Privacy Policy

Last updated May 1, 2022 

PRIVACY POLICY

Norstella (“We”, “Our” or “Us”) is committed to protecting your privacy and providing you with a safe online experience. This Privacy Policy covers the collection, use and disclosure of information collected through the website www.norstella.com (“Site”) and the services offered through the Site and platform (“Services”) as data controllers. The use of information collected through our Services shall be limited to the purpose of providing the service for which you have engaged Us.

If there is a discrepancy, conflict or inconsistency with this Privacy Policy and your Terms of Service Agreement with Us, the Data Privacy provisions in your Agreement with us will take precedence over the Data Privacy terms in this Privacy Policy.

This Privacy Policy does not apply to data that Norstella processes on behalf of our Customers’ “Personal Data” in our capacity as our Customer’s data processor.

DATA PROTECTION OFFICER

Norstella is headquartered at 1040 Stony Hill Road, Yardley PA 19067 in the United States. Our company has appointed an internal data protection officer for all questions and concerns regarding this Privacy Policy or our privacy policies regarding the collection of your personal data. Our data protection officer’s name and contact information appear below:

Ron Gierlack
Norstella
info@norstella.com

PRIVACY PRINCIPLES

We take your privacy very seriously. We acknowledge that data privacy is an ongoing responsibility. Thus, from time to time we will update this Privacy Policy as our business expands, and we undertake new business opportunities that involve your personal data. Therefore, we strive to adhere to the following principles laid out in this Privacy Policy:

BASIC PRINCIPLES OF OUR PRIVACY POLICY

1. Notice – We tell you what information we collect, how we use it, how our users and Customers use it and when and how we share it.
2. Choice – We will offer individuals the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a third party (other than our third party processors), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
3. Accountability for Onward Transfers – We take steps to gain assurances from our processors that they will safeguard Personal Data consistent with this policy and take steps against to stop disclosure in violation of this policy.
4. Security – The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
5. Data Integrity & Purpose Limitation – We will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.
6. Personal Data Requests – Upon request, we will grant individuals reasonable access to Personal Data that we hold about them, and we will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
7. Resource, Enforcement and Liability – We will conduct compliance audits of our relevant privacy practices to verify adherence to this policy. Any employee that we determine is in violation of this policy will be subject to disciplinary action up to and including termination of employment. We also have procedures for dispute resolution and binding arbitration in certain cases where a data subject believes that we have not complied with the law with respect to the application of our privacy policy.

Definitions
For the purposes of this Privacy Policy:

1. Account means a unique account created for You to access our Service or parts of our Service.
2. Affiliates means the following Norstella affiliated companies: Managed Markets Insight & Technology, LLC
   1. EvaluatePharma USA, Inc.
   2. Evaluate Ltd
   3. Panalgo, LLC
   4. Panalgo, B.V.
   5. The Dedham Group, LLC
   6. Pulse Analytics, LLC
   7. The Zitter Group, LLC
   8. RJ Health Systems International, LLC
3. Business or “Data Controller”, for the purpose of the CCPA (California Consumer Privacy Act), GDPR(The EU’s General Data Protection Act) and all applicable data privacy laws, refers to the Company as the legal entity that collects Consumers’ personal information and determines the purposes and means of the processing of Consumers’ personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers’ personal information, that does business in the State of California.
4. Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Norstella, located at 1040 Stony Hill Road, Yardley PA 19067.
5. Consumer, for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
6. Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
7. Country refers to: United States
8. Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
9. Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.
10. Personal Data is any information that relates to an identified or identifiable individual. For the purposes of the CCPA, GDPR, and all applicable data privacy laws, Personal Data means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person, household, or device linked to same, wherever located.
11. Sale, for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s personal information to another business or a third party for monetary or other valuable consideration.
12. Service refers to the Website.
13. Service Provider or “Data Processor”, for purposes of the CCPA, GDPR, and all applicable data privacy laws, means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
14. Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
15. Website refers to Norstella, accessible from www.norstella.com.
16. You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Children Under the Age of 16
Our website is not intended for children under 16 years of age. No one under age 16 may provide any personal information to the Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at:

info@norstella.com

California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see the California specific section of this Privacy Policy.

PERSONAL DATA WE COLLECT

Personal Data, or Personally Identifiable Information or “PII” means any information relating to or which can be reasonably connected to an identified or identifiable natural person. We collect Personal Data from users of the Services (“Customers”), our website, marketing efforts, in-person events and trade shows and other means.

