Privacy Policy

Privacy Policy

Effective: 20 Dec 2024

Last Updated: 20 Dec 2024

What is the purpose of this policy?

This Website, Product and Service Privacy Policy (“Privacy Policy”) explains how ClinOne, Inc. and its affiliates and subsidiaries (collectively, “ClinOne,” “us,” “we,” or “our”) collects, uses, and shares your personal data in connection with our:

·       websites located at www.ClinOne.com, www.clintrialconnect.com, and any other websites we operate that link to this Privacy Policy (collectively, the “Site”), our social media pages, and our email communications (collectively, the “Site Services”); and

·       ClinOne mobile and web applications, including ClinTrialConnect (collectively, the “App”), our Trial Awareness program services, and our related emails and services (collectively, the “Platform”),

(the Site, Site Services, App and Platform, collectively referred to as the “Services”).

This Privacy Policy further explains the rights and choices you have with respect to your personal data.  This Privacy Policy applies to all the Services.  If you are a patient or other individual using the App as part of the services that we provide to one of our clients (a “Client User”), and for more information relating to the personal data we collect on behalf of a particular client, please contact the relevant client or review their privacy policy, informed consent form, or other applicable privacy policy.  ClinOne reserves the right, at any time, to modify this Privacy Policy.  If we make revisions that change the way we collect, use, or share personal data, we will post those changes in this Privacy Policy.  You should review this Privacy Policy periodically so that you keep up to date on our most current policies and practices.  We will note the date of the latest version of our Privacy Policy at the top of this Privacy Policy. Your continued use of the Services following posting of changes in this Privacy Policy constitutes your acceptance of such changes.

COLLECTION OF PERSONAL DATA

Personal Data You Provide

We may collect the following personal data that you provide through using the Services or otherwise:

·       Contact information, such as name, email address, mailing address, phone number, title, company name, and location.

·       Professional information, such as your organization, job role, area of expertise, or business interests.

·       Account information, such as the username and password you create when registering for an account and other registration data.

·       Preferences, such as your marketing or communication preferences.

·       Communications, including information associated with your inquiries to us and any feedback you provide when you communicate with us or when using the Services.

·       Transaction information related to any services or subscriptions that your organization receives from us.

·       Billing information, such as your payment method, credit or debit card number, billing address, and order information.

·       Order history, such as information about products and applications you or your company uses or have used in the past and your transaction history

·       Other information that you choose to provide but is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Unless we specifically request it, we ask that you not provide us with any sensitive personal data (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services, or otherwise to us. In addition, Client Users may be able to use the App to provide our customers with additional types of personal data, including health information, which we will collect in accordance with their instructions.

Personal Data Collected Automatically

Information about you, your computer, your mobile device or your activity over time may automatically be collected when you use the Services, such as:

·       Online activity information, such as the website you visited before browsing the Services, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

·       Device information, such as your computer or mobile device operating system type and version number, wireless carrier, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, and general location information such as city, state, or geographic area.

Like many online services, we use cookies and similar technologies to facilitate some of our automatic data collection, including:

·       Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising. For more information, please visit our Cookie Policy (https://clinone.com/cookies).

·       Software Development Kits, or SDKs, which are software components we may use in the App to collect information directly from users and implement third-party services in our App.

·       Web Beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.

·       Connected devices, such as health monitoring devices that our customers may choose to connect with the Platform as part of their clinical trials.

Personal Data Received from Third Parties

We may also receive personal data about you from third parties, such as our business partners, the organization you work for, clinical trial sponsors and sites, ClinOne customers, our subsidiaries and affiliates, data licensors, marketing partners, and publicly available sources, such as social media platforms.

Referrals

Users of the Service may have the opportunity to refer colleagues or other contacts to us and share their contact information.  Please do not provide us with someone’s contact information unless you have their permission to do so.

USE OF PERSONAL DATA

We may use your personal data for the following purposes and as otherwise described either in this Privacy Policy or at the time of collection.

