Effective on: April 1, 2023

Last Updated: January 10, 2024

Privacy Summary

OUR CONTACT INFORMATION FOR PERSONAL DATA PROTECTION

 Simulations Plus, Inc.                                                                                                    Phone number: (661) 723-7723
42505 10th St W Suite 103                                                                                            Email address: privacy@simulations-plus.com
Lancaster, California 93534
 

Contact details of our Data Protection Officer:

We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:
VeraSafe
100 M Street S.E., Suite 600                                                                                        Email: experts@verasafe.com
Washington, D.C. 20003                                                                                              Web: https://www.verasafe.com/about-verasafe/contact-us/

GENERAL INFORMATION
 

Related Notices

 

Use of cookies or similar tracking technologies on our website: View our Cookie Notice.

For a DPA for Suppliers & Distributors.

For a Personal Data Privacy Notice for our Learning Management System.

For a Personal Data Privacy Notice for our Job Applicants.

Do we sell Personal Data? NO

 

Introduction

Simulations Plus, Inc. (“Simulations Plus”, “we”, “us”, “our”) takes the protection of personal data (“Personal Data”) seriously. Please read this privacy notice (the “Notice”) to learn what we are doing with your Personal Data, how we protect it, and what privacy rights you may have under applicable data protection and privacy laws, such as the European Union General Data Protection Regulation (“GDPR”) and the California Privacy Rights Act of 2020 (“CPRA”), and the Personal Information Protection Law of 2021 (“PIPL”).

  • What is covered by this Privacy Notice?

    This Notice addresses data subjects (which includes both individuals) whose Personal Data we:

  • Personal data from or on behalf of our customers

    In our providing you access to our web-based software applications, or when our Customer provides us Personal Data for us to provide our software products to and/or consulting services for the Customer, we do not decide why or how that Personal Data will be processed. Our Customers use our web-based platform to store and process their own personnel’s Personal Data, and we act only as a storage and service provider. We do not decide what Personal Data is being stored, and in general we will only access such Personal Data at our Customer’s request in connection with Customer support or account administration matters. For the services we provide to our Customers, we will only access Personal Data to provide the services that our Customer has directed us to provide, or if we are required to do so by law, and in such cases we act as a data processor.

    When you give your Personal Data to one of our Customers or when we collect your Personal Data on their behalf, our Customer’s privacy notice, rather than this Notice, will apply to our processing of your Personal Data. If you have a direct relationship with one of our Customers, please contact them to exercise your privacy rights.

  • What Is not covered by this notice
    • Personal Data of employees, contractors, directors, officers, of Simulations Plus; and
    • Information that we maintain in a manner that does not identify, relate to, describe, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual or household. Such information is not considered Personal Data and this Notice will not apply to our processing of that information.

     

    Note: Simulations Plus does not have actual knowledge that it processes the Personal Data of data subjects under 16 years of age other than dependents of Simulations Plus employees for employee benefit purposes.

  • Personal data we collect for our own purposes

    Personal Data that we process for own purposes, and within the scope of this Notice, Simulations Plus acts as a data controller which means that we decide why and how such Personal Data will be collected and processed.

     

    This Notice tells you, among other things:

    • What Personal Data we collect about you and how we obtain it;
    • The lawful bases for processing your Personal Data;
    • For what purposes we use that Personal Data;
    • How long we keep your Personal Data;
    • With whom we share your Personal Data;
    • Your rights about the Personal Data we collect about you and how you can exercise those rights;
    • How we protect your Personal Data; and
    • How to contact us regarding processing of your Personal Data.

    We must have a valid reason to use your Personal Data. This is called the “lawful basis for processing”.

  • Lawful basis for processing

    When we act as a data controller, we may process your Personal Data on the basis of:

    • Your consent;
    • The need to perform a contract with you, including providing our Services to you that your requested;
    • Our legitimate interests or those of a third party, such as our interest in marketing our Services;
    • The need to comply with Applicable Law; or
    • Any other ground, as required or permitted by Applicable Law.

