1. Introduction
MD Regulatory Consulting Inc., operating as MD Regulatory Strategy ("we," "us," or "our"), is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you request a consultation, engage our services, opt into our communications, or otherwise interact with our consulting services.
By using our services, you consent to the data practices described in this Privacy Policy.
2. Information We Collect
2.1 Information You Provide Directly
We collect personal information that you voluntarily provide to us, including:
Account and Profile Information:
(I) Full name.
(II) Email address.
(III) Phone number (optional - mobile and/or landline).
(IV) Company name.
(V) Job title and role.
(VI) Business address.
(VII) Professional credentials (for practitioner engagement verification).
Consultation and Service Information:
(I) Regulatory challenge descriptions and project details.
(II) Target regulatory markets (FDA, EU MDR, international).
(III) Medical device product information.
(IV) Regulatory status and submission history.
(V) Consultation notes and strategic assessments.
(VI) Engagement scope and deliverables.
(VII) Feedback and testimonials (if you choose to provide them).
Payment Information:
(I) Credit/debit card information (processed through secure third-party payment processors).
(II) Billing address.
(III) Transaction history.
(IV) Invoice details.
Communications:
(I) Messages, emails, or texts you send to us.
(II) Consultation inquiries and requests.
(III) Survey responses.
(IV) Customer support inquiries.
(V) Consent records for SMS and email communications.
2.2 Information Collected Automatically
When you visit our website or interact with our services, we may automatically collect:
Device and Usage Information:
(I) IP address.
(II) Browser type and version.
(III) Device type and operating system.
(IV) Pages visited and time spent.
(V) Referring website.
(VI) Date and time of visit.
Cookies and Tracking Technologies:
(I) We use cookies, web beacons, and similar technologies to enhance your experience, analyze website usage, and deliver personalized content.
(II) You can control cookie preferences through your browser settings.
2.3 Information from Third Parties
We may receive information about you from:
(I) Payment processors (transaction confirmations).
(II) Scheduling platforms (consultation booking confirmations).
(III) Business partners (if you were referred through a partner organization).
(IV) Professional networks (if you interact with us through LinkedIn or similar platforms).
3. How We Use Your Information
We use your personal information for the following purposes:
3.1 Service Delivery
(I) Schedule and conduct regulatory strategy consultations.
(II) Provide regulatory advisory and oversight services.
(III) Deliver strategic assessments and recommendations.
(IV) Facilitate fractional regulatory director engagements.
(V) Conduct submission readiness reviews.
(VI) Perform regulatory diligence assessments.
(VII) Provide ongoing strategic support.
(VIII) Deliver project deliverables and reports.
3.2 Communications
(I) Send consultation confirmations and appointment reminders via email and, if you provide your phone number and consent, via SMS.
(II) Deliver strategic reports and assessment findings.
(III) Provide engagement updates and milestone notifications.
(IV) Send service updates and regulatory insights.
(V) Respond to your inquiries and requests.
(VI) Facilitate project communication and coordination.
3.3 SMS/Text Messaging (Optional)
If you provide your phone number and give explicit consent, we may send SMS messages for:
(I) Consultation appointment reminders and confirmations.
(II) Booking confirmations and rescheduling notifications.
(III) Urgent engagement updates.
(IV) Time-sensitive regulatory notifications.
(V) Project milestone alerts.
(VI) Service announcements.
Important Note: Providing your phone number and consenting to SMS communications is entirely optional. You can still receive all essential communications via email if you choose not to provide a phone number or opt into text messaging.
Message Frequency: Varies based on your service engagement (typically 2-5 messages per month during active engagements).
Opt-Out: Reply STOP to any message to unsubscribe immediately.
Help: Reply HELP to any message for assistance.
3.4 Payment Processing
(I) Process transactions securely.
(II) Generate and send invoices.
(III) Process payment for consulting services.
(IV) Prevent fraud and unauthorized transactions.
(V) Maintain payment records for accounting purposes.
(VI) Issue refunds when applicable.
3.5 Service Improvement
(I) Analyze usage patterns and service effectiveness.