NORSTELLA COLLECTS

• Contact information – Such as your first and last name, business name, job title, phone number, and business challenge when you contact Norstella through our website. We collect some of this information using various third-party vendors.
• Online data – Such as IP address, personal information contained in cookies (see below regarding detailed information regarding cookie collection). We also track usage information about how you interact with our website and other internet accessible sites that we use to interact with you, such as Twitter, Facebook, LinkedIn.
• Website and Server Logs – When you visit our website and/or use our online Norstella platform, our servers capture your activity, your Internet Protocol (IP) address, computer settings, which browser you use, what language your browser is using, the date/time of your usage, any referring URL (the website that sent you to us), and additional information contained in cookies. (see detailed cookie information below).
• Correspondence – If you contact us by email, postal mail, or other form of communication that reveals your personal data, we may store such information and use it to respond to you; to notify you of additional services, or to keep a record of your comment or complaint, accommodation request, or similar issues. As with other forms of data collection, if you desire to have your personal data “erased” please contact us at info@norstella.com.
• Customer feedback – From time to time, we may ask you to provide feedback either directly, over the phone, through our software or through our support team. You are not required to provide feedback, but if you do, your name and comments will be stored and used to improve the services we deliver to you through our platform.
• Customers who use the Norstella website or purchase products and services from Norstella will have their personal data stored in the United States.
• Detailed information on our collection of Cookies
  • Use of Cookies: When you visit our Site we use cookies, or similar technologies like single-pixel gifs and web beacons, to record and log data. A cookie is a text file that is placed on your local storage by a Web page server. Cookies are useful to personalize your online experience. We use both session-based and persistent cookies. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. They are unique and allow us to do site analytics and customization, among other similar things. If you access our Site through your browser, you can manage your cookie settings.
  • Disabling Cookies: Most web browsers automatically accept cookies, but if you prefer, you can edit and manage your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to disable and manage your cookies settings. If you disable cookies you may still browse public areas of the Site, but some features and Services may not function.

HOW DO WE USE YOUR PERSONAL DATA?

Norstella will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

• Websites, Social Media, Events and other Marketing means
  • We collect your personal data to administer our Website, for marketing purposes, to continuously improve your experience in using our website and services, to insure that our website and social media content displays in the most efficient and effective manner, for usage trend monitoring and advertising.
  • We also collect your information and use it to improve our network and information security practices.
  • We also collect your personal data that you provide to us to inform you of additional services, to schedule meetings, or simply to reply to you based on your inquiry.
• Norstella Services and Products
  • Norstella collects and uses your personal information to operate the Norstella Site and deliver the services you have requested. Norstella may also use your personally identifiable information to inform you of other products or services available from Norstella and its affiliates with your prior consent. Norstella may use the personal data it collects for the following additional reasons:
  • Manage your usage of Norstella’s site, respond to inquiries and comments, and provide customer service and support.
  • Send customers alerts, updates, security notifications and other administrative communications.
• Customer Support – Norstella both directly and through its third-party processors, collect site analytics information detailed below and combine it with your email address and other information you provide using fields or sign-in for the purpose of providing customer service and follow up on the Services. Norstella may also access content solely for the purpose of providing Customer Support.

Google Analytics
Google Analytics provides Us with reports with website trends without identifying individual visitors. Site usage is tracked using Google Analytics in accordance with their Privacy Policy. However, if you do not want your data to be used by Google Analytics, you may opt-out by installing Google Analytics Opt-out Browser Add-on.

Passwords and Logins (Unique Identifier)
Passwords and usernames are used for user authentication.

Direct Marketing and Opt-Out
We use User Personal Data to communicate with you regarding the provision of the Services, but also to let you know about additional features and services we provide that may be of interest to you. If you do not wish to receive marketing communications, you may opt out at any time.

Opt-Out
You may also sign up for blog updates from our Web site. In both of these cases, we will use your name and email address to send these materials to you. You may choose to stop receiving these contacting us at:
Email: info@norstella.com
Mail: 1040 Stony Hill Road, Yardley PA 19067

INFORMATION SHARING

Norstella may share your Personal Data with Affiliates but Norstella and Affiliates will not sell, rent or lease its customer lists to third parties. Further, we believe that we do not disclose your Personal Data to any third party or our Affiliates in a manner that would be considered a “sale” under applicable laws. We will share your personal information with trusted third parties only in the ways that are described in this privacy policy.

