Logo
Schedule a call

privacy policy

1.      SCOPE AND OVERVIEW
nRollmed Patient Recruitment and Retention Ltd. (“nRollmed”, the “Company” and all references, as the context requires, to “we”, “us” or “our”) services involve reaching out to potential participants, increasing public awareness about clinical trials, and facilitating the process of identifying and connecting eligible individuals with appropriate research opportunities (the “Services”). The Services may include online advertising, educational outreach, pre-screening assessments, and referral to research sites or sponsors.
In providing the Services, we are committed to protecting the Personal Information (as defined below) that we collect from you or that you may provide when you use our Services, visit our websites, including https://nrollmed.com/, any study-specific websites, anywhere else we link or refer to this Privacy Policy (collectively, the “Website(s)”), or when you otherwise interact or communicate with us.

This Privacy Policy is to inform you about our practices with respect to the collection, storage and processing of Personal Information that may be used, alone or in combination with other information, in connection with the provision of our Services.

BY USING THE SERVICES, YOU GIVE YOUR CONSENT THAT ALL PERSONAL INFORMATION THAT YOU SUBMIT OR THAT IS COLLECTED THROUGH THE WEBSITES AND/OR SERVICES, INCLUDING ANY PERSONAL INFORMATION RELATING TO YOUR CHILDREN OR TO SOMEONE FOR WHOM YOU ARE THE LEGAL GUARDIAN, MAY BE PROCESSED BY THE COMPANY IN THE MANNER AND FOR THE PURPOSES DESCRIBED IN THIS PRIVACY POLICY.

IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS SET FORTH HEREIN, PLEASE DO NOT USE THE WEBSITES, THE SERVICES OR OTHERWISE CONTACT US.

2.      COLLECTION OF PERSONAL INFORMATION

We collect different types of information about you, including information that identifies, relates to, or is linked or reasonably linkable to you. (“Personal Information”).

We will only collect and use your Personal Information for the purposes described in this Privacy Policy or any other legal agreement between us. If we intend to use your Personal Information for other purposes, we will seek your explicit consent before doing so. While you are not required to provide Personal Information, please note that if you choose not to, we may be unable to provide you with some or all of our Services and/or response to your request.

To deliver our Services, we may collect the following types of information:

  • Personal Information Provided by You

You may provide us with Personal Information in various ways, including when:

  • Using our Websites
  • Sending information via email
  • Speaking with our representatives and/or the research team by phone
  • Providing written information through text messages, secure online portals, or other communication channels

For research candidates, this may include:

  • Full name and contact details (e.g., phone number, email address)
  • Demographic data (e.g., age, gender, location)
  • Health-related information relevant to eligibility screening
  • Responses to online or phone-based pre-screening questions
  • Records of your communications with us, including feedback and recommendations

     Please note, we do not collect full medical records or perform diagnostics.

When you register with a Website or complete an electronic form associated with a specific clinical trial, you indicate your consent for us to store and process your Personal Information in our database and contact you about such clinical trial.

If you meet the prequalification criteria for a clinical trial, as determined by the research team at the clinic, medical center, or other entity conducting the trial, and if you grant us explicit permission, your information will be forwarded to designated personnel in your area for further evaluation. These personnel are bound by strict legal obligations concerning the confidentiality of your Personal Information, which will be at least as protective as those outlined in this Privacy Policy.

If applicable, you may also be asked to provide information about any minor children under your care to determine their eligibility for the study or clinical trial and to give consent for their participation.

At all times, you may choose whether or not to provide or disclose Personal Information requested to be actively provided by you. If you choose not to provide certain Personal Information, you may be unable to use certain features of the Websites and/or the Services that involve our interaction with you. However, you may request to be referred to the clinical site to perform the pre-screening process directly so your Personal Information will be collected by the research partner’s clinical staff. You may also ask the clinical staff to refrain from storing your Personal Information on our system.

  • Communications

When you send an email or other communication to us, we may retain those communications in order to process your inquiries, respond to your requests and improve our Services. Providing any means of contact with you (including by telephone) constitutes your consent for us to contact you by such way for the purposes outlined in this Privacy Policy.

We may also send you newsletters and communications if you joined our mailing list, you may opt-out of this service at any time by clicking UNSUBSCRIBE at the bottom of each email or by sending an email entitled “Unsubscribe” to Patients@nrollmed.com.  

