- On the Website or through forms on the Website
- In email, text, and other electronic messages between you and the Website
It does not apply to information collected:
- by us, offline or through any other means, including information collected through any other electronic means or any other Website specified by us or a third party;
- by Turning Point Therapeutics, the sponsor of the CARE study; or
- by any other third party, including through any application or content (including advertising) that may link to or be available from the Website.
If the changes have minor, if any, consequences, they will take effect 7 days after we notify you. Substantial changes will be effective 30 days after we initially posted or sent you the notice. If we need to adapt the policy to new legal requirements, the new policy will become effective immediately or as required by law.
Until the new policy takes effect, if it materially reduces the protection of your privacy right under the then-existing policy, you can choose not to accept it and terminate your use of the Services. Continuing to use the Website after the new policy takes effect means that you agree to the new policy.
Information That We Collect
We collect certain information about you to provide you with the Elligo Services or to identify the patients compatibility with research studies and use such information to meet legal, statutory and contractual obligations.
When you use the Services, we collect certain information about you (“Personal Information”) in the following forms:
- “Personally Identifiable Information,” which means information that identifies you (either directly or indirectly), including:
- Full Name
- Date of Birth Age
- Zip Code
- Personal Email or Business Email
- Home or Mobile Telephone Number
- Health/Medical Information
- “Aggregate Information,” which means information that does not directly or indirectly identify, and cannot reasonably be used to identify, you.
How We Collect Your Information
We collect Information in the following ways:
- Use the Services: we collect Personal Information that you provide to us when you –
- fill out a form to be considered for potential study opportunities;
- input information into the Services;
- create user generated content;
- request products, services or information from us;
- participate in public forums or other activities through the Services; or,
- otherwise interact with us or the Services.
- Web Analytics and Marketing Automation: we use third parties’ analytics tools to better understand who is using the Services, how people are using the Services and how to improve the effectiveness of the Services and its content. We also use third party marketing automation tools to help us with our marketing efforts.
The privacy practices of these third-party companies are subject to their own privacy policies. Please read these policies at: http://www.google.com/intl/en/policies/privacy/.
From time to time, we will change our analytics and marketing service providers and will provide additional information about these services when we update this policy.
- They may combine information they collect from your interaction with the Services with Personal Information they collect from other sources. We do not combine the information collected through the use of analytics services with your Personal Information. You can prevent analytics and marketing automation services from recognizing you on return visits to our Website by disabling third party cookies on your web browser.
- Online Forms: when we collect your Personal Information, it is secured in our database and stored in portals for sites to securely access and follow up with potential participants to determine eligibility for this study.
- Via Phone Call and Text: you may be contacted by a staff member at a research study site (with your permission) if you meet the study requirements to discuss participation in the study. By providing your phone number and/or email to us through the Services, you consent to being contacted by us.
Do Not Track
Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. Our Services do not respond to Do Not Track (DNT) signals.
How We Use Your Information
The purposes and reasons for processing your Personal Information are detailed below: –
- We use your Personal Information to provide you with the Elligo Services, make it better, and to continue developing the Services
- We use your Personal Information to contact you, respond to your questions or to provide you with information you requested
- We collect your Personal Information for study and trial qualification
- We collect and store your Personal Information as you expressed interest in participating in a study or trial
- We will use your Personal Information to enforce our terms, policies and legal agreements We will use your Personal Information to comply with court orders and warrants, and assist law enforcement agencies
- We will use your Personal Information to prevent fraud, misappropriation, infringements, identity thefts, cyber security attacks and any other misuse of your Personal Information and the Services
- We will use your Personal Information to take any action in any legal dispute and proceeding.
Where you have consented to us providing you with information or marketing, you are free to withdraw this consent at any time and unsubscribe from our mailing lists or newsletters, by sending an opt-out request to: firstname.lastname@example.org.
