LedgerDomain Inc. built the XATP Compliance Suite and XATP Mobile App (“XATP”), and the KitChain Suite and KitChain Mobile App (“KitChain”) (collectively, “LedgerDomain Software”). This page is used to inform visitors regarding our policies with regard to the collection, use, and disclosure of Personally Identifiable Information (PII) if anyone decides to use our Service. If you choose to use our Service, then you agree to the collection and use of information in relation to this policy.
LedgerDomain will not sell your personal data to third parties, or utilize it for marketing or other purposes directly unrelated to the use of LedgerDomain Software, or otherwise use or intentionally disclose the information to third parties other than in accordance with the below Privacy Policy without your prior written consent. The information you submit to LedgerDomain is considered private and personal. Your private information will not be sold, rented, leased, or intentionally disclosed in any manner to any person without your prior written consent, unless otherwise required by law, or except as may be necessary for the performance of LedgerDomain Software services.
PURPOSE OF LEDGERDOMAIN SOFTWARE
The purpose of XATP is to establish and maintain an electronic system to facilitate secure, electronic communication between Authorized Trading Partners (“ATPs”) as defined under the U.S. Drug Supply Chain Security Act of 2013 (DSCSA), using digital signature technologies to authenticate and verify user identities for the purpose of verifying saleable returns, assisting in suspect & illegitimate product investigations, tracing, and similar activities. The purpose of KitChain is to enable high-fidelity execution for the clinical supply chain, with mobile and web applications supporting investigational product inventory and collaborative event tracking.
This Privacy Policy, together with the Terms of Use, describes the practices regarding the types of individual information collected by LedgerDomain, its use and permissible disclosures, along with the rights of individuals concerning their personal information.
LedgerDomain Software enables users to scan GS1-compliant 2D barcodes or enter the human-readable data associated with said barcodes (hereafter referred to as “the product identifier” or “product identifiers”) on drug packages, as well as supplemental information about the package and associated transaction(s) as required (collectively, hereafter referred to as “the report” or “reports”), in order to access information about the drugs. The product identifiers contain no PII, and the information provided to users is compiled from publicly available US federal government databases and/or provided to LedgerDomain by the barcoding entity (e.g. a manufacturer).
Should you decide to use LedgerDomain Software by applying for identity verification, certain information may be required to process your application. The purpose of this data collection is to enable other pharmaceutical supply chain participants to interact with you via secured messaging channels, and/or for LedgerDomain to issue a verifiable credential that will be accepted by other parties as authentication of your identity. If you transact with other users on the system, those users may retain information you share.
INFORMATION COLLECTION AND USE
Looking up drug information. When a user submits a report, LedgerDomain Software may provide publicly available information about the drug. LedgerDomain specifically disclaims any responsibility for the veracity of these public datasets and asks that users confirm this content for themselves.
Applying for a verifiable credential. To gain access to functionality intended only for ATPs as defined under the Drug Supply Chain Security Act of 2013 (in the case of XATP), or gain access to functionality intended only for clinical supply chain participants (in the case of KitChain), we may require you to provide us with certain personally identifiable information which we use to validate your identity. These include, but are not limited to:
- Name
- Email address
- Phone number
- Photo (including the user, and may include an acceptable form of ID)
- Name of organization
- Address of organization
- State or federal license number
The information that we request will be retained by us and used as described in this Privacy Policy and the Terms of Use.
Submitting a request. When a user submits a request to another user (e.g. a verification request from one ATP to another under the DSCSA), the report submitted by the user is uploaded to private storage. The following data may be written to LedgerDomain data systems: document ID, uploader user ID, nonce value, document hash value, and upload timestamp. Upon submission of a request, the following PII is provided via email to the recipient as part of the request: name, email address, name of organization, and address of organization. The information contained in the product identifier is also sent to the manufacturer.
Responding to a request. Users who receive requests via LedgerDomain Software have the ability to securely respond to the request. The response (i.e. whether the information contained in the product identifier is verified or unverified) is retained in secure data storage, and a notification is sent to the requesting user. While LedgerDomain may be able to determine whether a manufacturer has been able to respond to a given verification request, LedgerDomain may not have the ability to determine whether a particular product identifier has been marked as verified or unverified.
LedgerDomain Software does use third-party services that may collect information used to identify you.
LOG DATA
We want to inform you that whenever you use our Service, in a case of an error in the LedgerDomain Software we collect data and information (through third-party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the LedgerDomain Software when utilizing our Service, the time and date of your use of the Service, and other statistics. Log Data may be collected from any user, regardless of whether they have been issued a verifiable credential.
COOKIES
Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device’s internal memory.
This Service does not use these “cookies” explicitly. However, the LedgerDomain Software may use third-party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.
SERVICE PROVIDERS
We may employ third-party companies and individuals due to the following reasons:
- To facilitate our Service;
- To provide the Service on our behalf;
- To perform Service-related services; or
- To assist us in analyzing how our Service is used.
We want to inform users of this Service that these third parties have access to your PII. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
SECURITY
We value your trust in providing us your PII, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.
LINKS TO OTHER SITES
This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
CHILDREN’S PRIVACY
These Services do not address anyone under the age of 13. We do not knowingly collect PII from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us privacy@ledgerdomain.com so that we will be able to do necessary actions.
CHANGES TO THIS PRIVACY POLICY
We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.
CONTACT US
If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at privacy@ledgerdomain.com.