Norstella will not otherwise transmit, disclose or share your personal data to non-Norstella persons or businesses for their independent use unless: 1. You specifically authorize it; 2. The information is given to comply with the law, such as a search warrant, court order or subpoena, to enforce an agreement with have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; 3. The information is given to our agents, vendors, affiliates or service providers who perform functions on our behalf; 4. To address emergencies or acts of God; 5. To address disputes, claims, or to persons who are your agents or representatives purporting to have legal authority to act on your behalf. We may also collect aggregated data about our customers and Site visitors and transmit the results of such aggregated (but de-identified) information to our partners, vendors, service providers, advertisers, and third parties for purposes of marketing and promotions.

Processing your payment

Norstella does not store your payment information. Customer payment information is sent directly to our third-party processor, Shopify.

Norstella does not store credit card information separately from Shopify. However, information about you is given to us from Shopify to confirm that your bill has been paid so that we may account our receivables.

Law Enforcement and Internal Operations
Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary

• to respond to claims asserted against Norstella or to comply with the legal process (for example, discovery requests, subpoenas or warrants);
• to enforce or administer our policies and agreements with users;
• for fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes;
• or to protect the rights, property or safety of Norstella’s users, customers or members of the general public.

We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third-party request to compel disclosure of your information.

Third-Party Data Processors or Service Providers
We engage Service Providers or “Data Processors” to perform services on our behalf to help us provide services to you. Additionally, we engage third-party Data Processors to assist us in processing of credit cards, marketing, IT infrastructure, cloud computing, SaaS, data enhancement and other services to enhance your experience with our subscription services as well as our website and business in general.

These Service Providers will only use your Personal Data to the extent necessary to perform their functions and are subject to contractual obligations to maintain the security and confidentiality of all information they receive from us.

In addition, Norstella may share data with trusted partners as data processors to help us perform statistical analysis, send you email or postal mail, provide customer support, or to deliver our services to you. All such third parties are prohibited from using your personal information except to perform data processing according to Norstella’s instructions in order to provide our services to you, our customer.

Business Transfer
Norstella may sell, transfer, merge or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. Under such circumstances, Norstella will use commercially reasonable efforts to notify its users if their personal information is to be disclosed or transferred and/or becomes subject to a different privacy policy.

SECURITY OF YOUR PERSONAL INFORMATION

How is my data protected?
Norstella uses SOC 2 Type II to secure personal information from unauthorized access, use or disclosure. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. When sensitive information (such as log-in credentials) is submitted, it is protected through the use of encryption. We restrict access to your personal data to those employees who require that information to provide Norstella’s services to you. Furthermore, our employees are trained regarding the importance of confidentiality and maintaining the privacy and security of your information.

Reasonable administrative, technical, and physical security measures taken, include but are not limited to:

• Restricting access to Personal Data protected by passwords, which are restricted and revoked when staff departs
• Restricting access to Personal Data to key Norstella staff on a need to know basis
• Regular staff privacy and security training
• Requiring key contractors sign non-disclosure agreements (NDA’s)

No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the security of any information we store, process, or transmit.

Data Storage and retention
Your personal data is stored on Norstella’s servers as well as the servers of Norstella’s cloud and SaaS based systems, located in the United States. For more specific information on where and how long your personal data is stored, please contact Norstella’s data protection officer at info@norstella.com.

YOUR CHOICES

Right to Review or Change Your Data
If your personal information changes, you may correct, update, amend, remove, or ask to have it removed by making the change on your user account settings page or by contacting us by phone or email at the contact information available on our Web site.

We will retain your information for as long as your account is active, as needed to provide you the Services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Email: info@norstella.com

Right to Withdraw Consent
You have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data.

If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings.

Right to Remove
You can request that we delete your Personal Data by emailing a request to

Email: info@norstella.com

If we are legally required to comply with such a request, we will confirm your identity and delete your personal data in such time frame as required by law.

We may be required by law or to retain it to exercise or defend legal claims, or contractual obligations with our customers to retain some information in connection with our obligation to provide the Services. We may de-identify and anonymize some data for purposes of retaining it.

Right to Redress
If you are located in the European Economic Area (EEA) or United Kingdom and you believe we have violated any data protection laws, please contact us immediately at info@norstella.com We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this policy within forty-five (45) days of receiving a complaint.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”). Should an individual be unable to resolve a complaint with us, they may contact the FTC at the following address:

Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW, Washington, DC 20580 or www.ftc.gov
European Economic Area and United Kingdom data subjects may also have the right to file complaints with the Data Protection Authorities located in the jurisdiction they are located in.

