COLLECTION OF PERSONAL INFORMATION
Personal Information You Provide
We may collect the following personal information that you provide through our Platform or otherwise:
Contact Information, such as name, email address, mailing address, phone number, title, company name, and location.
Professional information, such as your organization, job role, area of expertise, or business interests.
Account information, such as the username and password you create when registering for an account and other registration data.
Preferences, such as your marketing or communication preferences.
Communications, including information associated with your inquiries to us and any feedback you provide when you communicate with us or on the Platforms.
Billing information, such as your payment method, credit or debit card number, billing address, and order information.
Order history, such as information about products and applications you or your company uses or have used in the past and your transaction history.
Unless we specifically request it, we ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Platform, or otherwise to us.
In addition, Client Users may be able to use the App to provide our customers with additional types of personal information, including health information, which we will collect in accordance with their instructions.
Personal Information Collected Automatically
Information about you, your computer, or your mobile device may automatically be collected on the Platform, such as:
Online activity information, such as the website you visited before browsing to the Platform, pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
Device information, such as your computer or mobile device operating system type and version number, wireless carrier, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, and general location information such as city, state, or geographic area.
The automatic data collection on the Platform may be facilitated by the following technologies:
Software Development Kits, or SDKs, which are software components we may use in the App to collect information directly from users and implement third-party services in our App.
Web Beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
Connected devices, such as health monitoring devices that our customers may choose to connect with the Platform as part of their clinical trials.
Personal Information Received from Third Parties
We may also receive personal information about you from third parties, such as our business partners, the organization you work for, clinical trial sponsors and sites, ClinOne customers, data licensors, marketing partners, and publicly-available sources, such as social media platforms.
Users of the Platform may have the opportunity to refer colleagues or other contacts to us and share their contact information. Please do not provide us with someone’s contact information unless you have their permission to do so.
USE OF PERSONAL INFORMATION
To Provide the Platform
We may use your personal information to:
Provide and operate the Platform and our business:
Connect you with potential clinical trial opportunities;
Monitor and improve your experience on the Platform;
Create and maintain your account;
Review and respond to your requests;
Communicate with you about the Platform and other related communications;
Respond to your inquiries or support tickets;
Provide products and services you request; and
Process your transactions, send you invoices, and monitor your orders.
In addition, we use personal information about Client Users at the direction of our clients to provide them with our products and services, such as managing clinical trials, storing clinical and patient engagement data, and generating applicable modules and reports.
Research and Development
We may use your information for research and development purposes, including to improve the Platform, understand and analyze the usage trends and preferences of our users, and develop new features, functionality, and services. As part of these activities, we may create aggregated, deidentified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal business purpose. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.
We may send you ClinOne-related or other direct marketing communications as permitted by law. You may opt-out of our marketing communications as described in the “Your Choices” section below.
To Comply with Laws and Regulations
We will use personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
For Compliance, Fraud Prevention, and Safety
We may use your personal data and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) maintain the safety, security, and integrity of our Platform, products and services, business, databases and other technology assets; (b) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (c) audit our internal processes for compliance with legal and contractual requirements and internal policies; (d) enforce the terms and conditions that govern the Platform; and (e) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
With Your Consent
In some cases we may specifically ask you for your consent to collect, use, or share your personal information, such as when required by law.
SHARING OF PERSONAL INFORMATION
We share personal information with third parties and individuals who perform functions on our behalf and help us run the Platform and our business. For example, service providers help us perform website and application hosting, maintenance, database management, cloud storage, document signature and management, web analytics, billing, email software, SMS/text messaging software, CRM software, payment processing, marketing, and other purposes.
We may disclose personal information collected about you with third parties in connection with any business transaction (or potential transaction) involving a merger, sale of company shares or assets, financing, acquisition, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings).
Authorities, Law Enforcement, and Others
We may also disclose information collected about you to law enforcement, government authorities, and private parties, if disclosure is necessary to comply with any applicable law or regulation, in response to a subpoena, court order, governmental inquiry, or other legal process, or as we believe necessary for the compliance and protection purposes described in section titled “Use of Personal Information” above.
We may share your personal information with persons, companies, or professional firms providing ClinOne with advice and consulting in accounting, administrative, legal, tax, financial, debt collection, and other matters.
TRIAL AWARENESS PROGRAM
This section provides additional disclosures applicable only to the ClinOne Trial Awareness program services.
You can limit the use of your information for interest-based advertising by blocking third-party cookies in your browser settings, using browser plug-ins/extensions, and/or using your mobile device settings to limit the use of the advertising ID associated with your mobile device. You can also opt out of interest-based ads from companies participating in the following industry opt-out programs by visiting the linked websites: the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp), the European Interactive Digital Advertising Alliance (for European users – http://www.youronlinechoices.eu/), and the Digital Advertising Alliance (optout.aboutads.info). The optout preferences described here must be set on each device and/or browser for which you want them to apply. Please note that we also may work with companies that offer their own opt-out mechanisms or do not participate in the opt-out mechanisms described above, so even after opting-out, you may still receive some cookies and interest-based ads from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.
Sharing of Personal Information with the Trial Awareness Network. If you are a provider, ClinOne may share contact information about you, provided to us by our customers, with members of our Trial Awareness network, regarding the clinical trial you may be supporting for one of our customers. If you are a member of ClinOne’s Trial Awareness network, we will share your contact information with the local providers who are overseeing a clinical trial that may interest you based on the information you enter as a part of responding to our email campaign. As part of these services, we may also share contact information about you with the sponsors regarding the clinical trial you may be interested in.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
ClinOne is headquartered in the United States, and we have service providers in the United States and other countries. Your personal information may be collected, used, and stored in the United States or other locations outside of your home country. Privacy laws in the locations where we handle your personal information may not be as protective as the privacy laws in your home country. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in any applicable terms of service.
