1        Introduction

Anju Software, Inc. (Anju) is a leading provider of comprehensive software solutions to the life sciences industry. Anju Software, Inc. entities include Anju Software, Inc.; Online Business Applications, Inc.; Anju ClinPlus, LLC; Anju Sylogent, LLC; Anju Zephyr Health, LLC.

Anju provides an integrated platform spanning clinical operations and medical affairs. Anju has combined deep industry and software domain expertise to build a next generation platform for the life sciences sector that can scale to provide solutions that meet customers’ needs from “molecule to retirement”.

Anju provides end-to-end software solutions that help customers manage mission-critical pharma processes and turn data into actionable insights. Anju’s philosophy is to support and guide clients over the long term in meeting their evolving software needs. Anju’s mission is to complement its strong product offering with exceptional customer support and delivering true quantifiable value.

Anju solutions are used by large and small pharmaceutical companies, clinical research organizations (CRO), full service agencies and medical device companies. Data flow between our systems, seamless communication with third party systems and AI-based data mining solutions provide a unique way for our customers to leverage critical information throughout their ecosystem.

Through our Medical Affairs Division, Anju provides comprehensive Medical Communication software solutions through the Information Request Management System (IRMS) and Content Management System (CM) for Pharmaceutical, Biotechnology, and Medical Device industries in the areas of Medical Communications and Drug Safety. These software solutions are provided on a traditional premise software basis and a hosted software as a service basis (Cloud/Hosted Services) to organizations, their employees, and consumers (data subjects) around the world.

IRMS is the most widely used Medical Information System available today. It has been developed in partnership with over a 100 Pharmaceutical, Biotech and Medical Device Companies since 1989. IRMS continues to be flexible enough to be used in over 80 countries throughout the world and powerful enough to be used by many of the world’s largest corporations.

The IRMS Content Management System (CM) is a full featured FAQ and Document Management System Developed with Microsoft .Net Technology and is fully web-based. This system provides a complete enterprise document management solution.

The IRMS Case Entry system is a fully web-based Case Entry Portal that allows smaller global affiliates the ability to enter cases without using the full functionality of the complete Medical Information System.

The IRMS Hosted Service enables clients to have the full functionality of IRMS and its modules without significant investment in the clients’ own infrastructure and without the need for in-house support. The solution harnesses Microsoft Terminal Services Technology to deploy the application wherever required.

Also, within our Medical Affairs division, Anju offers a publication planning software suite through PubSTRAT. PubSTRAT is a robust, highly configurable tool that streamlines your entire publication development and execution process. PubSTRAT organizes your information and facilitates compliant collaboration between all stakeholders, while providing full transparency into the publication planning process. The system manages the publication development, review, and approval process from planning through final submission. Teams can track and manage all project activities from a single view.

Anju provides clinical trial software solutions through ClinPlus, which is the only product suite deployed on a single platform that provides software and services needed to run successful clinical trials cost effectively. A single platform offers Clinical Trial Management Systems (CTMS), Electronic Trial Master File (eTMF) management, Electronic Data Capture (EDC) and study recruiting to TLF production Built in analytical tools can integrate with third party tools like Power Builder, the product suite can be used as a whole or used individually as modules, which provides easy to deploy and cost-effective solutions for Clinical Trial optimization. The ClinPlus software suite is offered via a validated, secure cloud-based infrastructure.

Anju Software provides data solutions to both our Medical Affairs Division and our Clinical Trials Division through ta-Scan and Zephyr Health.  Ta-Scan Clinical Data source and Zephyr Health are web-based data bases that are updated weekly providing up to date information on clinical trial sites and investigators. These analytical tools provide tools to aggregate, visualize, and analyze clinical data, trial data, and expert profiles. Ta-Scan and Zephyr Health can optimize study placement, select research partners, or manage your portfolios. Our products and portals will help you bridge the information gaps in today’s competitive clinical research environment.  Ta-Scan and Zephyr Health also offer data solutions through our Medical Affairs division. Ta-Scan/OpenQ and Zephyr Health were designed and engineered specifically for Medical Affairs, including field-based Medical Science Liaisons, to identify and develop the business critical and highly scrutinized relationships between life sciences companies and KOLs in a compliant manner.

Anju is committed to protecting the privacy of our users and visitors to our Websites.

