EU-US & Swiss-US Privacy Shield

Privacy Shield Policy

1. EU-U.S. Privacy Shield Policy

AiCure respects the privacy of its customers, employees, business partners, individuals whose personal information with which we are entrusted, and others. AiCure collects and uses any collected personal health information in accordance with the laws and regulations of the countries in which the information is collected, and in which it does business.

AiCure complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. AiCure has certified that it adheres to the EU-U.S. Privacy Shield principles of notice, choice, and accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit


In the course of our business, it is necessary for us to access, collect, process, use, transmit, disclose, store and otherwise handle personal data (defined below) about individuals. This Policy provides the basis for protecting such data while ensuring compliance with legal requirements. The United States Department of Commerce, and the European Commission, have agreed on a set of data protection principles and frequently asked questions (the “EU-U.S. Privacy Shield”) to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU and from the United Kingdom to the United States. The EEA also has recognized the EU-U.S. Privacy Shield as providing adequate data protection.


This Policy applies to all personal data accessed, collected, processed, used, transmitted, disclosed, or stored (hereinafter collectively referred to as “processed”) in any format including electronic, paper or verbal by AiCure. All employees, whether permanent, temporary or on contract or third parties working on behalf of us shall adhere to this Policy.


We are committed to using reasonable commercial measures to ensure the safeguarding of personal data of individuals and that such data is used only as intended and that precautions preventing misuse are both effective and appropriate. Personal data must therefore be:

  • (a) Accessed, used and disclosed fairly and lawfully;
  • (b) Obtained for specified business and/or legal purposes and not used or disclosed in a way which is incompatible with the purpose(s) for which it was collected;
  • (c) Adequate, relevant and not excessive for the purpose(s) for which it is collected or maintained;
  • (d) Accurate and, where necessary, kept up to date;
  • (e) Not kept for longer than is necessary to fulfill the purpose(s) it is used for, subject to the Company’s document retention policy;
  • (f) Used and disclosed in accordance with relevant legal requirements;
  • (g) Appropriately protected against unauthorized, inadvertent or illegal access, use and/or disclosure through administrative, technical and physical safeguards; and
  • (h) Restricted to designated countries unless the rights and freedom of individuals are protected therein.

We will strive to prevent breaches of personal data security and will notify individuals of a breach of personal data if the law so requires. We will train our employees with regard to the safeguarding of personal data. We will update this Privacy Policy as necessary to comply with legal standards. Breach of legal requirements concerning personal data may result in censure, enforcement proceedings, fines, and/or damages. It may also result in personal liability for our employees and/or officers, adverse publicity and damage to our reputation, brand or to commercial interests. The Privacy Officer, who will report on compliance with this Privacy Policy, will manage all data privacy policies, procedures and issues. All employees are required to support the Privacy Officer discharging obligations for protecting data privacy.


We may collect the following examples of personal data: full name, address, telephone or mobile number, business and home contact details including e-mail addresses and telephone numbers, health information, medication adherence information, video information including images of a user’s face, audio information, and demographic information. Personal data may further include any information that identifies an individual, but does not include information that has been encoded, encrypted, or otherwise anonymized.

Data that may be collected will be used for the purpose of supporting clinical research or programs supporting population health management, and for maintaining and improving Company internal systems and offerings.


We collect personal data to the extent necessary to establish and manage our relationship with our employees, customers and contractors and to perform any related functions. We may also collect personal data through information technology when users are interacting with Company offerings, and other communications systems used to assist with the performance and administration of Human Resources activities, customer and other business functions, as well as to implement our hardware and software solutions related to monitoring of medication adherence. These systems may be updated from time to time and interface with each other to share and update any personal data they hold. Some of the personal data that we maintain will be kept in paper files, while other personal data will be included in computerized files and electronic databases as described in the protection of personal data section of this Privacy Policy below. Employees or potential employees will be advised of the Company’s Privacy Policy. We may also access, use, process or disclose customer and contractor personal data during the course of conducting our business. We take reasonable steps to ensure that data we collect from our employees, customers and contractors is reliable for its intended use, accurate, complete, and current.


Personal data may be made available for the purposes mentioned above to responsible management, human resources, accounting, audit, compliance, legal, information technology and other corporate staff who need to know these details for their functions within the Company, including maintenance and improvement of Company offerings, some of which may not be based in the US. The identity of personnel within the Company having access to personal data shall be controlled on the basis of business and security requirements, shall be consistent with the job requirements of such person having access, and shall be modified to the extent their job requirements change. Employees with access to personal data shall be made aware of their responsibilities for maintaining the privacy of that information, particularly regarding the protection of both hard-copy, soft-copy and electronic information. Personal data may also be made available to third parties providing relevant services under contract to us (see the protection of personal data section of this Policy below for further details), such as auditors and compliance managers, background verification, legal and IT hosting and maintenance providers. We must have appropriate security and privacy measures in place with such third parties covering how they hold and maintain any personal data that we provide to them.

Certain personal data will also be reported to government and regulatory authorities where required by law and for tax or other purposes. Personal data may also be released to external parties as required or permitted by employment or other statutes and regulations, or by legal process, as well as to parties to whom an individual authorizes us to release their personal data. Personal data may also be used internally to improve Company solutions, or otherwise improve Company’s overall service offerings, the privacy of such data being maintained according to the terms of this Policy. We will not sell any personal data to any third party other than as part of any restructuring of the Company or sale of a relevant Company business. If we do provide any data to a third party, we will enter into a written agreement with the third party that requires the third party provide at least the same level of privacy and security protections as is implemented by Company.

