Last Revised: 27MAY2021
ClinEdge is headquartered at 108 Myrtle Street, Quincy MA 02171, and is registered in England and Wales under CSN3311528. We have a registration number in the Information Commissioner’s Office Register : ZA445878, and the company acts as a data controller for the processing of your data. We have further identified the Irish DPA as our lead (one stop shop) Data Protection Authority. Our Designated Data Protection Officer/Designated Person: Bob Place, whom you may contact at GDPR@clin-edge.com
- On the Website or through forms on the Website
- In email, text, and other electronic messages between you and the Website
It does not apply to information collected:
- by us, offline or through any other means, including information collected through any other electronic means or any other Website specified by us or a third party;
- by Turning Point Therapeutics, the sponsor of the TRIDENT-1 study; or
- by any other third party, including through any application or content (including advertising) that may link to or be available from the Website.
If the changes have minor, if any, consequences, they will take effect 7 days after we notify you. Substantial changes will be effective 30 days after we initially posted or sent you the notice. If we need to adapt the policy to new legal requirements, the new policy will become effective immediately or as required by law.
Until the new policy takes effect, if it materially reduces the protection of your privacy right under the then-existing policy, you can choose not to accept it and terminate your use of the Services. Continuing to use the Website after the new policy takes effect means that you agree to the new policy.
Information That We Collect
We collect certain information about you to provide you with the ClinEdge Services or to identify the patient’s compatibility with research studies and use such information to meet legal, statutory and contractual obligations.
When you use the Services, we collect certain information about you (“Personal Information”) in the following forms:
- “Personally Identifiable Information”, which means information that identifies you (either directly or indirectly), including:
- Full Name
- Date of Birth Age
- Personal Email or Business Email
- Home or Mobile Telephone Number
- Health/Medical Information
- “Aggregate Information”, which means information that does not directly or indirectly identify, and cannot reasonably be used to identify, you.
How We Collect Your Information
We collect Information in the following ways:
- Use the Services: we collect Personal Information that you provide to us when you –
- fill out a form to be considered for potential study opportunities;
- input information into the Services;
- create user generated content;
- request products, services or information from us;
- participate in public forums or other activities through the Services; or,
- otherwise interact with us or the Services.
- Web Analytics and Marketing Automation: we use third-party analytics tools to better understand who is using the Services, how people are using the Services and how to improve the effectiveness of the Services and its content. We also use third-party marketing automation tools to help us with our marketing efforts.
The privacy practices of these third-party companies are subject to their own privacy policies. Please read these policies at: http://www.google.com/intl/en/policies/privacy/.
From time-to-time, we will change our analytics and marketing service providers and will provide additional information about these services when we update this policy.
- They may combine information they collect from your interaction with the Services with Personal Information they collect from other sources. We do not combine the information collected through the use of analytics services with your Personal Information. You can prevent analytics and marketing automation services from recognising you on return visits to our Website by disabling third-party cookies on your web browser.
- Online Forms: when we collect your Personal Information, it is secured in our database and stored in portals for sites to securely access and follow up with potential participants to determine eligibility for this study.
- Via Phone Call and Text: you may be contacted by a staff member at a research study site (with your permission) if you meet the study requirements to discuss participation in the study. By providing your phone number and/or email to us through the Services, you consent to being contacted by us.
Do Not Track
Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. Our Services do not respond to Do Not Track (DNT) signals.
How We Use Your Information
The purposes and reasons for processing your Personal Information are detailed below: –
- We use your Personal Information to provide you with the ClinEdge Services, make it better, and to continue developing the Services
- We use your Personal Information to contact you, respond to your questions or to provide you with information you requested
- We collect your Personal Information for study and trial qualification
- We collect and store your Personal Information as you expressed interest in participating in a study or trial
- We will use your Personal Information to enforce our terms, policies and legal agreements We will use your Personal Information to comply with court orders and warrants, and assist law enforcement agencies
- We will use your Personal Information to prevent fraud, misappropriation, infringements, identity thefts, cyber security attacks and any other misuse of your Personal Information and the Services
- We will use your Personal Information to take any action in any legal dispute and proceeding.
