Privacy Policy for Clinical Site Users

Doctor handshaking with a couple at the hospital

Privacy Policy for Clinical Site Users

Doctor handshaking with a couple at the hospital

Last updated: September 26, 2021

 

1. Introduction

This Privacy Policy describes the types of information gathered by SiteRx, Inc. (“SiteRx”, “we”, “us”, or “our”) in the process of providing you access to our software as a service solution (“Platform”), as well as how we use it, with whom the information may be shared, what choices are available to you regarding collection, use and distribution of information and our efforts to protect the information you provide to us through the Platform. This Privacy Policy does not apply to information received by us outside of the process of providing you with access to the Platform, for example, our activities as a business associate of HIPAA covered entities which are subject to the terms and conditions of applicable business associate agreements and other agreements. Used in this Privacy Policy, “HIPAA” means the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009.

By accessing or using the Platform, you hereby consent to allow us to process information in accordance with this Privacy Policy. Please also refer to our Terms of Access at Terms of access, which are incorporated as if fully recited herein (“Terms of Access”). Terms defined in the Terms of Access that are not defined herein shall have the same definition as in the Terms of Access.We may revise or update this Privacy Policy by posting an amended version through the Platform and making you aware of the revisions, which may be through posting to the Platform or otherwise. Your continued access to or use of the Platform following our notice of changes to this Privacy Policy (or other acceptance method) means you accept such changes. Please refer to the “Last updated” date above to see when this Privacy Policy was last updated.

 

2. Who Collects Your Information On OurPlatform?

We collect information from you on the Platform, including certain information that can identify, or reasonably identify, you as a person (“Personally Identifiable Information” or “PII.”), and we are responsible for protecting the PII we collect and that is stored on our Platform.

 

3. What Information Do We Collect?

  • Personally Identifiable Information. We may request specific PII about you in order to register you for an account to use the Platform, add you to our email list, facilitate your requests, or fulfill your requests for information. You may choose not to provide your PII, but then you might not be able to take advantage of some of the features of the Platform. The types of PII we may collect and save include:
     
    • Contact and account registration information such as username, name, address, email address, and telephone number;

    • Information you provide such as feedback, comments or other messages; and
    • Technical information which may include usage statistics, clickstream data, and IP address, as applicable.

  • Non-personal Information. Non-personal information is non-personally identifiable or anonymous information about you, including but not limited to technical information such as Platform usage statistics, and the way you use the Platform, and other information commonly referred to as clickstream data, which can be collected and stored on our server. We may use clickstream data as a form of non-personally identifiable information to determine how much time users spend on each area of our Platform, how users navigate through the Platform, and how we may tailor our Platform to better meet the needs of users. To the extent that any non-personal information is paired or linked to any PII, we will treat the non-personal information as if it were also PII.

  • Administrative Information. Administrative information regarding the clinical trial(s) you are providing clinical services for is generated and collected as a result of your access to and use of the Platform and/or via an integration with or provision of access to your systems (“Administrative Information”). Administrative Information includes, but is not limited to, patient scheduling information, screening milestones, and their status as being accepted or rejected into a clinical trial.

  • Anonymous Information. We may also collect anonymous, non-identifying and aggregate information such as the type of browser you are using, device type, the operating system you are using, and the domain name of your Internet service provider. We may create anonymous or de-identified information from PII. Information collected or created pursuant to this section will not be considered PII and not subject to the terms and conditions of this Privacy Policy.

4. Why Is My Information Being Collected?

  • We need to collect your PII so that we can respond to your requests for information, setup and administer the applicable clinical trial(s) for which you are providing clinical services, and to process your requests for access to the Platform. We also collect aggregate information to help us better design and administer the Platform, calculate usage levels, and otherwise provide the Platform.

  • Administrative Information. Administrative Information is generated and collected by us to fulfill our obligations to health care providers, as their business associate, and to our customers.

5. How Do We Use the Information We Collect?

  • We use the PII you provide for the purposes for which you have submitted it including:
     
    • Responding To Your Inquiries and Fulfilling Your Requests. We may use your PII to respond to your inquiries and to fulfill your requests for information.

    • Creating and Maintaining Your User Account. We use your PII to create and maintain an account for you to allow you to access and use the Platform.

    • Sending Administrative Emails. We may use your PII to send you emails to: (a) confirm your account and your other PII; (b) provide you with information regarding the Platform; or (c) inform you of changes to this Privacy Policy, our Terms of Access, or our other policies.

    • Administrative Information. We use your Administrative Information to assist in patient scheduling, report screening milestones and enrollment status, and for similar uses, in each case, to help track the progress of patients and fulfill our obligations to health care providers, which include providing such information to the health care providers to facilitate and improve the coordination of care and treatment of their patients, provided that the Platform is not designed, and you agree not to share, any data you may collect or create during the actual conduct of a clinical trial, unless permitted and in accordance with applicable law.

  • We may use anonymous information that we collect to improve the design of the Platform. We also may use this information in the aggregate to analyze how the Platform is used, and industry trends.

6. Do We Share Your Personally Identifiable Information?

In general, we will not share your PII except: (a) for the purposes for which you provided it; (b) with your consent, or as you direct; (c) as may be required by law or as we think necessary to protect our organization or others from injury (e.g., in response to a court order or subpoena, in response to a law enforcement agency request, or when we believe that someone is causing, or is about to cause, injury to or interference with the rights or property of another); or (d) on a confidential basis with persons or organizations with whom we contract to carry out internal operations, which may include for example, analytical services, or as necessary to provide you with access to the Platform. With your knowledge and consent, we may share your PII with our business partners, such as our marketing partners. We may also share aggregate information with others, including affiliated and non-affiliated organizations.

Administrative Information may be shared with the sponsor of the applicable clinical trial(s) and the referring health care provider.

Finally, we may transfer your PII to a third party, or our successor-in-interest, in relation to, or in the event of, a merger, acquisition, sale of all or substantially all of our assets, reorganization, bankruptcy, or other change of control. After such disclosure or transfer, the third party or successor in interest may use the information in accordance with applicable law.

 

7. How Can You Access and Control Your Information?

We may provide you with options to access and control your information. If applicable, we will provide instructions on these options on the Platform. If such options are provided, we will take reasonable steps to help verify your identity before granting access, making corrections or removing your information in order to protect your privacy and security.

 

How Do We Store and Protect Your Information?

  • After receiving your PII, it will be stored on the Platform systems for future use. We have physical, electronic, and managerial procedures in place to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect and store on the Platform. Unfortunately, no data transmission over the internet or data storage solution can ever be completely secure. As a result, although we take industry-standard steps to protect your information (e.g., strong encryption), we cannot ensure or warrant the security of any information you transmit to or receive from us or that we store on our or our service providers’ systems.

  • If you are accessing the Platform from outside of the USA, you understand that your connection will be through and to servers located in the USA, and the information you provide will be stored in our web servers and internal systems located within the USA.

  • Your PII is stored until we are required to remove it or choose to remove it. We store our logs and other technical records in accordance with internal practices and policies, and potentially indefinitely.

8. Children and Privacy

We do not knowingly permit users to register for the Platform if they are under 13 years old, and therefore do not request PII from anyone under the age of 13. If we become aware that a customer is under the age of 13 and has registered without prior verifiable parental consent, we will remove his or her PII from our files. If you are the parent or guardian of a person under the age of 13 who has provided PII to us without your approval, please inform us by contacting us at infosecteam@siterx.com and we will remove such information from our database.

 

9. Contact Information

If you have any questions or suggestions regarding our Privacy Policy, please contact us at infosecteam@siterx.com