Privacy Policy

Safe Harbor Privacy Policy


For over 25 years, Online Business Application, Inc (OBA) has provided comprehensive Medical Communication software solutions through the Information Request Management System (IRMS) and Content Management System (CM) for Pharmaceutical, Biotechnology, and Medical Device industries in the areas of Medical Communications and Drug Safety.

IRMS is the most widely used Medical Information System available today. It has been developed in partnership with over a 100 Pharmaceutical, Biotech and Medical Device Companies since 1989. IRMS continues to be flexible enough to be used in over 80 countries throughout the world and powerful enough to be used by many of the world’s largest corporations.

The Online Business Applications Content Management System (CM) is a full featured FAQ and Document Management System Developed with Microsoft .Net Technology and is fully Web Based. This system provides a complete enterprise document management solution.

The Online Business Applications Case Entry system is a fully Web Based Case Entry Portal that allows smaller global affiliates the ability to enter cases without using the full functionality of the complete Medical Information System.

The Online Business Applications IRMS Hosted Service enables clients to have the full functionality of IRMS and its Modules without significant investment in the clients own infrastructure and without the need for in house support. The solution harnesses Microsoft Terminal Services Technology to deploy the application wherever required.

1.1 Purpose

OBA may receive Personal Data from the Visitors and Customers around the globe including European Union (EU), the European Economic Area ("EEA") and/or Switzerland to our offices in the United States ("US"). In order to provide an adequate level of protection for Personal Data received, OBA complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework, including the Safe Harbor Privacy Principles, developed by the United States Department of Commerce and the European Commission and the Federal Data Protection and Information Commissioner of Switzerland.

The purpose of this document (OBA’s Safe Harbor Policy) is to sets forth the privacy principles that OBA follows when processing Personal Data received from the client/customers in EU, EEA and/or Switzerland.

1.2 Scope

This Policy applies to all personal information received by OBA in the United States from the EU, EEA and Switzerland in any format including electronic, paper or verbal.

1.3 Definitions and Acronyms

Definition/ Acronym Description

“American Arbitration Association (AAA)” - An outside arbitration and mediation mechanism which provides dispute resolution services.

"Client Data or information" - All information about OBA clients. This includes but not limited to client’s data, written and electronic records and information obtained from samples.

"Confidentiality" - A principle emergent from a relationship in which something about Individual, information or material has been shared (with some degree of loss of privacy) in confidence.

"Confidentiality Disclosure Agreements (CDAs)" - Confidentiality agreements are contracts intended to protect information considered to be proprietary or confidential. Employees involved in executing a CDA promise not to disclose sensitive or protected information related OBA or its clients during the course of employment or otherwise.

"Customers or Clients" - Means any individual or company who is currently in contract or in the process of contract with OBA in regard to using OBA products and services.

"Data Subject" - The data subject is the person whose personal data are collected, held or processed

"OBA" - Online Business Applications, Inc

"Personal Data" - Means any information or set of information that identifies or can reasonably be used to identify an individual. Personal data does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Data

"Privacy" - The state or condition of limited access to an individual and/or to information about that individual

"Processing" - Means obtaining, recording or holding information or data or carrying out any operation, manual or automatic, or set of operations on the information or data

"QA" - Quality Assurance

"Sensitive Personal Data" - Means Persona Data that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. Information will be treated as Sensitive Personal Data where it is received from a third party that treats and identifies it as sensitive.

"Service" - shall mean support, consulting, hosting or other services provided to our Customer/clients

"Services Data" - Mean the Personal Data OBA process in order to provide the Services

"SOP" - Standard Operating Procedure means a written method of controlling a practice in accordance with predetermined specifications to obtain a desired outcome.

Visitors" - Means any individual or company who is not currently an OBA client/customer list and does not have any contract with OBA for purchasing or sharing its product or services.


OBA only collects personal information that is needed to provide customer service, authorized access to hosted solution, offer new products, services and product demos to users, or fulfills any legal and/or regulatory requirements associated with the provision of the Services. OBA does not intentionally collect sensitive personal information (personal information pertaining to medical or health conditions, racial or ethnic origin, for example).