Where you have consented to us providing you with information or marketing, you are free to withdraw this consent at any time and unsubscribe from our mailing lists or newsletters, by sending an opt-out request to: firstname.lastname@example.org .
Transfer of Information Outside your Territory
We will store and process your Personal Information in the United States, on our cloud-based services’ sites. From time-to-time, we will make operational decisions which will have an impact on the sites in which we maintain personally identifiable information. We make sure that our data hosting service providers provide us with adequate confidentiality and security commitments.
If you are a resident in a jurisdiction where transfer of your Personal Information to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer.
To the extent required under EU/UK data protection laws, transfer of personal data to our US hosting service providers is governed by our hosting services’ Binding Corporate Rules (BCR). BCRs are company-specific, group-wide data protection policies approved by European data protection authorities to facilitate international transfers of personal data from the EEA and the UK to other countries. BCRs are considered the gold standard of EU/UK data transfer mechanisms, in part because reliance on BCRs as a valid transfer mechanism requires intensive consultation with European data protection authorities, which approve them based on strict privacy principles.
To the extent necessary under EU privacy laws and regulations, we will implement additional data onward transfer instruments, such as the Controller to Controller standard contractual clauses.
Sharing Your Personal Information
The ways in which we share your Personal Information include the following:
- When we make your Personal Information available to the study research sites for study and trial qualification and to contact interested patients.
- When we share Personal Information with third parties in connection with the sale of our business (including merger, acquisition or sale of all or a material portion of our assets, change in corporate control, or insolvency or bankruptcy proceedings).
- In addition, we share Aggregate Information with third parties, however we will use industry standard measures and appropriate technical and legal guidance to make sure that such information will not likely identify you.
Your Controls and Choices
We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information, including the right to request access to the Personal Information we hold about you and that we amend, If you find that your Personal Information is not accurate, complete or up-to-date, or delete it.
At any time, you can exercise your following opt-out options:
- object to the transfer of your Personal Information to a third party, other than to third parties who help us perform tasks as explained in this policy, or,
At any time following your opt-out request, we can remove or de-identify your Personal Information altogether and request that you stop using the Website.
You may exercise your controls and choices, or request access to your Personal Information, by modifying your profile or by contacting us at email@example.com or following instructions provided in communications sent to you.
We will need to ask you to provide us certain credentials to make sure that you are who you claim to be and to the extent required under the applicable law, will make good-faith efforts to locate the Personal Information that you request to access.
We can delete your Personal Information, by removing any identifying information and transforming personally identifiable information that relates to you into anonymised information.
Please be aware that, if you do not allow us to collect Personal Information from you, we may not be able to deliver certain products and services to you, and some of our services may not be able to take account of your interests and preferences. If you have questions regarding the specific Personal Information about you that we process or retain, please contact us at firstname.lastname@example.org.
Data Security and Integrity
The security, integrity and confidentiality of your Personal Information are important to us.
We have implemented technical, administrative, and physical security measures that are designed to protect your Personal Information from unauthorised access, disclosure, use and, modification, including: SSL, TLS, encryption, pseudonymisation, restricted access, two factor authentication, firewalls and anti-virus/malware.
From time-to-time, we review our security procedures to consider appropriate new technology and methods. Please be aware though that, despite our best efforts, no security measures are perfect or impenetrable and we cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
The safety and security of your Personal Information also depends on you. Where we have given you (or when you have chosen) a username or password for access to certain parts of our Website, you are responsible for keeping this password confidential. Do not share your password with anyone.
How Long We Keep Your Personal Information
ClinEdge retains Personal Information as needed to comply with our legal obligations and we have strict review and retention policies in place to meet these obligations.
We are required in some cases to keep your Personal Information (name, contact details) for a minimum of 6 years after which time it will be destroyed.
If we retain your Personal Information for any legitimate business purpose other than to provide the Services, we will make efforts to limit the access to such information and keep the retention time to a minimum.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information, when we no longer need to process the information.
Your Data Protection Rights
Our processing of your personal information is based on following lawful grounds:
- All processing of your personal information which are not based on the lawful grounds indicated below, are based on your consent.
- We will process your personal information to comply with a legal obligation and to protect your and others’ vital interests.