AiCure may be forced to disclose an individual’s personal information when compelled by a lawful request made by a recognized public authority or where required to meet national security and or law enforcement requirements. AiCure is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”) and or the Food and Drug Administration (“FDA”).

Personal Information may be shared with third party business entities. The entities to whom AiCure may disclose personal information includes, but it is not limited to clinical trial sponsors and or their contracted agents as well as public health entities including but not limited to local, state or national health organizations.

In cases of onward transfer to third parties of data of EU or United Kingdom or Swiss individuals received pursuant to the EU-US and SW-US Privacy Shield, AiCure is potentially liable.


We are committed to ensuring that personal data is secure. In order to prevent unauthorized loss, alternation, destruction, access, use or disclosure, we have put in place and will maintain suitable physical, administrative and technical safeguards to secure the data we process. Where appropriate and consistent with the risk, personal data shall be kept securely. Access to information systems containing personal data shall be controlled, at a minimum, by an individual user identification and password with appropriate requirements for re-logging after passage of an inactive time and/or use of password-protected screensavers. Firewall protection and operating system patches shall be installed on all computers containing personal data. Up-to-date versions of security agency software, including malware, patches and antivirus and pest patrol shall be installed on all computers containing personal data. All items of equipment containing storage media shall be checked to ensure that any personal data has been removed or securely overwritten prior to disposal. Personal data that is transmitted across public networks or wirelessly or stored on portable devices shall be encrypted.

Appropriate contractual arrangements shall be implemented for the responsibility and physical protection of personal data when such information is made available to third parties. Personal data, other than that normally required by mobile users, shall only be taken off site as necessary. Any member of staff using personal data when working from home or during off-site meetings should take necessary precautions to ensure its security, including not leaving such information unattended. Any member of staff dealing with telephone inquiries should be careful about disclosing any personal information held by us.

Any individuals who are provided with access to personal data may only use such information for the purposes set out in this Privacy Policy (or as otherwise notified from time to time) taking steps to provide reasonable safeguards to protect the personal information at all times. Access to personal data by terminated employees shall be promptly withdrawn. Employees who have access to personal information will be trained on privacy and security measures. Unless required to be reported to government or regulatory authorities, sensitive personal data, as defined below will not be disclosed without the express written consent of the individual (which may be given by acknowledgement of policies setting out such disclosure requirements). Personal data shall be retained and destroyed in accordance with the Company’s data retention policies.

Sensitive personal data is defined as an individual’s first name and last name or first initial and last name in combination with one or more the following data elements that relate to such individual: Substance abuse treatment; Alcohol abuse treatment; HIV/Aids; Genetic Information; and Information related to sexually transmitted diseases.

Individuals whose personal information has been collected by AiCure shall have the right to access that data for review, modification or deletion. Access to review, modify and or delete personal information or otherwise manage the use and disclosure of your personal data may be initiated by contacting AiCure:

  • AiCure
  • Attn: Gordon Kessler, General Counsel, Corporate Security Officer
  • 19 West 24th Street, 11th Floor
  • New York, NY 10010
  • 1-800-570-0448

AiCure will follow their corporate approved policies and procedures when handling any personal data requests.


Individuals may opt out of providing personal data, upon request. To the extent that personal data has been collected, individuals have the right to review personal data held about them and have certain inaccurate information corrected, unless the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. If you wish to do so, or to notify us of a change in your details, please contact the Privacy Officer.

A formal request from an individual for information that we hold about them must be made in writing. A fee is payable by the data subject for provision of this information. Any member of staff who receives a written request should forward it to the Privacy Officer immediately.


In addition to this posting, we will provide either a copy of this Privacy Policy or a separate privacy notice to each employee, customer and contractor if we collect and use information from them, which will include the type of information we collect, our Company’s contact information for any inquiries or complaints, the identity of third parties to which we will disclose the information, and the choices and means that we offer individuals for limiting use and disclosure of their information upon request.


This policy may be amended from time to time, consistent with the requirements of the Privacy Shield Framework. A notice will be posted on the AiCure web page ( for 60 days whenever this policy is changed in a material way.


This policy became effective on 01 August 2016 and was last updated on 12 March 2019.


In compliance with the EU-US Privacy Shield Principles, AiCure commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or United Kingdom individuals with inquiries or complaints regarding this privacy policy should first contact at

  • AiCure
  • Attn: Gordon Kessler, General Counsel, Corporate Security Officer
  • 19 West 24th Street, 11th Floor
  • New York, NY 10010
  • 1-800-570-0448

AiCure has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you. 

Under certain limited conditions it is possible to seek recourse through last resort binding arbitration.

Please note the name of the website or other online resource to which you provided the information, as well as the nature of the information that you provided. AiCure will use reasonable efforts to respond promptly to requests, questions or concerns you may have regarding our use of personal information about you. Except where required by law, the Company cannot ensure a response to questions or comments regarding topics unrelated to this Policy or our privacy practices.


AiCure is fully committed to adhere to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, as follows:

AiCure complies with the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. (AiCure certifies that we adhere to the Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

In compliance with the Swiss-US Privacy Shield Principles, AiCure commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact AiCure at:

  • Attention: Gordon Kessler, General Counsel, Corporate Security Officer
  • 19 West 24th Street, 11th Floor
  • New York, NY 10010
  • 1-800-570-0448

AiCure further commits to refer unresolved privacy complaints under the Swiss-US Privacy Shield Framework to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint.