Privacy Notice

Context And Scope

Voiant provides radiology decision support and clinical trial services to healthcare providers, pharmaceutical/ biotechnology companies, and other healthcare-related entities.  In this role, Voiant receives and processes data containing private information, including Personally Identifiable Information (PII) and Protected Health Information (PHI).  

Voiant does not itself collect PII or PHI, but rather Voiant acts upon data received from its customers‒namely sponsors, clients, and vendors‒to perform data processing activities, as documented by contract and following established procedures. 

This notice outlines Voiant’s approach to maintaining the integrity, privacy and security of the PII and PHI under the requirements of:

• United States Health Information Portability Accountability Act (US HIPAA) under which Voiant operates as a “business associate”.
• European Union’s General Data Protection Regulation (EU GDPR) under which Voiant operates as a “data processor”.

This notice also addresses the “Rights of the Individual” under the Data Privacy Frameworks, US HIPAA and EU GDPR.

Private Information Use And Further Disclosure

Voiant’s uses PII and PHI on behalf of its customers, who are responsible for obtaining consent from the individual who is the subject of the private information. Customer’s contracts with their respective parties govern Voiant’s use of the provided PII and PHI, restricting use to the specific services. 

The types of individuals and the data that has the potential to be collected in regard to the services that we provide for our customers, and other business associates that fall within the scope of this policy are:

• Healthcare professionals: full name, date of birth, address, telephone number, fax number, email address and mobile phone number; identification number; banking data necessary to make payments to data subject; contract terms, invoices and payment-related information, professional licenses and certificates, work experience, position, professional membership, place of work, qualification, education, professional training, publications, awards, clinical trial experience, information on specialty and subspecialty; and user data, including personal data required to provide healthcare professionals access to web portals, including but not limited to IP address and user login name.
• Study subjects: initials, study subject’s code, date of birth, age, gender, ethnicity, race. Additional information such as data related to medical history, health status, sexual life, medical evaluations can be collected based on the clinical trial protocol requirements.
• Study sponsors: contact information, including full name, work address, work telephone number, work fax number, work email address, work mobile phone number and job title; and information on the specific customer relationship with data exporter, including payments, deliveries, requests.
• Subcontractors, vendors: name, address, telephone, fax numbers, email address, name contact persons, tax numbers, bank details, contract terms, invoices, and payment-related information.
• Investigative sites: name, address, e-mail address, telephone, fax numbers, name of the head of the institution.
• Contact persons at investigative sites: contact information including full name, work address, work telephone number, work fax number, work email address, work mobile phone number and job title; information regarding qualification and specialized experience.
• Contact persons at study sponsors, subcontractors, vendors: name, position with the subcontractor, e-mail address, telephone, work address, business correspondence.
• Contact persons at external partners other than vendors: contact information including full name, work address, work telephone number, work fax number, work email address, work mobile phone number and job title, information on joint projects with the data exporter.

Voiant collects personal data and sensitive personal data of employees, workers, contractors, vendors, and applicants seeking employment with Voiant; Voiant processes all staff information for human resource purposes, including payroll, tax, and performance reviews and assessments. Voiant also collects personal data and information from applicants who apply to recruitment offers and positions. This information may include contact details, professional qualifications, previous professional experience, references, and relevant background checks. External advisors’ and consultants’ information is collected and processed in the same manner and in accordance with Voiant processes.

Voiant internal policies, procedures and semi-automated processes restrict access to the PII and PHI to only those company personnel who require access to complete the contracted tasks.  Voiant personnel who are authorized to process the PII and PHI as part of performing their job are committed to maintaining the privacy of the information.

Voiant does not distribute or disclose the PII or PHI unless required in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.  Voiant does not sell, rent, share, or use the (identified or de-identified) PHI or PII for profiling, criminal offense/ conviction processing, or in any manner that infringes an individual’s right to privacy.

Voiant maintains records of data processing activities. The PII and PHI is securely stored in the Voiant’s system as authorized per customer contract with Voiant.

Voiant uses cookies, small data files that are served by the platform and stored on your device. Voiant’s site uses cookies to operate and personalize the website to improve users’ experience and for targeted advertising purposes. Cookies may expire at the end of your browsing session or may be stored on your computer. You can prevent the setting of cookies by adjusting browser settings; disabling cookies affects how you experience the Voiant website.

How Private Information At Voiant Is Protected

To address the variety of regulatory requirements, Voiant focuses on industry best practices for achieving data integrity, ensuring authenticity, protecting privacy, and building cybersecurity. Voiant has established mechanisms for user authentication and authorization, workstation management, anti-malware defenses, intrusion detection and prevention on networks and servers, physical security, and operational monitoring to protect the PII and PHI.  

Organizational policies and procedures reaffirm Voiant personnel responsibility for the security and privacy of the PII and PHI. Additionally, change management processes govern the development of new software capabilities, as well as the revision of existing software features to avoid vulnerabilities or exposure of the PII and PHI.

Voiant does not engage with third-party data controllers (i.e. cloud providers) or data processors without authorization from the customer.  Voiant has established procedures for qualification and oversight of any third-party to which Voiant entrusts access to the PII or PHI.

In the event of a breach or non-compliance incident, customers are notified promptly as mandated by contractual obligations and regulatory requirements.  Voiant’s customers retain the responsibility of notifying the affected individuals and reporting to appropriate regulatory or government agencies.

Data Privacy Frameworks

Voiant complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Voiant has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Voiant has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. 

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Voiant is subject to the investigatory and enforcement powers of the U.S. Federal Trade

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@voiantclinical.com.  

Voiant’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Voiant remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Voiant proves that it is not responsible for the event giving rise to the damage. 

In compliance with the Data Privacy Framework Principles, Voiant commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact Voiant by email at privacy@voiantclinical.com  

Voiant has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you. 

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See  https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf  

Availability Of The Voiant Privacy Notice

Voiant personnel abides by the terms of its company privacy policy, which has been established internally. Voiant is required to abide by the terms of this associated privacy notice, available within the company and publicly in the company website at www.voiantclinical.com

Voiant reserves the rights to change the terms of its internal privacy policy per company services and business conduct. This associated privacy notice shall be updated accordingly, as applicable, and shall be made available publicly in the company website.

For further information related to this privacy notice, contact privacy@voiantclinical.com