1. INTRODUCTION
nRollmed Ltd. and its affiliates (“
nRollmed”, the “
Company” and all references, as the context requires, to “
we”, “
us” or “
our”) scope is to reach potential participants, increase awareness about, and facilitate participation, in clinical trials (the “
Services”). In doing so, we are committed to protecting personal data and information that we gather from our customers, potential customers, prospects, and other end users of our online sites and services, including nrollmed.com, all study websites and all mobile device applications (the “
Websites”).
We are also compliant with the EU General Data Protection Regulation 2016/679 (the “
GDPR”) –
learn more[1]. Accordingly, the basis on which any personal identifiable data we collect from you, or that you provide to us, will be processed by us on a lawful basis is set forth in this Privacy Policy (“
Privacy Policy”) and in our
Terms of Use (“
ToU”).
Please read this Privacy Policy carefully to understand our views and practices regarding your Personal Information (as defined below) and how we collect, store and process such information in respect of the Services. Should we ask you to provide certain Personal Information when using our Services, you can be assured that it will only be used in accordance with this Privacy Policy.
BY USING THE SERVICES, YOU GIVE YOUR CONSENT THAT ALL PERSONAL INFORMATION THAT YOU SUBMIT OR THAT IS COLLECTED THROUGH THE WEBSITES AND/OR SERVICES, INCLUDING ANY PERSONAL INFORMATION RELATING TO YOUR CHILDREN OR TO SOMEONE FOR WHOM YOU ARE THE LEGAL GOURDIAN, MAY BE PROCESSED BY THE COMPANY IN THE MANNER AND FOR THE PURPOSES DESCRIBED IN THIS PRIVACY POLICY.
IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS SET FORTH HEREIN, PLEASE DO NOT USE THE WEBSITES OR THE SERVICES.
2. GENERAL
-
- Our users entrust us with information of a personal and confidential nature, including personal identifiable data and sensitive personal information (“Personal Information”), and this Privacy Policy is to inform you about our practices with respect to collection, storage and processing of Personal Information that may be used, alone or in combination with other information, in connection with the provision of our Services.
-
- Such Personal Information may be provided by you while (i) using our Websites; (ii) by sending us information via email; (iii) holding telephone conversations with our representatives; (iv) conducting screening conversation or meetings with a clinical site (v) providing us with written information by forms of communication; or (vi) undergo digital or verbal prescreening. We may also be exposed to certain of your Personal Information while communicating with the research team at a clinic or medical center which are collaborating with us under your consent in order to provide you the Services.
-
- At all times, you may choose whether or not to provide or disclose Personal Information requested to be actively provided by you. If you choose not to provide certain Personal Information, you may be unable to access certain features, programs, offers, and services of the Websites or the Services that involve our interaction with you. However, you may always request, to be referred to the clinical site to perform the pre-screening process directly so your Personal Information will be collected by the research partner’s clinical staff. You may also ask the clinical staff to refrain from storing your Personal Information on our system.
-
- By entering the Websites and providing information in any or all of the alternatives as specified in the second bullet point of Section 2, you expressly consent to the terms of this Privacy Policy, and to the collection, use and disclosure of your information, including Personal Information, in accordance with the terms of the Privacy Policy.
-
- When you register with the Websites or complete an electronic form associated with a specific clinical trial, you indicate your consent for us to store and process your Personal Information in our database and contact you about other clinical trials for which you may be eligible by various means, including telephone, text messages, email, and mail. You also have the option of receiving emails regarding new postings to the Websites and new Services, including news or new clinical trials, subject to your consent following registration.
-
- If you receive a message from us and would like to discontinue such messages, you may contact us to [email protected] and indicate your wish. Providing any means of contact with you (including by telephone) constitutes your consent for us to contact you by such way for the purposes outlined in this Privacy Policy.
-
- This Privacy Policy forms a part of the ToU, and is incorporated thereto by reference, along with other policies which you may be notified of by us from time to time. This Privacy Policy applies to all of the software, services, information, tools, features and functionality offered by the Company in our Websites and Services.