To Provide the Services

We may use your personal data to:

·       provide and operate (as applicable) the Services and our business;

·       connect you with potential clinical trial opportunities;

·       monitor and improve your experience with the Services;

·       create and maintain your account;

·       review and respond to your requests;

·       communicate with you about the Services and other related communications;

·       respond to your inquiries or support tickets;

·       provide products, services, information and transactions that you request; and

·       process your transactions, send you invoices, and monitor your orders.

In addition, we use personal data about Client Users at the direction of our clients to provide them with our products and services, such as managing clinical trials, storing clinical and patient engagement data, and generating applicable modules and reports.

Research and Development

We may use your personal data for research and development purposes, including to improve the Services, understand and analyze the usage trends and preferences of our users, and develop new features, functionality, and services. As part of these activities, we may create aggregated, deidentified, or other anonymous data from personal data we collect. We make personal data into anonymous data by removing information that makes the data personally identifiable to you. We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal business purpose. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

Direct Marketing

We may send you ClinOne-related or other direct marketing communications as permitted by law.  You may opt-out of our marketing communications as described in the “Your Choices” section below.

Interest-Based Advertising

We may work with third-party advertising companies and social media companies to help us advertise our business and to display ads on our Service and other sites.  These companies may use cookies and similar technologies to collect information about you (including the device data and online activity data described above) over time across our Service and other sites and services or your interaction with our emails and use that information to serve ads that they think will interest you.  You can learn more about your choices for limiting interest-based advertising in the “Your Choices” section below.

To Comply with Laws and Regulations

We will use your personal data as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For Compliance, Fraud Prevention, and Safety

We may use your personal data and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to:

(a) maintain the safety, security, and integrity of our Services, other products and services, business, databases and other technology assets;

(b) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);

(c) audit our internal processes for compliance with legal and contractual requirements and internal policies;

(d) enforce the terms and conditions that govern the Services; and

(e) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With Your Consent

In some cases, we may specifically ask you for your consent to collect, use, or share your personal data, such as when required by law.

SHARING OF PERSONAL DATA

We may share your personal data with the entities and individuals listed below or as otherwise described in this Privacy Policy or at the point of collection. ClinOne remains liable for the protection of your personal data that we share with such entities and individuals, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

Related Companies

We may share information collected about you with any member of our group of companies, including subsidiaries, our ultimate holding company, and its subsidiaries.  For example, we will share your personal data with our related companies to provide our products and services to you, where other companies within our group perform components of the full-service offering.

Service Providers

We share personal data with third parties and individuals who perform functions on our behalf and help us provide the Services and run our business.  For example, service providers help us perform website hosting, maintenance, database management, cloud storage, document signature and management, web analytics, billing, email software, CRM software, payment processing, marketing, and other purposes.

Advertising Partners

We may also share personal data collected about you with third parties who we partner with for advertising campaigns, contests, special offers or other events or activities in connection with our Services, or that collect information about your activity when using the Services to help us advertise our products and Services, and/or use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.

Business Transferees

We may disclose personal data collected about you with third parties in connection with any business transaction (or potential transaction) involving a merger, sale of company shares or assets, financing, acquisition, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings).

Authorities, Law Enforcement, and Others

We may disclose personal data collected about you with third parties in connection with any business transaction (or potential transaction) involving a merger, sale of company shares or assets, financing, acquisition, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings).

Professional Advisors

We may share your personal data with persons, companies, or professional firms providing ClinOne with advice and consulting in accounting, administrative, legal, tax, financial, debt collection, and other matters.

TRIAL AWARENESS PROGRAM

This section provides additional disclosures applicable only to the ClinOne Trial Awareness program services.

Use and Sharing of Personal Data of Healthcare Providers (“HCPs”) for Advertising Purposes.  In connection with our Trial Awareness program services, we may use and share personal data about HCPs with third parties who we partner with for advertising campaigns, contests, special offers or other events or activities in connection with the Trial Awareness program services.  We may also work with third-party advertising companies and social media companies to help us advertise the program to HCPs and other members of our provider network, including through the use of interest-based advertising.  Such partners may use cookies and similar technologies to collect information about you (including the device data and online activity data described above) over time across ClinOne’s Sites and online services and use that information to serve ads that they think will interest you, and/or use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.  You can learn more about your choices for limiting interest-based advertising in the “Your Choices” section below.

Sharing of HCP Personal Data with the Trial Awareness Network. If you are an HCP, ClinOne may share contact information about you, provided to us by our customers, with members of our Trial Awareness network, regarding the clinical trial you may be supporting for one of our customers.  If you are a member of ClinOne’s Trial Awareness network, we will share your contact information with the local providers who are overseeing a clinical trial that may interest you based on the information you enter as a part of responding to our email campaign.  As part of these services, we may also share contact information about you with the sponsors regarding the clinical trial you may be interested in.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

Some ClinOne companies are headquartered in the United States, and we have service providers in the

United States and other countries. Your personal data may be collected, used, and stored in the United States or other locations outside of your home country. Privacy laws in the locations where we handle your personal data may not be as protective as the privacy laws in your home country. By providing your personal data, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in any applicable terms of service.

European users may view the section below titled “Notice to European Users” for additional information regarding any transfers of your personal data.

SECURITY

We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect personal data from unauthorized processing.  This includes unauthorized access, disclosure, alteration, or destruction.  However, no security system is impenetrable, and ClinOne cannot guarantee the security of the Services, nor that the information you supply will not be intercepted while being transmitted over the Internet; therefore, we are not liable for the illegal acts of third parties.

OTHER SERVICES

The Service may contain links to other websites and online services operated by third parties.  These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or online services that are not associated with us.  We do not control third party websites or online services, and we are not responsible for their actions.  Other websites and services follow different rules regarding the collection, use and sharing of your personal data.  We encourage you to read the privacy policies of the other websites and online services you use.

YOUR CHOICES

In this section, we describe the rights and choices available to you. If you are a patient or other individual using the Services we provide to our customers, please contact the relevant customer directly to submit any privacy requests relating to your personal data.

Accessing and Correcting Your Personal Data

If you need to make changes, corrections, or request that we remove your personal data from our systems, you may email ClinOne at privacy@clinone.com (mailto:privacy@clinone.com).  We may not accommodate a request if we believe the change would violate any law or legal requirement or cause the information to be incorrect.  ClinOne will use reasonable efforts to honor the request, however, you understand that in may not be technologically possible to remove from our systems every record of your personal data.  The need for us to backup and protect information from inadvertent loss may mean that a copy of your data exists in a form that is non-erasable or impossible for us to locate or remove.

Promotional Emails

You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us as described below.  You may continue to receive service-related and other non-marketing emails.

Cookies

Most browsers let you remove and/or stop accepting cookies from the websites you visit.  To do this, follow the instructions in your browser’s settings.  Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service and our Site may not work properly.  For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.  You may also visit our Cookie Policy (https://clinone.com/cookies).

Advertising Choices

You can limit the use of your personal data for interest-based advertising by blocking third-party cookies in your browser settings, using browser plug-ins/extensions, and/or using your mobile device settings to limit the use of the advertising ID associated with your mobile device. You can also opt out of interest-based ads from companies participating in the following industry opt out programs by visiting the linked websites: the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp), the European Interactive Digital Advertising Alliance (for European users – http://www.youronlinechoices.eu/), and the Digital Advertising Alliance (optout.aboutads.info).

The opt out preferences described here must be set on each device and/or browser for which you want them to apply.  Please note that we also may work with companies that offer their own opt out mechanisms or do not participate in the opt out mechanisms described above, so even after opting out, you may still receive some cookies and interest-based ads from other companies.  If you opt out of interest-based advertisements, you will still see advertisements online, but they may be less relevant to you.