Transfer of Information Outside your Territory
We will store and process your Personal Information in the United States, on our cloud-based services’ sites. From time to time, we will make operational decisions which will have an impact on the sites in which we maintain personally identifiable information. We make sure that our data hosting service providers provide us with adequate confidentiality and security commitments.
If you are a resident in a jurisdiction where transfer of your Personal Information to another jurisdiction requires your consent then, by your voluntary use of the Services, you provide us your express and unambiguous consent to such transfer.
To the extent required under EU data protection laws, transfer of personal information to our US hosting service providers is governed by our hosting services’ EU-US Privacy Shield certification.
To the extent necessary under EU privacy laws and regulations, we will implement additional data onward transfer instruments, such as the Controller to Controller standard contractual clauses.
Sharing Your Personal Information
The ways in which we share your Personal Information include the following:
- When we make your Personal Information available to the study research sites for study and trial qualification and to contact interested patients.
- When we share Personal Information with third parties in connection with the sale of our business (including merger, acquisition, or sale of all or a material portion of our assets, change in corporate control, or insolvency or bankruptcy proceedings).
- In addition, we share Aggregate Information with third parties, however we will use industry standard measures and appropriate technical and legal guidance to make sure that such information will not likely identify you.
Your Controls and Choices
We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information, including the right to request access to the Personal Information we hold about you and that we amend, If you find that your Personal Information is not accurate, complete or up-to-date, or delete it.
At any time, you can exercise your following opt-out options:
- object to the transfer of your Personal Information to a third party, other than to third parties who help us perform tasks as explained in this policy, or,
At any time following your opt-out request, we can remove or de-identify your Personal Information altogether and request that you stop using the Website.
You may exercise your controls and choices, or request access to your Personal Information, by modifying your profile or by contacting us at email@example.com or following instructions provided in communications sent to you.
We will need to ask you to provide us certain credentials to make sure that you are who you claim to be and to the extent required under the applicable law, will make good-faith efforts to locate the Personal Information that you request to access.
We can delete your Personal Information, by removing any identifying information and transforming personally identifiable information that relates to you into anonymized information.
Please be aware that, if you do not allow us to collect Personal Information from you, we may not be able to deliver certain products and services to you, and some of our services may not be able to take account of your interests and preferences. If you have questions regarding the specific Personal Information about you that we process or retain, please contact us at firstname.lastname@example.org.
Data Security and Integrity
The security, integrity and confidentiality of your Personal Information are important to us.
We have implemented technical, administrative, and physical security measures that are designed to protect your Personal Information from unauthorized access, disclosure, use and, modification, including: SSL, TLS, encryption, pseudonymisation, restricted access, two factor authentication, firewalls and anti-virus/malware.
From time to time, we review our security procedures to consider appropriate new technology and methods. Please be aware though that, despite our best efforts, no security measures are perfect or impenetrable and we cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
The safety and security of your Personal Information also depends on you. Where we have given you (or when you have chosen) a username or password for access to certain parts of our Website, you are responsible for keeping this password confidential. Do not share your password with anyone.
How Long We Keep Your Personal Information
Elligo retains Personal Information as needed to comply with our legal obligations and we have strict review and retention policies in place to meet these obligations.
We are required in some cases to keep your Personal Information (name, contact details) for a minimum of 6 years after which time it will be destroyed.
If we retain your Personal Information for any legitimate business purpose other than to provide the Services, we will make efforts to limit the access to such information and keep the retention time to a minimum.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information, when we no longer need to process the information.
Children Under 13
Most of the services available on this Website are intended for persons 18 years of age and older and caregivers of persons < 18 years. Any individual who requires information about any of our services, must be 18 and over.
We will not knowingly collect, use or disclose Personal Information from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility through direct off-line contact.
We will provide the parent or guardian with notice of the specific types of Personal Information being collected from the minor and the opportunity to object to any further collection, use, and storage of such information.