(II) Improve our services and consulting methodologies.
(III) Develop new service offerings.
(IV) Conduct research and industry analysis.
(V) Gather testimonials and case studies (with your permission).
(VI) Enhance client experience and service delivery.
3.6 Marketing and Promotional Activities
(I) Send informational emails about regulatory updates and insights (with your consent).
(II) Deliver industry news and best practices.
(III) Announce new service offerings.
(IV) Conduct surveys and gather feedback.
(V) Track marketing campaign effectiveness.
3.7 Legal and Security
(I) Comply with legal obligations and regulatory requirements.
(II) Protect against fraud and abuse.
(III) Enforce our Terms of Service.
(IV) Resolve disputes.
(V) Protect our rights, property, and intellectual property.
(VI) Maintain professional consulting standards.
4. SMS/Text Messaging Privacy Practices (When Applicable)
4.1 Consent and Opt-In
(I) We only send SMS messages to phone numbers that have explicitly opted in.
(II) Providing your phone number is optional when requesting a consultation.
(III) Consent is obtained through website forms, consultation booking confirmations, or by texting a keyword to our number.
(IV) Your consent is documented and stored securely.
(V) Consent to receive SMS is not required as a condition of service.
4.2 SMS Data We Collect
When you opt into SMS communications, we collect:
(I) Mobile phone number.
(II) Opt-in date and time.
(III) Opt-in source (website form, keyword, consultation booking, etc.).
(IV) Message delivery status.
(V) Opt-out requests and dates.
4.3 How SMS Data Is Used
(I) Your phone number is used ONLY to send messages you've consented to receive.
(II) We do NOT sell, rent, or share your phone number with third parties for their marketing purposes.
(III) Your number may be shared with our SMS service provider solely for message delivery.
4.4 SMS Security
(I) Phone numbers are stored securely with encryption.
(II) Access is limited to authorized personnel only.
(III) We comply with TCPA (Telephone Consumer Protection Act) regulations.
(IV) We honor opt-out requests immediately.
4.5 Opt-Out Rights
You can opt out of SMS communications at any time by:
(I) Replying STOP to any text message.
(II) Emailing [email protected].
(III) Contacting us directly during your consultation.
After opting out, you'll receive one confirmation message, then no further texts unless you opt in again.
4.6 A2P 10DLC Compliance
Our SMS practices fully comply with Application-to-Person (A2P) 10 Digit Long Code regulations, including:
(I) Proper business registration with mobile carriers.
(II) Transparent message content and frequency disclosures.
(III) Clear opt-in and opt-out mechanisms.
(IV) Prohibition of SHAFT content (Sex, Hate, Alcohol, Firearms, Tobacco).
(V) Adherence to carrier-specific guidelines and best practices.
5. Email Communications Privacy
5.1 Types of Emails We Send
Transactional Emails (cannot be unsubscribed):
(I) Consultation booking confirmations.
(II) Appointment reminders.
(III) Payment receipts and invoices.
(IV) Service-related updates.
(V) Engagement deliverables.
(VI) Account notifications.
Marketing Emails (can be unsubscribed):
(I) Regulatory insights and updates.
(II) Industry best practices.
(III) Service announcements.
(IV) Educational content.
(V) Newsletter (if offered).
5.2 Email Data We Collect
(I) Email address.
(II) Name.
(III) Subscription preferences.
(IV) Open and click rates (for marketing emails).
(V) Unsubscribe requests.
5.3 Email Opt-Out
You can unsubscribe from marketing emails by:
(I) Clicking "unsubscribe" in any email footer.
(II) Emailing [email protected].
(III) Contacting us directly.
5.4 Email Security
(I) Email addresses are stored securely with encryption.
(II) We use reputable email service providers with strong security measures.
(III) We comply with CAN-SPAM Act requirements.
6. How We Share Your Information
6.1 We Do NOT Sell Your Information
MD Regulatory Strategy does NOT sell, rent, or trade your personal information to third parties for their marketing purposes.
