SubjectWell Privacy Statement
Effective Date: January 9, 2020
II. WHAT WE MEAN BY "PERSONAL INFORMATION"
For purposes of this Privacy Statement, "Personal Information" means any information from or about a person that either identifies that person directly or that makes that person identifiable when it is combined with other information from or about that person from any source.
III. WHAT PERSONAL INFORMATION DO WE COLLECT?
(1) Information You Provide to Us
In connection with the Service, or when you otherwise communicate with us, we collect information that you provide to us directly. For example, we collect information in the following circumstances: when you sign up for clinical trial matching, when you contact us, and when you otherwise communicate with us.
The information you provide to us directly may include, without limitation, the following information that may, alone or in combination with other information, constitute Personal Information:
- Information you provide via email or using the contact details listed on various parts of the website where this Privacy Statement appears, including your name, phone number, and any other information you provide to us; and
- Information you provide in order to sign up for clinical trial opportunities, including your name, age, email address, your health conditions relevant to the clinical trial opportunities, or any other information you decide to provide us with;
- Other information: We may also collect any other information you may want to share with us. Moreover, if you contact us, a record of this correspondence may be kept.
(2) Information Received From Third Parties
We may also obtain data from third-party sources such as data providers in accordance with applicable law. Our data providers include, not by way of limitation Human API, the entity that SubjectWell partners with to provide free patient medical record retrieval for clinical trial recruitment. For more information, please visit https://www.humanapi.co/.
SubjectWell does not buy or sell Personal Information.
IV. PURPOSES FOR OUR COLLECTION AND USE OF PERSONAL INFORMATION
If you submit or we collect Personal Information through the Services, then such Personal Information may be used for the following purposes: (i) to provide and administer the Services; (ii) to contact you in connection with the Services (iii) to identify and authenticate your access to the Services that you are authorized to access; (iv) to assess whether a clinical trial is suited for you and to contact you when a potential clinical trial is identified and to bring you in contact with principal investigators, clinical research sites or clinical trial service providers, using solely for these purposes the health information that is provided to us based on your consent, and (v) for our legitimate interests of documenting and managing our internal administration and protecting our rights and/or our property.
Once you register for our Services, you may be contacted at the phone number you provide including wireless number, if provided, by a representative of SubjectWell or its database administrator Northwest Medical. These calls may be generated using an automated technology.
SubjectWell only provides clinical trial participant recruitment services and is not involved in clinical trials or informed about its results. Therefore, SubjectWell does not determine the purposes or means of the further processing of your Personal Information, including your health information, by principal investigators, clinical research sites or clinical trial service providers once you are brought in contact with them.
As we need certain Personal Information for the performance of the Services, the consequence of not providing such information might be that the Services cannot be provided as requested.
SubjectWell uses algorithms that enforce criteria to select patients for the most suitable clinical trial, which is the service that the data subject requests from SubjectWell. The decision is therefore necessary for the performance of the contract between the data subject and SubjectWell. Furthermore, as SubjectWell's patient recruitment marketplace works with an opt-in model, the patient's decision to participate could also be considered as providing his or her consent, which is freely given and can be withdrawn at any time by contacting us through the contact details further below.
The logic that is used for the decision-making is created by SubjectWell employees reviewing study protocol to define inclusion/exclusion criteria. The SubjectWell systems then enforce these criteria based on the responses collected during the phone screening process. The most important consequences of the automated decisions in question is that the data subject will or will not have the opportunity to participate in a clinical trial.
In order to safeguard the data subject's rights and freedoms and legitimate interests, the latter has the right to obtain human intervention on the part of SubjectWell, to express his or her point of view and to contest the decision.
In addition to the above, we use the Personal Information in order to comply with applicable laws and for our legitimate purposes of protection our legal rights, in connection with legal claims, and for compliance, regulatory, and investigative purposes. This may include sharing the Personal Information with third parties, such as governmental authorities or law enforcement officials subject to applicable law.
V. WHO DO WE SHARE PERSONAL INFORMATION WITH?
We may disclose Personal Information you provide to us in and through the Services with the following categories of third parties:
- If you would like to participate in a clinical trial and there are matching clinical trials, we may share Personal Information about you with principal investigators, clinical research sites, and clinical trial service providers that are relevant to you;
- Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and
- Our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Services and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Statement.
