Privacy Statement
OmniTrace Privacy Notice
Effective Date: July 1, 2023
Introduction
OmniTrace Corp. has always been committed to maintaining the accuracy, confidentiality, and security of your personal and corporate information.
We have established this Privacy Notice to govern our use of client information, and it is also intended to comply with the European Union’s (EU) General Data Protection Regulation (GDPR). This Privacy Notice applies to personal data that OmniTrace collects or processes about an individual (Data Subject) while the Data Subject is located in the EU, regardless of whether the Data Subject is a citizen or permanent resident of an EU country. “Personal Data” means any information relating to an identified or identifiable Data Subject. A “Data Controller” controls the procedures and purpose of data usage.
We encourage you to read this Privacy Notice carefully when using our website or services or transacting business with us. By using our websites or any of our applications, you are accepting the practices described in this Privacy Notice. We encourage you to contact us at customercare@omnitrace.com if you have any questions.
This Privacy Notice applies to all services provided by OmniTrace including but not limited to global and domestic people search services, clinical trial support services, background investigations, genealogical research, probate research and missing heir identification. This Privacy Notice covers the following websites:
https://omnitrace.com/ltfu-patient-search/
Who we are:
OmniTrace Corp.
6231 PGA Boulevard
Suite 104-202
Palm Beach Gardens, FL 33418
Data Protection Representative: David Betz
What information do we collect and how do we use it?
United States
If you complete an online form, or send us an email to request information about our services (e.g. global and domestic people search services, clinical trial support services, background investigations, genealogical research, probate research and missing heir identification), then we may collect and use Personal Data about you but only that information that you willingly supply such as:
Name
Email address
Address
Telephone number
Emergency Contact Information
Such information is willingly provided by you and is used by us for our legitimate business interests, registering you for any services you have requested and responding to any queries or requests.
European Union
OmniTrace does not market or promote services online in the EU. If you complete our online form, or send us an email to request information about our services then we may collect and use personal data about you but only that information that you willingly supply such as:
Name
Email address
Business Address
Telephone Number
This information will only be utilized for standard business-related purposes and will not otherwise be utilized, transferred or disclosed to third parties.
Relating to OmniTrace’s clinical trial support services, any information regarding EU Data Subjects participating in clinical trials received by OmniTrace in the USA is obtained via the Data Controller and only when the EU Data Subject has consented through an Informed Consent Document (ICD). Information on Data Subjects is not stored in any databases and is not used for any purpose other than that stated in the ICD. No information is stored on local systems and all data transfer is done via secure third-party transfer in accordance with the EU GDPR Articles (25,30,32), UK GDRP and revised Swiss Federal Data Protection Act (revFADP – effective date September 1, 2023). Physical information is only maintained for the specified amount of time and is destroyed upon completion of services and/or as requested by the Data Controller. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, OmniTrace is providing for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA. These standard contractual clauses have been enhanced based on the guidance of the European Data Protection Board under the new Schrems II ruling.
Information that may be received via the Data Controller includes, but may not be limited to, the following:
Name
Address
Telephone Number
Date of Birth
No sensitive Personal Data is collected regarding any EU Data Subject. Sensitive data includes race or ethnic origin, political opinions, religious beliefs, trade union memberships, mental health, physical health, sexual life, commission of any offense, commission of any alleged offense and genetic information.
What legal basis do we have for processing your Personal Data?
If you contact OmniTrace by completing our online form on our website or request OmniTrace’s assistance via other means, OmniTrace will process your Personal Data to the extent it is necessary for the purpose of our legitimate interests to fulfil your request and communicate with you.
If we received your EU Personal Data via a Data Controller, OmniTrace will process your Personal Data solely for the purpose as described in the Informed Consent Documents and only as you have consented.
How do we share your Personal Data?
We do not sell, rent, or lease your personal data to third parties. We may share your personal data with third-party service providers who help us provide our services to you. We have data processing agreements in place with any third-party service providers we work with to ensure that they also comply with GDPR.
Where do we store, secure and process Personal Data?
As related to global and domestic people search services, background investigations, genealogical research, probate research and missing heir identification services, Personal Data received directly from you via our websites or other acceptable means is stored electronically on OmniTrace devices utilizing industry standard security including anti-viral and firewall protection and as required by OmniTrace data security policies.
As related to clinical trial services, Personal Data received via a Data Controller is not stored electronically. Clinical trial related Personal Data is securely maintained in hard copy format. To the extent OmniTrace utilizes third party vendors and service providers to process Personal Data, third party vendors and service providers are contractually obligated to maintain Personal Data as directed by OmniTrace and in compliance with local data privacy legislation. OmniTrace receives Personal Data from the European Economic Area but does not transfer data outside the European Economic Area.
OmniTrace maintains a Privacy and Data Security Policy, Acceptable Use Policy, Risk-Assessment Programs, Clean Desk Clear Screen Policy, Business Continuity Plans, Issue Escalation Policies, Vendor Review programs and other related policies and procedures that address and assure the adequate security of your Personal Data.
How long do we keep your Personal Data for?
Personal Data collected directly from you for services related to global and domestic people search services, background investigations, genealogical research, probate research and missing heir identification services is maintained for a period of two years as required by local law.
Personal Data collected for clinical trial support services via Data Controller is maintained for a period of time as required by contract and/or as agreed to with the Data Controller. Personal Data is destroyed utilizing accredited third-party document destruction services.
What are your data protection rights?
- The right to access – You have the right to request from us copies of your personal data. We may charge you a small fee for this service.
- The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete information you believe is incomplete.
- The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that we restrict the processing of your personal data under certain conditions.
- The right to object to processing – You have the right to object to our processing of your personal data under certain conditions.
- The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: customercare@omnitrace.com or call us at 561-470-8937 or write us at 6231 PGA Boulevard., Suite 104-202, Palm Beach Gardens, FL 33418
When will changes to this Privacy Notice occur?
We may update this Privacy Notice from time to time to reflect changes in our policies, practices and procedures. If changes are made we will reflect this by updating the effective date of this Privacy Notice.
How do we handle data breaches?
In the event of a data breach that is likely to result in a risk to the rights and freedoms of users, we will notify the affected users without undue delay.
What are cookies and how do we use them?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. We do not utilize cookies on our websites to collect information about you or your behavior.
How to contact us?
If you have any questions about this Privacy Notice or our policies and procedures you may contact us in writing at:
OmniTrace Corp.
6231 PGA Boulevard
Suite 104-202
Palm Beach Gardens, FL 33418
Phone: 561-470-8937
Attention: Data Privacy Representative