Privacy Policy

REGDESK PRIVACY POLICY

 

 

1. OVERVIEW

 

This Privacy Policy describes the types of information RegDesk, Inc. (“RegDesk” or “we”) collects through its Website or for a Registered User, how that information is used, and the types of third parties with whom we share it and for what purposes. This Privacy Policy applies to information collected from you by RegDesk through its Website and information disclosed by you through off-Site or offline correspondence or personal contact with RegDesk representatives. This Privacy Policy also applies if you are a “Registered User” of RegDesk’s software.  

This Privacy Policy does not apply to any third-party Sites, applications or software that integrates with RegDesk (“Third Party Services”), or any third party products, services, or businesses. 

A separate agreement governs the delivery, access and use of the RegDesk software or its services (The “Master Service Agreement” or “Terms of Service”), including the processing of any messages, files, or other content submitted through RegDesk software (collectively, “Client Data”). The organization (e.g, your employer or another entity or person) that entered into the Master Service Agreement (“Client”) controls their instance of the services (their “Client Account”) and any associated Client Data. If you have any questions about specific Client settings and privacy practices, please contact the owner of the Client Account. 

 

 

2. YOUR ACCEPTANCE OF AND REVISIONS TO THIS PRIVACY POLICY

 

RegDesk reserves the right, in its discretion, to modify this Privacy Policy at any time, without prior notice to you.  When we modify the Privacy Policy, we will post a notice on the Website that it has been modified. Modifications will be effective on the date that appears on the modified Privacy Policy.  Each time you use the Website, you should check the effective date of this Privacy Policy and review any changes made since the last time you visited the Website.  Your continued use of this Website following modification of the Privacy Policy will be conclusively deemed to signify your acceptance of the modification.  Notwithstanding the foregoing, for any material changes, we will seek your consent to the extent required by law. 

 

 

3. INFORMATION YOU PROVIDE

 

Personally identifiable information is information that identifies or describes you, including, but not limited to, contact information (such as your name, company name, company address, telephone number, and e-mail address) and financial information (such as your social security number, credit card, or bank account number).  Non-identifying information is information that does not identify you, such as your zip code (on its own), gender, age, and individual preferences.  Certain non-identifying information may be considered a part of your personally identifiable information when combined with other identifiers (e.g., combining your zip code with your street address) in a way that enables you to be identified.  RegDesk will collect, store, and use personally identifiable and non-identifying information you provide for the purposes described below.  We collect such information when you (a) submit an inquiry by filling out one of the forms on the Website, (b) use any email or messaging functions available on the Website, (c) respond to a survey, subscribe to our newsletter, or request information or assistance through the Website, (d) are a registered user of RegDesk proprietary software.  

RegDesk collects a variety of data if you are a visitor on the Website. The types of personal information collected typically includes, but in not limited to:

    • Name and contact data: We collect your full name, work email address, business postal address, phone number, job title or role, and other similar contact data.
    • Credentials: We collect passwords, password hints, and similar security information used for authentication and account access.
    • Demographic data: We collect data about your location (country) and preferred language.

 

  • Log data: As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Website record it in log files. This data may include Internet Protocol (IP) address, browser type and settings, information about browser type and settings, cookie data.
  • Cookie Information: RegDesk uses cookies to make the application work better and safer.  We use both session-based and persistent cookies. RegDesk sets and accesses our own cookies on the domains in our services. In addition, we use third party cookies, like Google Analytics. We use cookies to record session information, and only maintain permanent cookies to the extent it is related to security (e.g. 2-factor authentication) or operations (e.g. remembering which tabs you had open). We do not use cookie information for tracking or marketing purposes. 

 

The types of confidential information collected if you are a Registered User:

    • Name and contact data: We collect your full name, work email address, phone number, job title or role, and other similar contact data.
    • Credentials: We collect passwords, password hints, and similar security information used for authentication and account access.
    • Demographic data: We collect data about your location (country) and preferred language.

 

  • Usage data: We collect the date and time of user activity and keep an audit trail of your activity in compliance with 21 CFR Part 11. We may also record in the log files the Internet Protocol (IP) address, the browser configuration and plugins, and language preferences.
  • Product Information: We collect the company’s product name and details, product registration documents, and status of product registration by country. Whether we collect some or all of this information depends on the type of usage of the Software.

 

Additional information collected:

 

  • Additional Information: RegDesk may collect additional information submitted through our Website or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with RegDesk.

 

All of the information that you provide on the Website or as a Registered User is maintained by RegDesk. Generally, no one is under a statutory or contractual obligation to provide any Client Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some information, such as Client Account setup details, is not provided, we may be unable to provide access to the Software.

 

 

4. USE OF YOUR PERSONALLY IDENTIFIABLE INFORMATION 

 

Client Data will be used by RegDesk in accordance with the Client’s instructions, including any applicable terms in the Master Service Agreement and as required by applicable law. RegDesk is a processor of Client Data and Client is the controller. Clients may, for example, use the Software to grant and remove access to a Client Account, assign roles and configure settings, access, modify, export, share and remove Client Data. RegDesk uses Additional Information in furtherance of our legitimate interests in operating our Software, Websites and business. 

