Privacy Policy

ClinOne Privacy Policy

Effective on: March 07, 2024

This Privacy Policy (“Privacy Policy”) explains how ClinOne, Inc. and its affiliates and subsidiaries (collectively, “ClinOne,” “us,” “we,” or “our”) collects, uses, and shares your personal information in connection with our websites located at www.ClinOne.comwww.clintrialconnect.com, and any other websites we operate that link to this Privacy Policy (collectively, the “Site”), our social media pages, and our email communications (collectively, the “Service”), and the rights and choices you have with respect to your personal information.

This Privacy Policy does not apply to the ClinOne Web or Mobile applications, including our ClinTrialConnect application, or our Trial Awareness Program.  Please visit the ClinOne Products and Services Privacy Policy for more information regarding those applications and ClinOne’s products and services.

ClinOne reserves the right, at any time, to modify this Privacy Policy.  If we make revisions that change the way we collect, use, or share personal information, we will post those changes in this Privacy Policy.  You should review this Privacy Policy periodically so that you keep up to date on our most current policies and practices.  We will note the date of the latest version of our Privacy Policy at the top of this Privacy Policy.  Your continued use of the Service following posting of changes constitutes your acceptance of such changes.            

COLLECTION OF PERSONAL INFORMATION

Personal Information You Provide

We may collect the following personal information that you provide through our Service or otherwise:

·     Contact information, such as name, email address, mailing address, phone number, title, company name, and location.

·     Professional information, such as your organization, job role, area of expertise, or business interests.

·     Preferences, such as your marketing or communication preferences.

·     Communications, including information associated with your inquiries to us and any feedback you provide when you communicate with us or on the Services.

·     Transaction information related to any services or subscriptions that your organization receives from us.

·     Other information that you choose to provide but is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Unless we specifically request it, we ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Service, or otherwise to us.

Personal Information Collected Automatically

We, our service providers, and our business partners may automatically log information about you, your computer or mobile device and your activity over time on our Service and other sites and online services, such as:

·     Online activity information, such as the website you visited before browsing to the Service, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

·     Device information, such as your computer or mobile device operating system type and version number, wireless carrier, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, and general location information such as city, state, or geographic area.

Like many online services, we use cookies and similar technologies to facilitate some of our automatic data collection, including:

·     Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising. For more information, please visit our Cookie Policy.

·     Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.

Personal Information Received from Third Parties

We may also receive personal information about you from third parties, such as our business partners, the organization you work for, other customers, our subsidiaries and affiliates, data licensors, marketing partners, and publicly available sources, such as social media platforms. 

Referrals

Users of the Service may have the opportunity to refer colleagues or other contacts to us and share their contact information.  Please do not provide us with someone’s contact information unless you have their permission to do so.

USE OF PERSONAL INFORMATION

We may use your personal information for the following purposes and as otherwise described either in this Privacy Policy or at the time of collection.

To Provide the Service

We may use your personal information to:

·     provide and operate the Service and our business;

·     monitor and improve your experience on the Service;

·     review and respond to your requests;

·     communicate with you about the Service and other related communications;

·     respond to your inquiries or support tickets; and

·     provide products, services, information, and transactions that you request.

Research and Development

We may use your information for research and development purposes, including to improve the Service, understand and analyze the usage trends and preferences of our users, and develop new features, functionality, and services.  As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal business purpose. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

Direct Marketing

We may send you ClinOne-related or other direct marketing communications as permitted by law.  You may opt-out of our marketing communications as described in the “Your Choices” section below. 

Interest-Based Advertising

We may work with third-party advertising companies and social media companies to help us advertise our business and to display ads on our Service and other sites. These companies may use cookies and similar technologies to collect information about you (including the device data and online activity data described above) over time across our Service and other sites and services or your interaction with our emails and use that information to serve ads that they think will interest you.  You can learn more about your choices for limiting interest-based advertising in the “Your Choices” section below. 

To Comply with Laws and Regulations

We will use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For Compliance, Fraud Prevention, and Safety

We may use your personal data and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) maintain the safety, security, and integrity of our Service, products and services, business, databases and other technology assets; (b) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (c) audit our internal processes for compliance with legal and contractual requirements and internal policies; (d) enforce the terms and conditions that govern the Service; and (e) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With Your Consent

In some cases, we may specifically ask you for your consent to collect, use, or share your personal information, such as when required by law.

SHARING OF PERSONAL INFORMATION

We may share your personal information with the entities and individuals listed below or as otherwise described in this Privacy Policy or at the point of collection. ClinOne, Inc. remains liable for the protection of your personal information that we share with such entities and individuals, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

Related Companies

We may share information collected about you with any member of our group of companies, including subsidiaries, our ultimate holding company, and its subsidiaries. For example, we will share your personal information with our related companies to provide our products and services to you, where other companies within our group perform components of the full-service offering.