6.2 Service Providers
We share information with trusted third-party service providers who assist us in operating our business, including:
(I) Payment processors (Stripe, PayPal, etc.) for transaction processing.
(II) Email service providers (for communication delivery).
(III) SMS service providers (for text message delivery, if applicable).
(IV) Scheduling platforms (for appointment management).
(V) Website hosting providers.
(VI) Analytics providers (Google Analytics, etc.).
(VII) Customer relationship management (CRM) platforms.
(VIII) Cloud storage providers for secure document management.
These providers are contractually obligated to protect your information and use it only for the services they provide to us.
6.3 Confidentiality in Consulting Engagements
All information shared during consulting engagements is treated as strictly confidential and is not shared with third parties without your explicit consent, except as required by law.
6.4 Business Transfers
If MD Regulatory Strategy is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new entity. You will be notified of any such change, and the new entity will be bound by this Privacy Policy.
6.5 Legal Requirements
We may disclose your information if required by law, court order, or government regulation, or to:
(I) Comply with legal processes and regulatory requirements.
(II) Protect our rights and property.
(III) Prevent fraud or illegal activity.
(IV) Protect the safety of our clients and the public.
(V) Enforce our terms and agreements.
6.6 With Your Consent
We may share your information with third parties when you've given us explicit consent to do so (e.g., testimonials, case studies, referrals).
7. Data Security
7.1 Security Measures
We implement industry-standard security measures to protect your personal information:
(I) Encryption: Sensitive data (payment info, passwords, confidential business information) is encrypted in transit and at rest.
(II) Access Controls: Limited access to personal data on a strict need-to-know basis.
(III) Secure Servers: Data stored on secure, password-protected servers.
(IV) Regular Security Audits: Ongoing monitoring and testing of security systems.
(V) Staff Training: Team members trained on privacy, security, and confidentiality protocols.
(VI) Secure Communication Channels: Use of encrypted communication for sensitive discussions.
7.2 No Absolute Security
While we take reasonable measures to protect your data, no internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security but maintain best practices to minimize risks.
7.3 Your Responsibility
(I) Keep your account credentials confidential.
(II) Use strong passwords for any client portals.
(III) Log out after using shared devices.
(IV) Report suspicious activity immediately to [email protected].
(V) Protect confidential documents and information we share with you.
8. Confidential and Sensitive Business Information
8.1 Nature of Services
MD Regulatory Strategy provides strategic regulatory consulting services. During engagements, you may share sensitive business and regulatory information including:
(I) Proprietary product information.
(II) Regulatory strategies and submission plans.
(III) Clinical evidence and testing data.
(IV) Business strategies and commercialization plans.
(V) Regulatory authority feedback and correspondence.
(VI) Competitive positioning and market intelligence.
8.2 Professional Confidentiality
(I) All information shared during consulting engagements is treated as strictly confidential.
(II) Information is used solely to provide advisory services to you.
(III) We adhere to professional consulting confidentiality standards.
(IV) We do not share engagement details with third parties without your consent.
(V) Confidentiality obligations survive termination of services.
8.3 Non-Disclosure Agreements
For engagements involving highly sensitive information, we are willing to execute mutual non-disclosure agreements (NDAs) to provide additional legal protections.
8.4 Intellectual Property
(I) Your proprietary information and intellectual property remain your property.
(II) We claim no ownership rights to your confidential business information.
(III) Our methodologies and frameworks remain our intellectual property unless otherwise agreed.
9. Your Privacy Rights
9.1 Access and Correction
You have the right to:
(I) Access the personal information we hold about you.
(II) Request corrections to inaccurate or incomplete information.
(III) Update your contact details and communication preferences.
How to Exercise: Email [email protected] with your request.
9.2 Deletion
You may request deletion of your personal information, subject to certain exceptions (e.g., legal requirements, pending engagements, accounting records).
How to Exercise: Email: [email protected]. We will process your request within 30 days.
9.3 Opt-Out of Communications
(I) SMS: Reply STOP to any text message (if you've opted into SMS).
(II) Email: Click "unsubscribe" in any marketing email.
