Data Privacy Framework
SCC SOFT COMPUTER (SCC) DATA PRIVACY FRAMEWORK
SCC has self-certified to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework.
Privacy Statement
SCC has established this privacy statement in order to demonstrate our commitment to Privacy:
As a leading provider of clinical information systems software and solutions for the healthcare industry, SCC is committed to protecting the privacy of all personal information it receives, maintains, and/or transmits in accordance with applicable national and international Privacy laws and regulations; and to incorporate applicable privacy requirements into SCC’s processes, procedures, and information systems.
Purposes of data collection
Patient Data received by SCC (Patients of SCCâs clients): SCC’s clients, as the data controllers, collect or receive personal data from patients (data subjects) and determine the processing purpose of that data. SCC, as a data processor, receives data for processing from its clients. SCC processes this data at the instruction of its client and has no direct relationship with the individuals to whom such personal data relates. SCC does not own or determine the purpose for which this data is processed. As a data processor acting on behalf of an SCC client who is the data controller, SCC is required to perform its services in accordance with the Data Privacy Principles and its contract with the client.
Limited Personal Data received by SCC (Employees of SCCâs clients): As a manufacturer of Laboratory and Genetics Information Systems, SCC assists its clients in the implementation and support of SCC solutions in their healthcare environments. SCC collects or receives limited clientsâ employee Personal Data for business operations such as sales, consulting, licensing, customer support, and other similar transactions to improve SCCâs products and services. SCC may hold and process clientsâ employee personal data such as name, work role, email, telephone number, work address and any other personal data provided to SCC by its clients. As a data controller of such data, SCC is required to protect the privacy and security of such data in accordance with the Data Privacy Principles and other Privacy regulations.
Human Resource Data received by SCC (Employees of SCCâs suppliers): SCC may outsource business services to contractors, vendors or suppliers. As such, SCC may receive, hold, and process human resource/personal data from such contractors, vendors or suppliers limited to what is necessary in the business relationship, e.g. name, work role, email, telephone number, work address, payment records, contracts and business correspondence. As a data controller of such data, SCC is required to protect the privacy and security of such data in accordance with the Data Privacy Principles and other Privacy regulations.
Personal Data received or collection through SCCâs Website: SCC’s Internet Privacy Policy
Data Privacy Affirmation statement
SCC complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-US Data Privacy Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Data Privacy. SCC has certified that it adheres to the Data Privacy Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Data Privacy Principles, the Data Privacy Principles shall govern. To learn more about the Data Privacy program, and to view our certification page, please visit https://www.dataprivacyframework.gov/.
SCCâs execution of the Data Privacy Principles may be limited in certain circumstances, in particular:
- Where adherence to the Data Privacy Principles interferes with product safety and efficacy monitoring or compliance activities (e.g., FDA);
- Where there is a conflicting or overriding legal obligation;
- To the extent expressly permitted by any applicable law or regulation; or
- Where SCC receives personal data as a âdata processorâ acting on the instructions of its client, principle obligations are limited to onward transfer, security, access, and enforcement. SCCâs client and vendor, as the âdata controllerâ, remains responsible for notice, choice, and data integrity.
SCC is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) relative to the Data Privacy Principles.
Data Privacy Policy Elements
Notice: SCC will inform individuals for whom it is a data controller that it participates in the Data Privacy; the purpose and use of the personal information; about how individuals can contact SCC with any inquiries or complaints; the types of third parties to which it discloses the information; the purpose for which it discloses; individual right to access their personal information; the choices and means SCC offers for limiting use and disclosure of the information; SCCâs dispute resolution body; possibility for binding arbitration; SCC may be required to disclose personal information in response to lawful request by public authorities; and SCCâs potential liability in onward transfers to third parties.
Choice: SCC will offer individuals for whom it is a data controller the opportunity to choose whether their personal data is (1) to be disclosed to a third-party controller or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Individuals may opt-out by using the contact information listed below.
Accountability for Onward Transfer: Personal data controlled by SCC may be disclosed to service providers for processing personal data on behalf of SCC and subject to SCCâs instruction. SCC limits the data transferred to a service provider to data that is necessary to carry out the function SCC has contracted with the third-party transferee to perform. SCC will enter into a written contractual agreement with a third-party controller prior to onward transfer of personal data to obtain assurance from the third party that they will safeguard the data in a manner consistent with the Data Privacy Principles. SCC will take responsible and appropriate steps to ensure that the third party effectively processes the personal information transferred in a manner consistent with SCCâs obligations under the Data Privacy Principles. Upon learning of unauthorized processing, SCC will take reasonable and appropriate steps to prevent or stop the use or disclosure and remediate the unauthorized processing.
Security: SCC has put in place appropriate administrative, technical, and physical safeguards to protect data in its possession from loss, unauthorized access and use, disclosure, alteration, or destruction.
Data Integrity and Purpose Limitation: When acting as a âdata controllerâ, SCC will process personal data only in a way that is compatible with and relevant to the purpose for which it was collected or received. SCC take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. SCC will adhere to these principles for as long as it retains such data.
Access: When acting as a âdata controllerâ, SCC will support requests made by individuals addressed to access, correct, amend, or delete their data held by SCC. Such requests are subject to certain legal limitations. Individuals should direct their inquiry to the company contract information listed in the Contact Information section
Recourse, Enforcement, and Liability: SCC will conduct periodic compliance audits of its relevant Privacy practices to verify adherence to this policy and will self-certify with the US Department of Commerce, Data Privacy. SCC will evaluate all complaints made to SCC. SCC will take disciplinary action for any employee that SCC determines is in violation of SCCâs Privacy policies.
Inquiry or complaint resolution
SCCâs Contact Information: In compliance with the Data Privacy Principles, SCC commits to resolve inquiries or complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Data Privacy. Individuals with Data Privacy inquiries or complaints should first contact SCC at:
Kenton Smith, Chief Privacy Officer
SCC Soft Computer
5400 Tech Data Drive
Clearwater, FL 33760
Phone: (727) 789-0100
Email: privacy@softcomputer.com
Independent dispute resolution: SCC has further committed to refer unresolved privacy complaints under the Data Privacy Principles to an independent dispute resolution mechanism, JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit JAMS https://www.jamsadr.com/DPF-Dispute-Resolution for more information and to file a complaint. This service is provided free of charge to you.
Inquiry or compliant involving human resource data: For EU/EEA Data Subjects, the EU data protection authorities (âDPA Panelâ) has established an independent recourse mechanism for human resource compliant resolution. To file an inquiry or complaint, contact the state or national data protection or labor authority in the jurisdiction of work. SCC has registered with the DPA Panel and agrees to cooperate and comply with the decisions of the DPA Panel.
If your Data Privacy complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. Please visit https://www.dataprivacyframework.gov/.
Effective date: May 7, 2024