Service Providers

We share personal information with third parties and individuals who perform functions on our behalf and help us run our business.  For example, service providers help us perform website hosting, maintenance, database management, cloud storage, document signature and management, web analytics, billing, email software, CRM software, payment processing, marketing, and other purposes.

Advertising Partners

We may also share personal information collected about you with third parties who we partner with for advertising campaigns, contests, special offers or other events or activities in connection with our Service, or that collect information about your activity on the Service and other online services to help us advertise our products and service, and/or use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.

Business Transferees

We may disclose personal information collected about you with third parties in connection with any business transaction (or potential transaction) involving a merger, sale of company shares or assets, financing, acquisition, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings).

Authorities, Law Enforcement, and Others

We may also disclose information collected about you to law enforcement, government authorities, and private parties, if disclosure is necessary to comply with any applicable law or regulation, in response to a subpoena, court order, governmental inquiry, or other legal process, or as we believe necessary for the compliance and protection purposes described in section titled “Use of Personal Information” above.

Professional Advisors

We may share your personal information with persons, companies, or professional firms providing ClinOne with advice and consulting in accounting, administrative, legal, tax, financial, debt collection, and other matters.

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Some ClinOne companies are headquartered in the United States, and we have service providers in the United States and other countries.  Your personal information may be collected, used, and stored in the United States or other locations outside of your home country.  Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country.  By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in any applicable terms of service.

European users may view the section below titled “Notice to European Users” for additional information regarding any transfers of your personal information.

SECURITY

We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect personal information from unauthorized processing. This includes unauthorized access, disclosure, alteration, or destruction. However, no security system is impenetrable, and ClinOne cannot guarantee the security of the Service, nor that the information you supply will not be intercepted while being transmitted over the Internet; therefore, we are not liable for the illegal acts of third parties.

OTHER WEBSITES AND SERVICES

The Service may contain links to other websites and online services operated by third parties.  These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or online services that are not associated with us.  We do not control third party websites or online services, and we are not responsible for their actions.  Other websites and services follow different rules regarding the collection, use and sharing of your personal information.  We encourage you to read the privacy policies of the other websites and online services you use.

YOUR CHOICES

In this section, we describe the rights and choices available to all users.

Accessing and Correcting Your Personal Information

If you need to make changes, corrections, or request that we remove your information from our systems, you may email ClinOne at privacy@clinone.com.  We may not accommodate a request if we believe the change would violate any law or legal requirement or cause the information to be incorrect.  ClinOne will use reasonable efforts to honor the request, however, you understand that in may not be technologically possible to remove from our systems every record of your personal information.  The need for us to backup and protect information from inadvertent loss may mean that a copy of your data exists in a form that is non-erasable or impossible for us to locate or remove.

Promotional Emails

You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us as described below.  You may continue to receive service-related and other non-marketing emails.

Cookies

Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Service and our Site may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.  You may also visit our Cookie Policy.

Advertising Choices

You can limit the use of your information for interest-based advertising by blocking third-party cookies in your browser settings, using browser plug-ins/extensions, and/or using your mobile device settings to limit the use of the advertising ID associated with your mobile device.  You can also opt out of interest-based ads from companies participating in the following industry opt-out programs by visiting the linked websites: the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp), the European Interactive Digital Advertising Alliance (for European users – http://www.youronlinechoices.eu/), and the Digital Advertising Alliance (optout.aboutads.info).  The opt-out preferences described here must be set on each device and/or browser for which you want them to apply.  Please note that we also may work with companies that offer their own opt-out mechanisms or do not participate in the opt-out mechanisms described above, so even after opting-out, you may still receive some cookies and interest-based ads from other companies.  If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.

Do Not Track

Some browsers may be configured to send “Do Not Track” signals to the online services that you visit.  We currently do not respond to “Do Not Track” or similar signals.  To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to Provide Information

We need to collect personal information to provide certain services.  If you do not provide the information requested, we may not be able to provide those services.

MINORS

ClinOne does not knowingly collect personally identifiable information from children under the age of 18, as our Website may not be used by persons under the age of 18.  If ClinOne is made aware that information has been collected, while using this Website, regarding a child under the age of 18, that information will be deleted.

NOTICE TO CALIFORNIA RESIDENTS

Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with ClinOne are entitled to ask us once a year for information regarding the personal information we have shared, if any, with third parties for their direct marketing purposes.  If you are a California resident and would like to submit such a request, please submit your request in writing to the email address listed in the section titled “CONTACTING US” below with “Shine the Light” in the subject line.  The request must include your name, street address, city, state, and ZIP code and an attestation that you are a California resident.  We are not responsible for requests that are not labeled or sent properly, or that do not have complete information.