Do Not Track

Some browsers may be configured to send “Do Not Track” signals to the online services that you visit.  We currently do not respond to “Do Not Track” or similar signals.  To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to Provide Information

We need to collect personal data to provide certain Services.  If you do not provide the information requested, we may not be able to provide those Services.

MINORS

ClinOne does not knowingly collect personal data from children under the age of 18, as our Services may not be used by persons under the age of 18.  If ClinOne is made aware that information has been collected, while using the Services, regarding a child under the age of 18, that information will be deleted.

NOTICE TO CALIFORNIA RESIDENTS

Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with ClinOne are entitled to ask us once a year for information regarding the personal data we have shared, if any, with third parties for their direct marketing purposes.  If you are a California resident and would like to submit such a request, please submit your request in writing to the email address listed in the section titled “CONTACTING US” below with “Shine the Light” in the subject line.  The request must include your name, street address, city, state, and ZIP code and an attestation that you are a California resident.  We are not responsible for requests that are not labeled or sent properly, or that do not have complete information.

NOTICE TO EUROPEAN and UK USERS

 

The information provided in this section applies only to individuals in the European Union, the European Economic Area (collectively, “Europe”) and the United Kingdom (“UK”).

Controllership Role of ClinOne

The controller of your personal data covered by this Privacy Policy for purposes of European data protection legislation is ClinOne, Inc., 117 Kendrick Street, Suite 300, Needham, MA 02494, USA.

If you are a Client User providing personal data in connection with the services provided by ClinOne to one of our clients, please contact the relevant client for information about the controller of your personal data for purposes of European data protection legislation.

Legal Bases for Processing

The legal bases of our processing of your personal data as described in this Privacy Policy will depend on the type of personal data and the specific context in which we process it.  However, the legal bases we typically rely on are set out in the table below.  We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law).  If you have questions about the legal basis of how we process your personal data, contact us at privacy@ClinOne.com.

Processing Purpose (as described above in the “Use of Personal data” section)

Legal Basis

To Provide the Service

Processing is necessary to perform the contract governing our provision of the Services, or to take steps that you request prior to engaging our Services.  Where we cannot process your personal data as required to provide the Services on the grounds of contractual necessity, we process your personal data for this purpose based on our legitimate interest in providing you with the products or services you access and request.

Research and Development

Processing is based on our legitimate interests in performing research and development as described in this Privacy Policy.

Direct Marketing

Processing is based on your consent where that consent is required by applicable law.  Where such consent is not required by applicable law, we process your personal data for these purposes based on our legitimate interests in promoting our business and showing you tailored relevant content.

Interest-Based Advertising

Processing is based on your consent where that consent is required by applicable law.  Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.

To Comply with Laws and Regulations

Processing is necessary to comply with our legal obligations.

For Compliance, Fraud Prevention, and Safety

Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy, safety, or property.

With Your Consent

Processing is based on your consent.  Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the relevant Service.

For Compliance, Fraud Prevention, and Safety

Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy, safety, or property.

With respect to advertising that may be carried out in connection with ClinOne’s Trial Awareness program services, such processing is based on your consent where that consent is required by applicable law.  Where such consent is not required by applicable law, we process your personal data for these purposes based on our legitimate interests in promoting our Trial Awareness program network and showing you relevant content.

Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Platform.  If you withdraw your consent, our use of your personal data before you withdraw is still lawful.  If you have given consent for your details to be shared with a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

For questions about the legal bases our clients rely upon to process personal data we collect on their behalf, please contact the relevant client.

Use for New Purposes

We may use your personal data for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.  If we need to use your personal data for an unrelated purpose, we will notify you and explain the applicable legal basis. 

Retention

We will retain your personal data for as long as necessary to fulfill the purpose of collection, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish and defend legal claims, for fraud prevention purposes, or as long as required to meet our legal obligations.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For personal data collected about Client Users on behalf of a client, the data retention period will be determined by the applicable contract that we have with that client.

