This document sets forth the Data Privacy Standards of Peptineo and provides information about the collection, maintenance and use of personal information or data provided to or otherwise collected or processed by Peptineo.
The purpose of this policy is to establish a generally applicable Peptineo-wide data privacy standard and to provide interested persons with information about the collection, maintenance and use of personal information or data regardless of the lawful bases under or legitimate purpose for which the information was obtained. Subject to state and federal law, Peptineo intends for this policy to be compliant with the European Union’s (“EU”) General Data Protection Regulation (“GDPR”).
The Data Privacy Standard applies to all domains within the Peptineo Web and to any other action or process concerning the collection, processing, analysis and other data processing of personal information regardless of the method by which such information came to be owned and/or controlled by Peptineo.
Peptineo, by, and through its units and programs, owns, controls, operates and/or maintains websites under a number of domains (collectively, “Peptineo Web”). While this policy applies generally, some websites may have additional policies and practices regarding privacy that also must be observed.
The website may contain links to third party external websites over which Peptineo has no control. Peptineo disclaims any responsibility for the privacy practices or the content of external websites regardless of a link to such websites being displayed.
For the purposes of the policy, “processing” means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including – organization, adaptation or alteration of the information or data, retrieval, consultation or use of the information or data, disclosure of the information or data by transmission, dissemination or otherwise making available, or alignment, combination, blocking, erasure or destruction of the information or data. A “data subject” is a phrase that refers to the person to whom the personal data relates.
What is ‘personal information’ or ‘personal data’?
‘Personal information’ or ‘personal data’ means any information that relates to or identifies a person as an individual.
How Is Personal Information Collected and Processed by Peptineo?
This website obtains personal information when a person fills out and submits an application to attend or work at Peptineo along with any additional information the person submits to Peptineo before or after they submit an application.
In addition to the application process or an individual requesting services, Peptineo may also acquire personal information when a person seeks to interact or do business with Peptineo or to participate in research or other activities offered by Peptineo. As discussed elsewhere in this policy, some Web (as well as third party’s) webpages use “cookies” to collect information about the web user. Peptineo Web servers (“Web Server”) may also “collect” information about people by generating temporary logs that may contain the following information:
Internet address (IP address) of computer being used
Web pages requested
Referring Web page
Date and Time
UIN (unique person identifier for EID-based services only)
The data collected on the Web are used in aggregate by IT custodians to tune the Web site for its efficiency and are not ordinarily associated with specific individuals. Raw data from the Web Server logs are only shared with the custodian of each Web site. Summary reports produced from the logs help Web publishers determine what Web browsers and pages are most popular. For example, if the aggregate reports show that a particular Web page is very popular or publishers might use this information to customize the content of that page and make it easier to find.
Individual data gathered through a specific process will only be used for its intended purpose, such as the consideration of an applicant for an employment decision, or for certain archiving, research, or statistical purposes described below. Personal information may also come from third parties that are authorized to provide personal information to the Web site.
Peptineo may use personal data it collects for a specific purpose and further process that personal data for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes (“research purposes”). Processing for research purposes will be subject to appropriate safeguards, including the use of data minimization and pseudonyms when possible. Peptineo will anonymize the personal data it uses for research purposes whenever it can fulfill the purpose without the need of identification of the personal data subject. Peptineo is not required to provide notice to data subjects when it further processes personal data for research purposes.
Further processing of personal data for research purposes is only permitted when the purpose of the processing is to support Peptineo. Further processing of personal data by researchers for their own research purposes is not permitted unless the researcher provides any required notice to the data subjects.
Cookies are small pieces of data stored by the Web browser. Cookies are often used to remember information about preferences and pages a person has visited. For example, when a person visits some sites they might see a "Welcome Back" message. The first time the person visited the site, a cookie was probably set on their computer; when they return, the cookie is read again. A person can configure their web browser to refuse to accept cookies, to disable cookies, and to remove cookies from their hard drive as needed.