VI. INDIVIDUAL RIGHTS
Where we process Personal Information, individuals are entitled to ask us for an overview of the Personal Information we have about them and also to access, correct or delete certain Personal Information, restrict processing of their Personal Information, or to ask us to transfer some of Personal Information to other organizations. Certain individuals can also object to some processing of their Personal Information, e.g. processing based on our legitimate interest, and, where we have asked for their consent, they can withdraw their consent at any time. Insofar as Personal Information about them is processed, certain individuals also have a right to know more about the protection we apply when transferring Personal Information to non-European Economic Area countries.
Note that we are not legally obligated to agree to such requests in all circumstances, and in certain circumstances, agreeing to a request may be infeasible - for example, a deletion request when we are required by law to maintain the Personal Information. Please also note that we are not able to act on any of the above requests if we are not in a position to identify an individual filing such request.
Where applicable, these rights can be exercised by sending us an email through the contact details further below. Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information about you. We encourage you to first reach out to us at email@example.com so we have an opportunity to address your concerns directly before you do so. We are committed to compliance with the General Data Protection Regulation ("GDPR") where applicable, so please contact us through the details listed below if you have any questions about these rights.
VII. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
SubjectWell is a U.S.-based company with domestic and international business clients. As a result, Personal Information that we collect through the Services may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may work with third-party service providers in the U.S. and in other countries to support our business activities. Thus, Personal Information may be transferred to, stored on servers in, and accessed from the United States and countries other than the country in which the Personal Information was initially collected. In all such instances, we use, transfer, and disclose Personal Information solely for the purposes described in this Privacy Statement.
VIII. TRANSFERS OF PERSONAL INFORMATION FROM THE EU OR SWITZERLAND TO THE UNITED STATES
SubjectWell complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework (collectively, "Privacy Shield") as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Information from European Union (the "EU") member countries and Switzerland. SubjectWell has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. A violation of our commitment to Privacy Shield may be investigated by the Federal Trade Commission and/or the United States Department of Commerce. If there is any conflict between the policies in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, to the extent available, please visit https://www.privacyshield.gov or https://www.privacyshield.gov/participant?id=a2zt0000000PKQpAAO&status=Active.
In compliance with the Privacy Shield Principles, SubjectWell commits to resolve complaints about your privacy and our collection or use of Personal Information about you. Persons from the EU or Switzerland who have inquiries or complaints regarding this Statement should first contact us via email at: firstname.lastname@example.org.
SubjectWell has committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Pursuant to the Privacy Shield, SubjectWell remains potentially liable for the transfer of Personal Information to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.
In cases of onward transfer to third parties of Personal Information of EU individuals received pursuant to the EU-US and Switzerland-US Privacy Shield, SubjectWell is potentially liable.
IX. DATA RETENTION
If for seven (7) years we do not find any potential clinical trials for you and we do not attempt to contact you, or if you request your Personal Information to be deleted, we will remove Personal Information about you from our database. Please note that even if you request the deletion of Personal Information about you, we may be required (by law or otherwise) to retain the Personal Information and not delete it. However, once those requirements are removed, we will delete Personal Information about you in accordance with your request.
X. DATA SECURITY
The security of Personal Information is important to us. We follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security.
The Services are not intended for children under the age of 13. Accordingly, we do not intend to collect Personal Information from anyone we know to be under 13 years of age.
XII. CHANGES TO THE PRIVACY STATEMENT
This Privacy Statement may change from time to time, effective from the date mentioned in the updated version of the Privacy Statement. Please check the website where this Privacy Statement appears periodically to review such changes in the Privacy Statement. We may email periodic reminders of our agreements and policies in the event of a change.
XIII. CONTACT US
If you have any questions or concerns about this Privacy Statement or about SubjectWell's privacy or data security practices, please contact us or our Data Protection Officer via the following:
7000 N MoPac Expy
Austin, TX 78731
You can also contact our representative in the European Union:
European Data Protection Office (EDPO):
Name: Lucia Canga Roza
Phone number: +32 499 24 28 45