1.1     Purpose

Anju may receive personal data from visitors and customers around the globe including the European Union (EU), the European Economic Area (“EEA”) and/or Switzerland to our offices in the United States (“US”). In order to provide an adequate level of protection for Personal Data received, Anju complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.

Anju complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and/or Switzerland, to the United States. Anju has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

To learn more about the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

We self-certify compliance with EU-US Privacy Shield and the Swiss-U.S. Privacy Shield framework.

2       Scope

This Policy applies to all personal information received by Anju in the United States from the EU, EEA and Switzerland in any format including electronic, paper or verbal.

2.1     Definitions and Acronyms

Definition/ Acronym Description
Client Data or Information All information about Anju clients. This includes but not limited to the client’s data, written and electronic records, and information obtained from samples.
CRO Clinical Research Organization
Confidentiality A principle emergent from a relationship in which anything about individual, information, or material has been shared (with some degree of loss of privacy) in confidence.
Confidentiality Disclosure Agreements (CDAs): Confidentiality agreements are contracts intended to protect information considered to be proprietary or confidential. Employees involved in executing a CDA promise not to disclose sensitive or protected information related to Anju or its clients during the course of employment or otherwise.
Customers or Clients Any individual or company who is currently in contract or in the process of contracting with Anju in regard to using Anju products and services.
Data Subject The data subject is the person whose personal data are collected, held or processed.
EEA European Economic Area
EU European Union
Anju Anju Software, Inc.
Personal Data Any information or set of information that identifies or can reasonably be used to identify an individual. Personal data does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal data.
Privacy The state or condition of limited access to an individual and/or to information about that individual.
Processing Obtaining, recording, or holding information or data or carrying out any operation, manual or automatic, or set of operations on the information or data.
QA Quality Assurance.
Sensitive Personal Data Personal data is information that reveals race, ethnic origin, political opinions, religious, or philosophical beliefs, or trade union membership, or that concerns health or sex life. Information will be treated as Sensitive Personal Data where it is received from a third party that treats and identifies it as sensitive.
Service Support, consulting, hosting, or other services provided to our customer/clients.
Services Data The Personal Data Anju processes in order to provide the Services.
SOP Standard Operating Procedure means a written method of controlling a practice in accordance with predetermined specifications to obtain a desired outcome.
Visitors Any individual or company who is not currently an Anju client/customer list and does not have any contract with Anju for purchasing or sharing its product or services.

2.2     References to Internal Policies and Procedures

Document ID Document Title
SOP009-Security Process Security Process
SOP010 Acceptable Use Policy Acceptable Use Policy
SOP019-Employee Confidentiality Disclosure Agreement Employee Confidentiality Disclosure Agreement (CDA)
SOP-033-ClientDataSecurityPolicy Client Data Security Policy

3       Personal Information collected by Anju

Anju only collects personal information that is needed to provide customer service, authorized access to hosted solutions, offer new products, services and product demos to users, or fulfills any legal and/or regulatory requirements associated with the provision of the Services. Anju does not intentionally collect sensitive personal information (personal information pertaining to medical or health conditions, racial or ethnic origin, for example).

3.1     While interacting with our website

Our website (www.AnjuSoftware.com) gives an option for visitors and customers to request a brochure or demo of our products, when requesting information, visitors and customers may be asked for their “Personal Information” which may include but may not be limited to the visitors or customers full name, postal address, phone number, company name, and email address.

On some pages of our websites, visitors and customers can also register to purchase products or services, receive personalized content, and participate in surveys or forums. When registered, users may be asked for some “Personal Information” which may include, but may not be limited to, user first name, last name, company name, email, phone number, and payment method. Users may also be contacted with information about the company’s products and services.

If the visitors and customers purchase products or services, we may also request financial information such as credit card or bank account information. Any financial information collected is used only to bill the customers for the products and services they purchased. If purchased by credit card, this information may be forwarded to the credit card provider.

3.2     When Providing Technical Support

Customers may be asked to disclose personal information to us so that we can identify authorized customers and can provide technical support assistance and information. For example, we may collect personal information from customers (such as an e-mail address, system information, and problem descriptions) in order to provide online technical support and troubleshooting. If any customers choose to correspond with us through electronic communication (e.g. email, online chat, or instant messaging), we may retain a copy of the electronic communication together with the customers email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received by mail and telephone.

3.3     When Accessing Hosted Solutions

Anju also provides hosted medical communication software services to its customers around the globe. Customers using hosted services are responsible for managing the data that they store at Anju’s data center. These responsibilities include determining the type of information that is stored, how that information will be used, to whom it will be disclosed, and for what purposes.

However, as a security measure and to ensure that our hosted services and network remain available to all customers, Anju may use software tools to monitor network traffic or to identify unauthorized attempts to upload or change information, or otherwise cause damage. These software tools may also collect information regarding the client access of our hosted solutions and computer network.

4       Customer Responsibility with respect to its personal data

Anju customers may choose to include Personal Data among the Customer Data stored at Anju’s data centers in the US or shared with Anju in connection with its provision of services. Before processing any information on behalf of its customers located in the EU, the EEA or Switzerland, Anju will enter into a processing contract with the customer responsible for the Personal Data in compliance with applicable data protection law. Under this contract, the customer agrees to comply with all applicable data protection laws.

Anju processes only the Personal Data that its customers have chosen to share with the Company. Anju has no direct or contractual relationship with the subject of this Personal Data (the “Data Subject”). As a result, when Customer Data includes Personal Data, the customer is solely responsible for satisfying all legal obligations owed directly to the Data Subject under applicable data protection laws.

It is the Anju customer’s responsibility to ensure that Personal Data it collected can be legally collected in the country of origin. The customer is also responsible for providing to the Data Subject any notices required by applicable law and for responding appropriately to the Data Subject’s request to exercise his or her rights with respect to Personal Data. In addition, the customer is responsible for ensuring that its use of Anju’s hosted solutions or Anju’s services is consistent with any privacy policy the customer has established and any notices it has provided to Data Subjects.

Anju is not responsible for its customer’s privacy policies or practices or for the customer’s compliance with them. Anju does not review, comment upon, or monitor its customer’s privacy policies, or the customer’s compliance with such policies. Anju also does not review instructions or authorizations to Anju to determine whether the instructions or authorizations are in compliance with, or conflict with, the terms of a customer’s published privacy policy or of any notice provided to Data Subjects.

5       Disclosure of Personal Information

Anju is not in the business of selling or sharing information with any entity not directly involved in providing the Services. Anju will never review, share, distribute, print, reference, or disclose any personal information, including any personal information received from the EU, EEA and/or Switzerland to any third-party for any purpose that has not been disclosed in this Privacy Policy unless: the Company has provided sufficient notice and Visitors and Customers have had an opportunity to exercise choice, as outlined below, with respect to such use or disclosure; disclosure of such personal information has been agreed to by Visitors or Customers and Anju in conjunction with a contractual agreement, or in such cases where applicable law permits the use or disclosure without requiring that Anju first comply with the Notice and Choice Principles. Unless described in this Privacy Policy, Anju does not share, sell, rent, or trade any information provided with third parties for their promotional purposes.

Sharing Information with Clinical Trial Coordinators:

At the request of the user, Anju forwards, by fax or secure e-mail, the patient’s name, age, telephone number and answers to the clinical trials questionnaire to the study coordinator at the center running the specific clinical trial of interest. We never give personally identifiable information to a site conducting a clinical trial without the express consent of the individual.

Sharing Information with Third Parties:

Anju is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequent transfers to a third party acting as an agent on its behalf. Anju complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Swiss individuals, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Anju is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Anju may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Anju reserves the right to use or disclose information if required by law or if Anju reasonably believes that its use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process and is permissible under the Swiss-U.S. Privacy Shield and EU-U.S. Privacy Shield Principles.

Anju further recognizes per Annex I Binding Arbitration Mechanism: the possibility, under certain conditions, for the individual to invoke binding arbitration.

6       Anju compliance with EU-U.S Privacy Shield Framework & Swiss-U.S Privacy Shield Framework

Anju complies with the U.S.-EU Privacy Shield & U.S -Swiss Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Anju has certified to the Department of Commerce that it adheres to the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Principles.

Anju is subject to the investigatory and enforcement policies of the Federal Trade Commission for purposes of the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield framework.

Anju further recognizes per Annex I Binding Arbitration Mechanism: the possibility, under certain conditions, for the individual to invoke binding arbitration.

Note: It must be emphasized that Anju does not have control over the uses to which our clients may make of personal information disclosed to them.