  • Information we Obtain from Third Parties

We may also have access to certain of your Personal Information stored and processed on our pre-screening platform, which is used by the research team for the screening process, or when we support the research team or communicate with them as part of the services we provide—such as sharing updates on your enrollment status or monitoring the progress of your pre-screening. If you are found eligible and choose to participate in the study, we will not have access to any data collected as part of the study itself.

Furthermore, we may combine your Personal Information with aggregated data about groups of people in similar circumstances or information that is received from third parties. We partner with several companies (such as pharmaceutical companies, clinicals, medical centers and medical websites) that gather opted-in information from consumers, which include self-reported health information. If you have provided Personal Information to one of our data partners (including information on your medical history, health, purchasing habits, or lifestyle) indicated an interest in clinical research studies or health information, and opted in to receive information of interest from third parties, we may receive your Personal Information from the data partner. In some circumstances, we may link the information you have provided to our data partners with publicly available data about you, such as public directory phone numbers.

We may use a reputable third party to present or serve advertisements that you may see on the Websites. These third-party ad servers may use cookies, clear gifs or similar technologies to help present such advertisements, and to help track, measure and research the advertisements’ performance and effectiveness. Furthermore, we may enable trusted data partners to collect Non-Personal Information, by deploying certain collection technologies within the Websites, including, but not limited to, for purposes such as statistics aggregation, to improve the Websites or to improve the Services. The use of these technologies by these third-party ad servers is subject to their own privacy policies and is not covered by our Privacy Policy. However, you can manage these features through our cookie preferences tool.

This Privacy Policy does not apply to the practices of companies that we do not own or control, or to individuals whom we do not employ or manage, including any of the third parties to which we may disclose information as set forth in this Privacy Policy.

  • Personal Data we Collect Automatically

To improve and personalize your experience on our Websites and Services, and to analyze visitor behavior, we may automatically collect the following information:

  • Device Information: including your country, regional and language settings, device model, operating system, IP, mobile carrier and software and hardware attributes.
  • Cookie information: For further information on the cookies and similar technologies we use, please see our / at: https://nrollmed.com/cookies-policy/.        
  • Usage Patterns: When you use the Website and/or Services, we or our third-party providers, automatically collect and record information regarding the method and nature of your use of the Website and/or Services, including among others: (a) the date on which you registered to the Services; (b) the parts of the Websites you view and/or use and the dates and times on which they were viewed or used; (c) any actions you make in the Websites, such as clicking on buttons or links, filling out a questionnaire or submitting forms
  • Other traffic data: For example, our systems may automatically record and store browser information, exit point, usage time, number of clicks.
  • The Websites and/or Services contain hyperlinks to other pages, widgets and features on the Services. We may use technology to track how often these links are used and which pages, widgets and features of the Services our visitors choose to view.

By entering the Websites and providing information in any or all of the alternatives as specified above, you expressly consent to the terms of this Privacy Policy, and to the collection, use and disclosure of your information, including Personal Information, in accordance with the terms of the Privacy Policy.

3.      LEGAL BASIS
  • We will only collect and process Personal Information about you where we have lawful basis. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (e.g. to deliver the Services you have requested) and “legitimate interests”, as applicable.
  • Where we rely on your consent to process Personal Information, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object to the processing of your Personal Information. If you have any questions about the lawful basis upon which we collect and use your Personal Information, please contact us at: DPO@nrollmed.com.
4.      PURPOSES OF PROCESSING YOUR PERSONAL INFORMATION

We process your Personal Information solely for specific, limited, and legitimate purposes. We collect only information that is adequate, relevant, and not excessive in relation to the following purposes.

  • Research-Related Purposes

Please note that, for the purposes described below, we act as a data processor on behalf of the organization or entity that has engaged our services (the “Customer”), unless stated otherwise.

  • To contact you and provide you with further information about the research or clinical study you have shown interest in.
  • To assess your initial eligibility for participation in a research or clinical study, based on the information you provide during the screening process, if you choose to proceed.
  • To keep internal records of your screening responses and communications with our representatives, in line with our operational, contractual and regulatory obligations. This includes collecting consent, tracking enrollment progress and outcome.
  • To analyze screening data in a de-identified or aggregated form for statistical purposes and to enhance our business operations.
  • To provide you with information about other research opportunities, including new or upcoming studies, where you have consented to be contacted for such purposes. In connection with this purpose, nRollmed acts as data controller.