We abide by the laws designed to protect children. If we become aware that we have unknowingly collected Personal Information from persons under the age of 13, we will make commercially reasonable efforts to delete such information from our database.
If you are the parent or guardian of a minor child who has provided us with Personal Information, you may contact us at email@example.com to request it be deleted.
Your Rights (EU & Canadian Residents Only)
Our processing of your personal information is based on following lawful grounds:
- All processing of your personal information which are not based on the lawful grounds indicated below, are based on your consent.
- We will process your personal information to comply with a legal obligation and to protect your and others’ vital interests.
- We will further rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:
- Communications with you, including direct marketing where you are a user of our Services, or where you make contact with us through the Website or through other digital assets.
- Cyber security.
- Support, customer relations and Services and Website operations.
- Enhancements and improvements of user experience with the Services and Website.
- Fraud detection and misuse of the Services and Website.
You have the right to access any personal information that Elligo processes about you and to request information about:
- What personal information we hold about you
- The purposes of the processing
- The categories of personal information concerned
- The recipients to whom the personal information has/will be disclosed
- How long we intend to store your personal information
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the GDPR.
These requests can be made by contacting us at firstname.lastname@example.org.
Or by mail: 11612 Bee Cave Road, Bldg. 1, Ste. 150, Austin, TX 78738 Attention: Privacy Officer/DPO
If we receive a request from you to exercise any of the above rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will further ask you questions to understand the nature and scope of your request.
California Consumer Privacy Act – Information for California Consumers
This section provides specific information for residents of California (“consumers”), as required under California privacy laws, and is intended to satisfy the California Consumer Privacy Act (“CCPA”), which requires that we provide certain information to consumers about how we handle certain personal information that we have collected.
Personal Information That We Collect
We have collected the following categories of personal information from consumers within the last twelve (12) months:
- Identifiers and Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). These include, names, zip code, telephone number, email address, Internet Protocol address and business email address.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with the Website.
- Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences and characteristics.
Categories of Sources for Personal Information
We obtain the categories of personal information listed above from the following categories of sources:
- Directly and indirectly from you when you visit the Website.
- Third parties as further detailed above.
Purposes for which Personal Information is Used
The categories of personal information described above are collected and disclosed for the purposes detailed under the section titled “How We Use Your Information” above.
Our Use and Disclosure Practices
In the preceding twelve (12) months, we have disclosed the following categories of personal information for business purposes:
- Internet or other similar network activity;
In the preceding twelve (12) months, Elligo Health Research did not sell your personal information.
California Consumer Rights
Subject to certain exceptions, you have the right to make the following requests, at no charge, up to twice every 12 months:
- Deletion: the right to request deletion of your personal information that we have collected about you, subject to certain exemptions, and to have such personal information deleted.
- Right to Know: the right to request that we disclose certain information about how we have handled your personal information in the previous 12 months, including the:
- categories of personal information collected
- categories of sources of personal information collected
- business and/or commercial purposes for collecting and selling your personal information
- categories of third parties with whom we have disclosed or shared your personal information
- categories of personal information that we have disclosed or shared with a third party for a business purpose
- categories of third parties to whom the consumer’s personal information has been shared
- The specific pieces of personal information we collect from you
You can submit a deletion or right-to-know request by calling out toll-free number at 857-496-0054 or by emailing us at email@example.com; we will respond to verifiable requests received from California consumers as required by law. We will also ask you for additional information necessary to verify or process your request. We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. We will respond substantively to your verifiable requests within 45 days, unless additional time (up to 45 additional days) is needed, in which case we will let you know. If we determine that your request warrants a fee, we will inform you of the reasons for such decision and provide you with a cost estimate before completing your request.
Accessing or Correcting Your Information
You may send us an email at firstname.lastname@example.org to request access to, correct or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If we need to delete your personal information following your request, it will take some time until we completely delete residual copies of your personal information from our active servers and from our backup systems.
V 1.0 01JULY2020