RegDesk may use the personally identifiable information you provide, separately or in combination with Additional Information we collect, for the following purposes:

  • To communicate with you about your registration or about transactions between you and RegDesk;
  • To provide the services you request;
  • For billing, account management and other administrative matters. RegDesk may need to contact you for invoicing, account management and similar reasons. We use account data to administer accounts and keep track of billing and payments. 
  • To provide, and communicate with you about your use of the Software, send you our monthly newsletter; and
  • To alert you to upgrades, service updates, special offers, and other information about RegDesk and the services we offer, and to administer promotions and surveys.
  • To provide, update, maintain and protect our Software, Websites, and business. To support delivery of the Software under the Master Service Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at a Registered User’s request. 
  • Legal process as required by applicable law.
  • To improve the Software, provide learning and productivity tools and additional features. 
  • We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Software, our service offerings and important service related notices such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. 
  • To investigate and help prevent security issues and abuse.

To the extent information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

 

 

5. DISCLOSURE OF YOUR PERSONALLY IDENTIFIABLE INFORMATION

 

RegDesk will solely share and disclose Client Data in accordance with a Client’s instructions, including any applicable terms in the Master Service Agreement and in compliance with applicable law and legal process.

We may disclose your personally identifiable and other information as follows:

  • Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process other information and support our business. These third parties, may for example, provide virtual computing and storage services (e.g. Amazon Web Services). 
  • Third Party Services through API. Clients may enable or permit Registered Users to enable Third Party Services to access information in RegDesk through its API. When enabled, RegDesk may share other information with Third Party Services. These Third Parties may have their own policies for collection and use of Personal Data. Please check the Privacy Policy of these Third Party Services. 
  • As a Registered User, your name or username may be displayed as you collaborate with other Registered Users from the same Client Account. RegDesk provides different ways for Registered Users to collaborate. Your profile information may be shared internally, subject to the policies and practices of the Client Account. 
  • Client Account owners or administrators may be able to access and modify Registered User information. 
  • With your consent, personal data may be used to facilitate off-Site or off-line communication between Registered Users;
  • To a successor organization in the event that RegDesk is involved in a transaction such as a merger, stock purchase or sale, or sale of substantially all of RegDesk’s assets; and
  • In response to a subpoena or court order, or a request from a law enforcement or other government agency, to establish or exercise our legal rights, to defend against claims, or to protect the safety or security of the public or of users of this Website or Software.

From time to time, we may disclose aggregate information about Registered Users of the Website to service providers, partners, advertisers or others, but such information will not include personally identifiable information.  Except as described above, we do not rent, sell, or otherwise provide your personally identifiable information to third parties for marketing purposes, without your consent. 

 

 

6. DATA RETENTION

 

RegDesk will retain Client Data in accordance with a Client’s instructions, including any applicable terms in the Master Service Agreement, and as required by applicable law. Depending on the services plan, the deletion of Client Data and other use of the Software by Client may result in the deletion and/or de-identification of certain associated other information. RegDesk may retain other information pertaining to you for as long as necessary for the purposes described in the Privacy Policy. This may include keeping your other information after you have deactivated your account for the period of time needed for RegDesk to pursue legitimate business interests, conduct audits, comply with and demonstrate compliance with legal obligations, resolve disputes, and enforce our agreements. 

 

 

7. SECURITY

 

RegDesk works hard to protect information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store. Given the nature of communications and information processing technology, RegDesk cannot guarantee that information during transmission through the Internet or while stored on our systems, will be absolutely safe from intrusion by others. 

 

Here is our approach to security:

 

  • System Architecture. The service is designed with robust, industrial security and performance in mind, using Amazon Web Services. It is a closed environment, requiring all Registered Users to log into a secure environment with unique credentials and enforced time outs. Member administrators can apply several security restrictions to login IDs and passwords, including 2-factor authentication. Password and/or user ID changes generate automatic email alerts to the affected users, and multiple failed login attempts will result in a mandatory lock out. All data in transmission is secured using SSL (https) protocol. Data ‘at rest’ in the database is secured using industry-leading AES 256-bit encryption algorithms. All data is nightly backed up, with back ups stored in alternate, secure locations and services. Access to the production database is strictly managed and monitored, with access provided only to trusted employees. 21 CFR Part 11 compliant database audit trail logs provide an added level of security/monitoring.
  • Service Infrastructure. The infrastructure hosting the Service is robust, scalable, and secure. It is certified for SOC 1 (formerly SAS70), SOC 2 & SOC 3, & ISO 27001. We use and deploy within multiple geographic sites to prevent service interruptions. The data/software running the Service are managed in a discrete, segregated server instance. Access to the hosting environment is strictly managed and monitored, and access is provided only to trusted employees.
  • General Systems Security. All RegDesk employees must make security logins active for their workstations/notebooks, and access to the shared data servers and email systems requires two-factor authentication. Client Confidential Information sent to RegDesk outside the service may be stored locally in a RegDesk User’s workstation. The Company recommends secure avenues for receiving Confidential Information from members, such directly through the RegDesk Software. We will receive data through email and related cloud-based data sharing services (e.g., Sharepoint, Dropbox, etc.) at the client’s request.
  • RegDesk Employee Legal Commitment. RegDesk employees are required to sign an employment agreement that includes a commitment to acknowledging their responsibilities for protecting any member Confidential Information and general security issues and commitments.
  • Technical Support Access Log. Select RegDesk employees acting in a support capacity may be required to log in and access parts of the service that may display a Client’s Confidential Information based on a Client’s or Registered User’s explicit request. Any such access is documented with a mandatory reason. Client administrators can request this log.

