REDCap Cloud Privacy Policy 

Effective as of October 28, 2024 

This “Privacy Policy” describes the privacy practices of nPhase, Inc. (nPhase”). This Privacy Policy describes how we collect, use, disclose and otherwise process personal information in connection with our websites, mobile apps, and other services, and explains the rights and choices available to individuals with respect to their information. For convenience, our website and mobile apps are collectively referred to as the “Sites,” and, together with our other services, collectively referred to as the “Services.” This Privacy Policy governs any of the Services on which the Privacy Policy is posted. 

nPhase is committed to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and to the rights of EU, UK, and Swiss individuals. Individuals located in the European Union, the United Kingdom and Switzerland should be sure to read the important information provided below in Cross Border Transfers. 

Summary of Our Privacy Practices 

  • The Types of Information We Collect About You: We collect information that you provide to us, such as your contact details, as well as information that is automatically collected by our Sites, such as your IP address and information collected by our use of Cookies. 
  • Purposes of Processing Your Information: We process information about you in order to provide our Sites and Services; to communicate with you; to comply with law and prevent fraud; and for other reasons with your consent. We may also anonymize your data – which means the data can no longer be used to identify you – in order to perform analytics to learn how to better provide our Sites and Services. 
  • Your Rights and Choices: Depending on your jurisdiction, you may have legal rights associated with our processing of your data, including rights to access, correct, delete, transfer, or object to the processing of your data. Regardless of where you live, we will honor your request to opt out of being contacted by us for marketing reasons. 
  • How to Contact Us: Inquiries/Complaints:nPhase is the Controller of your information when it is processed in the context of our Sites and Services. nPhase commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact nPhase at compliance@redcapcloud.com or write to us at this address . 

However, please note that nPhase’s customers are the Controllers of your data when it is processed in nPhase’s platform, applications, and related services. For example, if you are a patient in a clinical trial, or an investigator who logs into our applications, your Data Controller is the Sponsor of that trial and/or the participating healthcare provider. 

nPhase’s Platform, Applications, and Customer Data 

As part of nPhase’s platform, applications and related services, our customer’s employees and authorized users may enter information from or about their authorized users, employees, and clinical trial subjects (collectively, “Customer Data”), into their instances on our servers. 

This Privacy Policy does not apply to Customer Data, and we are not responsible for our customers’ handling of Customer Data.nPhase has no control or ownership of Customer Data. Our customers have their own policies regarding the collection, use and disclosure of your personal information. 

Please direct any questions regarding Customer Data to the customer for which you work, or who collected your information in an nPhase platform or application. 

Our use of Customer Data is subject to the written agreement between nPhase and the customer. nPhase’s responsibility under that agreement is the obligation to keep Customer Data safe and secure. 

To learn about how a particular customer handles your personal information, we encourage you to read that customer’s privacy statement or contact that customer. 

Personal Information We Collect 

We collect personal information about you in the following ways: 

Information you give us. 

Personal information that you may provide through the Services or otherwise communicate with us includes: 

  • Personal and Business Contact information, such as your first name, last name, postal address, email address, telephone number, job title, and employer name. 
  • Profile information, such as your username and password, industry, interests, and preferences. 
  • Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with the Sites, receive customer support or otherwise correspond with us. 
  • Transaction information, such details about any purchases you make through the Sites, event registrations you make through the Sites, and billing details. 
  • Usage information, such as information about how you use the Sites and interact with us. 
  • Marketing information, such your preferences for receiving marketing communications and details about how you engage with them. 

We may combine other publicly available information, such as information related to the organization for which you work, with the personal information that you provide to us through our Sites or Services. 

 Information automatically collected. 

  • We may collect an IP address from visitors to our Sites. We use IP addresses to help diagnose problems with our server(s), to administer the Sites, and to monitor activities on and interactions with our Sites. 
  • We may also automatically log information about you and your computer or mobile device when you access our Sites. For example, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Sites, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Sites. We collect this information about you using cookies. Please refer to the Cookies and Similar Technologies section for more details. 

