Privacy Policy

Information You Provide to Us

• If you visit our website we may collect Personal Data from you, such as your first and last name, gender, email and mailing addresses, professional title, company name, and password when you create an account to log in to our network (“Account”).
• If you tell us where you are (e.g., by allowing your mobile device to send us your location), we may store and use that information as part of our product development or quality control processes.
• Certain Services, such as two-factor authorization, may require our collection of your phone number. We may associate that phone number to your mobile device identification information.
• We retain information on your behalf, such as files and messages that you store using your Account.
• If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply.
• When you load content (text, images, messages, comments or any other kind of content that is not your email address) on our Site, the information contained in your content will be stored in our servers and authorized users will be able to see it.
• We also collect other types of Personal Data that you provide to us voluntarily, such as your operating system and version, product registration number, and other requested information if you contact us via email regarding support for the Services.

Information Collected via Technology

• Information Collected by Our Servers. To make our Site and Services more useful to you, our servers (which may be hosted by a third-party service provider) collection information from you, including your browser type, operating system, Internet Protocol (“IP”) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.
• Log Files. As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet Service Provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends, administer the Site, track users’ movements around the Site, gather demographic information about our user base as a whole, and better tailor our Services to our users’ needs. For example, some of the information may be collected so that when you visit the Site or the Services again, it will recognize you and the information could be used to serve advertisements and other information appropriate to your interests. Except as noted in this Privacy Policy, we do not link automatically-collected data to Personal Data.
• Cookies. Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs.
• Pixel Tags. In addition, we may use “Pixel Tags” (also referred to as clear Gifs, web beacons, or web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to Cookies, that are used to track online movements of website users. In contrast to Cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in web pages. We do not tie the information gathered by Pixel Tags to our users’ Personal Data.
• Mobile Services. We may also collect information from your mobile device if you have downloaded our Application(s). This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include your geographic location, how you use the Application(s), and information about the type of device you use. In addition, in the event our Application(s) crash on your mobile device, we will receive information about your mobile device model and software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our Application(s). This information is sent to us as aggregated information and is not traceable to any individual and cannot be used to identify an individual.
• Analytics Services. In addition to the tracking technologies we place, other companies may set their own cookies or similar tools when you visit our Site. This includes third party analytics services, including but not limited to Google Analytics (“Analytics Services”), that we engage to help analyze how users use the Site. We may receive reports based on these parties’ use of these tools on an individual or aggregate basis. We use the information we get from Analytics Services only to improve our Site and Services. The information generated by the Cookies or other technologies about your use of our Site and Services (the “Analytics Information”) is transmitted to the Analytics Services. The Analytics Services use Analytics Information to compile reports on user activity. The Analytics Services may also transfer information to third parties where required to do so by law, or where such third parties process Analytics Information on their behalf. Each Analytics Services’ ability to use and share Analytics Information is restricted by such Analytics Services’ Terms of Use and Privacy Policy. By using our Site and Services, you consent to the processing of data about you by Analytics Services in the manner and for the purposes set out above. For a full list of Analytics Services, please contact us at privacy@vineti.com.

General Use of Personal Data

We use Personal Data in the following ways:

• facilitate the creation of, and secure, your Account on our network;
• identify you as a user in our system;
• identify you as a recipient of our Services;
• provide improved administration of our Site and Services;
• provide the Services you request;
• improve the quality of your experience when you interact with our Site and Services;
• send you a welcome email to verify ownership of the email address provided when your Account was created; 
• send you administrative notifications via email and other communication means, such as security, or support and maintenance advisories;
• respond to your inquiries related to employment opportunities or other requests;
• make telephone calls to you, from time to time, as part of secondary fraud protection or to solicit your feedback, and
• periodically send you free newsletters and emails that directly promote the use of our Site or Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly (please see contact information above). Despite your indicated email preferences, we may send you service-related communications, including notices of any updates to our Terms of Use or Privacy Policy.