 

 

8. CHILDREN’S PRIVACY

 

To the extent prohibited by applicable law, RegDesk does not allow use of our Software and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information. 

 

 

9. HOW WE PROTECT YOUR INFORMATION 

 

RegDesk takes reasonable steps to protect the Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. We have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the Personal Data from loss, misuse, unauthorized access or disclosure, alteration or destruction. However, our Company cannot guarantee the security of Personal Data on or transmitted via the Internet. 

The personally identifiable information that you provide will be stored and maintained by RegDesk for so long as we, in our sole discretion, believe it is necessary or appropriate (a) to carry out the purpose(s) for which such information was collected, or (b) to comply with applicable laws, contracts, or other rules or regulations. 

 

 

10. ACCESS AND ACCURACY 

 

If you are a Registered User, you may update and correct the personally identifiable information maintained by RegDesk by logging into the Software and entering any new information about yourself.  RegDesk reserves the right to deny access to your personally identifiable information: (a) when such denial of access is required by law, (b) when granting you access is reasonably likely to negatively impact other people’s privacy, (c) to protect RegDesk’s rights and property, and (d) when such requests are frivolous or made in bad faith. 

 

 

11. YOUR RIGHTS

 

  • Registered Users have the right to access and edit their personal information by logging into the Software and clicking “My Profile”.
  • Registered Users can alter/delete most all information directly from within the software’s profile settings page or can request this change from their employer’s RegDesk account manager directly, and/or email desk@regdesk.co.
  • The Software requires a bare minimum of personal information to work properly, for instance userID (e.g. email address), full name, company name, and job title. We do not share this data other than with the RegDesk team that specifically requires this access. Registered Users that do NOT agree to the terms of this Privacy Policy can opt-out when they first log into the application. Doing so would preclude use of the application, however, and workarounds would have to be handled between the Registered User and the Client.
  • To the extent that RegDesk’ processing of your Personal Data is subject to the General Data Protection Regulation, RegDesk relies on its legitimate interests, described above, to process your data. RegDesk may also process other information that constitutes your Personal Data for direct marketing purposes and you have a right to object to RegDesk’ use of your Personal Data for this purpose at any time.

 

 

12. DATA PROTECTION OFFICER

 

To communicate with our Data Protection Officer, please email desk@regdesk.co.

 

 

13. IDENTIFYING THE DATA CONTROLLER AND PROCESSOR

 

Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, the Client is the controller of Client Data. In general, RegDesk is the processor of Client Data and the controller of other information.

 

 

14. ABOUT COOKIES

 

What are cookies? 

 

Cookies are small text files containing a string of characters that can be placed on your computer or mobile device that uniquely identifies your browser or device. We may use technologies like cookies to deliver, secure, and understand products, services, and ads. 

 

What are cookies used for? 

 

Cookies and other technologies allow a Website or Service to know if your computer or device has visited it before. These technologies can then be used to deliver products, services, and ads help us understand how the Website or Service is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your experience in using our services. Cookies can also help ensure marketing you see online is more relevant to you and your interests.

 

Why does RegDesk use cookies and similar technologies? 

 

We use cookies and similar technologies to show you relevant content, improve your experience and help protect RegDesk and our users. We may use server log analysis tools to gather and analyze information regarding our Website’s usage, such as the number of hits received, our most/least visited pages, errors experienced by users, browsers and platforms used to connect to our Website, your IP address and Internet service provider (ISP), the date and time you visited the Website, the web pages you visited, and the websites you visited before or after you visit our Website.  This information may be collected via a number of technologies, including cookies, web beacons, clear GIFs, and other means.  For example, the Website uses Google Analytics cookies to provide us certain information about how the Website is used.  No cookies on the Website store personally identifiable information.  You can remove certain cookies by following the directions in your Internet browser’s “help” file.  If you disable cookies, your ability to use some areas of the Website may be limited.  The above information belongs to us and is used to improve the content, layout, and/or operation of our Website. We recommend all users clear cookies and cache as a matter of good computer practice and to avoid browser/security issues. To find out more about cookies visit this site

 

 

15. CONTACTING REGDESK

 

If you have any questions about this Privacy Policy or RegDesk practices, you may contact us at desk@regdesk.co or at our mailing address below.

2450 Holcombe Blvd, Suite 1

Houston, TX 77021

USA