Changes to your personal information 

It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us by updating your registration profile or emailing us at compliance@redcapcloud.com. 

How We Use Your Personal Information 

To provide our Services 

If you have an nPhase account or use our Sites, we use your personal information to: 

  • Operate, maintain, administer, and improve the Sites. 
  • Manage and communicate with you regarding your nPhase account, if you have one, including by sending you service announcements, technical notices, updates, security alerts, and support and administrative messages. 
  • Process and manage registrations you make through the Sites, including to track and administer trainings or events you have registered for and attended, and to subscribe you to our Developer Central community forum. 
  • Provide support and maintenance for the Sites and our Services. 
  • Respond to your service-related requests, questions, and feedback. 
  • To personalize your experience on our website. 
  • Better understand your needs and interests and personalize your experience with the sites. 

To communicate with you 

If you request information from us, register on the Sites, or participate in our surveys, promotions, or events, we may send you nPhase-related marketing communications as permitted by law. You will have the ability to opt out of such communications. 

To comply with law 

We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities. 

With your Consent 

We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Sites, you instruct us to take a specific action with respect to your personal information, or you opt into marketing communications. 

 To use de-identified & aggregated data for data analytics purposes. 

We may create de-identified/aggregated data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified/aggregated data by excluding information that makes the data personally identifiable to you, so that it is no longer reasonably possible to ever use the data to identify you. We use this aggregated data for lawful business purposes, such as: analyzing how you interact with our website, its content, and its functionalities to improve our website, services, and its functionalities. 

For compliance, fraud prevention and safety 

We use your personal information as we believe necessary or appropriate to 

(a) enforce the terms and conditions that govern our Services. 

(b) protect our rights, privacy, safety, or property, and/or that of you or others; and 

(c) protect, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity. 

How We Share Your Personal Information 

Except as described in this Privacy Policy, we do not share the personal information that you provide to us with other organizations. We disclose personal information to third parties under the following circumstances: 

  • Affiliates. We may disclose your personal information to our corporate affiliates for purposes consistent with this Privacy Policy. 
  • Service Providers. We may employ third party companies and individuals to administer and provide the Services on our behalf (such as training, customer support, hosting, email delivery and database management services). These third parties may use your information only as directed by nPhase and in a manner consistent with this Privacy Policy and are prohibited from using or disclosing your information for any other purpose. 
  • Professional Advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us. 
  • Compliance with Laws and Law Enforcement; Protection and Safety. nPhase may disclose information about you in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to; 

(a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; 

(b) enforce the terms and conditions that govern our Services; 

(c) protect our rights, privacy, safety or property, and/or that of you or others; and 

(d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. 

  • Business Transfers. nPhase may sell, transfer or otherwise share some or all of its business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy. 

Marketing Communications 

You may opt out of marketing-related emails by clicking on a link at the bottom of each such email, or by contacting us at compliance@redcapcloud.com. You may continue to receive service-related and other non-marketing emails. 

Testimonials 

If you gave us consent to post a testimonial on our Sites, but wish to update or delete it, please contact compliance@redcapcloud.com. 

Choosing not to share your personal information. 

Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Services to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with the Services and may need to close your account. We will tell you what information you must provide to receive the Services by designating it as required in our Sites and Services or through other appropriate means. 

Security 

The security of your personal information important to us. We take a number of organizational, technical, and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information. 

International Transfer 

nPhase is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country, or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. 

European Union, United Kingdom and Swiss users should read the important information provided below (Cross Border Transfers) about transfer of personal information outside of their Areas. 

Other Sites and Services 

This Site may contain links to other websites and services. These links are not an endorsement, authorization, or representation that we are affiliated with that third party. We do not exercise control over third party websites or services and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use. 

User Generated Content 

We may make available on our Sites, or link to, features that allow you to share information online (e.g., on message boards, in chat areas, in file uploads, through events, etc.). Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use, storage, or dissemination of such publicly disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties. 