Creation of Anonymous Data

We may create Anonymous Data records from Personal Data and/or PHI by excluding information that makes the data personally identifiable. We use this Anonymous Data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site navigation. We may also use this Anonymous Data to perform outcome studies, market research, improve manufacturing processes, or assess patient engagement. We may share this Anonymous Data with third parties for similar use by such third parties. We reserve the right to use Anonymous Data and aggregated and other de-identified information for any purpose and disclose Anonymous Data to third parties in our sole discretion.

Third-Party Websites

Our Site may contain links to third party websites.  When you click on a link to any other website or location, you will leave our Site and go to another site and another entity may collect Personal Data or Anonymous Data from you.  We have no control over, do not review, and cannot be responsible for, these outside websites or their content.  Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content or to any collection of your Personal Data after you click on links to such outside websites.  We encourage you to read the privacy policies of every website you visit.  The links to third-party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content or websites.

Disclosure of Personal Data and PHI  

Authorized third-party vendors that provide infrastructure services, technical support services, vendors that provide other services to the company and limited members of the Human Resources, Engineering, Finance, and Customer Support departments of Vineti may access and otherwise process Personal Data and PHI in connection with their job responsibilities or contractual obligations. Some of these personnel and third-party vendors are located around the world, including in countries that may not provide the same level of data protection as the home country of the individual. The Company takes appropriate steps to ensure that such personnel and third-party vendors are bound to duties of confidentiality and the Company implements measures such as standard data protection contractual clauses to ensure that any transferred Personal Data remains protected and secure.

Where do we store and process personal data and PHI?

Personal Data and PHI are stored in the location specified by the owner of the data. For Patient PHI, the Vineti Customer is responsible for determining the location the data should be stored and communicating that requirement to Vineti. Vineti stores data that is created in the United States of America in the United States of America and data that is created in the European Union in the European Union. If a Customer wishes to change the data storage location, this request may be communicated to Vineti. Data may be moved to a jurisdiction outside of where it was created for processing. For data created in Europe, Vineti will obtain the proper consent from either the Visitor, Healthcare Professional, or Customer to move the data for processing, including to locations outside of the European Union.

How do we secure personal data?

The Company maintains reasonable security measures to safeguard Personal Data and PHI from loss, interference, misuse, unauthorized access, disclosure, alteration or destruction. The Company also maintains reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete, and current.

How long do we keep your personal data and PHI for?

Vineti only keeps data for as long as the data is needed to perform the Services or for as long as required by law or regulation.

Your Rights to your Personal Data and PHI

If you would like to view, request changes to, or ask for the deletion of any of your Personal Data please contact customer service at privacy@vineti.com. You can stop a new collection of information by ceasing usage of the web application or terminating your account. 

To learn more about our Privacy Shield, please click here. 

What information do we collect?

“Personal Data” means information that alone, or when in combination with other information, may be used to readily identify, contact, and locate you, such as: name, address, email address, or phone number.

“Anonymous Data” means data that is not associated with, or linked to, your Personal Data or PHI. Anonymous Data does not, by itself, permit the identification of individual persons. We collect Personal Data, PHI, and Anonymous Data, as described below.

“Protected Health Information (PHI)” means information that is created or received by Vineti and relates to the past, present, or future physical or mental health or condition of the Patient; the provision of health care to a Patient; or the past, present, or future Payment for the provision of health care; and that identifies the Patient or for which there is a reasonable basis to believe the information can be used to identify the Patient. Protected health information includes information about persons living or deceased whether in electronic, printed, or spoken form. PHI may include many common identifiers, such as name, address, birth date, Social Security Number and dates of admission, service, or discharge. Identifying information about Patients obtained by or created by Vineti is treated as PHI for purposes of this Policy unless it has been de-identified consistent with applicable law.

