When there is no other available non-PII unique identifier, PII may be collected through CB-Protect by Client or its Users when individuals are scanned in order to create a unique identifier. Client’s choice of PII collected by its Users in order to identify the individuals scanned must ensure the greatest privacy possible in the circumstances and be respective of the data minimization principles. In no event whatsoever shall Client or its Users collect through CB-Protect addresses, passport numbers, gender, age, religion, sexual orientation, income, social status, political habits, ethnic origin information or any information from patients.
Use and Purpose
CB makes no use whatsoever of PII entered onto CB-Protect by Client and Users other than to provide the service of the software to Client, including, without limitations, providing reports to Client. The PII collected by Client and Users shall only serve for identifying individuals in the least intrusive and most private way possible.
CB does not store PII and does not have PII at rest in its systems. In case Client enters PII onto CB-Protect, CB promptly de-identifies any PII upon reception through a proprietary and secure process. Reports provided by CB to Client are normally exempt of PII. CB will only provide reports to Client containing PII (“Reports With PII”) upon express request from Client and when Client has a reasonable and legitimate need for such report. The Reports With PII are generated as follows: a momentary show of combination of separate servers, Google Server and Amazon Web Service, allowing non PII data of one server to be connected to a temporarily de-anonymized unique identifier from the other. The temporarily generated Reports With PII will be automatically deleted from CB’s systems at log off.
Compliance with Laws
Each Party shall comply with all applicable privacy and data protection laws of its jurisdiction in performing its obligations hereunder.
For the purpose of its relationship with CB, Client shall be considered as a “Data Controller” under GDPR or as a “Business” under CCPA and bear all the responsibilities and liability coming with such qualifications.