Changes to this Privacy Policy 

We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Policy, you will be notified via the contact information you have provided to us or another manner that we believe reasonably likely to reach you. This may include posting a specific announcement on our Sites. 

Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes in the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Sites and Services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy. 

Contact Us 

If you have any questions or concerns at all about our Privacy Policy, please feel free to email us at compliance@redcapcloud.com, or write to us at: 

nPhase, Inc. 

Attn: Data Protection Officer 

1015 Atlantic Blvd., Suite 328 

Atlantic Beach FL 32233 

United States 

Additional Information for European Union, United Kingdom and Swiss Users: Your Rights and Choices Under EU/UK General Data Protection Regulations (GDPR) and Switzerland FADP 

Personal information 

References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European, UK and Swiss data protection legislation – the EU GDPR, the UK GDPR and the Swiss FADP. 

Controller and Data Protection Officer 

nPhase, Inc. is the data controller of your personal information for the purposes of the above referenced  data protection legislation. Our Data Protection Officer can be reached at compliance@redcapcloud.com. See the “Contact Us” section above for additional contact details. 

Legal bases for processing 

nPhase is committed to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and to the rights of EU, UK, and Swiss individuals. We only use your personal information as permitted by law: 

  • To communicate with you 
  • To provide our Services to you. Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. 
  • For compliance, fraud prevention and safety. 
  • To create anonymous data for analytics 

These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). 

We are required to inform you of the legal bases of our processing of your personal information, which are described in the list below. 

  • With your consent. Processing is based on your explicit consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at compliance@redcapcloud.com. 

Otherwise, the legal bases we rely on for processing data is: 

  • We have Legitimate Interests, or 
  • To Comply with the Law and processing is necessary to comply with our legal obligations, or 

 

 

Legal basis we rely on Purposes Categories of personal data collected 
Legitimate interests To provide our services, to communicate with you, to enable you to use our services, 

to market our products and services to you via email marketing 

Your contact details such as your name, business email, address, 

 affiliated organisation 

Legal Obligation nPhase may disclose information about you to government or law enforcement officials. 

or private parties as required by law, and disclose and use such information as 

we believe necessary or appropriate to (a) comply with applicable laws and lawful. 

requests and legal process, such as to respond to subpoenas or requests from 

government authorities; (b) enforce the terms and conditions that govern us. 

Services; (d) protect our rights, privacy, safety or property, and/or that of you or others; 

and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, 

unethical or illegal activity. 

Your contact details 

If you have questions about the legal basis of how we process your personal information, contact us at compliance@redcapcloud.com. 

Use for new purposes. 

We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis. 

Retention 

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. 

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Information) for seven years after they cease being customers for financial and tax purposes. 

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you. 

Your Rights 

EU, UK and Swiss data protection laws give you certain rights regarding your personal information. We are committed to ensuring that you have control over your personal data and how it is used and shared. You may ask us to take the following actions in relation to your personal information that we hold: 

  • Choice: Manage Data Preferences / Opt-out 
  • You have the option to limit or prevent certain types of data processing activities. Specifically, you may elect to stop nPhase sending you direct marketing communications. You may opt out by updating your preferences in your account settings or contacting us directly. You may continue to receive service-related and other non-marketing emails. 
  • If personal data covered by this Privacy Policy is to be used for a new purpose that is materially different from that which the personal data was originally collected or subsequently authorized or is to be disclosed to a non-agent third party in a manner not specified in this Policy, nPhase will provide you with an opportunity to choose whether to have your personal data so used or disclosed. Requests to opt-out of such uses or disclosures of Personal Data should be sent to us as specified in the Contact Us section below. 

Certain personal data, such as information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, is considered ‘Sensitive Information’ and nPhase will not use Sensitive Personal information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless nPhase has received your affirmative and explicit consent (opt in) 

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information. 
  • Correct. Update or correct inaccuracies in your personal information. 
  • Delete. Delete your personal information. 
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice. 
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights. 

We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. Further information can be found in the following Section – How to Lodge a Complaint with Supervisory Authorities 

Cross-Border Data Transfers 

nPhase is committed to the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and to the rights of EU, UK, and Swiss individuals. Whenever we transfer your personal information out of the European Union, the United Kingdom and/or Switzerland  to countries not deemed by them to provide an adequate level of personal information protection, the transfer will be based on one of the following safeguards recognized by them as providing adequate protection for personal information, where required by their data protection legislation: 

  • Contracts approved by the European Commission include Standard Contractual Clauses (SCCs) designed to facilitate the lawful transfer of personal data from the EU to third countries by imposing data protection obligations on the parties to the transfer. For further details, see European Commission Model contracts for the transfer of personal information to third countries. 
  • The United Kingdom introduced the International Data Transfer Agreement (IDTA) and the International Data Transfer Addendum to the EU SCCs. These instruments serve as the UK’s standard contractual clauses for international data transfers. 
  • Switzerland recognized the EU SCCs for contracts use in Switzerland – see the Swiss Federal Act on Data Protection (FADP) 
  • Explicit Consent 

Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA. 

EU-U.S. Data Privacy Framework (DPF) the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) 

nPhase complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.   

EU-U.S. Data Privacy Framework (DPF) : nPhase has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, 

UK Extension to the DPF : nPhase has certified to the U.S. Department of Commerce that it adheres to the UK extension to the EU-U.S. which received a public adequacy decision effective as of October 12, 2023. The UK Extension to the DPF  allows transfers of personal data from the UK to U.S. businesses that have completed certification to the EU-U.S. Data Privacy Framework (DPF). 

Swiss-U.S. Data Privacy Framework Principles: nPhase has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.   

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/ 

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, nPhase commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact: nPhase at compliance@redcapcloud.com. 

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, nPhase commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to BBB National Programs, an alternative dispute resolution provider based in the United States.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information or to file a complaint.  The services of BBB National Programs are provided at no cost to you. 

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. 

See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2. nPhase is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to nPhase and following the procedures and subject to conditions set forth in Annex I of Principles. 

 Note also that nPhase is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). 

Third-party Access to Personal Data and Liability:  

nPhase only discloses personal data as instructed by our customers or in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In some cases, we may use third-party providers to assist us in providing or developing our platform or applications to our customers, such as to offer support to our customers and their authorized users and employees and to provide technical or operational support such as data hosting, transmission, and storage. These providers may access, process, or store personal data while providing their services to nPhase. nPhase maintains contracts with these providers restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations. nPhase remains liable if these third parties process personal data in a manner that is inconsistent with the DPF principles unless we can prove that we are not responsible for the event giving rise to the damage. 

Access, Update, Correct or Delete Your Information 

In the EU and the UK, under Article 15 of GDPR, an EU or UK resident individual has the right to obtain from the Controller, confirmation as to whether personal data concerning them is being processed. Switzerland’s Federal Act on Data Protection (FADP), revised and effective from September 1, 2023, aligns closely with the EU GDPR, and includes provisions that grant individuals the right to access their personal data held by organizations consistent with that of the EU/UK GDPR’s Article 15 

We are committed to upholding the rights of individuals and have dedicated processes in place for providing access to personal information. 

For legitimate requests, we will provide the following information: – 

  • the purposes of the processing 
  • the categories of personal data concerned. 
  • the recipient(s) or categories of recipient(s) to whom the personal data have been or will be disclosed. 
  • If the data has been transferred to a third country or international organisation(s) (and if applicable, the appropriate safeguards used) 
  • the envisaged period for which the personal data will be stored (or the criteria used to determine that period) 
  • where the personal data was not collected directly from the individual, any available information as to its source. 

How To Make a Subject Access Request (SAR)? 

A Subject Access Request (SAR) is a request for access to the personal information that nPhase holds about you, which we are required to provide under the above referenced Law/Regulations (unless an exemption applies). You can submit your access request electronically using the Subject Access Request Form which will be provided to you if you email compliance@redcapcloud.com. 

