DistillerSR Inc. Privacy Statement

Version 5.0 | April 2022

Purpose

This Privacy Statement lets you know how we collect, use, disclose, and protect the personal information you entrust to us. We have changed our policies and procedures based on the European General Data Protection Regulation (“GDPR”).

When we refer to ‘personal information‘ or ‘personal data‘, we mean information about an identifiable natural person. In other words, information about someone we can identify, directly or indirectly, using an identifier like a name, an identification number, location data, an online identifier, or someone we can identify using one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

This Privacy Statement does not apply to data you upload through our software like medical literature references, project workflow, research data, etc., from which you use our software to generate output data (“Customer Data”). Customer Data is subject to the agreement between you and DistillerSR Inc. when you purchase a subscription to use our software.

We do not knowingly collect, process, or retain any:

special categories of personal information like personal information of children under the age of 16
personal health information, personal financial information, or any other special category of information.

What Personal Information Do We Collect?

When you purchase a subscription to use our software or opt-in to receive marketing or sales communications from us, we collect the following personal information about you, and/or your organization:

Name & address
Organization’s name and job title
Postal code
Phone number
Email address for work contact
Purchase history
DistillerSR Inc. software product/service preferences
Payment information

DistillerSR Inc. Personnel

If you are an employee or a potential employee of the Company, we collect personal information including your name, address, telephone number, date of birth, social insurance number, banking information, benefit information, emergency contact information, resume, and/or reference details. The list is non-exhaustive and other information that is voluntarily provided by the employee may also be maintained.

Use of Software

When you and/or your users login to use our software, we also collect:

Usernames and work email addresses, for the purposes of recording use of our system and maintaining the audit logs which are required for regulatory compliance of our software and which are a critical feature of our system
First and last name, and job title, to assist with internal market research, improve our Services, and maintain audit logs for regulatory compliance of our software
Information about your computer, including your IP address, the type of operating system and browser you use, and your login credentials
What pages you visit on our site, what links you click on, and what changes you make to your studies (including reports generated), again in order to maintain the audit trail and provide software functionality
Performance and use metrics on your use of the system, such as project size, project complexity, system response times and so on, to enable us to continually improve our software and the user experience

Use of Website, Cookies, and Tracking Technology

When you visit our website (https://www.distillersr.com), we collect:

The personal information you choose to share with us by completing the contact form on the site
Standard IP address, browser type, and navigation information about pages visited from your visit so that we can understand the traffic to our website
Website activity information received anonymously through Google Analytics

We also make use of browser cookies to provide software functionality for our users and to provide us with additional information about traffic to our site, and your use of the site.

A cookie is a small text file that the website sends to your browser, which then stores the cookie on your hard drive to save you time, provide you with a more meaningful visit, and measure website activity. We use a pop-up window on our site to ask that you opt-in to our use of cookies in this way.

You can set up your browser to disable cookies at any time. For instructions on how to disable cookies, please visit the links below:

Do Not Track

As there is not yet a common understanding of how to interpret Do Not Track (“DNT”) signals, DistillerSR Inc. does not current respond to browser DNT signals.

Sale of Information

DistillerSR Inc. does not sell personal information we collect.

How Do We Use Personal Information?

The reasons we collect personal information from you are:

To provide our services and customer technical support to you under the agreement between you and DistillerSR Inc.
To communicate with you regarding administrative matters such as regulatory compliance and software release activities
For contact relationship management including notification to customers of expiring subscriptions or providing you with information such as a blog post notification or white papers that you have requested
To improve our customer service and evaluate customer experience, for example evaluating the compatibility of your browser with DistillerSR Inc. software or asking you to provide feedback on certain features
For research & analysis to better understand how you use our Services and how to continually improve them
To conduct security checks and verify identities
To inform you of security breaches and comply with our legal obligations
To receive orders from and corresponding with customers
To complete a sale/transaction, collect fees, process payments, or provide receipts and reports
To initiate and maintain employment relationships, including the provision of compensation and other benefits

We will obtain consent from you before we use or disclose your personal information, other than as may be required by law.

Third-Party Service Providers

From time to time we need to disclose your personal information to another company to provide you with our services. For example, we give your name and address to a courier company to complete delivery of a hard copy of our contract together. Third-party Service Providers may be used for the following functions: sending communications, processing payments, assessing compliance risks, analyzing data, providing marketing and sales assistance (including advertising and event management), conducting customer relationship management, and providing training. These third-party service providers have access to the minimum personal information needed to perform their functions, but may not use it for other purposes. All our third-party service providers must meet DistillerSR Inc.’s privacy commitments, and they must process that information in accordance with applicable data protection law. We encourage you to review the privacy policies of our third-party service providers. For security reasons, we have not listed all our third-party service providers here. We would be happy to discuss your privacy concerns; contact us at [email protected].

Sales And Marketing

We like to send you information about our products and services that we think might interest you. Unless we already have a business relationship with you or you have offered your contact information to us (i.e. business card), we will always ask for your consent to receive sales and marketing information before sending you any communications.

You can always opt-out of our sales and marketing communications. If you wish to opt-out of receiving sales and marketing communications, please contact [email protected] or select the unsubscribe link in an email you receive.

We will provide you with our response to that request in a timely fashion, and can make appropriate modifications to our information, up to and including deletion.

DistillerSR Inc. does not otherwise share your information with any third parties for sales and marketing purposes.

Students

To create and have access to a student account, DistillerSR Inc. requires personal information to verify student status.