Your Rights

European data protection laws give you certain rights regarding your personal data.  You may ask us to take the following actions in relation to your personal data that we hold:

Your right of access

You have the right to ask us for a copy of your personal data.  There are some exemptions, which means you may not always receive all the information we process. 

Your right to rectification 

You have the right to ask us to rectify information you think is inaccurate.  You also have the right to ask us to complete information you think is incomplete.

Your right to erasure

You have a right to ask us to rectify information in certain circumstances.

Your right to data portability

This only applies to information you have given us.  You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you.  The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process is in our legitimate interest or where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing.

You may submit these requests by contacting us at privacy@clinone.com or at the mailing address listed below.  We may request specific information from you to help us confirm your identity and process your request.  Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions.  If you would like to submit a complaint about our use of your personal data or our response to your requests regarding your personal data, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.  You can find your data protection regulator here. ((https://edpb.europa.eu/aboutedpb/board/members_en).

Cross-Border Data Transfers of Personal Data

EU-U.S. and Swiss-U.S. Data Privacy Framework

ClinOne complies with the EU-U.S. Data Privacy Framework (and its UK Extension) and Swiss-U.S. Data Privacy Framework (the “Data Privacy Framework”), as adopted and set forth by the U.S. Department of Commerce regarding the processing of personal data. ClinOne commits to upholding and has certified to the Department of Commerce that it adheres to the Data Privacy Framework.

To learn more about the Data Privacy Framework, and to view ClinOne, Inc.’s certification, please visit https://www.dataprivacyframework.gov/s/ and https://www.dataprivacyframework.gov/s/participant-search, respectively.

Transfer Mechanism

If we transfer your personal data to a country outside of Europe such that we are required to apply additional safeguards to your personal data under European data protection laws, such as the Standard Contractual Clauses approved by the European Commission, we will do so. Please contact us at privacy@clinone.com (mailto:privacy@clinone.com) for further information about any such transfers or the specific safeguards applied.

Dispute Resolution

If a privacy complaint or dispute relating to Personal Data received by ClinOne in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure.  Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/

If a complaint or dispute cannot be resolved through our internal process, we have also agreed to cooperate with the EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to participate in the dispute resolution procedures of the panel established by such data protection authorities.

Binding Arbitration

If your dispute or complaint related to your Personal Data that we received in reliance on the Data Privacy Framework cannot be resolved by us, nor through the dispute resolution mechanism mentioned above, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework “Recourse, Enforcement and Liability” Principle and Annex I of the Data Privacy Framework.

U.S. Regulatory Oversight

ClinOne is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

European Union Representative

We have appointed IT Governance Europe Limited to act as our EU representative.  If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or heneral privacy matters, please email our Representative at eurep@itgovernance.eu.  Please ensure to include our company name (ClinOne, Inc.) in any correspondence you send to our Representative.

Alternatively IT Governance Europe Limited can be contacted at:

 

IT Governance Europe Limited,

Third Floor,

The Boyne Tower, Bull Ring,

Lagvooren, Drogheda,

Co. Louth,

Ireland,

A92 F682

 

United Kingdom Representative

uMotif Limited has been appointed as ClinOne’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation.  If you are located within the United Kingdom, uMotif Limited can be contacted in addition to or instead of ClinOne’s Data Privacy Contact, only on matters related to the processing of personal data.

To make such an inquiry, please contact uMotif Limited by e-mail to dpo@umotif.com.

 

Alternatively uMotif Limited can be contacted at:

uMotif Limited,

Attn: Data Protection Officer,

12 New Fetter Lane,

London,

EC4A 1JP

United Kingdom

 

CONTACTING US

If you have any questions about this Policy or our processing of your personal data, please write to our Privacy Contact by email at privacy@clinone.com or by postal mail at the address below.

ClinOne, Inc.

Attn: Privacy Contact

117 Kendrick Street

Suite 300

Needham, MA 02494, USA