privacy notice pre
privacy notice post

Privacy Notice

Summary

Sapio certifies that it adheres to the Privacy Policy ascribed below in regards to of notice, choice, onward transfer, security, data integrity, access, and enforcement for personal data processed by our customers in the European Union, the United Kingdom and Switzerland.

Data Collected

Sapio’s software is intended to collect the data necessary to accomplish a customer’s LIMS and ELN goals. This may include metrics/data used for proprietary laboratory goals, users’ personal data such as name, title, email, and Protected Health Information (PHI) in some clinical instances. Sapio also records an audit trail of all data changes made by users of the system and the date/time in which they were made.

We process Customer Data in accordance with Customer’s instructions, including any applicable terms in a customer’s agreement with Customer and Customer’s use of Sapio’s functionality, and as required by applicable law. Sapio Sciences is a processor of customer data and the customer is the controller. This data may be used to perform customer specific requirements of the software such as calculations, process tracking, sample, storage, and reagent inventory, etc., to follow the instructions of the customer who submitted the data, or in response to contractual requirements with our customers. This data is encrypted if Sapio Sciences provides the hosting. This data is in the control of the customer in the case where they install Sapio on premise within their own administrator controlled environments.

Our website uses cookies which may capture Personally Identifying Information. These cookies are used to make the users web browsing experience on our website better by providing sessions across multiple web pages or for use in various multimedia on it.

Data Sharing

Sapio Sciences uses a limited number of third party providers to assist in providing consulting and hosting services. These third party providers may be contractually requested by the customer or Sapio for consulting or IT services, or on behalf of Sapio to fulfill business requirements. We accept certain liability for data that is transferred to third parties on our behalf provided that data was not accessed improperly. The third parties are as follows:

Sapio will not disclose/share personal information outside of these third party providers. Individuals may request that their personal information not be shared with these entities by contacting the customer who owns the Sapio software that houses their data. Alternatively, individuals may also email support@sapiosciences.com to make this request and Sapio will work with the customer to ensure steps to prevent their personal data from being accessed in accordance with the individual’s request.

Questions or Complaints

If you are a resident of a European country and you believe we maintain your personal data within the scope of this policy, you may direct any questions or complaints concerning our Privacy Policy compliance to support@sapiosciences.com or at our mailing address:

Sapio Sciences LLC
400 East Pratt St, Suite 800
Baltimore, MD 21202
United States
We will work with you to resolve your issue.

Dispute Resolution

We commit to cooperate with competent EU, Swiss and UK data protection authorities (DPAs) with regard to our customers end users’ human resources data and non-human resources data transferred from a European country.

Arbitration

You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the privacy policy with respect to the resident.

Right of Access

Personal data within Sapio always adheres to access control policies set forth by the customer. Sapio can be customized to limit any data to only specific users of the system including administrators, managers, or whatever other roles were configured within the system. Therefore, the right to access data is configurable for each customer allowing them to abide by any required laws.Some international users (including those whose personal data is within the scope of this privacy policy) have certain legal rights to access certain personal data we hold about them and to obtain its correction, amendment or deletion. Our personnel have a limited ability to identify and access an individual user’s personal data that a customer has submitted through the Sapio software. If you wish to request access, to limit use, or to limit disclosure, we may first refer your request to the customer who submitted your personal data, and we will support them as needed in responding to your request. This procedure is outlined below.

Initial requests to Sapio Sciences for data access, correction, amendment, or deletion by an individual with personal data held within an instance of the Sapio software will be directed to the customer of the Sapio software since they will administrate access control to their own data. The individual will be informed to contact the customer and Sapio will provide contact information if needed. The individual will be alerted to contact us again if they are unsuccessful in contacting and obtaining the needed data with the customer.

If the individual is unsuccessful in retrieving the needed data from the customer and contacts Sapio again, we will collect the individual’s contact information and reason for the request. The individual will be informed that we will alert the customer to the request.

Sapio Sciences will make a best effort attempt to contact the customer on behalf of the individual and pass them the individual’s information and request. We will alert the customer that the requesting individual was unsuccessful in retrieving the data through the customer previously. On many occasions, the customer will elect to the handle the rest of this for us.

In the event the customer passes the responsibility to Sapio Sciences to address the individual’s request, we will contact the individual and request they provide verification of their identity by providing a scan of a government issued ID. The individual will be alerted that Sapio will retrieve the information on behalf of the customer.

Once the individual’s ID is verified, we will provide the requesting individual with a csv copy of the requested data or will perform legally required actions as requested by the individual.

Requirement to Disclose

We may disclose personal data when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.

Changes to this Privacy Policy

Sapio Sciences reserves the right to change this Privacy Policy from time to time. Customers will not be notified about changes to this Privacy Policy. Sapio will maintain its current policy on this website so please check here to see the latest updates. Your continued use of the Sapio Sciences website, Sapio, and any other services offered by Sapio Sciences LLC after such modifications will constitute your: (a) acknowledgment of the modified Privacy Policy; and (b) agreement to abide and be bound by that Policy.