THIRD PARTY LINKS

Our Site includes links to other Web sites whose privacy practices may differ from Norstella’s practices. If you submit personal information to any of those sites, your information is governed by their privacy policies. Norstella is not responsible for the privacy statements or other content on Web sites outside of the Norstella web site.

UPDATES TO THE PRIVACY POLICY

This policy may be amended from time to time, consistent with applicable data protection and privacy laws and principles including, but not limited to the requirements of English law, and/or the EU General Data Protection Directive. We will notify you of changes to this policy either through email, posting on our website, via our Services, or other means. We will notify Customers if we make changes that materially affect the way we handle Personal Data that we previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.

Supplemental Privacy Policy For California Residents
This Supplemental Privacy Policy supplements the information in our Privacy Policy and applies solely to California residents. It applies to Personal Data we collect as a business or data controller; it does not apply to Personal Data we collect or otherwise process as a service provider or data processor.

Norstella as a “Business” and a “Service Provider”
California law makes a distinction between organizations that process Personal Data for their own purposes (known as “businesses”) and organizations that process Personal Data on behalf of other organizations (known as “service providers”). Depending on the circumstances, Norstella may act as either a business or service provider with respect to your Personal Data. If you have a question or a complaint about how your Personal Data is handled, these should always be directed to the relevant business since they are the ones with primary responsibility for your Personal Data.

For example, if you visit our site and contact us through an online web form, Norstella will be a business with respect to the Personal Data that you provide about yourself. We will also be a business as to the Personal Data that we have obtained from you as a customer of our products and services. We use this information to provide you with requested services and products.

Summary of Information We Collect
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).

We or our service providers may collect the below categories of information for the following business or commercial purposes (as those terms are defined in applicable law):

• Our or our service provider’s operational purposes;
• Auditing consumer interactions on our site (e.g., measuring ad impressions);
• Detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity;
• Bug detection and error reporting;
• Customizing content that we or our service providers display on the Services (e.g., contextual ads);
• Providing the Services (e.g., account servicing and maintenance, order processing and fulfillment, customer service, advertising and marketing, analytics, and communication about the Services);
• Improving our existing Services and developing new services (e.g., by conducting research to develop new products or features);
• Other uses that advance our commercial or economic interests, such as third party advertising and communicating with you about relevant offers from third party partners;
• Other uses about which we notify you.

We may also use the above categories of Personal Data for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device.

Rights
If you are a California resident, you may have certain rights. California law may permit you to request that we:

• Provide you the categories of Personal Data we have collected or disclosed about you in the last twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your Personal Data; and the categories of third parties with whom we shared Personal Data.
• Provide access to and/or a copy of certain information we hold about you.
• Delete certain information we have about you.

You may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Services to you. If you ask us to delete it, you may no longer be able to access or use the Services.

If you would like to exercise any of your California consumer rights, please submit a request to info@norstella.com. You can also contact us toll-free at 888-200-9288. You will be required to verify your identify before we fulfill your request. To do so, you will need to provide us with certain account information, such as the full name and email address you used to create your account and your account user id. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization for the agent to act on your behalf. You will still need to verify your identity directly with us.

The CCPA sets forth certain obligations for businesses that “sell” Personal Data. Based on the definition of “sell” under the CCPA and under current regulatory guidance, we do not believe we engage in such activity. We do share certain information as set forth in this Privacy Policy and allow third parties to collect certain information about your activity, for example through cookies, except as explained in our Detailed information on our collection of Cookies section of our Privacy Policy.

YOUR CALIFORNIA PRIVACY RIGHTS UNDER THE SHINE THE LIGHT LAW

California residents who have an established business relationship with Norstella may make a written request to Norstella about whether Norstella has disclosed any Personal Information to any third-parties for the third-parties’ direct marketing purposes during the prior calendar year. To make such a request, please send an email, call or write us:

Email: info@norstella.com

NOTICE FOR NEVADA RESIDENTS

Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.

We do not engage in such activity; however, if you are a Nevada resident who has purchased services from us, you may submit a request to opt out of any potential future sales under Nevada law by email to: info@norstella.com. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.

CONTACT INFORMATION

If you believe that Norstella has not adhered to this Statement or have questions, please contact us at:

Email: info@norstella.com