What We Do When We Receive an Access Request 

Identity Verification 

Completed Subject Access Requests (SAR) are processed by the Compliance Office as soon as they are received, and a record of the Request is made. 

We will use all reasonable measures to verify the identity of the individual making the access request and we will utilise the request information to ensure that we can verify your identity. Where we are unable to do so, we may contact you for further information or ask you to provide some appropriate documentation to confirm your identity prior to actioning any request. This is to protect your information and rights. 

If a third party, relative or representative is requesting the information on your behalf this can be handled and satisfied if it can be proven the agent submitting the request is authorised to do so. 

Information Gathering 

If you have provided enough information in your SAR to collate the personal information held about you, we will gather all documents relating to you and ensure that the information required is provided in an acceptable format. If we do not have enough information to locate your records, we may contact you for further details. This will be done as soon as possible and within the timeframes set out below. 

Information Provision 

Once we have collated all the personal information held about you, we will send this to you in a concise, transparent, intelligible, and easily accessible format, using clear and plain language. 

Response Timeframes & Fees 

We aim to complete all access requests within 30-days and provide the information free of charge. However, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months. If this is the case, we will write to you within 30 days and keep you informed of the delay and provide the reasons. 

Whilst we provide the information requested without a fee, further copies requested by you may incur a charge to cover our administrative costs. 

Your Other Rights 

Under EU/UK GDPR and Swiss FADP, you have the right to request rectification of any inaccurate data held by us. Where we are notified of inaccurate data, and agree that the data is incorrect, we will amend the details immediately as directed by you and make a note on the system (or record) of the change and reason(s). We will rectify any errors within 30-days and inform you in writing of the correction and where applicable, provide the details of any third-party to whom the data has been disclosed. 

If for any reason, we are unable to act in response to a request for rectification and/or data completion, we will always provide a written explanation to you and inform you of your right to complain to the Supervisory Authority and to seek a judicial remedy. 

In certain circumstances, you may also have the right to request the erasure of personal data or to restrict the processing of personal data where it concerns your personal information, as well as the right to object to such processing. You can use the contact details above to make such requests. 

Exemptions and Refusals 

EU/UK GDPR and Swiss FADP contains certain exemptions from the provision of personal information. If one or more of these exemptions applies to your Subject Access Request or where the Company does not act upon the request, we shall inform you at the earliest convenience, or at the latest, within one month of receipt of the request. 

Where possible, we will provide you with the reasons for not acting and any possibility of lodging a complaint with the Supervisory Authority and your right t to seek a judicial remedy. Details of how to contact the Supervisory Authority are laid out above. 

How do we delete your data? 

We may use the following methods to erase your data: 

– Overwriting 

– Deletion 

– Reformatting 

Submission & Lodging a Complaint 

If you have any questions or if you are unsatisfied with our actions or wish to make an internal complaint, you can contact us at compliance@redcapcloud.com 

How to Lodge a Complaint with Supervisory Authorities 

With regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship, nPhase commits to cooperate and comply respectively with the advice of the relevant European data protection authority/ies designated to address complaints concerning nPhase’s handling of human resources (HR) data , namely  the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) . nPhase will provide appropriate recourse free of charge to any affected individual.   

Política de privacidad
https://www.redcapcloud.com/privacy-policy-es/

Política de privacidade
https://www.redcapcloud.com/privacy-policy-pt/

인정보 보호정책
https://www.redcapcloud.com/privacy-policy-ko/

プライバシーポリシー
https://www.redcapcloud.com/privacy-policy-ja/

Politica di protezione dei dati personali
https://www.redcapcloud.com/privacy-policy-it/

Politique de confidentialité
https://www.redcapcloud.com/privacy-policy-fr/

Datenschutzerklärung
https://www.redcapcloud.com/privacy-policy-de/

Polityka prywatności
https://www.redcapcloud.com/privacy-policy-pl

隱私政策
https://www.redcapcloud.com/privacy-policy-zh_tw/

隐私政策
https://www.redcapcloud.com/privacy-policy-zh_cn/