     

    Applicable Law” as used throughout this Notice, means the provisions of the mandatory law(s) applicable to the protection of you and our Customers, as applicable, with regard to the processing of your or their, as applicable, Personal Data by Simulations Plus.

     

    Note: Where we receive your Personal Data as part of providing our Services to you including to fulfill a contract, we require such Personal Data to be able to carry out the contract or provide the Services. Without that necessary Personal Data, we will not be able to perform the contract on your behalf or provide the Services to you.

  • What personal data we process and how we obtain it

    The table below describes the categories of Personal Data we have collected about you in the last twelve months.

    Personal Data We Collect, Process, or Store How We Obtain It
    Identifiers

    A real name, alias, postal address, unique personal identifier, telephone number, online identifier, Internet Protocol address, email address, account name, employer, occupational title, or other similar identifiers.

    • You provide it directly to us when asking a question, fill a form, requesting information or email communications from us, making a comment about one of our products or services;

    • You sign-up for an account to access, or obtained from you as a customer to use of our products and/or Services;

    • You sign up for one of our events;

    • Our customers (including their employees, contractors, and other representatives of their companies) provide it to us;
    • Given it directly to us for the purposes of sales or customer support;
    • You visit our websites and social media sites; and

    • When we purchase lists of individuals who might be interested in becoming customers of ours.

     

    Special categories of Personal Data

    A name, signature, , credit card number, debit card number, or any other financial information.

    • You purchase our products or Services.
    Protected characteristics

    Age, race, color, medical condition, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions),

    • Given to us by our Customers for our processing under contract for Services.
     

     

    Geolocation data

    Physical location

    • You sign-up for an account to access, or obtained from you as a customer to use of our products and/or Services;

    • You sign up for one of our events;

    • Our customers (including their employees, contractors, and other representatives of their companies) provide it to us;
    • Given it directly to us for the purposes of sales or customer support; and
    • You visit our websites and social media sites.

    Professional or employment-related information

    Job title

    • You provide it directly to us when asking a question, fill a form, making a comment about one of our products or Services;

    • You sign-up for an account to access, or obtained from you as a customer to use of our products and/or Services;

    • You sign up for one of our events;

    • Our customers (including their employees, contractors, and other representatives of their companies) provide it to us; and
    • Given it directly to us for the purposes of sales or customer support

    We will not collect additional categories of Personal Data without informing you.

  • Cookies

    A “cookie” is a small file stored on your device that contains information about your device. We may use cookies to provide basic relevant ads, website functionality, authentication (session management), usage analytics (web analytics), to remember your settings, and to generally improve our websites and Services.

    We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser, but always have an expiration date. Most of the cookies placed on your device through our Services are first-party cookies which are placed directly by us. Other parties, such as Google, may also set their own (third-party) cookies through our Services. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.

    Upon visiting our website, you will have a choice to “Accept” cookies or “Reject” cookies.

    For more information about our use of cookies, please see our Cookie Notice.

    We reserve the right to make changes to the Cookie Notice at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of the Cookie Notice on the Site. Any changes or modifications will be effective immediately upon posting the updated Cookie Notice on the Site, and you waive the right to receive specific notice of each such change or modification. You are encouraged to periodically review this Cookie Notice to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Cookie Notice by your continued use of the Site after the date such revised Cookie Notie is posted.

  • Privacy Notice for Chinese citizens

    This PRIVACY NOTICE FOR CHINESE CITIZENS applies solely to users of our website who are citizens of the People’s Republic of China (“consumers” or “you”). We adopt this notice to comply with the Chinese Personal Information Protection Law (“PIPL” effective November 01, 2021), including its amendments.

    Information We Collect

    We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, to assist you with your interest in our business, services, and products, we may need to collect and use your personal information, including name, contact information (e.g., email address, phone number, company address and location, email address, and occupational title).

    Use of Personal Information

    We may use or disclose the personal information we collect from you for one or more of the following business purposes:

    • To fulfill or meet the reason for which the information is provided. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
    • To provide you with support and respond to your inquiries, including investigating and addressing your concerns and monitoring and improving our responses.
    • To provide you with information, products, or services that you request from us.
    • To provide you with email alerts, event registrations, and other notices concerning our products or services, or events or news, that may be of interest to you.
    • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
    • As necessary or appropriate to protect the rights, property, or safety of our clients or others.
    • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
    • As described to you when collecting your personal information or as otherwise set forth in the PIPL.