3. PURPOSES OF PROCESSING YOUR PERSONAL INFORMATION
-
- We will only collect and process Personal Information about you where we have lawful basis. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the Services you have requested) and “legitimate interests”.
-
- Where we rely on your consent to process Personal Information, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful bases upon which we collect and use your Personal Information, please contact our Data Protection Officer at: [email protected].
-
- Accordingly, we process your Personal Information only for specific and limited purposes. We ask only for Personal Information that is adequate, relevant and not excessive for those purposes and internally to help us improve the Services and the Website. In particular, and without limitation, we may use information, including Personal Information, held about you in the following ways and for the following purposes:
-
- To enable internal record keeping.
-
- To enable us to carry out the main purpose of the Services and to contact you regarding particular clinical trials for which you are interested and providing you with further information, where you have consented to be contacted for such purposes, including information about new clinical trials for which you may be suitable, we may collect: (1) your name; (2) date of birth; (3) email address; (4) phone number; (5) demographic information as may be required; and (6) medical information as may be required.
Please note that you do not have to provide the above-mentioned information, but in such a case we may not be able to provide you some of the features of the Services.
4. WHAT INFORMATION WE COLLECT?
In order to provide the Services, we collect the following types of information:
-
- User Information. When you use the Websites, we may automatically receive and record information from your device and browser, including your cookie information, your country, regional and language settings, device model, operating system, IP, mobile carrier and software and hardware attributes. We use this information in order to improve and customize your browsing experience, to provide more personalized services to you and for analytics and metrics about our visitors on the Website.
-
- Information provided by you. We collect information you provide to us when you register at the Websites (such as name, date of birth, email address, phone number and any demographic information as may be required). Furthermore, you may have reached the Websites due to your interest in a specific medical condition for which you are looking for a solution or have an interest in clinical trials in a certain field. To learn whether you satisfy the criteria for a particular clinical trial or a group of clinical trials, we may be required to perform a pre-screening either by asking you to complete an electronic registration form which may include medical information, or by contacting you on the phone to receive necessary medical and demographic information in this regard.
If you meet the prequalification criteria for the clinical trial, as required by the research team of the clinic, medical center or entity performing such clinical trial and grant us explicit permission to do so by checking the relevant box in the form, your information will be forwarded to the designated personnel in your area for further evaluation; any such personnel will be under strict constraints by laws governing the disclosure of Personal Information, which, in any event, shall not be less than the constraints provided in this Privacy Policy. If relevant, you may also be required to provide details of any of your minor child or children to verify if they meet the criteria for a particular trial, and give your consent to their participation in such a trial.
We may also ask you for additional information, whether from you or from the research study staff, so that we can provide you with additional services (such as new clinical trials that are of potential interest to you).
-
- Traffic data collected through the Services. In addition to the information we collect as described above, we may use technology to collect information about the method and the nature of your use of the Websites. For example, our systems may automatically record and store browser information, search history, the date on which you registered to the Websites exit point, use time, platform type, operating system information, number of clicks which parts of the Websites you viewed and/or used and the dates and times on which you viewed such parts of the Websites, impressions, any actions you made in the Websites and cookies. This technology does not identify you personally, it simply enables us to compile statistics about our visitors and their use of the Websites. When you use the Websites, our servers record information (“Log Data”), including information that your browser automatically sends whenever you visit a website. Log Data includes your Internet Protocol address, the address of and activity on websites you visit that incorporate service features, searches, browser type and settings, the date and time of your request, how you used the websites, cookie data and device data.
Furthermore, the Websites contain hyperlinks to other pages and features on the Websites. We may use technology to track how often these links are used and which pages and features of the Websites our visitors choose to view. This technology does not identify you personally it simply enables us to compile statistics about the use of these hyperlinks.
-
- Cookies. We use cookies and other technologies on the Websites. As is true of most websites, we gather some information automatically and store it in log files.
-
- A “cookie” is a small piece of information that a website assigns to your computer while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our website quicker and easier. For more information, please see our cookies policy
-
- User Communications. When you send email or other communication to the Company, we may retain those communications in order to process your inquiries, respond to your requests and improve our Websites and/or Services.
In some circumstances, we may contact you by email regarding potential clinical studies where information you voluntarily provided to us, our data partners or publicly available information (for further information please see Section 8 (Third Parties)) suggests on the basis of analysis of various demographic and societal trends that you might benefit from such clinical studies. We will retain your information for as long as needed to provide you with the Services you requested.
You may remove your information from our contact list by sending an email entitled “Unsubscribe” to
[email protected] or by using the Websites to opt-out.
-
- Links. In the Websites and some of our messages, we may use a “click-through URL” linked to information and content. When you click on some links, they may pass through a separate web server before arriving at the destination page or on one of our data partners’ websites. We or our trusted data partners may track this click-through data to help us determine interest in particular topics, measure the effectiveness and performance of our user communications and promotions. For the avoidance of doubt, it is noted that the Company is not responsible for the privacy practices or the content of other websites and you visit them at your own risk. We recommend you to carefully read the terms of use and privacy policies of such websites. This privacy policy applies solely to Personal Information collected by us.
We will not collect or use Personal Information for purposes other than those described in this Privacy Policy, the ToU and/or in any other legal instrument in effect between us. If we intend to use your Personal Information for any purposes other than those described as aforesaid, we will ask for your explicit consent prior to such use. You can decline to submit Personal Information, in which case the Company may not be able to provide you with part or all of the Services. Furthermore, unless stated otherwise in this Privacy Policy, we will not share, sell, auction off or give away your Personal Information to any third-party or other organization without first obtaining your prior written consent.
5. THIRD PARTY SITES AND SERVICES
-
- To improve our ability to provide you with the Services, we may combine your Personal Information with aggregated data about groups of people in similar circumstances. Furthermore, we sometimes supplement the information that you provide with information that is received from third parties. See further information below under “Information Sharing”; also, at your convenience, see a list of third-party service providers.
-
- We partner with several companies (such as pharmaceutical companies, clinicals, medical centers and medical websites) that gather opted-in information from consumers, which include self-reported health information. If you have provided Personal Information to one of our data partners (including information on your medical history, health, purchasing habits, or lifestyle) indicated an interest in clinical research studies or health information, and opted in to receive information of interest from third parties, we may receive your Personal Information from the data partner. In some circumstances, we may link the information you have provided to our data partners with publicly available data about you, such as public directory phone numbers.
-
- We and our data partners may occasionally offer newsletters or other publications focused on specific medical conditions that you might be interested in. You may request to receive from us such newsletters and publications in a field/s that may interest you. If you do so we will use your contact information you provided to deliver the material you request. We may also send you newsletters and communications if you joined our mailing list, you may opt-out of this service at any time by sending an email entitled “Unsubscribe” to [email protected] or by using the Websites to opt-out. None of our communications and advertisements are design to sell you products.
-
- We may use a reputable third party to present or serve advertisements that you may see on the Websites. These third-party ad servers may use cookies, clear gifs or similar technologies to help present such advertisements, and to help track, measure and research the advertisements’ performance and effectiveness. Furthermore, we may enable trusted data partners to collect Non-Personal Information, by deploying certain collection technologies within the Websites, including, but not limited to, for purposes such as statistics aggregation, to improve the Websites or to improve the Services. The use of these technologies by these third-party ad servers is subject to their own privacy policies and is not covered by our Privacy Policy.
-
- This Privacy Policy does not apply to the practices of companies that we do not own or control, or to individuals whom we do not employ or manage, including any of the third parties to which we may disclose information as set forth in this Privacy Policy. The Websites may also enable you to interact (whether directly or through a link) with third party websites, social media, widgets, mobile software applications and services that are not owned or controlled by us (each a “Third-Party Service”). We are not responsible for the privacy practices or the content of these Third-Party Services. Please be aware that the Third-Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each Third-Party Service that you choose to use or interact with.