2.1 While interacting with our website

Our website ( gives an option for Visitors and Customers to request for brochure or demo of our products, when requesting information, Visitors and Customers may be asked for there “Personal Information” which may include, but may not be limited to, Visitors and Customers full name, postal address, phone number, company name and email address.

On some pages of our websites, Visitors and Customers can also register to purchase products or services, receive personalized content and participate in surveys or forums. When registered, users may be asked for some “Personal Information” which may include, but may not be limited to, user first name, last name, company name, email, phone number, payment method. Users may also be contacted with information about the company’s products and services.

If the Visitors and Customers purchase products or services, we may also request financial information such as credit card or bank account information. Any financial information collected is used only to bill the Customers for the products and services they purchased. If purchase by credit card, this information may be forwarded to credit card provider.

2.2 When Providing Technical Support

Customers may be asked to disclose Personal Information to us so that we can indentify authorized Customers and can provide technical support assistance and information. For example, we may collect Personal Information from Customers (such as an e-mail address, system information and problem descriptions) in order to provide online technical support and troubleshooting. If any Customer choose to correspond with us through electronic communication (e.g. email, online chat or instant messaging), we may retain a copy of the electronic communication together with the customer email address and our responses. We provide the same protections for these electronic communications that we employ in the maintenance of information received by mail and telephone.

2.3 When Accessing Hosted Solutions

OBA also provides hosted medical communication software services to its customers around the globe, customers using hosted services are responsible for managing the data that they store at OBA’s data center. These responsibilities include determining the type of information that is stored, how that information will be used, to whom it will be disclosed, and for what purposes.

When providing hosted solution services, OBA is acting merely as a “conduit” for data handled by the customer. OBA does not determine the purposes and means of processing the data which our customers may store on OBA’s data center.

However, as a security measure and to ensure that our hosted services and network remain available to all customers, OBA may use software tools to monitor network traffic or to identify unauthorized attempts to upload or change information, or otherwise cause damage. These software tools may also collect information regarding the client access of our hosted solutions and computer network.


OBA customers may choose to include Personal Data among the Customer Data stored at OBA’s data centers in US or shared with OBA in connection with its provision of services. Before processing any information on behalf of its customers located in the EU, the EEA or Switzerland, OBA will enter into a processing contract with the customer responsible for the Personal Data in compliance with applicable data protection law. Under this contract, the customer agrees to comply with all applicable data protection laws. OBA processes only the Personal Data that its customers have chosen to share with the Company. OBA has no direct or contractual relationship with the subject of this Personal Data (the "Data Subject"). As a result, when Customer Data includes Personal Data, the customer is solely responsible for satisfying all legal obligations owed directly to the Data Subject under applicable data protection laws. It is the OBA customer's responsibility to ensure that Personal Data it collected can be legally collected in the country of origin. The customer is also responsible for providing to the Data Subject any notices required by applicable law and for responding appropriately to the Data Subject's request to exercise his or her rights with respect to Personal Data. In addition, the customer is responsible for ensuring that its use of OBA’s hosted solutions or OBA’s services is consistent with any privacy policy the customer has established and any notices it has provided to Data Subjects. OBA is not responsible for its customer's privacy policies or practices or for the customer's compliance with them. OBA does not review, comment upon, or monitor its customer's privacy policies or the customer's compliance with such policies. OBA also does not review instructions or authorizations to OBA to determine whether the instructions or authorizations are in compliance with, or conflict with, the terms of a customer's published privacy policy or of any notice provided to Data Subjects.


OBA is not in the business of selling or sharing information with any entity not directly involved in providing the Services. OBA will never review, share, distribute, print, reference, or disclose any personal information, including any personal information received from the EU, EEA and/or Switzerland to any third-party for any purpose that has not been disclosed in this Privacy Policy unless: the Company has provided sufficient notice and Visitors and Customers have had an opportunity to exercise choice, as outlined below, with respect to such use or disclosure; disclosure of such personal information has been agreed to by Visitors or Customers and OBA in conjunction with a contractual agreement, or in such cases where applicable law permits the use or disclosure without requiring that OBA first comply with the Safe Harbor Frameworks’ Notice and Choice Principles. Unless described in this Privacy Policy, OBA does not share, sell, rent, or trade any information provided with third parties for their promotional purposes.

