Policy
The FDA Quality and Regulatory Consultants (FDAQRC) website is fully owned and
maintained by FDA Quality and Regulatory Consultants, LLC (“FDAQRC”, “We”, “Us”).
FDAQRC is committed to protecting and respecting your privacy. This Privacy Policy
describes how FDAQRC collects, stores and uses information which is collected or provided
to us, whether through our website (www.fdaqrc.com) or by other methods.
FDAQRC protects any information that could be considered Individually Identifiable Health
Information (any information that is a subset of health information, including demographic
information collected from an individual that relates to the past, present or future physical
or mental health condition of an individual and that identifies the individual; or with
respect to which there is a reasonable basis to believe the information can be used to
identify the individual) in accordance with applicable regulations.
FDAQRC’s President acts as out Privacy Officer. The Privacy Officer is responsible for
assisting FDAQRC personnel and subcontractors in ensuring that privacy policies and
procedures are implemented and followed.
What and who does this Privacy Policy apply to?
This Privacy Policy applies to both individuals and companies who conduct business with
FDAQRC or might be interested in the services provided by FDAQRC.
What data do we collect and how do we process it?
1. We may collect and process data about your use of our website (“usage data”). The
usage data may include your internet protocol IP address, geographical location,
browser type and version, operating system, referral source, length of visit, page
views and website navigation paths, as well as information about the timing,
frequency and pattern of your service use. The source of the usage data is Google
Analytics. This usage data may be processed for the purposes of analyzing the use
of the website and services. The legal basis for this processing is monitoring and
improving our website and services.
DocuSign Envelope ID: 0FF01E57-6AA5-45FB-8454-B9519BB111BE
Privacy Policy
CONFIDENTIAL | Page 2 of 4
2. We may collect and process your personal data (“account data”). The account data
may contain standard, non-sensitive information including your name, e-mail
address, employer, job title, company address, industry and phone number. The
source of the account data is you or your employer and the account data may be
collected when you submit an inquiry form on our website, subscribe to a
newsletter or correspond with us by phone or e-mail.
The account data may be processed for the purposes of providing our services,
ensuring the security of our website and services, maintaining back-ups of our
databases and communicating with you. The legal basis for this processing is your
consent or the performance of a contract between you and us or taking steps, at
your request, to enter into such a contract.
3. FDAQRC does not collect or receive any Individually Identifiable Health information
and is not considered a Covered Entity or Business Associate of such an Entity by
regulatory definition. Should we come into possession of such information we shall
ensure that it is de-identified (health information that is not considered individually
identifiable because particular identifiers specified in the regulations are removed
from the health information). Further, we will treat Potentially Sensitive Personal
Information (PSPI) of a personal nature (e.g., Financial Records, Bank Records, etc.)
in a manner consistent with its sensitivity.
Use of cookies and tracking technology
1. The FDAQRC website uses Google Analytics and HubSpot to collect usage data. This
usage data may contain information about the website that you came from, the
pages of our website which you visit, IP addresses, the type of browser you use and
the times you access this website. This is statistical data about our users’ browsing
actions and does not identify any individual.
2. No collected usage data is linked to any Personally Identifiable Information. Our
marketing system uses this data to provide you with a smooth, efficient and
personalized experience while using our services.
When Google Analytics and HubSpot collect usage data, they are data processors.
Both companies have data processing policies compliant with General Data
Protection Regulation (GDPR).
DocuSign Envelope ID: 0FF01E57-6AA5-45FB-8454-B9519BB111BE
Privacy Policy
CONFIDENTIAL | Page 3 of 4
Data disclosure and storage
1. FDAQRC does not sell, rent or lease collected data to any third parties. As your data
controller, we are responsible for your information and keep your data stored on
secure cloud providers, including Microsoft 365, Mailchimp, Code Two and HubSpot,
in accordance with applicable data protection laws.
2. FDAQRC may retain account data until such time that it is requested to be removed,
in accordance with applicable international regulations and FDAQRC policies.
3. FDAQRC will only share your data for the purpose of conducting business and only
when it is explicitly necessary to share your information to fulfill our obligations to
you.
Your rights over your personal data we hold
1. You can reasonably request access to the personal data we hold on you, at any time,
and we will provide that information free of charge within 28 days of your request at
the latest. To make a request, contact us at info@fdaqrc.com or telephone: +1 (866)
400-8996.
2. You can request inaccurate or incomplete personal data held on you to be rectified
or completed or for your personal data to be suppressed or erased, and we will
respond within 28 days of your request at the latest. To make a request, contact us
at info@fdaqrc.com or telephone: +1 (866) 400-8996.
3. You have a right to be forgotten. You can ask us to erase your personal data at any
time by contacting us at info@fdaqrc.com or telephone: +1 (866) 400-8996.