We collect the following types of data:

• Name
• Date of Birth
• Address
• Email Address
• Telephone Number
• CV
• Employment History
• Education History
• Reference Contacts
• National Insurance Number/Social Security Number
• Gender
• Nationality
• Place of Birth
• Marital Status
• Health Data
• Biometric Data including weight, blood volume, and other metrics as required by specific products
• Location treatment is provided
• Name of Physician
• Date(s) of Treatment(s)

Information you provide to us

• If you use our Services, we will collect your email, location, and we may collect your phone number.
• If you tell us where you are (e.g. by allowing your mobile device to send us your location), we may store and use that information as part of our product development and quality control processes.
• Certain Services, such as two-factor authorization, may require our collection of your phone number. We may associate that phone number to your mobile device identification information.
• We retain information on your behalf, such as files and messages that you store using your Account.
• If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply.
• When you load content (text, images, messages, comments or any other kind of content that is not your email address) on our Site, the information contained in your content will be stored in our servers and authorized users will be able to see it.
• We also collect other types of Personal Data that you provide to us voluntarily, such as your operating system and version, product registration number, and other requested information if you contact us via email regarding support for Services.

Information Collected via Technology

• Information Collected by Our Servers. To make our Site and Services more useful to you, our servers (which may be hosted by a third-party service provider) collection information from you, including your browser type, operating system, Internet Protocol (“IP”) address (a num,ber that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.
• Log Files. As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet Service Provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends, administer the Site, track users’ movements around the Site, gather demographic information about our user base as a whole, and better tailor our Services to our users’ needs. For example, some of the information may be collected so that when you visit the Site or the Services again, it will recognize you and the information could be used to serve advertisements and other information appropriate to your interests. Except as noted in this Privacy Policy, we do not link automatically-collected data to Personal Data.
• Cookies. Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs.

Collection of Personal Health Information

Customers or Healthcare Providers using our Customer’s products may load PHI onto our servers as part of the Services. Customers and Healthcare providers may only provide PHI to us with authorization from the individual Patient who is the subject of the PHI. If you do not have such an authorization, you may not load any PHI onto our servers or use our Services in any way for those Patients. It is the responsibility of the Customer and Healthcare Provider to ensure that they have received appropriate authorization from the Patient.

General Use of Personal Data

We use Personal Data in the following ways:

• facilitate the creation of, and secure, your Account on our network;
• identify you as a user in our system;
• identify you as a recipient of our Services;
• provide improved administration of our Site and Services;
• provide the Services you request;
• improve the quality of your experience when you interact with our Site and Services;
• send you a welcome email to verify ownership of the email address provided when your Account was created; 
• send you administrative notifications via email and other communication means, such as security, or support and maintenance advisories;
• respond to your inquiries related to employment opportunities or other requests;
• make telephone calls to you, from time to time, as part of secondary fraud protection or to solicit your feedback, and
• periodically send you free newsletters and emails that directly promote the use of our Site or Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly (please see contact information above). Despite your indicated email preferences, we may send you service-related communications, including notices of any updates to our Terms of Use or Privacy Policy.

Use of PHI

We only use PHI for the purposes that have been authorized by the subject of the PHI for provision of the Services. Customers are responsible for obtaining the authorization from the Patient and must transmit any withdrawal of consent for use of PHI to Vineti. Vineti does not have a direct relationship with Patients and relies on Customers and Healthcare Providers to obtain and appropriately document the consent and withdrawal of the consent.

Creation of Anonymous Data

We may create Anonymous Data records from Personal Data and/or PHI by excluding information that makes the data personally identifiable. We use this Anonymous Data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site navigation. We may also use this Anonymous Data to perform outcome studies, market research, improve manufacturing processes, or assess patient engagement. We may share this Anonymous Data with third parties for similar use by such third parties. We reserve the right to use Anonymous Data and aggregated and other de-identified information for any purpose and disclose Anonymous Data to third parties in our sole discretion.

Third Party Websites

Our Site may contain links to third party websites.  When you click on a link to any other website or location, you will leave our Site and go to another site and another entity may collect Personal Data or Anonymous Data from you.  We have no control over, do not review, and cannot be responsible for, these outside websites or their content.  Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content or to any collection of your Personal Data after you click on links to such outside websites.  We encourage you to read the privacy policies of every website you visit.  The links to third-party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content or websites.