6.1     Notice

Where Anju collects Personal Data directly from individuals in EU, EEA and/or the Switzerland, it will inform them about the type of Personal Data collected, the purposes for which it collects and uses the Personal Data, and the types of non-agent third parties to which Anju discloses or may disclose that information, and the choices and means, if any, Anju offers individuals for limiting the use and disclosure of their Personal Data.

As a Data Processor for our hosted clients (Data Owners), we make available to you this Policy so that it helps you understand our data practices and whether they are consistent with privacy notices you have made available to your data subjects.

6.2     Choice/Opt-Out

Anju is not in the business of sharing, selling, or trading any personal information collected by us with any entity not directly involved in providing the Services other than as outlined in this privacy policy or unless you direct us to do so and have the appropriate authorization to do so.

By accepting this Privacy Notice when you submit your Personal Information, you consent to us contacting you with newsletter and promotions by email. When you receive newsletters or promotional communications from us, you may “opt-out” by contacting us directly at the contact information below.

6.3     Access

Upon request, Anju will grant individuals reasonable access to Personal Data that it holds about them as Data Controller, and Anju will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. We will respond to any request to access your personal information within 30 days.  If you receive a data-access request from a data subject about whom we host data and you would like our assistance in responding to that request, please contact privacy@anjusoftware.com.

6.4     Data Integrity

Anju will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Anju will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.

6.5     Accountability for Onward Transfer

Anju will only transfer personal data to an agent where the agent has provided assurances that the agent provides at least the same level of privacy protection as is required by these privacy principles. Where we have knowledge that an agent is using or sharing personal data in a way that is contrary to these principles, Anju will take reasonable steps to prevent or stop such processing.

Where Anju has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, Anju will take reasonable steps to prevent or stop the use or disclosure. Anju is liable for appropriate onward transfers of personal data to third parties who do not comply with the EU-U.S. Privacy Shield/Swiss-U.S. Privacy Shield principles.

Please be aware that Anju may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

6.6     Security

Anju takes pride in its security policies. Protecting confidential information is our business; therefore, Anju takes all appropriate measures to assure the security of Personal Data. With customers around the globe, Anju has developed a security policy, employee confidentiality agreement and client data security policies and procedures designed to assure that Personal Data we collect and process, and Services Data that we may process in order to provide Services is appropriately protected.

Anju has institutionalized industry-standard security practices and is constantly implementing reasonable precautions to protect Personal Data in our possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We protect data in many ways. Physical security is designed to prevent unauthorized access to database equipment and hard copies of Personal Data. Electronic security measures continuously monitor access to our servers and provide protection from hacking or other unauthorized access from remote locations. This protection includes the use of firewalls, restricted access, and encryption technology. We limit access to Personal Data to those persons in our organization, or as our agents, that have a specific business purpose for maintaining and processing such Personal Data and data. We inform individuals who have been granted access to Personal Data and data of their responsibilities to protect the security, confidentiality, and integrity of that information, and we provide training and instruction on how to do so.

6.7     Enforcement

Anju has established an annual review and audit program to monitor all our policies and procedures. This program includes conducting annual compliance audits of our relevant privacy practices to verify compliance with this policy and the EU-U.S. and Swiss-U.S. Privacy Shield Principles and to address questions and concerns regarding our adherence. Additionally, we provide a statement, at least once a year, signed by our authorized representative, verifying our adherence to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. We encourage interested persons to raise any concerns to us using the contact information below:

Walt Townsend
Privacy Officer
Anju Software, Inc.
4500 South Lakeshore Drive
Suite 620
Tempe, AZ 85282
Tel: (630)-243-9810 Ext: 1440
Email: privacy@anjusoftware.com

We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this policy.

For any EU-U.S. or Swiss-U.S. Privacy Shield dispute that cannot be resolved through our internal processes, Anju will engage the services of the American Arbitration Association, (AAA) an unaffiliated neutral party to act as the dispute-resolution mediator as permitted by the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

In the event that we or the dispute-resolution mediator determines that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance.

An individual wishing to file a dispute may do so by contacting the ICDR-AAA dispute filing website at: http://apps.adr.org/webfile

7       Amendments to the policy

We may amend this policy from time-to-time consistent with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. If we do so, we will post an updated version on the Anju website under the Privacy Policy Section.

8       Effective Date

This privacy policy is effective as of 02 MAY 2019.