Please note that your participation in the screening process is entirely voluntary and separate from formal study enrollment. You are not required to provide the requested information; however, if you choose not to do so, we may be unable to assess your eligibility to move forward in the screening process or consider you for possible participation in the research or clinical study.

  • Website and Commercial Purposes

In addition to supporting and enhancing the functionality of our Services and Websites, we may use your Personal Information for various website-related and commercial purposes, including but not limited to the following:

  • To operate, maintain, and improve our Websites, including monitoring performance, user behavior, and technical issues through analytics and performance tools.
  • To personalize your experience, such as tailoring content, messaging, or features based on your interaction history, preferences, or expressed interests.
  • To respond to your inquiries or requests, submitted via contact forms, live chat, or other communication channels available on our Websites or Services.
  • To send you updates, newsletters, or promotional communications related to research participation or health services, where you have given consent or where permitted under applicable law.
  •  
  • To detect and prevent fraud, ensure website security, and address any malicious or unauthorized activities, as well as to comply with applicable laws and respond to lawful requests from regulatory or enforcement authorities.

Please note that you do not have to provide the above-mentioned information, but in such a case we may not be able to provide you all or part of the Services.

  • Legal and Compliance Purposes

We may process your Personal Information to comply with applicable laws and regulations, including data protection and health and safety requirements. This includes responding to lawful requests from regulatory authorities and law enforcement, protecting our rights and the safety of others by preventing fraud or unauthorized access, conducting internal audits and investigations, and enforcing our terms of service, policies, and agreements, including resolving disputes or violations.

  • Client-Related Purposes

We may process Personal Information of our clients and business partners to manage and deliver contracted services, communicate regarding service updates, billing, support, and account management. Additionally, we maintain client records to ensure operational efficiency and reporting, improve our services based on client feedback and performance data, and comply with all relevant legal and contractual obligations related to our business relationships.

5.      TO WHOM WE SHARE INFORMATION
  • When we act as data processor on behalf of a Customer, we may transfer your Personal Information to the Customer and/or anyone acting on its behalf, in accordance with the Customer’s instructions.
  • We provide Personal Information to trusted service providers for the purpose of processing Personal Information on our behalf, which may be outside the country of residence. We require that these parties agree to process such Personal Information based on our instructions and in compliance with this Privacy Policy, any applicable law and any other appropriate confidentiality and security measures.
  • Our operations are supported by cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers which may be outside the country from which you access them and may be outside your country of residence. However, we take additional measures when information is transferred from the EEA. This includes having standard contractual clauses approved by the European Commission in our contracts with parties that receive information outside the EEA. We also rely on European Commission adequacy decisions about certain countries, as applicable, for data transfers to countries outside the EEA.
  • By submitting your Personal Information, you consent, acknowledge, and agree that we may collect, use, transfer, and disclose your Personal Information as described in this Privacy Policy. Nevertheless, the Company only shares Personal Information with other companies or individuals in the following limited circumstances:
  • As required for the provision of the Services, including our subsidiaries or affiliates and only if necessary for business and operational purposes. As part of our services, we share your Personal Information with the research partners, and we also obtain Personal Information from them.
  • The Company’s servers that are used to store your Personal Information are owned and hosted by professional and trusted suppliers, which assured us that they maintain a proper level of privacy protection and data security and hold all necessary approvals in this regard.
  • Social media services (in order to identify other potential participants for clinical trials)
  • In order to see list of the categories of our third parties service providers please see the list at the end of this document.
  • We have your consent.
  • We have a good faith belief that access, use, preservation or disclosure of such Personal Information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request; (b) enforce applicable agreements and/or their terms, including investigation of potential violations thereof; (c) detect, prevent, or otherwise address fraud, security or technical issues; or (d) protect against imminent harm to the rights, property or safety of the Company, its users or the public as required or permitted by law.
6.      NON-PERSONAL INFORMATION AND AGGREGATED PERSONAL DATA

We may use or share Non-Personal Information (such as information which does not enable identification of an individual user, aggregated information or Personal Information in non-human readable form) in any of the circumstances listed in Section 5. This information may also be used to provide and improve the Services, generate aggregate statistics, perform business and marketing analysis, and enhance your experience with the Websites and/or the Services.

If Personal Information is combined with Non-Personal Information, the combined information will be treated as Personal Information for as long as it remains combined.