OBA reserves the right to use or disclose information if required by law or if OBA reasonably believes that its use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process and is permissible under the Safe Harbor Privacy Principles.


OBA complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. OBA has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.

5.1 Notice

Where OBA collects Personal Data directly from individuals in EU, EEA and/or the Switzerland, it will inform them about the type of Personal Data collected, the purposes for which it collects and uses the Personal Data, and the types of non-agent third parties to which OBA discloses or may disclose that information, and the choices and means, if any, OBA offers individuals for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to OBA, or as soon as practicable thereafter, and in any event before OBA uses or discloses the information for a purpose other than that for which it was originally collected.

5.2 Choice

When collecting personal data, OBA will offer individuals the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For sensitive Personal Data, OBA will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. OBA will provide individuals with reasonable mechanisms to exercise their choices.

5.3 Data Integrity

OBA will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. OBA will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.

5.4 Onward Transfer

OBA will only transfer personal data to an agent where the agent has provided assurances that the agent provides at least the same level of privacy protection as is required by these privacy principles. Where we have knowledge that an agent is using or sharing personal data in a way that is contrary to these principles, OBA will take reasonable steps to prevent or stop such processing.

5.5 Access

Upon request, OBA will grant individuals reasonable access to Personal Data that it holds about them as Data Controller, and OBA will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.

5.6 Security

OBA takes pride in its security policies. Protecting confidential information is our business; therefore, OBA takes all appropriate measures to assure the security of Personal Data. With customers around the globe, OBA have developed security policy, Employee confidentiality agreement and client data security policies and procedures designed to assure that Personal Data we collect and process, and Services Data that we may process in order to provide Services is appropriately protected.

OBA has institutionalized industry-standard security practices and is constantly implementing reasonable precautions to protect Personal Data in our possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We protect data in many ways. Physical security is designed to prevent unauthorized access to database equipment and hard copies of Personal Data. Electronic security measures continuously monitor access to our servers and provide protection from hacking or other unauthorized access from remote locations. This protection includes the use of firewalls, restricted access, and encryption technology. We limit access to Personal Data to those persons in our organization, or as our agents, that have a specific business purpose for maintaining and processing such Personal Data and data. We inform individuals who have been granted access to Personal Data and data of their responsibilities to protect the security, confidentiality, and integrity of that information, and we provide training and instruction on how to do so.

5.7 Enforcement

OBA has established annual review and audit Program to monitor all our policies and procedures. This program includes conducting annual compliance audits of our relevant privacy practices to verify compliance with this policy and the Safe Harbor Privacy Principles and to address questions and concerns regarding our adherence. Additionally, we provide a statement, at least once a year, signed by our authorized representative, verifying our adherence to the Safe Harbor Privacy Principles. We encourage interested persons to raise any concerns to us using the contact information below.

Contact Information:
Online Business Applications, Inc.
9018 Heritage Parkway
Suite 600
Woodridge, IL 60517
Tel: (630)-243-9810 Ext: 350
Fax: (630)-243-9811

We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this policy. For any dispute that cannot be resolved through our internal processes, OBA will engage the services of The American Arbitration Association,(AAA) an unaffiliated neutral party to act as the dispute-resolution mediator as permitted by the Safe Harbor Frameworks. In the event that we or the dispute-resolution mediator determines that we did not comply with this policy, we will take appropriate steps to address any adverse effects and to promote future compliance.


We may amend this policy from time-to-time consistent with the requirements of the Safe Harbor Privacy Principles. If we do so, we will post an updated version externally on the OBA website at:


This privacy policy is effective as of October 20st, 2015.


Please contact OBA if more information is needed about:
- Security Policy
- Employee Confidentiality Agreement
- Client Data Security Policy

To learn more about the Safe Harbor program, and to view Online Business Applications' certification, please visit: