Effective Date: 08.NOV.2021
This website and policy are provided and maintained by Trialbee AB (Trialbee), corporate registration number 556814-3019, with its principal place of business at Södra Tullgatan 3, SE-211 40 Malmö, Sweden.
Trialbee is committed to the privacy of our users and the security of their personal information serious.
Trialbee’s approach to protecting personal data worldwide recognizes various jurisdictions and legal systems will apply:
TABLE OF CONTENTS
DEFINITIONS AND ACCRONYMS
DATA WE COLLECT ABOUT YOU
HOW YOUR PERSONAL DATA IS COLLECTED
HOW WE USE AND DISCLOSE YOUR DATA
TRANSFER OF PERSONAL DATA
YOUR DATA PRIVACY RIGHTS UNDER GDPR
YOUR DATA PRIVACY UNDER CALIFORNIA CONSUMER PRIVACY ACT
This privacy polity describes how Trialbee collects, uses, processes, and protects your personal data and informs the choices available to you regarding how you can manage your personal data.
1.2. CONTACT DETAILS
Trialbee’s contact details for privacy rights questions and requests are:Full name of legal entity: Trialbee AB, Data Privacy OfficerEmail Address: firstname.lastname@example.org
You have the right to make a complaint at any time to the relevant supervisory authority in the country where you reside.
We would however appreciate the chance to deal with your concerns before you approach one of the national supervisory authorities, so please contact us in the first instance at email@example.com.
To find more about this right and to locate the appropriate Data Privacy Authority, go to the following:
If you reside in Europe, then contact the European Commission website: https://ec.europa.eu/info/policies/justice-and-fundamental-rights_en
If in the UK, go to the Information Commissioner’s Office (ICO) website:www.ico.org.uk
If you reside in the United States, you may contact the US Federal Trade Commission at:https://www.ftc.gov/faq/consumer-protection/submit-consumer-complaint-ftc.
1.5. THIRD-PARTY LINKS
2. DEFINITIONS AND ACCRONYMS
Anonymized: is a type of information sanitization whose intent is privacy protection. It is the process of removing of personally identifiable information from data sets, so that the person’s identity remains anonymous.
EEA: European Economic Area
GDPR: is the European Union General Data Protection Regulation
CCPA: is the United States California Consumer Privacy Act
ICO: is the United Kingdom Information Commissioner’s Office
PII: Personal Identifiable Information
PHI: Protected Health Information
Third Parties means:
Service providers acting as processors and who provide services to us.
Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services to us.
Regulators and other state authorities acting as processors or joint controllers in any jurisdiction in which we are operating and who require reporting of processing activities in certain circumstances.
Covered Entity: This is in reference within the United States, and means an institution, organization or other entity that is subject to the rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Covered Entities include: (i) a health plan, (ii) a healthcare clearinghouse and, (iii) a healthcare provider who transmits any personal identifiable health information in electronic form in connection with a transaction covered by HIPAA.
Personal Identifiable Health Information (“PIHI”) means any information including demographic information collected from an individual that:
(i) relates to (a) the past, present or future physical or mental health or condition of an individual; (b) the provision of healthcare to an individual; or (c) the past, present or future payment for the provision of healthcare to the individual; and
(ii) identifies the individual or there is a reasonable basis to believe it can be used to identify the individual; and
(iii) PIHI does not include education records or medical records covered by the Family Education Rights and Privacy Act or employment records held by Trialbee in its role as an employer.
Personal Information: According to the California Consumer Privacy Act, and means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
3. DATA WE COLLECT ABOUT YOU
Like many commercial organizations we monitor the use of this website by collecting aggregate information using cookies.
Typically, we collect information about the number of visitors to the website, to each web page and the originating domain name of the visitor’s Internet Service Provider.
This information is used to understand the visitor’s use of the website and may be shared with our affiliates and/or other third parties. We have no means reasonably available to us to ascertain the identity of individual users from aggregate information.
We may collect, use, and share Aggregated Data such as general statistical data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity
We may also perform or collect categories of personal data about you which are grouped as follows:
Monitor customer traffic patterns and
Site usage information to help us to improve the design and layout of our site, to personalize your experience by tailoring the content you see thus optimizing your user experience.
Perform statistical analysis on our members’ accounts to determine,
how many are active
how frequently they are used
and how many of our other websites you are registered with.
Identity Data includes first name, maiden name, last name, username, or similar identifier.
Contact Data includes physical address, delivery address, email address and telephone numbers.
Transactional Data includes details of products and services you have received or purchased from us and/or affiliates.
Technical Data includes Internet Protocol (“IP”) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the device you use to access this website.
Usage Data includes information about how you use our website, products, and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and/or affiliates.
Health Data includes information in relation to any aspect of your health and/or consequences of taking part in any clinical trials organized by our clients.
We may also obtain information about your opinions if, for example, you send us feedback, or ask us questions.
We may also, occasionally, receive information about you from other sources which we will add to the information that we may already hold about you to help us improve and personalize our service to you.
4. HOW YOUR PERSONAL DATA IS COLLECTED
We use various methods to collect the categories of data described above through but not limited to:
Data Interactions. You may have given your personal data by filling in forms or by corresponding with us by mail, phone, and email or otherwise. This includes personal data you provide when you:
Contract to receive services or information
Request marketing material to be sent to you
Automated Technologies or Interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions or patterns.
We collect this personal data by using cookies, log files, and other similar technologies.
We may also receive technical data about you from other you visit employing our cookies. This aggregate data gives a “macro-view” of the visitor traffic patter and insight to what sections of the website users visit the most. None of this information is linked to any personal information.
We passively collect and log the following information from visitors to our website such as:
Third-parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below.
Analytics such as Google
Search Information Providers
Contact and Transaction Data from providers of technical, payment and delivery services.
Identity and Contact Data from data brokers or aggregates.
5. HOW WE USE AND DISCLOSE YOUR DATA
Trialbee will not sell, trade, or lease to third parties your Personal Data. However, we may sometimes engage other companies and individuals to perform services on our behalf.
We will use your personal data in the following circumstances:
Where we need to perform the contract, we are about to enter or have entered with you, or to perform other legal obligations.
Where it is necessary for our legitimate interests or those of a third party, and your interests and fundamental rights do not override those interests (this applies to the EEA).
Where we need to comply with a legal or regulatory obligation.
We may disclose Personal Data to comply with a legal or regulatory obligation. Unless we have informed you otherwise and have obtained your permission, or the law forces us to, we will only use the collected Personal Data within Trialbee or with business partners that act on our behalf.
In the EEA, in relation to sending direct marketing communications to you via email or text message, we will only do so where (i) we have your express consent or (ii) you are an existing client. You have the right to withdraw consent to marketing at any time by contacting us.
5.1. PURPOSES WE USE YOUR DATA
The matrix below describes the ways we plan to use your personal data, and the legal basis and identifies the legitimate interests where appropriate.
Note, that we may process your personal data for more than one lawful ground depending on the specific purposes, this has been set out in the table below:
5.2. DISCLOSING INFORMATION TO THIRD PARTIES
Trialbee may share your personal data with trusted clients and service providers where needed for clinical trials, as set out below for the purposes set out in the table in section 5.1 above.
Third party sub-contractors who provide services for us and/or help to provide services to you.
We may disclose personal information to law enforcement, government authorities or otherwise in response to a legal subpoena or process as required by applicable law or in the circumstances involving the possibility of physical or financial harm, fraud, or crime.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for the specified purposes and in accordance with our instructions.
We do not sell your personal data to any third party. Our use and disclosure of PHI is limited to the minimum amount needed to accomplish the intended purpose of the specific clinical trial and is used in the relation to pre-screen activities for such clinical research projects. This includes using study questionnaires that only ask questions related/associated to relevant clinical research project as specified in approved protocols, and information will not be disclosed unless we have clear consent from you to do so.
5.3. USE OF HEALTH DATA IN THE UNITED STATES
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and subsequent regulations published by the Department of Health and Human Services (“DHHS”) impose restrictions on other organizations (Covered Entities) which may be covered under HIPAA with respect to your relationship with Trialbee. Trialbee may, in providing subject recruiting services for one of these organizations, be required to comply with certain aspects of HIPAA in their conduct of human subject research activities.
All PIHI data collected by Trialbee in connection with subject recruiting for a clinical research study is captured electronically and transmitted through a secure network connection to a secure database. Trialbee’s data security policies are consistent with Good Clinical Practices, HIPAA and GDPR standards.
5.4. OPTING OUT OF COMMUNICATIONS FROM TRIALBEE
You can opt-out and request us to stop sending you information, and/or reminders, at any time by contacting us at firstname.lastname@example.org.
Where you opt-out of receiving information., and or reminders, will not apply to personal data provided to us because of a product/service such as registration, product/service experience or other transaction.
(1) to learn how our website is used and how it performs, including cross-site statistics,
(2) to provide you with additional functionalities and personalization
(3) to provide you social media interactions and
(4) for targeting and marketing purposes.
5.5.1 COOKIE PRIVACY PREFERENCES AND CONSENT
When you accept cookies, you consent that cookie will be stored on your computer, tablet, or smartphone. If you opt-out of cookies, you will not be able to see all our content.
5.5.2 USE OF DATA FOR MARKETING
5.5.3 TRIALBEE COOKIE STATEMENT
When you accept cookies, you consent that cookie will be stored on your computer, tablet, or smartphone. If you opt-out of cookies, the website may not work in an optimal fashion.
6. DATA PROCESSING
Consent to processing of personal data is as follows for each clinical trial study.
This policy describes how Trialbee AB, company registration number 556814-3019, address: Södra Tullgatan 3, 211 40 Malmö, Sweden, email@example.com, gathers, processes, stores and shares personal data on behalf of the Controller.
The Controller (aka Sponsor) intends to conduct a clinical study with the purpose of evaluating the efficacy of an investigational drug when administered as treatment in subjects with INDICATION. With regards to the processing of your personal data during the application process the Controller is the data controller responsible for processing your personal data in accordance with applicable data protection legislation. However, the Controller has assigned Trialbee AB (“Trialbee”) the task of processing your application for the study.
If you are interested in participating in this study Trialbee will ask you, on behalf of the Controller, to provide certain information about yourself to process your application for the study. This allows us to evaluate your eligibility for the study and to contact you during the application process. The information we intend to collect are your name, telephone number(s), e-mail address, and answers to questions we ask you for determining eligibility. These answers may include information about your health. Health information is only used for the purposes of determining your eligibility for the clinical study.
Information about you is stored in Trialbee’s system until the clinical study recruitment is completed or until you request that the data is deleted, whichever occurs first.
You can at any time withdraw your consent to the Controller’s processing of your personal data for the purposes of evaluating your application by contacting either the Controller (see contact details above) or Trialbee at firstname.lastname@example.org. If you withdraw your consent, the Controller and Trialbee will stop processing your personal data for such purposes and your application to participate in the study will be considered withdrawn.
For further information about the Trialbee’s processing of your personal data on Biohaven Pharmaceuticals, Inc.’s behalf and your rights according to applicable data protection legislation, see section 6.1.
Note: The Controller and Trialbee are established in the EU/EEA. When submitting an application, your personal data will be transferred to Trialbee’s country of establishment (Sweden) and possibly the Controller’s country of establishment (Country).
5.5. DATA SUBJECT INFORMATION
Information to be provided to the Data Subjects is as follows:
Information about Biohaven Pharmaceuticals, Inc.’s processing of personal data when processing your application for the clinical study Data controller
Biohaven Pharmaceuticals, Inc. (the “Controller”)
215 Church Street, New Haven, CT 06510
Relevant point of contact:
Trialbee AB (“Trialbee”)
Company registration no. 556814-3019
Södra Tullgatan 3
211 40, Malmö
Categories of personal data
Name, telephone number(s), e-mail address, gender, age and answers to questions we ask you for determining eligibility. These answers may include information about your health.
Purpose of processing
To administer your application for the study by evaluating your eligibility for the study and contacting you during the application process.
Legal basis for processing
Legal basis for processing personal data regarding your health
7. TRANSFER OF PERSONAL DATA
7.1. EUROPE (EU/EEA)
We take all reasonable measures to ensure that your personal data is protected when transferred to a country inside the EU/EEA, for example by entering the Standard Contractual Clauses with the recipient. The Standard Contractual Clauses can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm.
7.2. UNITED STATES (US)
We take all reasonable measures to ensure that your personal data is protected and is held on servers on the United States and will not transfer your personal data outside of the United States.
7.3. UNITED KINGDOM (UK)
We ensure similar degree of personal data protection by using specific contracts approved by the European Commission or UK ICO (www.ico.org.uk) which give personal data the same protection it has in Europe.
7.4. OTHER REGIONS
We protect personal data entrusted to us no matter what country is stored in or transferred to and have the appropriate safeguards and procedures in place to ensure the security of your personal information and will main compliance with applicable data protections and privacy laws and legal frameworks.
8. DATA SECURITY
We and our third-party hosting partners have put in place the appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data with least privilege to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
9. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfill the purpose we collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for persona data, we consider the amount, nature and sensitivity of the personal data, the potential risk or harm from unauthorized use or disclosure or your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We also anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
10. YOUR DATA PRIVACY RIGHTS UNDER GDPR AND UK PRIVACY
Under certain circumstances in the EEA and UK, you have the following rights under data protection laws in relation to your personal data:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at email@example.com.
In the EEA, you have the right to make a complaint at any time to the relevant national supervisory authority. For example, in the UK this would be the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach one of the national supervisory authorities so please contact us in the first instance.
A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
10.1. NO FEE REQUIRED
You will not have to pay a fee to access your personal data or to exercise any of the other rights.
11. YOUR DATA PRIVACY RIGHTS UNDER CCPA
If you are a resident of California, you have the following rights under the California Consumer Privacy Act (https://oag.ca.gov/privacy/ccpa), with respect to your Personal Data:
The right to know what Personal Information we have collected, used, disclosed, and sold about you. To submit a request to know, please contact us contact us. You also may designate an authorized agent to make a request for access on your behalf.
The right to request that we delete any Personal Information we have collected about you. To submit a request for deletion, please contact us. You also may designate an authorized agent to make a request for deletion on your behalf.
The right to opt-out of the sale of their personal information.
The right to non-discrimination for exercising your rights under the CCPA rights.
When you exercise these rights and submit a proper request to us, we will verify your identity by asking you for identifying information such as your email address, telephone number, and/or information about your account with us. We also may use a third-party verification provider to verify your identity. Please note that we are only required to honour such requests twice in a 12-month period.
Your exercise of these rights will have no adverse effect on the price and quality of our goods or services.
Our website is directed at an adult audience (such as individuals interested in clinical research, healthcare professionals, investors and individuals seeking information about Trialbee and our products and services). We do not knowingly collect information from or about children. Please do not use this website if you are under 18.
13. OTHER INFORMATION
For quality control and training purposes, we may monitor or record your communications with us.