Privacy Notice

Summary

Sapio Sciences, LLC (Sapio) is committed to protecting the privacy of the personal data it holds.  In this Privacy Notice, we explain how Sapio collects, uses, stores, shares, and protects your personal data.  Sapio adheres to applicable data protection laws and regulations including but not limited to, the European Union General Data Protection Regulation (GDPR), UK-GDPR, and the California Consumer Privacy Act (CCPA).   This Privacy Notice describes our general practices, but where local laws and regulations require that we process your personal data differently, we will comply with those as applicable.

Types of Personal Data Collected

Sapio collects different types of personal data depending on how you interact with us. 

• Customer Data: Sapio’s software is intended to collect the data necessary to accomplish a customer’s LIMS and ELN goals. Users’ personal data may be collected including name, title, email, and Protected Health Information (PHI) in some clinical instances.  In this role, Sapio Sciences is a processor of customer data and the customer is the controller.  

We process customer data in accordance with customer’s instructions, including any applicable terms in a customer’s agreement with customer and customer’s use of Sapio’s functionality, and as required by applicable law.  This data may be used to perform customer-specific requirements of the software such as calculations, process tracking, sample, storage, and reagent inventory, etc., to follow the instructions of the customer who submitted the data, or in response to contractual requirements with our customers. This data is encrypted when Sapio provides the hosting. This data is in the control of the customer when they install Sapio on premises within their own administrator-controlled environments.

• Job Applicants: Sapio collects personal data from job applicants to evaluate potential candidates for employment.  To do so, we may collect contact information, educational information, and professional experience and qualification details.  Sapio is the controller of this data for this purpose and our legal bases are consent, processing prior to entering into a contract, and our legitimate interest in evaluating potential candidates for hire.
• Website Visitors: Our website uses cookies which may capture personal data, such as your IP address. These cookies are used to make the user’s web browsing experience on our website better by providing sessions across multiple web pages or for use in various multimedia on it.  Sapio is the controller of this data, for data protection purposes and our legal basis for collection is our legitimate interest in running our sites efficiently and improving our websites and services.

Personal Data Usage and Sharing

Sapio Sciences uses a limited number of third-party providers to assist in providing consulting and hosting services. These third-party providers may be contractually requested by the customer or Sapio for consulting or IT services, or on behalf of Sapio to fulfill business requirements. We accept certain liability for data that is transferred to third parties on our behalf provided that data was not accessed improperly. The third parties are as follows:

• AWS Hosting: AWS Privacy
• Google Analytics: Google Privacy
• Zifo RnD Solutions: Zifo Privacy
• Stripe: Stripe Privacy

Sapio will not disclose/share personal information outside of these third-party providers. These providers and Sapio may be located in countries that are different from your own.  Data protection laws in these countries may differ from your country of residence.  Sapio takes appropriate steps to ensure personal data is processed and transferred according to applicable laws.  When necessary, we ensure appropriate safeguards are in place through the use of written agreements, such as Standard Contractual Clauses. 

Individuals may request that their personal information not be shared with these entities by contacting the customer who owns the Sapio software that houses their data. Alternatively, individuals may also email support@sapiosciences.com to make this request and Sapio will work with the customer to ensure steps to prevent their personal data from being accessed in accordance with the individual’s request.

Sapio will never sell your personal data.

Data Subject Rights

You have certain rights with respect to your personal data, although some exceptions may apply depending on our basis for processing your personal data and the laws in your jurisdiction.  Depending on these, you may have the right to:

• Access or request a copy of the personal information we hold about you;
• Ask us to correct information you think is inaccurate or incomplete;
• Ask us to delete your personal data;
• Ask us to restrict the processing of your personal data;
• Object to the processing of your personal data;
• Ask us to transfer your personal data;
• Withdraw your consent to process your personal data if you have provided it;
• Complain to your local data protection authority, although we ask that you contact us first.

With regards to customer data, Sapio has a limited ability to identify and access an individual user’s personal data that a customer has submitted through Sapio software. If you wish to request access, limit use, or limit disclosure, we will first refer your request to the customer who submitted your personal data since they will administrate access control to their own data, and we will support them as needed.

To exercise any of these rights, please email us at dsar@sapiosciences.com.  If limitations apply, we will look at each circumstance and provide you with the reason if we cannot comply with your request.  As required by law, we may take steps to verify your identity prior to taking any actions with regard to your personal data.

Data Retention

Sapio will maintain your personal data only as long as is reasonably deemed required for legal, contractual, or business purposes.  During these periods, we apply appropriate technical and organizational measures to ensure that the privacy of your personal data is maintained.

Questions or Complaints

If you have any questions about how we protect your personal data or comply with data protection laws of your country or state of residence, you can contact us at support@sapiosciences.com or at our mailing address:

Sapio Sciences LLC
400 East Pratt St, Suite 800
Baltimore, MD 21202
United States

We will work with you to resolve your issue.

Dispute Resolution and Arbitration

We are committed to cooperating with competent EEA, Swiss and UK data protection authorities (DPAs) with regard to data transferred from one of these countries.

You may be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of an EEA country must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorneys’ fees. Please be advised that the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the privacy policy with respect to the resident.

Requirement to Disclose

We may disclose personal data when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.

Changes to this Privacy Policy

Sapio reserves the right to change this Privacy Notice from time to time.  Sapio will maintain its current policy on this website so please check here to see the latest updates, which will be noted by the Effective Date.  Your continued use of the Sapio Sciences website, Sapio, and any other services offered by Sapio Sciences, LLC after such modifications will constitute your: (a) acknowledgment of the modified Privacy Notice; and (b) agreement to abide and be bound by that Notice.