European, Swiss, and United Kingdom (“UK”) users may view the section below titled “Notice to European, Swiss, and UK Users” for additional information regarding any transfers of your personal information.
We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect personal information from unauthorized processing. This includes unauthorized access, disclosure, alteration, or destruction. However, no security system is impenetrable, and ClinOne cannot guarantee the security of the Platform, nor that the information you supply will not be intercepted while being transmitted over the Internet; therefore, we are not liable for the illegal acts of third parties.
OTHER PLATFORMS AND SERVICES
The Platform may contain links to other platforms and online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or online services that are not associated with us. We do not control third party websites or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and online services you use.
In this section, we describe the rights and choices available to our direct users. If you are a patient or other individual using the App as part of the services we provide to our customers, please contact the relevant customer directly to submit any privacy requests relating to your personal information.
Accessing and Correcting Your Personal Information
If you need to make changes, corrections, or request that we remove your information from our systems, you may email ClinOne at firstname.lastname@example.org. We may not accommodate a request if we believe the change would violate any law or legal requirement or cause the information to be incorrect. ClinOne will use reasonable efforts to honor the request, however, you understand that in may not be technologically possible to remove from our systems every record of your personal information. The need for us to backup and protect information from inadvertent loss may mean that a copy of your data exists in a form that is non-erasable or impossible for us to locate or remove.
You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us as described below. You may continue to receive service-related and other non-marketing emails.
Do Not Track
Some browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com).
Declining to Provide Information
We need to collect personal information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.
NOTICE TO CALIFORNIA RESIDENTS
Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with ClinOne are entitled to ask us once a year for information regarding the personal information we have shared, if any, with third parties for their direct marketing purposes. If you are a California resident and would like to submit such a request, please submit your request in writing to the email address listed in the section titled “CONTACTING US” below with “Shine the Light” in the subject line. The request must include your name, street address, city, state, and ZIP code and an attestation that you are a California resident. We are not responsible for requests that are not labeled or sent properly, or that do not have complete information.
NOTICE TO EUROPEAN, SWISS, AND UK USERS
The information provided in this section applies only to individuals in the European Union, the European Economic Area (collectively, “Europe”), Switzerland, and the United Kingdom.
If you are a Client User providing personal information in connection with the services provided by ClinOne to one of our clients, please contact the relevant client for information about the controller of your personal information for purposes of European, Swiss, and UK data protection legislation.
Legal Bases for Processing
|Processing Purpose (as described above in the “Use of Personal Information” section)||Legal Basis|
|To Provide the Platform||Processing is necessary to perform the contract governing our operation of the Platform, or to take steps that you request prior to engaging our services. Where we cannot process your personal data as required to operate the Platform on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the products or services you access and request.|
|Direct Marketing||Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business and delivering information of interest to you.|
|To Comply with Laws and Regulations||Processing is necessary to comply with our legal obligations.|
|For Compliance, Fraud Prevention, and Safety||Processing is necessary to comply with our legal obligations or based on our legitimate interests in protecting our or others’ rights, privacy, safety, or property.|
With respect to advertising that may be carried out in connection with ClinOne’s Trial Awareness program services, such processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our Trial Awareness program network and showing you relevant content.
Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Platform.
For questions about the legal bases our clients rely upon to process personal information we collect on their behalf, please contact the relevant client.
Use for New Purposes
|Processing Purpose (as described above in the “Use of Personal Information” section)||Legal Basis|
|With Your Consent||Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Platform.|
We will retain your personal information for as long as necessary to fulfill the purpose of collection, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish and defend legal claims, for fraud prevention purposes, or as long as required to meet our legal obligations.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements
For personal information collected about Client Users on behalf of a client, the data retention period will be determined by the applicable contract that we have with that client.
European, Swiss, and UK data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
Access. Provide you with information about our processing of your personal information and give you access to your personal information.
Correct. Update or correct inaccuracies in your personal information.
Delete. Delete your personal information.
Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict. Restrict the processing of your personal information.
Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You may submit these requests by contacting us at email@example.com or at the mailing address listed below. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Cross-Border Data Transfer
EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework
To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
If we transfer your personal information to a country outside of Europe, Switzerland, or the UK such that we are required to apply additional safeguards to your personal information under European, Swiss, or UK data protection laws, such as the Standard Contractual Clauses approved by the European Commission, we will do so. Please contact us at firstname.lastname@example.org for further information about any such transfers or the specific safeguards applied.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ClinOne commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact ClinOne by email at email@example.com or by postal mail at:
Attn: Privacy Lead
117 Kendrick Street
Needham, MA 02494, USA
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, ClinOne commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the VeraSafe Data Privacy Framework Dispute Resolution Procedure, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.verasafe.com/public-resources/dispute-resolution/submit-dispute/ for more information or to file a complaint. The services of the VeraSafe Data Privacy Framework Dispute Resolution Procedure are provided at no cost to you.
If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework’s “Recourse, Enforcement and Liability Principle” and Annex I of the Data Privacy Framework.
U.S. Regulatory Oversight
ClinOne is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
European Union Representative
We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form:
or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
United Kingdom Representative
VeraSafe has been appointed as ClinOne’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of ClinOne’s Data Privacy Lead, only on matters related to the processing of personal data.
To make such an inquiry, please contact VeraSafe using this contact form:
or via telephone at: +44 (20) 4532 2003.
Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
If you have any questions about this Policy or our processing of your personal information, please write to our Privacy Lead by email at firstname.lastname@example.org or by postal mail at:
Attn: Privacy Lead
117 Kendrick Street
Needham, MA 02494, USA