6. TO WHOM WE SHARE INFORMATION.
-
- By providing any Personal Information to us pursuant to this Privacy Policy, all users, including, without limitation, users in the United States, Israel and member states of the European Economic Area (“EEA”), fully understand and unambiguously consent to this Privacy Policy and to the collection and processing of such Personal Information in Israel and abroad. The server on which the Websites and the Services are hosted and/or through which the Services are processed may be outside the country from which you access them and may be outside your country of residence. Some of the uses and disclosures mentioned in this Privacy Policy may be processed on servers in various countries thus involve the transfer of your Personal Information to those countries. Although we do our best commercial efforts to verify that that such suppliers maintain a proper level of privacy protection and data security of those servers, different countries around the world may have different levels of privacy protection than your country.
-
- We take additional measures when information is transferred from the EEA. This includes having standard clauses approved by the European Commission in our contracts with parties that receive information outside the EEA. We also rely on European Commission adequacy decisions about certain countries, as applicable, for data transfers to countries outside the EEA.
-
- By submitting your Personal Information, you consent, acknowledge, and agree that we may collect, use, transfer, and disclose your Personal Information as described in this Privacy Policy. Nevertheless, the Company only shares Personal Information with other companies or individuals in the following limited circumstances:
-
- As required for the provision of the Services, including our subsidiaries or affiliates and only if necessary for business and operational purposes. As part of our services, we share your Personal Information with the research partners, and we also obtain Personal Information from them.
-
- The Company’s servers that are used to store your Personal Information are owned and hosted by professional and trusted suppliers, which assured us that they maintain a proper level of privacy protection and data security and hold all necessary approvals in this regard.
-
- Social media services (in order to identify other potential participants for clinical trials).
-
- In order to see list of third parties service providers and their compliance to the GDPR please see the list at the end of this document.
-
- We provide Personal Information to trusted service provider for the purpose of processing Personal Information on our behalf in Israel and/or abroad. We require that these parties agree to process such Personal Information based on our instructions and in compliance with this Privacy Police, any applicable law and any other appropriate confidentiality and security measures.
-
- We have a good faith belief that access, use, preservation or disclosure of such Personal Information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request; (b) enforce applicable agreements and/or their terms, including investigation of potential violations thereof; (c) detect, prevent, or otherwise address fraud, security or technical issues; or (d) protect against imminent harm to the rights, property or safety of the Company, its users or the public as required or permitted by law.
-
- If we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change.
7. NON-PERSONAL INFORMATION
We may use or share Non-Personal Information (such as information which does not enable identification of an individual user, aggregated information or Personal Information in non-human readable form) in any of the above circumstances, as well as for the purpose of providing and improving the Services, aggregate statistics and conduct business and marketing analysis, and enhance your experience with the Websites. If we combine Personal Information with Non-Personal Information, the combined information will be treated as Personal Information for as long as it remains combined.
8. ENSURING YOUR RIGHTS
-
- The Company processes Personal Information only for the purposes for which it was collected and in accordance with this Privacy Policy. We review our data collection, storage and processing practices to ensure that we only collect, store and process the Personal Information needed to provide or improve our Services and/ or the Websites.
-
- We wish to maintain accurate Personal Information. If you would like to receive a copy, delete (some or all) or correct any of your Personal Information or your child’s information or on behalf of your legal guardian that we may be storing, modify your contact preferences or completely opt out of the Services at any time, you may submit a request to us by sending an email to [email protected]. Your email should include adequate details of your request and enough information to permit us to identify your Personal Information and you may be further requested to provide further details in order to secure your identity and your requests. Upon your request, we will respond to your request within 20 business days and will act in order to correct, amend or delete any Personal Information that is inaccurate and notify any third party who received this Personal Information from us of the necessary changes.
