ActiGraph's Response to Novel Coronavirus (COVID-19) - July 30th Update
“CentrePoint” system, the ActiGraph CentrePoint system ( https://actigraphcorp.com/centrepoint/ ); referred to here as the/our "Software" or the/our "Services."
“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For CentrePoint, this would be the organization using ActiGraph Services to conduct the trial or study.
“Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller. For CentrePoint, this is ActiGraph’s role.
“Data Subject” means the individual to whom any given Personal Data covered by this Privacy Shield Policy refers.
"Personal information" is any information that could be used to identify an individual. It does not include personal information that is encoded or anonymized, or publicly available information that has not been combined with non-public information.
"Sensitive personal information" is information that meets the "personal information" criteria and also a.) reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or b.) concerns health or sex orientation, information about Social Security benefits, or information on criminal or administrative proceedings other than in the context of pending legal proceedings.
“Services” refers to an ActiGraph product, service, or software; in this context, this typically refers to CentrePoint.
If you are outside the United States, you should know that any personally identifiable information you enter into the Services will be transferred out of your country and into the United States. By using the Services, you consent to such transfer and are representing that you have the right to transfer such information outside your country.
Privacy Shield Participation
Types of Information and How We Collect It
We collect your information in two ways:
- When you contact us directly or visit our website,
- When you use our software products, like the CentrePoint system (referred to here as the/our "Software" or the/our "Services") and provide us information.
In the process of supporting our Services, we may discover personally identifiable information associated with your account and communication. The only personally identifiable information we may discover during the support process without your consent includes your email address, name, and the names of any organizations to which you belong. Any further information will not be discovered without your consent.
Information provided directly through your use of our Services. For Services such as CentrePoint, we also collect potentially personally identifying information provided to us directly. ActiGraph does not conduct clinical trials, but does provide a Service that is used by organizations conducting research studies and clinical trials.
The amount and type of information that is provided depends on the nature of the interaction. For example, the CentrePoint end-users (the people conducting the studies, never the subjects/patients) must provide an email address.
When you use the Services, we also collect potentially personal identifying information in the form of Internet Protocol (IP) addresses, the Uniform Resource Locator (URL) accessed, and the unique identification number associated with the account for the purpose of diagnostics and system protection. We don't use that information to identify you unless there is an indication of abuse of the system.
For data subjects (also known as “patients” or “participants”), each subject record is only required to have the following attributes:
- Subject Identifier (a unique identifier provided by the data controller; typically providing a reference to another system)
- Wear location of the activity monitor
At the request of the organization owning the study data, the CentrePoint system can be configured to allow data entry of the following information about the subject:
- Date of Birth (optional, but recommended)
- Timezone (optional, defaults to GMT-0)
- Gender (optional, but recommended)
- Weight (optional)
ActiGraph does not process sensitive personal information, such as specific medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of the individual. However, ActiGraph will treat as sensitive any personal information received from a third party, or data controller, where the third party identifies and treats it as sensitive. In this scenario, the third party will be obligated to obtain affirmative express consent (opt in) from those individuals.
Purpose: How We Use Information
- Allow you to register for our Services and to administer and process the registration
- To communicate with you about our products, services, and related issues
- To fulfill, as a data processor, the statement of work and instructions of the data controller
- To maintain and administer our web sites and comply with our legal or internal obligations and policies
- To transfer information to others as described in this policy or to satisfy our legal, regulatory, compliance, or auditing requirements
- To better understand how visitors use the web content we publish to improve their experience
Note for clinical trial participants: For Data Subjects participating in clinical trials, contact the Principal Investigator first, followed by the Sponsor if needed, with requests for access, correction, amendment, or deletion. ActiGraph does not have the information to identify data subjects and works under the instructions of the data controller (trial investigator/sponsor) to service your request.
For all other inquiries about this policy please contact us at: firstname.lastname@example.org
49 East Chase Street
Pensacola, FL 32502
ActiGraph does not provide information to third parties other than those which are acting on our behalf with our instructions. These entities must meet or exceed ActiGraph’s data privacy requirements and those of the Privacy Shield. Data is not processed for purposes that are materially different than which it was originally collected.
The CentrePoint system and data storage are implemented within the cloud infrastructure of Amazon Web Services (AWS) and Microsoft Azure. These entities’ qualifications have been verified by 3rd party assessments.
Data Subjects whose Personal Data is covered by this Privacy Shield Policy have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or when the rights of persons other than the Data Subject would be violated). Access is provided by contacting the applicable data controller determined as follows:
Clinical trial participants: For Data Subject participating in clinical trials, contact the trial sponsor not ActiGraph with requests for access, correction, amendment, or deletion. ActiGraph does not have the information to identify data subjects and works under the instructions of the data controller (trial sponsor).
Other non-trial participants: Requests for access, correction, amendment, or deletion should be sent to ActiGraph: email@example.com
You have the ability to control how we share your personal information with others. If you are a data subject participating in a study or trial hosted on the CentrePoint platform, the data controller is responsible for eliciting your consent and allowing you to opt out. ActiGraph does not provide information to third parties other than those which are acting on our behalf with our instructions. Data is not processed for purposes which are materially different than which it was originally collected. If this were ever to be the case, ActiGraph would provide the individuals an opportunity to opt out.
We won't share your personal information with non-agent third parties unless we are required to do so by law, or if we believe in good faith that disclosure is reasonably necessary to protect our property, rights or those of third parties, or the public at large.
If you are a registered user of our Services and have supplied your email address, we may occasionally send you informational emails. If we send informational emails as part of the Service, we will provide you with a way to request to not receive any similar notices in the future (opt-out, unsubscribe, etc.).
Accountability for Onward Transfer
Prior to providing agents with any personal information, we will obtain assurances that they will safeguard it in accordance with this policy. Examples of assurances that may be provided include:
- A commitment that they will handle the information in accordance with this policy, or will provide the same level of protection, as required by the Privacy Shield Principles;
- Privacy Shield certification by the agent, or being subject to another European Commission adequacy finding.
In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, ActiGraph will remain liable.
ActiGraph takes reasonable and appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.
Data Integrity and Purpose Limitation
ActiGraph limits the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing and does not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.
ActiGraph takes reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. ActiGraph takes reasonable and appropriate measures to comply with the requirement under the Privacy Shield to retain Personal Data in identifiable form only for as long as it serves a purpose of processing, which includes ActiGraph’s obligations to comply with professional standards and business purposes and unless a longer retention period is permitted by law, and it adheres to the Privacy Shield Principles for as long as it retains such Personal Data.
Recourse, Enforcement, and Liability
In compliance with the Privacy Shield Principles, ActiGraph commits to resolve complaints about your privacy and our collection or use of your Personal Data.
Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact ActiGraph at:
Data Protection Officer
49 East Chase Street
Pensacola, FL 32502
ActiGraph has further committed to refer unresolved Privacy Shield complaints to the JAMS Foundation, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/ for more information or to file a complaint. The services of the JAMS Foundation are provided at no cost to you.
Under certain conditions detailed in the Privacy Shield, Data Subjects may be able to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.
ActiGraph agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. ActiGraph acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.
ActiGraph’s participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to investigation and enforcement by the Federal Trade Commission.
Our Commitment To Children’s Privacy
Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.
Changes to this Policy