SCC has self-certified to the EU-U.S Privacy Shield and the Swiss-U.S. Privacy Shield


Privacy Statement

SCC has established this privacy statement in order to demonstrate our commitment to Privacy: 

As a leading provider of clinical information systems software and solutions for the healthcare industry, SCC is committed to protecting the privacy of all personal information it receives, maintains, and/or transmits in accordance with applicable national and international Privacy laws and regulations; and to incorporate applicable privacy requirements into SCC’s processes, procedures and information systems.

Purposes of data collection

Patient Data received by SCC (Patients of SCC’s clients): SCC's clients, as the data controllers, collect or receive personal data from patients (data subjects) and determine the processing purpose of that data. SCC, as a data processor, receives data for processing from its clients. SCC processes this data at the instruction of its client and has no direct relationship with the individuals to whom such personal data relates. SCC does not own or determine the purpose for which this data is processed. As a data processor acting on behalf of an SCC client who is the data controller, SCC is required to perform its services in accordance with the Privacy Shield Principles and its contract with the client.

Limited Personal Data received by SCC (Employees of SCC’s clients): As a manufacturer of Laboratory and Genetics Information Systems, SCC assists its clients in the implementation and support of SCC solutions in their healthcare environments. SCC collects or receives limited clients’ employee Personal Data for business operations such as sales, consulting, licensing, customer support, and other similar transactions to improve SCC’s products and services. SCC may hold and process clients’ employee personal data such as name, work role, email, telephone number, work address and any other personal data provided to SCC by its clients. As a data controller of such data, SCC is required to protect the privacy and security of such data in accordance with the Privacy Shield Principles and other Privacy regulations.

Human Resource Data received by SCC (Employees of SCC’s suppliers): SCC may outsource business services to contractors, vendors or suppliers. As such, SCC may receive, hold, and process human resource/personal data from such contractors, vendors or suppliers limited to what is necessary in the business relationship, e.g. name, work role, email, telephone number, work address, payment records, contracts and business correspondence. As a data controller of such data, SCC is required to protect the privacy and security of such data in accordance with the Privacy Shield Principles and other Privacy regulations. 

Personal Data received or collection through SCC’s Web site: SCC collects information from its website users in three ways: 

IP addresses: An IP address is a number that is automatically assigned to your computer whenever you access the Internet. All computer identification on the Internet is conducted with IP addresses, which allow computers and servers to recognize and communicate with each other. SCC Soft Computer collects IP addresses in order to conduct system administration, report aggregate information to affiliates, subsidiaries, sponsors, advertisers or partners, and to conduct site analysis. SCC Soft Computer will also use IP addresses to identify any users who threaten SCC Soft Computer’s service, site, visitors, or clients.

Cookies: A cookie is a small data string our server writes to your hard drive that contains your unique user ID for our Web site. We use cookies to deliver Web content specific to your interests, or to avoid showing you the same message repeatedly. A cookie cannot be used to access or otherwise compromise the data on your computer or hard drive. You may choose to change your browser settings to disable cookies if you wish. Please be aware that cookies may be required to complete certain functions on this Web site.

Form or E-mail User-Supplied Information: SCC Soft Computer may request users to give SCC Soft Computer contact information such as their name, organization, address, e-mail address, etc. The user's contact information is used to provide the user with the content or service request.

Privacy Shield Affirmation statement

SCC complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States in reliance on Privacy Shield. SCC has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

SCC’s execution of the Privacy Shield principles may be limited in certain circumstances, in particular:

  • Where adherence to the Privacy Shield Principles interferes with product safety and efficacy monitoring or compliance activities (e.g. FDA);
  • Where there is a conflicting or overriding legal obligation;
  • To the extent expressly permitted by any applicable law or regulation; or
  • Where SCC receives personal data as a “data processor” acting on the instructions of its client, principle obligations are limited to onward transfer, security, access, and enforcement. SCC’s client and vendor, as the “data controller”, remains responsible for notice, choice, and data integrity.

SCC is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) relative to the Privacy Shield Principles.

Privacy Shield Policy Elements

Notice: SCC will inform individuals for whom it is a data controller that it participates in the Privacy Shield; the purpose and use of the personal information; about how individuals can contact SCC with any inquiries or complaints; the types of third parties to which it discloses the information; the purpose for which it discloses; individual right to access their personal information; the choices and means SCC offers for limiting use and disclosure of the information; SCC’ dispute resolution body; possibility for binding arbitration; SCC may be required to disclose personal information in response to lawful request by public authorities; and SCC’s potential liability in onward transfers to third parties.

Choice: SCC will offer individuals for whom it is a data controller the opportunity to choose whether their personal data is (1) to be disclosed to a third party controller or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Individuals may opt-out by using the contact information listed below.

Accountability for Onward Transfer: Personal data controlled by SCC may be disclosed to service providers for processing personal data on behalf of SCC and subject to SCC’s instruction. SCC limits the data transferred to a service provider to data that is necessary to carry out the function SCC has contracted with the third party transferee to perform. SCC will enter into a written contractual agreement with a third party controller prior to onward transfer of personal data to obtain assurance from the third party that they will safeguard the data in a manner consistent with the Privacy Shield principles. SCC will take responsible and appropriate steps to ensure that the third party effectively processes the personal information transferred in a manner consistent with SCC’s obligations under the Privacy Shield principles. Upon learning of unauthorized processing, SCC will take reasonable and appropriate steps to prevent or stop the use or disclosure and remediate the unauthorized processing.

Security: SCC has put in place appropriate administrative, technical, and physical safeguards to protect data in its possession from loss, unauthorized access and use, disclosure, alteration or destruction.

Data Integrity and Purpose Limitation: When acting as a “data controller”, SCC will process personal data only in a way that is compatible with and relevant to the purpose for which it was collected or received. SCC take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. SCC will adhere to these principles for as long as it retains such data.

Access: When acting as a “data controller”, SCC will support requests made by individuals addressed to access, correct, amend, or delete their data held by SCC. Such requests are subject to certain legal limitations. Individuals should direct their inquiry to the company contract information listed in the Contact Information section

Enforcement: SCC will conduct periodic compliance audits of its relevant Privacy practices to verify adherence to this policy and will self-certify with the US Department of Commerce, Privacy Shield. SCC will evaluate all complaints made to SCC, see section 9.1. SCC will take disciplinary action for any employee that SCC determines is in violation of SCC’s Privacy policies. 

Inquiry or complaint resolution

SCC’s Contact Information: In compliance with the Privacy Shield Principles, SCC commits to resolve inquiries or complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. Individuals with Privacy Shield inquiries or complaints should first contact SCC at:

Chief Information Security Officer

SCC Soft Computer
5400 Tech Data Drive
Clearwater, FL 33760

Phone: (727) 789-0100

Email: privacy@softcomputer.com

Independent dispute resolution: SCC has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, JAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit JAMS https://jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. This service is provided free of charge to you.

Inquiry or compliant involving human resource data: For EU/EEA Data Subjects, the EU data protection authorities (“DPA Panel”) has established an independent recourse mechanism for human resource compliant resolution. To file an inquiry or complaint, contact the state or national data protection or labor authority in the jurisdiction of work. SCC has registered with the DPA Panel and agrees to cooperate and comply with the decisions of the DPA Panel.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Effective date: April 7, 2020