- We will further rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:
- Communications with you, including direct marketing where you are a user of our Services, or where you make contact with us through the Website or through other digital assets.
- Cyber security.
- Support, customer relations and Services and Website operations.
- Enhancements and improvements of user experience with the Services and Website.
- Fraud detection and misuse of the Services and Website.
You have the right to access any personal information that ClinEdge processes about you and to request information about:
- What personal information we hold about you
- The purposes of the processing
- The categories of personal information concerned
- The recipients to whom the personal information has/will be disclosed
- How long we intend to store your personal information
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the GDPR.
ClinEdge LLC has appointed EU Business Partners as its representative in the EU for the purposes of Article 27 of GDPR. You may contact the EU representative, as well as ClinEdge LLC directly with any query that you may have in relation to your personal data. The contact details are as follows:
EU Business Partners
10 Ashe Street, Clonakilty, County Cork, P85 E4303, Ireland
Flor McCarthy, Director
ClinEdge LLC has appointed UK GDPR Representatives Limited as its representative in the UK for the purposes of Article 27 of the UK GDPR. You may contact the UK GDPR representative, as well as ClinEdge LLC directly with any query that you may have in relation to your personal data. The contact details are as follows:
UK GDPR Representatives Limited
7 Bell Yard, London, WC2A 2JR, United Kingdom
Flor McCarthy, Director
These requests can be made online: https://clin-edge.com/data-subject-requests-gdpr/. Or by mail: 108 Myrtle St, Quincy, MA, 02171 Attention: DPO
If we receive a request from you to exercise any of the above rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will further ask you questions to understand the nature and scope of your request.
California Consumer Privacy Act – Information for California Consumers
This section provides specific information for residents of California (“consumers”), as required under California privacy laws, and is intended to satisfy the California Consumer Privacy Act (“CCPA”), which requires that we provide certain information to consumers about how we handle certain personal information that we have collected.
Personal Information That We Collect
We have collected the following categories of personal information from consumers within the last twelve (12) months:
- Identifiers and Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). These include, names, postcode, telephone number, email address, Internet Protocol address and business email address.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with the Website.
- Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences and characteristics.
Categories of Sources for Personal Information
We obtain the categories of personal information listed above from the following categories of sources:
- Directly and indirectly from you when you visit the Website.
- Third parties as further detailed above.
Purposes for which Personal Information is Used
The categories of personal information described above are collected and disclosed for the purposes detailed under the section titled “How We Use Your Information” above.
Our Use and Disclosure Practices
In the preceding twelve (12) months, we have disclosed the following categories of personal information for business purposes:
- Internet or other similar network activity;
In the preceding twelve (12) months, ClinEdge LLC did not sell your personal information.
California Consumer Rights
Subject to certain exceptions, you have the right to make the following requests, at no charge, up to twice every 12 months:
- Deletion: the right to request deletion of your personal information that we have collected about you, subject to certain exemptions, and to have such personal information deleted.
- Right to Know: the right to request that we disclose certain information about how we have handled your personal information in the previous 12 months, including the:
- categories of personal information collected
- categories of sources of personal information collected
- business and/or commercial purposes for collecting and selling your personal information
- categories of third parties with whom we have disclosed or shared your personal information
- categories of personal information that we have disclosed or shared with a third party for a business purpose
- categories of third parties to whom the consumer’s personal information has been shared
- The specific pieces of personal information we collect from you
You can submit a deletion or right-to-know request by calling out toll-free number at 857-496-0054 or by emailing us at email@example.com; we will respond to verifiable requests received from California consumers as required by law. We will also ask you for additional information necessary to verify or process your request. We may also carry out checks, including with third-party identity verification services, to verify your identity before taking any action with your personal information. We will respond substantively to your verifiable requests within 45 days, unless additional time (up to 45 additional days) is needed, in which case we will let you know. If we determine that your request warrants a fee, we will inform you of the reasons for such decision and provide you with a cost estimate before completing your request.
Accessing or Correcting Your Information
You may send us an email at firstname.lastname@example.org to request access to, correct or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If we need to delete your personal information following your request, it will take some time until we completely delete residual copies of your personal information from our active servers and from our backup systems.