If you are a post-secondary student and have submitted your personal information to DistillerSR Inc. to apply for a student account, you acknowledge that you have reached the age of majority in your jurisdiction and that you can give your informed and meaningful consent to our collection, use, retention, disclosure or processing of your personal information.

How Do We Store And Retain Data?

We store your personal information on secure servers with Amazon Web Services (AWS), U.S. East.

We retain information throughout the relationship between you and DistillerSR Inc. and as necessary for us to comply with our legal obligations. Once we no longer need the information for the purpose for which it was collected, we securely dispose of or de-identify the personal information unless otherwise required by law or requested by you in writing under your rights (See: What Rights Do You Have?).

What Rights Do You Have?

You have the right to request access or corrections to your personal information, subject to our legal requirements. Please send us your request at [email protected] and we will respond within 30 calendar days.

You have the right to request copies of your personal information
You have the right to request that we correct any information you believe is inaccurate

You have the right to withdraw your consent for us to collect or process your personal information. We will endeavor to comply with the request and adjust our practices regarding your personal information within a reasonable time. Withdrawing consent does not affect the legality of our collection, use, disclosure, and retention of the information before withdrawal.

If you do not want us to continue contacting you, we will add your contact information to a ‘do not send’ list to comply with your no-contact request. If you request to be placed on a ‘do not send’ list, your name and limited contact information will be kept on that list.

In some jurisdictions, you may also have the right to:

Request copies of your personal information
Request that we correct any information you believe is inaccurate or incomplete
Request that we transfer the data we have collected to another organization, or directly to you, under certain conditions
Request that we erase your personal information, subject to retention required by law
Request that we restrict processing of your personal information, under certain conditions
Know when your personal information has been breached and there is a real risk of significant harm

A good explanation of European data subject rights is available on the website of the United Kingdom’s Information Commissioner’s Office.

To exercise any of these rights, please contact us at [email protected].

Your activities in the software are tracked only to ensure that the audit logging features of our software are complete. This is required for DistillerSR Inc. to maintain 21 CFR Part 11 regulatory compliance (Code of Federal Regulations), as our customers use that information to support regulatory submissions based on the output from our systems. The specific personal information tracked through software use is minimal and project-related only. We are unable to adjust the audit trail in any project, and therefore cannot honour deletion requests related to software use.

We may still need to send you important information about your DistillerSR Platforms accounts, even if you opt out of receiving other updates from us, to provide you with technical support or otherwise satisfy our legal obligations.

Protecting Personal Information

DistillerSR Inc. protects personal information using technical, physical, and administrative methods.

We ensure that all interactions between your computer and our servers for use of our software are encrypted, and we use a number of advanced security features built into our software and associated with our hosting infrastructure to ensure that your personal information remains protected at all times. The technical security features include:

Firewall
Intrusion detection software
Multi-factor authentication
Network encryption
Secure password protection
Checksums/hash totals

We also implement physical security measures at our facility in Ottawa, Ontario, Canada, such as key-card access to our offices and monitored alarms. Any personal information is kept under lock and key, and only accessed by trained employees with proper clearance on a need-to-know and limited basis. We limit the creation of printed materials to what is necessary to fulfill our functions to reduce the risk of a security breach, and we ensure that when storing or transporting information appropriate measures are taken such as using sealed envelopes,
containers, locks, or equivalent devices.

Access to the backend of the software is restricted to only specific members of Senior Management and certain employees. All our employees and short-term contractors who have access to personal information have completed national level police checks prior to their engagement at DistillerSR Inc. As part of our administrative measures, our Information Security Officer conducts periodic audits and risk assessments to ensure that we maintain up-to-date and appropriate security practices.

The security provisions of Amazon Web Services (AWS) is described in security and compliance whitepapers published by AWS; they can be found by visiting https://aws.amazon.com/whitepapers/#security.

You acknowledge that no security system is impenetrable. By sharing personal information with us, the personal information may be at risk should an external party breach our systems. We will comply with our legal obligations to notify you as soon as is feasible if it is reasonable to believe that a breach has created a real risk of significant harm to you.

International Transfers

Some of our third-party service providers are based in countries that do not have equivalent privacy and data protection laws to those of your country of residence. If we share personal information for customers in the European Economic Area (“EEA”) with third parties outside the EEA, or to a country the European Commission has not deemed ‘adequate’, we will ensure the third-party agreements require them to abide by necessary policies and certifications such as relevant certifications, standard contractual data protection clauses, binding corporate rules,
or other appropriate legal mechanisms.

Changes To Our Privacy Statement

We keep our Privacy Statement and privacy practices under regular review and will change this Privacy Statement from time to time. If we make any significant changes, we will notify you of the changes by posting them on our website or sending you an email, and we will change the last updated date at the bottom of this Privacy Statement.

Contact Information

If you have questions or concerns regarding data protection and privacy at DistillerSR Inc., we encourage you to contact our Privacy Officer, Contracts Administrator/ Law Clerk, or General Counsel at:

DistillerSR Inc.
505 March Road, Suite 450, Ottawa, Ontario, Canada K2K 3A4
T: 1.844.622.8727 (toll free)
E: [email protected]

Appropriate Authority

Should you wish to report a complaint, or if you feel that DistillerSR Inc. has not addressed your concerns in a satisfactory manner, you can contact the appropriate governmental authority in your jurisdiction. This would be a data protection authority, information commissioner’s office, or other supervisory authority.

In Canada you may contact:

if you are in Ontario: https://www.priv.gc.ca/
If you are in Quebec: https://www.cai.gouv.qc.ca

Last Updated: April 2022