    We may need to disclose your personal information to the following entities to assist us with use of your personal information as described above:

    • Our affiliates;
    • Our Service providers; and
    • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you, or as otherwise provided by applicable law including the PIPL.

    Your Rights and Choices

    The PIPL provides Chinese citizens with specific rights regarding their personal information. This section summarizes your PIPL rights, as specified in Articles 44 through 49 of the PIPL. These rights include the following.

    • Consumer has the right to know and decide on processing their personal information and have the right to object or restrict the processing of their personal information by processors.
    • Consumer has the right to access and copy their personal information which is stored or processed by processors.
    • Consumer can request the processor to correct their personal information if such information is incorrect in the processor’s records.
    • Consumer can request deletion of Consumer’s personal information in certain circumstances such as when it is no longer needed for contractual reasons, or if Consumer withdraws consent of a processor to process Consumer’s personal information.
    • Consumer can request that a processor explain processor’s rules for processing Consumer personal information.

    Right of Revocation

    Revocation of Consent

    You can revoke this consent towards Simulations Plus processing your personal information (as a “processor”) but a revocation may affect the ability of us to provide you our goods and services.

    To exercise the right to know, access, correct, deletion, explanation, or revocation rights described above, please submit a verifiable consumer request to us in the English language by either:

    • Calling us at: +1 (661) 723-7723
    • Online: https://www.simulations-plus.com/privacy-policy/
    • Emailing: privacy@simulations-plus.com.
    • Mailing: Office of the Personal Data Protection Officer
      • Simulations Plus, Inc.
      • 42505 10th Street West STE 103
      • Lancaster, CA, USA 93535
  • Privacy Notice for California residents

    Revised 1/2023

    This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS (“Notice’) applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”) and supplements the information contained in our Website Privacy Policy and corporate privacy policies, procedures, and standards. We adopt this Notice to comply with the California Privacy Rights Act of 2020 (“CPRA”) effective 01 January 2023 and other California privacy laws. Any terms defined in the CPRA have the same meaning when used in this Notice.

    Information We Collect

    We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

    Category Examples Collected
    A. Identifiers. A real name, IP address, email address, or other similar identifiers. YES
    B. Personal information categories are listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).  

    A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

    YES
    C. Protected classification characteristics under California or federal law.  

    Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

    YES
    D. Commercial information.  

    Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

    NO
    E. Biometric information.  

    Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

     

    NO
    F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

     

    NO
    G. Geolocation data. Physical location or movements.

     

    NO
    H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
    I. Professional or employment-related information. Current or past job history or performance evaluations. YES
     

    J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

    Education records directly related to a student maintained by an educational institution or party acting on its behalfs, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
     

    K. Inferences are drawn from other personal information.

    Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO

    Personal information does not include:

    • Publicly available information from government records.
    • De-identified or aggregated consumer information.
    • Information excluded from the CPRA’s scope, like:
      • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
      • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

    We obtain the categories of personal information listed above from the following categories of sources:

    • Directly from you; for example, from submissions or forms that you complete and send through our website portal or job application portal.
    • Directly from you or your agent; for example, from documents that you provide to us related to the services for which you express an interest in or engage us to provide.
    • Indirectly from you or your agent; for example, through information we collect from you in the course of providing services to you.
    • Directly and indirectly from the activity on our website; for example, from submissions through our website portal or website usage details collected with your consent.
    • From third parties that interact with us in connection with the services we perform.

    Use of Personal Information

    We may use or disclose the personal information we collect for one or more of the following reasonable business purposes:

    • To fulfill or meet the reason for which the information is provided. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
    • To provide you with support and respond to your inquiries, including investigating and addressing your concerns and monitoring and improving our responses.
    • To provide you with information, products, or services that you request from us.
    • To provide you with email alerts, event registrations, and other notices concerning our products or services, or events or news, that may be of interest to you.
    • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
    • To improve our website and present its contents to you.
    • For testing, research, analysis, and product development.
    • As necessary or appropriate to protect the rights, property, or safety of our clients or others.
    • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
    • As described to you when collecting your personal information or as otherwise set forth in the CPRA.
    • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

    We will not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice.

