Data Security Policy Overview
Our data protection policy sets out our commitment to protecting client data and how we implement that commitment with regards to the collection and use of client data.
We are committed to:
• Ensuring that data is collected and used fairly and lawfully.
• Processing client data only in order to meet our operational needs or fulfill legal and contractual requirements.
• Establishing appropriate retention periods for client data.
• Ensuring that data subjects’ rights can be appropriately exercised.
• Providing adequate security measures to protect client data.
• Ensuring that all staff is made aware of standard practice for data protection.
• Ensuring that queries about data protection, internal and external to the organization, is dealt with effectively and promptly.
• Regularly reviewing data protection procedures and guidelines within the organization.
Information Collected or Tracked by EVIO Labs
EVIO Labs does not sell any personally identifying information users may have submitted through our website, to a EVIO Labs representative, or through any of our physical business locations. For lead generation or marketing purposes, we may ask individuals interested in obtaining more information about EVIO Labs services to voluntarily submit their contact information to us.
Information Submitted to EVIO Labs
EVIO Labs collects user-submitted information as a response to users engaging with EVIO, or wishing to be sent additional promotional information concerning EVIO Labs products or services. EVIO also collects information from submission forms for the registration or request for services and events.
Personally identifying information is collected at our business locations or by authorized personnel when ordering or requesting information about our services or products. Personally identifying information would include information such as name, phone number, company, title, address, and email address.
EVIO Labs may receive personal medical information about clients or employees potentially covered under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. EVIO Labs protects the privacy and confidentiality of protected health information (PHI) whenever it is used by company representatives. The private and confidential use of such information will be the responsibility of all individuals with job duties requiring access to PHI in the course of their jobs.
PHI refers to individually identifiable health information received by the company’s group health plans or received by a health care provider, health plan, or health care clearinghouse that relates to the past or present health of an individual or to payment of health care claims. PHI information includes medical conditions, health status, claims experience, medical histories, physical examinations, genetic information, and evidence of disability. PHI will never be disclosed to third parties without written consent from the client or personnel.
Information Indirectly Submitted by Users to EVIO Labs
Use of Information Obtained by EVIO Labs
Information gathered is solely used to respond to a user’s request for additional information about EVIO Labs services. We may also use a user’s email address to send promotional or marketing materials such as updates on EVIO Labs services. We use your IP address and browser-type information in the general administration of our website.
Sharing of the Information We Gather and Collect
• to any third party with your consent;
• to companies that provide services to help us with business activities such as order management, marketing or website analytics. These companies are authorized through legally binding contracts to use your personally identifying information only as necessary to provide these services to us;
• when required by law to comply with a subpoena or other similar legal processes;
• when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law enforcement request;
Links to External Websites
This site may contain links to other websites not connected to EVIO Labs. Please be aware that EVIO Labs is not responsible for the privacy practices of other websites. We encourage users to be aware when they leave our site and to read the privacy statements of any website that collects personally identifying information. This privacy statement applies solely to information collected by this website and not external websites.
Special Offers and Updates
We may occasionally send you information on products, services, special deals, and promotions. You can sign up for these emails from us on our website. Out of respect for your privacy, we will not email promotions or unsolicited information without your consent, unless you are a local business. We do occasionally deliver sponsorship, event advertisements, and related materials to local businesses. Out of respect for your privacy, we provide you with the option to opt-out of such emails at your convenience. Simply contact us in writing asking us to remove your email address from all marketing and solicitation communications.
When employing EVIO Labs for analytical or consultation services, all data generated throughout a project is owned by the client and considered confidential. All certificates of analysis are digitally secured to avoid access by any third parties. Certificates of analysis are only available to the client or authorized representatives of the client that owns the data contained in the certificate of analysis. Dependent on the agreement established, we will:
• Only issue a certificate of analysis to the person or company that requested/paid for the analysis, or to an authorized representative that the primary client has listed on their respective client file.
• Retain the test result in a secure environment for a period of no less than five (5) years, for accredited analyses.
All sample data is stored locally at the Laboratory as well as either on our cloud-based laboratory information management system (LIMS) which operates on an HTTPS secure connection utilizing laboratory personnel authentication for access, or on our cloud-based order management software system, Confident Cannabis. The LIMS is housed on a remote web server which is secured through a variety of measures including password authentication, honeypots, and custom porting.
Identifiable sample data will never be shared in any way, whether by word of mouth, social media, or any other form of communication except as required by applicable laws or as necessary to conduct services. De-identified, or redacted, sample data may be shared as necessary with third parties or government entities in such a way as to prevent individual client traceability. Upon receiving a sample, we will assign the sample a unique laboratory ID. Details of the sample will be recorded on a physical sample intake form as well as a password protect LIMS.
When processing data we will work to ensure that:
• Your data is only processed with your knowledge;
• We only collect data that we need;
• Your data is only seen by those who need access to it to complete their jobs;
• Your data is only retained for as long as it is required;
• Your data is accurate and is only used for the intended purpose;
• Your data is protected from unauthorized or accidental disclosure.
You can contact us to request a copy of any personal data that is currently on file. The fee for this service is $35. To ensure we are releasing information to an authorized party or individual, you will be asked to supply information to prove your identity.
Technologies such as: cookies, Web beacons, tags and scripts are used by EVIO Labs and our partners, affiliates, or analytics or service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole.
We use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, referring/exit pages, browser type and operating system, date/time stamp, and/or clickstream data. We do not link this automatically collected data to other information we collect about you.
We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. Without your consent we may post your testimonial without your name. If you wish to update or delete your identified testimonial, you can contact us at email@example.com.
This Privacy notice may change from time to time, so please review it frequently for any updates or changes. If we make material changes to this policy we will notify you by email (sent to the e-mail address specified in your client account) or by means of a notice on our website prior to the change becoming effective.
Access to Your Personally Identifying Information
Users can update or correct their personally identifiable information or remove it from our contact list by emailing us at firstname.lastname@example.org. Users can expect a response to their access requests in thirty (30) days or less. Users can update their identifiable information on our third-party order management system, Confident Cannabis, either by using their unique login credentials to access account information, or submitting a request to remove or update information to email@example.com.
Security of Your Personally Identifying Information
EVIO Labs takes steps to protect data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, whether in transmission or storage. Please keep in mind, however, no method of transmission over the Internet, or any method of electronic storage is perfectly secure. If you have any questions about security on our website, you can email us at firstname.lastname@example.org.
Choices and Opt-Out Options
Users who no longer wish to receive our updates or newsletters may opt-out of receiving these communications by following the instructions contained in the mailer or by emailing us at email@example.com. Please include the term “OPT-OUT” in the subject line immediately followed by your email address.
We may retain your contact information for as long as your account is active or as needed to provide your services, and to comply with state and local data retention rules. If you wish to cancel your account or request that we no longer use your information to provide services, contact us at firstname.lastname@example.org. Please include the term “OPT-OUT” in the subject line immediately followed by your email address. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. All accredited sample data will be stored for no less than five years.
If you have any questions about this privacy statement, the practices of this website, or your dealings with this website, please email us at email@example.com, call us at 888-544-EVIO (3846) or write us at the following address: EVIO Labs, Attention: Chief Operating Officer, 1200 5th Street, Berkeley, CA 94710