NOTICE TO EUROPEAN USERS

The information provided in this section applies only to individuals in the European Union, the European Economic Area, and the United Kingdom (collectively, “Europe”).

Except as otherwise specified, references to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation. 

Controller

The controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation is ClinOne, Inc, 117 Kendrick Street, Suite 300, Needham, MA 02494, USA.

Legal Bases for Processing

The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it.  However, the legal bases we typically rely on are set out in the table below.  We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we process your personal information, contact us at privacy@ClinOne.com.

Processing Purpose (as described above in the “Use of Personal Information” section)

Legal Basis

To Provide the Service

Processing is necessary to perform the contract governing our operation of the Service, or to take steps that you request prior to engaging our services.  Where we cannot process your personal data as required to operate the Service on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the products or services you access and request. 

Research and Development

Processing is based on our legitimate interests in performing research and development as described in this Privacy Policy.

Direct Marketing

Processing is based on your consent where that consent is required by applicable law.  Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business and showing you tailored relevant content.

Interest-Based Advertising

Processing is based on your consent where that consent is required by applicable law. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service. 

To Comply with Laws and Regulations

Processing is necessary to comply with our legal obligations.

For Compliance, Fraud Prevention, and Safety

Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy, safety, or property.

With Your Consent

Processing is based on your consent.  Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service. 

Use for New Purposes

We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.  If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis. 

Retention

We will retain your personal information for as long as necessary to fulfill the purpose of collection, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish and defend legal claims, for fraud prevention purposes, or as long as required to meet our legal obligations. 

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your Rights

European data protection laws give you certain rights regarding your personal information.  You may ask us to take the following actions in relation to your personal information that we hold:

·     Access.  Provide you with information about our processing of your personal information and give you access to your personal information.

·     Correct.  Update or correct inaccuracies in your personal information.

·     Delete.  Delete your personal information.

·     Transfer.  Transfer a machine-readable copy of your personal information to you or a third party of your choice.

·     Restrict.  Restrict the processing of your personal information.

·     Object.  Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights. 

You may submit these requests by contacting us at privacy@clinone.com or at the mailing address listed below.  We may request specific information from you to help us confirm your identity and process your request.  Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions.  If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.  You can find your data protection regulator here

Cross-Border Data Transfer

EU-U.S. and Swiss-U.S. Data Privacy Framework

ClinOne complies with the EU-U.S. Data Privacy Framework (and its UK Extension) and Swiss-U.S. Data Privacy Framework (the “Data Privacy Framework”), as adopted and set forth by the U.S. Department of Commerce regarding the processing of personal data. ClinOne commits to upholding and has certified to the Department of Commerce that it adheres to the Data Privacy Framework.

To learn more about the Data Privacy Framework, and to view ClinOne, Inc.’s certification, please visit https://www.dataprivacyframework.gov/s/ and https://www.dataprivacyframework.gov/s/participant-search, respectively.

Transfer Mechanism

If we transfer your personal information to a country outside of Europe such that we are required to apply additional safeguards to your personal information under European data protection laws, such as the Standard Contractual Clauses approved by the European Commission, we will do so.  Please contact us at privacy@clinone.com for further information about any such transfers or the specific safeguards applied.

Dispute Resolution

Where a privacy complaint or dispute relating to Personal Data received by ClinOne in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, which is based in the United States. Subject to the terms of the Verisae Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/public-resources/dispute-resolution/submit-dispute/.

Binding Arbitration

If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework’s “Recourse, Enforcement and Liability Principle” and Annex I of the Data Privacy Framework.

U.S. Regulatory Oversight

ClinOne is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

European Union Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

VeraSafe Netherlands BV
Keizersgracht 391 A
1016 EJ Amsterdam
The Netherlands

VeraSafe Czech Republic s.r.o.
Klimentská 46,
Prague 1,
11002,
Czech Republic

United Kingdom Representative

VeraSafe has been appointed as ClinOne’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of ClinOne’s Data Privacy Lead, only on matters related to the processing of personal data.

To make such an inquiry, please contact VeraSafe using this contact form:  https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.

37 Albert Embankment

London SE1 7TL

United Kingdom

CONTACTING US

If you have any questions about this Policy or our processing of your personal information, please write to our Privacy Lead by email at privacy@clinone.com or by postal mail at the address below.

ClinOne, Inc.
Attn: Privacy Lead
117 Kendrick Street
Suite 300
Needham, MA 02494, USA