    Retention of Personal Information

    We retain your personal information as follows: (a) for as long as necessary to achieve the specific business purpose for which it is collected and used; (b) for as long as required by applicable law; and (c) in accordance with our corporate retention policy.

    Sharing Personal Information

    We may disclose your personal information to a contractor or service provider for our business purposes. When we disclose personal information for such a business purpose, we enter an agreement describing the purpose and require the recipient to keep that personal information confidential and not use it for any purpose except performing under the agreement consistent with such business purpose.

    In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

    Category A: Identifiers.
    Category B: California Customer Records personal information categories.
    Category C: Protected classification characteristics under California or federal law.
    Category I: Professional or employment-related information.

    We disclose your personal information for a reasonable business purpose to the following categories of third parties:

    • Our affiliates.
    • Service providers.
    • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

    In the preceding twelve (12) months, we have not sold any personal information.

    Your Rights and Choices

    The CPRA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CPRA rights and explains how to exercise those rights.

    Access to Specific Information and Data Portability Rights (Right to Know What Personal Information is Being Collected)

    You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

    • The categories of personal information we collected about you.
    • The categories of sources for the personal information we collected about you.
    • Our business purpose for collecting that personal information.
    • The categories of third parties with whom we share that personal information.
    • The specific pieces of personal information we collected about you (also called a data portability request), and the corresponding retention period(s) during which we retain your personal information.
    • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
      • sales, identifying the personal information categories that each category of recipient purchased, and
      • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

    Right to Opt-Out of Sale or Sharing of Personal Information

    You have the right to opt-out of having any of your personal information collected by us from being shared by us with third parties. Upon receiving your verified request to opt-out of sharing your personal information with third parties, we will no longer share your personal data with such third parties, except as required by applicable law.  An opt-out request may affect the services or support for products that we can provide you, and we will endeavor to notify you in such cases.

    Right to Correct Inaccurate Personal Information

    You have the right to request changes and alterations to your personal information collected by us that is incorrect or has since become outdated or obsolete.

    Deletion Request Rights

    You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records unless an exception applies (see below).

    We may deny your deletion request if retaining the personal information is necessary for us or our service providers to:

    1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
    2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
    3. Debug products to identify and repair errors that impair existing intended functionality.
    4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
    5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
    6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
    7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
    8. Comply with a legal obligation.
    9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

    Right to Limit Use and Disclosure of Sensitive Personal Information

    If we collect personal information from you that is considered sensitive personal information, you have the right to restrict the usage of your sensitive personal information collected. Under the CPRA, sensitive personal information is personal information that reveals (a) consumer’s Social Security number or other state identification number; (b) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (c) a consumer’s geolocation; (d) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (e) the contents of a consumer’s mail, email, or text messages, unless we are the intended recipient of the communication; and (f) consumer’s genetic data.

    Right of No Retaliation Following Opt-Out or Exercise of Other Right

    You have the right to exercise any of your CPRA rights with respect to your personal information without having to endure any form of discrimination against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not:

      1. Deny you goods or services.
      2. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
      3. Provide you a different level or quality of goods or services.
      4. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

    However, we may offer you certain financial incentives permitted by the CPRA that can result in different prices, rates, or quality levels. Any CPRA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
    Please note that your user experience with us may change if you request deletion or restriction on use of your personal information that is necessary for us to provide the services or product support you requested from us.

