ActiGraph would provide the individuals an opportunity to opt out.

We won't share your personal information with non-agent third parties unless we are required to do so by law, or if we believe in good faith that disclosure is reasonably necessary to protect our property, rights or those of third parties, or the public at large.

If you are a registered user of our Services and have supplied your email address, we may occasionally send you informational emails. If we send informational emails as part of the Service, we will provide you with a way to request to not receive any similar notices in the future (opt-out, unsubscribe, etc.).

Accountability for Onward Transfer

Prior to providing agents with any personal information, we will obtain assurances that they will safeguard it in accordance with this policy. Examples of assurances that may be provided include:

  1. A commitment that they will handle the information in accordance with this policy, or will provide the same level of protection, as required by the Privacy Shield Principles;
  2. Privacy Shield certification by the agent, or being subject to another European Commission adequacy finding.

In the event ActiGraph has knowledge that a third party agent is processing Personal Data covered by this Privacy Shield Policy in a way that is contrary to the Privacy Shield Principles, ActiGraph will take all reasonable steps to prevent or stop such processing.

In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, ActiGraph will remain liable.

Security

ActiGraph takes reasonable and appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.

Data Integrity and Purpose Limitation

ActiGraph limits the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing and does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.

ActiGraph takes reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. ActiGraph takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Data in identifiable form only for as long as it serves a purpose of processing, which includes ActiGraph’s obligations to comply with professional standards and business purposes and unless a longer retention period is permitted by law, and it adheres to the Privacy Shield Principles for as long as it retains such Personal Data.

Recourse, Enforcement, and Liability

In compliance with the Privacy Shield Principles, ActiGraph commits to resolve complaints about your privacy and our collection or use of your Personal Data.

Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact ActiGraph at:

privacy@theactigraph.com
Data Protection Officer
ActiGraph, LLC
70 North Baylen Street, Suite 400
Pensacola, FL 32502
850.332.7900

ActiGraph has further committed to refer unresolved Privacy Shield complaints to the JAMS Foundation, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/ for more information or to file a complaint. The services of the JAMS Foundation are provided at no cost to you.

Under certain conditions detailed in the Privacy Shield, Data Subjects may be able to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.

ActiGraph agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. ActiGraph acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.

ActiGraph’s participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.

Our Commitment to Children's Privacy

Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.

Changes to this Policy

Although most changes are likely to be minor, we may occasionally need to change this policy. If we do update it, we'll notify you either by posting the new policy on our Services, their blogs, or by emailing you the changes or a link to the modified document. (See the "Choice" section below for information about how we'll notify you if we change our policy regarding sensitive information.) In any case, the way we use information you provide will be covered by the privacy policy that was in effect at the time it was collected.


ActiGraph

Pioneering the Digital Transformation of Clinical Research