(III) Both: Email: [email protected].
9.4 Do Not Track
Our website does not currently respond to "Do Not Track" browser signals, but you can manage cookies through your browser settings.
9.5 California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
(I) Right to know what personal information is collected.
(II) Right to know if personal information is sold or disclosed (we do not sell your information).
(III) Right to opt-out of sale of personal information.
(IV) Right to deletion of personal information.
(V) Right to non-discrimination for exercising your rights.
To exercise CCPA rights: Email: [email protected] with "CCPA Request" in the subject line.
9.6 European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:
(I) Right to access your data.
(II) Right to rectification (correction).
(III) Right to erasure ("right to be forgotten").
(IV) Right to restrict processing.
(V) Right to data portability.
(VI) Right to object to processing.
(VII) Right to withdraw consent.
(VIII) Right to lodge a complaint with a supervisory authority.
To exercise GDPR rights: Email: [email protected] with "GDPR Request" in the subject line.
10. Cookies and Tracking Technologies
10.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and understand how visitors use our site.
10.2 Types of Cookies We Use
(I) Essential Cookies: Necessary for website functionality (e.g., session management, security, form submissions).
(II) Analytics Cookies: Help us understand how visitors use our site (e.g., Google Analytics).
(III) Marketing Cookies: Track your browsing to deliver relevant content and measure campaign effectiveness.
(IV) Preference Cookies: Remember your settings and preferences.
10.3 Managing Cookies
You can control cookies through your browser settings:
(I) Block all cookies.
(II) Accept only certain types of cookies.
(III) Delete existing cookies.
(IV) Receive notifications when cookies are set.
Note: Disabling cookies may affect website functionality, including the ability to submit forms or access certain features.
10.4 Third-Party Tracking
We may use third-party analytics services (e.g., Google Analytics) to understand user behavior and improve our services. These
services may collect data about your online activities across different websites. You can opt out of Google Analytics by installing the
Google Analytics Opt-out Browser Add-on.
11. Data Retention
11.1 How Long We Keep Your Data
(I) Contact Information: Retained while your account is active and for 3 years after last engagement.
(II) Consultation Notes and Engagement Records: Retained for 7 years for professional standards and legal purposes.
(III) Payment Records: Retained for 7 years for accounting, tax, and audit purposes.
(IV) Marketing Consents: Retained until you opt-out or for 2 years of inactivity.
(V) Cookies: Vary by type (session cookies deleted when you close browser; persistent cookies have set expiration dates, typically 1-2 years).
11.2 Deletion Requests
You may request deletion of your data at any time. We will delete your information within 30 days, except where retention is required by law, professional standards, or ongoing business obligations.
12. Children's Privacy
MD Regulatory Strategy services are intended for business professionals and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected], and we will promptly delete such information.
13. International Users
MD Regulatory Strategy is based in the United States. If you access our services from outside the U.S., please note that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from your country.
By using our services, you consent to the transfer of your information to the United States and processing in accordance with this Privacy Policy and U.S. law.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other
factors.
Notification of Changes:
(I) Updated policy will be posted on our website.
(II) "Last Updated" date will be revised.
(III) For material changes, we may notify you via email or, if you've opted in, via SMS.
Your continued use of our services after changes constitutes acceptance of the updated Privacy Policy.
15. Third-Party Links
Our website or communications may contain links to third-party websites, regulatory authority sites, or industry resources. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: [email protected]
For Privacy Inquiries: Email: [email protected] Subject Line: "Privacy Request"
For SMS/Text Messaging Support: Reply HELP to any message or email [email protected].
For Data Access, Correction, or Deletion Requests: Email: [email protected] Subject Line: "Data Request"
Business Address: N7167 1280th St. River Falls, Wisconsin 54022 United States
17. Consent and Acknowledgment
By using MD Regulatory Strategy services, providing your contact information, requesting a consultation, engaging our services, or opting into communications, you acknowledge that you have read and understood this Privacy Policy and consent to our collection, use, and disclosure of your personal information as described herein.