    Exercising Your CPRA Rights with Us with Respect to Your Personal Information

    To exercise any of your CPRA rights described above, please submit a verifiable consumer request to us by either:

    Calling us at: +1 (661) 723-7723
    Online: https://www.simulations-plus.com/privacy-policy/
    Email: privacy@simulations-plus.com.
    Mailing: Office of the Data Protection Officer
    Simulations Plus, Inc.
    42505 10th Street West STE 103
    Lancaster, CA, USA 93535

    Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

    You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

        • Provide sufficient information that allows us to reasonably verify you are the person or an authorized representative of the person we collected personal information on.
        • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

    We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

    Response Timing and Format

    We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain why we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

    We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

    Changes to Our Privacy Notice

    We reserve the right to amend this Notice at our discretion and at any time. Notification of such changes will be posted on this page. You should review this Notice periodically to keep up to date on our most current policies and practices.
    Date Of Last Update: 01 January 2023

    Contact Information

    If you have any questions or comments about this Notice, our Privacy Statement, how we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

    Phone: 1 (661) 723-7723
    Website: https://www.simulations-plus.com/privacy-policy/
    Email: privacy@simulations-plus.com.
    Mailing Address: Office of the Data Protection Officer
    Simulations Plus, Inc.
    42505 10th Street West STE 103
    Lancaster, CA, USA 93535

    Contact details of our Data Protection Officer:

    We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:

    VeraSafe
    100 M Street S.E., Suite 600                 Email: experts@verasafe.com
    Washington, D.C. 20003                       Web: https://www.verasafe.com/about-verasafe/contact-us/

For what purposes do we use your personal data

We may process your Personal Data for the following purposes.

  • Delivering, improving, updating, and enhancing the Services we provide for you. We collect various information relating to your purchase, use, and/or interactions with our products and Services. We utilize this information to:
    • Improve and optimize the operation and performance of our Services (including our websites);
    • Diagnose problems with and identify any security risks, errors, or needed enhancements to the Services;
    • Detect and prevent fraud and abuse of our Services and systems;
    • Collect and aggregate statistics about the use of the Services;
    • Understand and analyze how you use our Services and what products and Services are most relevant to you;
    • Develop new Simulations Plus websites, products, and Services which may be of interest to you;
    • Provide you with information or products and Services that you request from us;
    • Respond to your requests or questions regarding our products and Services;
    • Communicate with you on status of our Services;
    • Improve our products and Services; and
    • Send you email marketing communications about our business which we think may interest you;
    • Respond to your request or communication by you regarding your Personal Data processed by us, including your rights regarding your personal data under Applicable Law

(When you contact us about our use of your Personal Data and we will also take reasonable steps to verify your identity);

  • Fulfilling legal obligations and enforce our rights, which may include:
    • complying with our obligations to retain certain business records for minimum retention periods;
    • establishing, exercising, or defending legal claims; detecting, preventing, and responding to fraud, intellectual property infringement, violation of our contracts or agreements, violations of law, or other misuse of Simulations Plus’s websites or products;
    • protecting Simulations Plus’s rights or property, or yours or others’ health, safety, welfare, rights, or property; and
    • responding to law enforcement requests and as required by applicable law, court order, or governmental regulations.

In regards to compliance with legal, regulatory, and law enforcement requests, we cooperate with government and law enforcement officials and private parties to enforce and comply with Applicable Law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical. To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your personal information to third parties as part of the legal process.

Often, much of the data collected is aggregated or statistical data about how individuals use our Services and are not linked to any personal data, but to the extent it is itself personal data or is linked or linkable to personal data, we treat it accordingly.

Data about usage of services is automatically collected when you provide consent and subsequently use and interact with our Services, including metadata, log files, cookie/device IDs, and location information. This information includes specific data about your interactions with the features, content, and links (including those of third-parties, such as social media plugins) contained within the Services, Internet Protocol (IP) address, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data, information about devices accessing the Services, including the type of device, what operating system is used, device settings, application IDs, unique device identifiers (HOSTIDs) and error data, and some of this data collected might be capable of being used to approximate your location.

Supplemental Data may be received about you from other sources, including publicly available database or third parties, in which case we may combine this data with information we already have about you so that we can update, expand, and analyze the accuracy of our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.

 

How long we keep your personal data

We will retain your Personal Data for as long as is necessary to fulfil the purpose for which we collected your Personal Data and any other permitted linked purpose and in compliance with our data retention policies. For example, we will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. If your Personal Data is used for more than one purpose, we will retain it until the purpose with the longest retention period expires; but we will stop using it for the purpose with a shorter retention period once that period expires. Our retention periods are also based on our business needs and good practice.