-
- Please keep in mind that once you request to delete (some or all) of your Personal Information, any deleted Personal Information will not be retrievable.
-
- We do not charge for complying with a correction request, however, for all other requests, we may charge a small fee to cover its costs. Requests to delete Personal Information are subject to any applicable legal and ethical reporting or document retention obligations imposed on the Company.
-
- We ask individual users to identify themselves and the Personal Information requested to be accessed, corrected or removed before processing such requests, and we may decline, subject to any applicable law, to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical, or for which access is not otherwise required.
-
- Please note that unless you instruct us otherwise, we retain the information we collect (including your Personal Information) for as long as needed to provide the Services and to comply with our legal obligations, resolve disputes and enforce our policies and agreements. Nevertheless, nothing in this Privacy Policy is interpreted as an obligation to store information, and we may, at our own discretion, delete or avoid from recording and storing any and all information.
-
- If you’re based in the EEA and think that we haven’t complied with data protection laws, you have a right to lodge a complaint with the Data Protection Commission or with your local supervisory authority.
9. MINORS
-
- The Websites and/or the Services are not intended for children under 16 years of age (or under 13 years old provided that such is permitted according to the applicable law which applies to the particular child). Furthermore, if you are under the age of 18 or the age of legal majority where you reside if that jurisdiction has an older age of majority, you must obtain parental consent (or consent from your legal guardian) prior to using the Websites and/or the Services. If you are a parent or guardian who become aware that his/her child (or minor under supervision) has provided us information without your consent, permission or authorization, upon request, we will promptly remove your child’s Personal Information or other information from our database, cease the use of such information and direct any other party with access to such information to do the same. In such a case please contact us at: [email protected].
10. INFORMATION SECURITY
The security of your Personal Information is important to us. We follow generally accepted industry standards, including by limiting the access to Personal Information on a need to know basis and the use of appropriate administrative, physical and technical safeguards, to protect the Personal Information submitted to us. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security or confidentiality. If you have any questions about security on the Websites or of the data, you can contact us at
[email protected].
11. CHANGE OF CONTROL
If we become involved in a merger, acquisition, or any form of sale of some or all of our assets or in the event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, you will be notified, on a best efforts basis, via email and/or a prominent notice on the Websites, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information. Without derogating from the above, we reserve the right to transfer or assign information, including Personal Information, in connection with the foregoing events. In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy.
12. UPDATES TO THIS PRIVACY POLICY
We reserve the right to modify the Privacy Policy from time to time, without prior notice, by posting amended Privacy Policy on the Websites. Nevertheless, we will notify you about significant changes in the way we treat Personal Information by sending a notice to the primary email address you provided us or by placing a prominent notice on the Websites. We encourage you to review the Privacy Policy periodically for any updates or changes. Please take a look at the “LAST UPDATED” legend at the bottom of this page to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will become effective on the next business day following posting the revised Privacy Policy on the Websites. Your use of the Services following such changes means that you accept the revised Privacy Policy.
13. CONTACT US
We are committed to protecting your privacy. Protecting your privacy online is an evolving area, and we are constantly evolving the Websites and the Services to meet these demands. If you have any comments or questions regarding our Privacy Policy, or your Personal Information collected, stored or disclosed by us, please contact us at
[email protected].
Last updated: July 16, 2019
THIRD PARTY SERVICE PROVIDERS
Third Party Company
|
Has DPA with nRollmed?
|
Third Party policy or GDPR information
|
Salesforce
|
Automatic
|
Exist
|
Twilio
|
Automatic
|
Exist
|
FormLogic
|
Yes. Signed agreement in nRollmed’s drive
|
Exist
|
Unbounce
|
|
Exist
|
Aircall
|
Automatic
|
Exist
|
Zappier
|
Automatic
|
Exist
|
Gmail
|
Automatic
|
Exist
|
CloudAlly
|
Automatic
|
Exist
|