Third-party content on Peptineo Websites
Some pages within the domain may contain content that is served from external third parties. Third party content is not limited to graphics, but this is the most frequent use. Peptineo does not transmit any information to these third parties as part of such requests. However, when a person visits pages that contain third party content, information, such as their IP address, date, browser, and requested page, is transmitted from your computer to that third party.
Grounds for Processing Personal Data and How It is Used by this website
Peptineo processes personal data for a number of reasons, including to meet its contractual obligations, the legitimate conduct of its business operations, and to comply with applicable law. Sometimes, consent will be the basis for processing personal data. In these cases, Peptineo will ask the data subject for consent to process their personal data and to share that data with third parties. The processing of personal data provided to Peptineo by a data subject or from authorized third parties, enables Peptineo to identify the data subject; engage in processing an application or other submission; or verify information already provided to Peptineo.
Peptineo may also use or disclose personal data for the following statutory or public interest purposes: to prevent or detect fraud; to monitor equal opportunity; to better serve the needs of students with disabilities with reasonable accommodations; or for research and statistical purposes, the later purpose relying only on aggregate data.
Furthermore, Peptineo processes personal data either necessary to take steps with a view to creating a contractual relationship with a person (e.g. to assess an offer of services to Peptineo) or for the purposes of a legitimate interest being pursued. Peptineo requires persons to provide Peptineo with certain information during the application process in order to assess their application properly except where providing personal information is marked as optional.
Security and Accuracy of Confidential Information
Peptineo does its best to ensure that the personal information it has is accurate. Although no computer system is 100% secure, Peptineo has deployed extensive security measures to protect against the loss, misuse, or alteration of the information under our control.
In case of a data breach or some other incident that places information held by Peptineo in jeopardy, Peptineo will take steps to secure against the data breach. Any individual who believes a data breach has occurred must immediately notify Peptineo, who will investigate the alleged breach and, if necessary, consult with authorities, including providing any required notices. In certain circumstances, Peptineo may be required to provide notice to affected individuals or certain governing authorities if a data breach results in disclosure of personal data.
Several sites within Peptineo Web enable users to pay for products or services online with a credit card. These transactions are encrypted. It is Peptineo’s policy to only use confidential information that a user enters during a transaction for the purposes described in that transaction, unless an additional use is specifically stated on that site.
Data subjects have the right to access the personal information that Peptineo holds about them. Data subjects also have the right to ask to correct any inaccurate personal information the website holds about them. In some cases, data subjects may request that Peptineo delete personal information, request that Peptineo restrict processing their personal information, or object to Peptineo processing their personal information. There are several laws, including the Health Insurance Portability and Accountability Act (“HIPAA”) that give data subjects certain rights so far as it pertains to their personal information.
HIPAA provides certain personal data rights to patients who receive healthcare services at covered entities.
The GDPR is the EU General Data Protection Regulation that went into effect May 25, 2018. The GDPR’s intent is to regulate the gathering, use and maintenance of personally identifiable information about a natural person and providing certain rights to the data subject, such as the right to erasure and the right to object to the use of personal data. This law applies to any person, citizen or not, who at the time of the data collection is located in the European Union. It does not require an entity, like Peptineo, to be located or acting within the EU for jurisdiction to attach; however, a non-EU entity like peptineo must process personal data related to the offering of goods or services in the EU or to the monitoring of a person’s behavior in the EU for jurisdiction to attach.
You have the right to request access to, a copy of, rectification, restriction in the use of, or erasure of your information in accordance with all applicable laws. The erasure of your information will be subject to the retention periods of applicable federal and state law. If you have provided consent to the use of your information, you have the right to withdraw consent without affecting the lawfulness of the use of the information prior to receipt of your request. If you feel Peptineo has not complied with applicable foreign laws regulating such information, you have the right to file a complaint with the appropriate supervisory authority in the European Union.