In cases where we act as a data processor for a Customer who transfers Personal Data to us for activities under a contract for Services with that Customer, we retain Personal Data for as long as instructed by that Customer (who typically acts as a data controller), unless Applicable Law requires a different retention period.

 

Sharing with trusted third parties

We may share, but not sell, your personal data with affiliated companies within our corporate family (Affiliates), with third parties with which we have partnered to allow you to integrate their services into our own Services, and with trusted third party service providers as necessary for them to perform services or offer products on our behalf such as the following. The following table describes, in the last twelve months, the categories of information we have disclosed to such third parties for business purposes, and the categories of those third parties.

 

Personal Data Disclosed for Business Purposes?

Category Yes or No Categories of Third Parties Receiving Personal Data
Identifiers
  • Cloud service providers
  • Cloud storage providers
  • Payment processing providers
  • Customer survey providers
  • Email and customer communication (advertisements, surveys, webinars) service providers
  • Web analytics providers
  • Customer relationship management tool providers
  • Consultants working under our instructions
  • Distributors of our products and services assigned to service your region
Special categories of personal information YES
  • Payment processing providers

 

Protected classification characteristics under California or federal law NO
Commercial information  NO
Biometric information  NO
Internet or similar network activity YES
  • Web analytics providers
  • Marketing automation tool providers

 

Geolocation data YES
  • Cloud storage providers
  • Payment processing providers
  • Email and customer communication service providers
  • Customer relationship management tool providers
  • Consultants working under our instructions
  • Distributors of our products and services assigned to service your region
Sensory data NO
Professional or employment-related information YES
  • Cloud storage providers
  • Payment processing providers
  • Customer survey providers
  • Email and customer communication service providers
  • Customer relationship management tool providers
  • Consultants working under our instructions
  • Distributors of our products and services assigned to service your region
Non-public education information NO
Inferences drawn from other Personal Data NO

 

Other disclosures of your personal data

We only share your personal data as necessary for any third party to provide the products and/or services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited from utilizing, sharing, or retaining your personal data for any other purpose than as they have been specifically contracted for (or without your consent.)

 

Compliance with legal, regulatory, and law enforcement requests

We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data. We cooperate with government and law enforcement officials and private parties to enforce and comply with applicable law. We will disclose any information about you to government or law enforcement officials that we believe is necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.

 

Business purpose

We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and Customers.

 

Communicating with you

We may contact you directly or through a third-party service provider regarding products or services you have signed up or purchased from us, such as necessary to deliver transactional or service-related communications. We may also contact you with offers for additional services we think you’ll find valuable if you give us consent, or where allowed based upon legitimate interests. You don’t need to provide consent as a condition to purchase our goods or Services. These contacts may include email and telephone calls. You may also update your subscription preferences with respect to receiving communications from us by clicking on the unsubscribe link in the footer of each promotional email or sending an email directly to unsubscribe@simulations-plus.com. If we collect information from you in connection with a co-branded offer, it will be clear at the point of collection who is collecting the information and whose privacy policy applies. In addition, it will describe any choice options you have in regards to the use and/or sharing of your personal data with a co-branded partner, as well as how to exercise those options. If you make use of a service that allows you to import contacts (ex. using email marketing services to send emails on your behalf), we will only use the contacts and any other personal information for the requested services. If you believe that anyone has provided us with your personal privacy@simulations-plus.com.

 

Transfer of personal data abroad

If you utilize our Services from a country other than the country of where our servers are located (United States), your communications with us may result in transferring your personal data across international borders. Also, when you call us or initiate a chat via social media, we may provide you with support from one of our global locations or distributors outside your country of origin. For the Personal Data Privacy Notice for our Distributors & Suppliers.