Vineti’s Legal Basis for Data Processing

Collection of PHI is necessary for the provision of health services that your doctor has prescribed. For Personal Data and PHI, Vineti obtains consent from Visitors, Customers, and Healthcare Providers to use their data. Vineti relies on Customers and Healthcare Providers to obtain consent from Patients for use of their PHI for delivery of the Services. Vineti enters into contracts with Customers that document the permitted use of Personal Data and Patient PHI for the performance of the Services. For the use of Personal Data, Vineti will store the consent of each Visitor, Customer, or Healthcare Professional and will allow them to withdraw consent.

Disclosure of Personal Data and PHI  

Authorized third-party vendors that provide infrastructure services, technical support services, vendors that provide other services to the company and limited members of the Human Resources, Engineering, Finance, and Customer Support departments of Vineti may access and otherwise process Personal Data and PHI in connection with their job responsibilities or contractual obligations. Some of these personnel and third-party vendors are located around the world, including in countries that may not provide the same level of data protection as the home country of the individual. The Company takes appropriate steps to ensure that such personnel and third-party vendors are bound to duties of confidentiality and the Company implements measures such as standard data protection contractual clauses to ensure that any transferred Personal Data remains protected and secure.

Where do we store and process personal data and PHI?

Personal Data and PHI are stored in the location specified by the owner of the data. For Patient PHI, the Vineti Customer is responsible for determining the location the data should be stored and communicating that requirement to Vineti. Vineti stores data that is created in the United States of America in the United States of America and data that is created in the European Union in the European Union. If a Customer wishes to change the data storage location, this request may be communicated to Vineti. Data may be moved to a jurisdiction outside of where it was created for processing. For data created in Europe, Vineti will obtain the proper consent from either the Visitor, Healthcare Professional, or Customer to move the data for processing, including to locations outside of the European Union.

How do we secure personal data?

The Company maintains reasonable security measures to safeguard Personal Data and PHI from loss, interference, misuse, unauthorized access, disclosure, alteration or destruction. The Company also maintains reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete, and current.

Vineti also uses enhanced security features including:

• zero-trust network
• AWS security toolkit
• Intrusion Detection which includes behavioral modeling
• MD5-hashing of e-Signature documents
• Penetration testing
• Vulnerability scanning
• TLS v1.2 support
• Roles-based access controls
• User training on security requirements
• End-to-end Encryption
• 2FA and VPM
• Physical Access Controls
• Per-tenant HW Encryption Keys
• Log Aggregation and Analysis
• IDS/IPS, WAF, and CMDB
• Least-privilege Access Controls
• Automated Configuration Reconciliation

How long do we keep your personal data and PHI for?

Vineti only keeps data for as long as the data is needed to perform the Services or for as long as required by law or regulation. For example, because Vineti is storing data related to the use and administration of cell therapy products, Vineti is required to comply with FDA requirements for data retention. Many cell therapy products are required to keep data on the use and administration of their products for 15 years or longer. Therefore, it is possible that Vineti will keep Customer, Healthcare Provider, and Patient data for 15 years or longer after the Service has been provided. Vineti will make reasonable efforts to only store data for the length of time that is required per law or regulation.

Your Rights to your Personal Data and PHI

If you would like to view, request changes to, or ask for the deletion of any of your Personal Data please contact customer service at privacy@vineti.com. You can stop new collection of information by ceasing usage of the web application or terminating your account. 

If you are a Patient and you want to withdraw your sense for use of your PHI, please contact the Vineti Customer who manufactured your cell or gene therapy product. Vineti relies on the consent obtained by our Customers and therefore you must directly contact the Customer to withdraw your consent.

Vineti is required by law and regulation to keep some PHI for safety monitoring and chain of identity. If you withdraw your consent, Vineti will only keep the information that is required by law or regulation.

To learn more about our Privacy Shield, please click here.