 

Targeted advertisements

Targeted ads or interest-based offers may be presented to you based on your activities on our web pages and other websites and based on the products you currently own. These offers will display as varying product banners presented to you while browsing. We also partner with third parties to manage our advertising on our web pages and other websites. Our third-party partners may use technologies such as cookies to gather information such activities in order to provide you with advertising based upon your browsing activities and interests and to measure advertising effectiveness. If you wish to opt out of interest-based advertising, click here. Please note you will continue to receive generic ads.

 

Third-party websites

Our websites, cognigencorp.com, dilisym.com, immunetrics.com and simulations-plus.com, contain links to third-party . We are not responsible for the privacy practices or the content of third-party sites. Please read the privacy policy of any website you visit.

 

What Privacy Rights do you have?

You have specific rights regarding your Personal Data that we collect and process, and those specific riights are provided by Applicable Law which typically depends on the jurisdiction or region in which you live. For example, EU residents have privacy rights regarding their Perssonal Data as provided by EU law including the General Data Protection Regulation (“GDPR”). California residents have privacy rights regarding their Perssonal Data as provided by the California Privacy Rigts Act of 2020 (“CPRA”). Please note that you can only exercise these privacy rights with respect to your Personal Data (i) if such privacy rghts are afforded to you by Applicble Law; and (ii) that we process about you when we act as a data controller or as a “business” under the Applicable Law. To exercise your rights with respect to information processed by us on behalf of one of our Customers, please read the privacy notice of that Customer.

Please consult the Applicable Law governing your jurisdiction or region to determine which of the following privacy rights are applicable to you.

In this section, we first describe privacy rights, and then explain how you can exercise your privacy rights.

Right to know what happens to your personal data
This is called the right to be informed. It means that you have the right to obtain from us all information regarding our data processing activities that concern your Personal Data (such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things).

We are informing you of how we process your Personal Data with this Notice. However, if we do not collect the Personal Data directly from you, the GDPR exempts us from the obligation to inform you (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law, or if (iii) the Personal Data must remain confidential due to professional secrecy or other statutory secrecy obligations.

Right to know what personal data Simulations Plus has about you
This is called the right of access. This right allows you to ask for full details of the Personal Data we hold on you.
You have the right to obtain from us, including confirmation of whether or not we process Personal Data concerning you, and, where that is the case, a copy or access to the Personal Data and certain related information.

Once we receive and confirm that the request came from you or someone that you have authorized from you or your authorized agent (see Verification of Requests, below), we will disclose to you:

  • The categories of your Personal Data that we process;
  • The categories of sources by which we obtained your Personal Data;
  • Our purposes for processing your Personal Data;
  • Where possible, the retention period for your Personal Data, or, if not possible, the criteria used to determine the retention period;
  • The categories of third parties with whom we share your Personal Data;
  • If we carry out automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you;
  • The specific pieces of Personal Data we process about you in an easily-sharable format;
  • If we sold or disclosed your Personal Data for a business purpose, the categories of Personal Data and categories of recipients of that Personal Data for both sale and disclosure;
  • If we rely on legitimate interests as a lawful basis to process your Personal Data, the specific legitimate interests; and
  • The appropriate safeguards used to transfer Personal Data from the EEA or the UK to a third country, if applicable.

Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial.

The CPRA does not allow us to disclose Social Security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific numbers, passwords etc. to you for security and legal reasons.

Right to change your personal data
This is called the right to rectification. It gives you the right to ask us to correct without undue delay anything that you think is wrong with the Personal Data we have on file about you, and to complete any incomplete Personal Data.
For changing your Personal Data related to an account you created with us, if your account settings do not allow you change the information yourself, please contact our manager for that type of account or contact us (See Contact Us section below) and we will do our best to change the Personal Data for you.

Right to delete your personal data
This is called the right to erasure, right to deletion, or the right to be forgotten. This right means you can ask for your Personal Data to be deleted.
For deletion of an account you created with us, contact our manager for that type of account, or contact us (See Contact Us section below).
Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can lmit how we use it for such reasons. We will also inform you of our reason for denying your deletion request.

Right to ask us to limit how we process your personal data
This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain instances, such as where you believe your Personal Data is inaccurate or the processing activity is unlawful.

Right to ask us to stop using your personal data
This is called the right to object. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your Personal Data for direct marketing purposes. One way this can be done by using the “Unsubcribe” option available with our marketing communications.

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

Right to port or move your personal data
This is called the right to data portability. It is the right to ask for and receive a portable copy of your Personal Data that you have given us or that you have generated by using our services, so that you can:

  • Move it;
  • Copy it;
  • Keep it for yourself; or
  • Transfer it to another organization.

We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you request this information electronically, we will provide you a copy in electronic format.

Right to withdraw your consent
Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful. If you have given consent for your details to be shared with a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

Right to non-discrimination
We will not discriminate against you for exercising any of your privacy rights. Unless the Applicable Laws permit it, we will not:

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

 

How can you exercise your Privacy Rights?

To exercise any of the privacy rights that apply to you as described above, please submit a request by either:

1.

Calling us at: (661) 723-7723  and ask for Office of Personal Data Protection
2. Contacting us by email at; privacy@simulations-plus.com
3. Writing to us at:
Office of Personal Data Protection
Simulations Plus, Inc.42505 10th Street West
Lancaster, CA 93535

 

Verification of your identity

In order to correctly respond to your privacy rights request,), we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are. We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.

 

Verification of authority

If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual, or proof of parental responsibility or legal guardianship. Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity with Simulations Plus and confirm with us that they gave you permission to submit this request.

 

Response timing and format of our responses

We will confirm the receipt of your request within ten (10) business days and, in that communication, we will also describe our identity verification process (if needed) and when you should expect a response, unless we have already granted or denied the request.

Please allow us up to a month to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing.

If we cannot satisfy a request, we will explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.

We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.

 

Data integrity & security

We are strongly committed to keeping your Personal Data safe. We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect your Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction. Some of those measures include encryption and redaction and we also have dedicated teams to look after information security and privacy.

 

EU-U.S. and Swiss-U.S. privacy shield frameworks

For Personal Data processed in the scope of this Notice, Simulations Plus strives to comply with the principles of the EU-U.S. Privacy Shield Framework [and Swiss-U.S. Privacy Shield Framework] (the “Privacy Shield”), as adopted and set forth by the U.S. Department of Commerce regarding the processing of Personal Data transferred under the Privacy Shield frameworks from the European Union, the European Economic Area, the United Kingdom[, or Switzerland] to the United States, or otherwise received in reliance on the Privacy Shield.  Simulations Plus does not currently use the Privacy Shield as its data transfer mechanism from the EEA and uses the SCCs as its primary data transfer mechanism for Personal Data governed by the GDPR, the UK GDPR and the Swiss data protection laws.

 

Right to lodge a complaint with a Supervisory Authority

If the GDPR applies to our processing of your Personal Data, you have the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Data.

Specifically, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or the alleged violation of the GDPR.

 

Changes to this notice

If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use our Services after we post any of these changes, you accept the modified Notice.

 

Contact us

If you have any questions about this Notice or our processing of your Personal Data, or want to submit a verifiable consumer request, please write to our Office of Personal Data Protection by email at privacy@simulations-plus.com or call and ask for our Office of Personal Data Protection at (661) 723-7723, or by postal mail at:

Simulations Plus, Inc.
Office of Personal Data Protection
Simulations Plus, Inc.
42505 10th Street West
Lancaster, CA 93535

Please allow up to four weeks for us to reply.

European Union Representative for Data Protection matters

We have appointed Lixoft SAS (https://lixoft.com/) as our representative in the EU for data protection matters. While you may also contact us, Lixoft can be contacted on matters related to the processing of  EU Personal Data. To contact Lixoft, please use this contact form: https://lixoft.com/contact/.  Alternatively, Lixoft can be contacted at:

Lixoft SAS
Attn: EU Personal Data Representative
8 Rue de la Renaissance, Batiment D
92160 Antony, France

 

United Kingdom Representative

We have appointed VeraSafe as our representative in the UK for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +44 (20) 4532 2003.

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London
SE1 7TL
United Kingdom

Data Protection Officer
We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:

VeraSafe LLC
100 M Street S.E., Suite 600
Washington, D.C.
20003
USA

Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/