7.      ENSURING YOUR RIGHTS
  • Depending on your state of residence and applicable law, you have certain rights with respect to your Personal Information that we collect and use. These may include:
  • requesting information on Personal Information that we hold about you;
  • demanding that the information be rectified should it be incorrect;
  • asking that your Personal Information be deleted, if nRollmed is not permitted or is not legally obliged to retain the Personal Information;
  • demanding that the processing of your Personal Information be restricted;
  • objecting to the processing by us;
  • requesting that Personal Information submitted by you will be transferred in a generally useable, machine-readable, and standardized format.
    • You may submit a request to us by sending an email to DPO@nrollmed.com. Your email should include adequate details of your request and enough information to permit us to identify you and your Personal Information. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to an unauthorized recipient.
    • If you think that we haven’t complied with data protection laws, you have a right to submit a complaint with your local supervisory authority.
    • Please note that nothing in this Privacy Policy is interpreted as an obligation to store information, and we may, at our own discretion, delete or avoid from recording and storing any and all information.
    • We do not charge for complying with a correction request, however, for all other requests, we may charge a small fee to cover its costs.
    • We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical, or for which access is not otherwise required.
8.      DATA RETENTION

In all circumstances, Personal Information will be retained; (a) for no longer than is necessary in relation to the purposes for which such Personal Information was collected or otherwise processed; or (b) in the event you withdraw your consent and there are no more legitimate grounds for the processing.

Please note that we will also retain your Personal Data as necessary to comply with legal obligations, resolve disputes and enforce our agreements. Once data is no longer lawfully required it will be destroyed securely.

9.      THIRD PARTY SITES AND SERVICES
  • The Websites may also enable you to interact (whether directly or through a link) with third party websites, social media, widgets, mobile software applications and services that are not owned or controlled by us (each a “Third-Party Service”). We are not responsible for the privacy practices or the content of these Third-Party Services. Please be aware that the Third-Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each Third-Party Service that you choose to use or interact with.
10.   MINORS

The Websites and/or the Services are not intended for children under 16 years of age (or under 13 years old provided that such is permitted according to the applicable law which applies to the particular child). Furthermore, if you are under the age of 18 or the age of legal majority where you reside if that jurisdiction has an older age of majority, you must obtain parental consent (or consent from your legal guardian) prior to using the Websites and/or the Services. If you are a parent or guardian who become aware that his/her child (or minor under supervision) has provided us information without your consent, permission or authorization, upon request, we will promptly remove your child’s Personal Information or other information from our database, cease the use of such information and direct any other party with access to such information to do the same. In such a case please contact us at: DPO@nrollmed.com.

11.   INFORMATION SECURITY
We follow generally accepted industry standards and use appropriate administrative, physical and technical safeguards, to protect the Personal Information submitted to us. The Personal Information is contained behind secured networks and is only accessible by a limited number of persons who have a genuine business need to access it and are subject to a duty of confidentiality.
While we strive to use commercially acceptable means to protect your Personal Information and have procedures in place to deal with any suspected data security breach, we cannot guarantee its absolute security or confidentiality. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you have any questions about security on the Websites or of your data, you can contact us at DPO@nrollmed.com.
12.   CHANGE OF CONTROL
 If we become involved in a merger, acquisition, or any form of sale of some or all of our assets or in the event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, you will be notified, on a best efforts basis, via email and/or a prominent notice on the Websites, of any change in ownership, uses of your Personal Information, and choices you may have regarding your Personal Information. Without derogating from the above, we reserve the right to transfer or assign information, including Personal Information, in connection with the foregoing events. In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy.
13.   UPDATES TO THIS PRIVACY POLICY

We reserve the right to modify the Privacy Policy from time to time, without prior notice, by posting amended Privacy Policy on the Websites. Nevertheless, we will notify you about significant changes in the way we treat Personal Information by sending a notice to the primary email address you provided us or by placing a prominent notice on the Websites. We encourage you to review the Privacy Policy periodically for any updates or changes. Please take a look at the “LAST UPDATED” legend at the bottom of this page to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will become effective on the next business day following posting the revised Privacy Policy on the Websites. Your use of the Services following such changes means that you accept the revised Privacy Policy.

14.   CONTACT US

We are committed to protecting your privacy. Protecting your privacy online is an evolving area, and we are constantly evolving the Websites and the Services to meet these demands. If you have any comments or questions regarding our Privacy Policy, or your Personal Information collected, stored or disclosed by us, please contact us at DPO@nrollmed.com.

Last updated: September 1, 2025

THIRD PARTY SERVICE PROVIDERS

 

CATEGORY OF SERVICES

REASON FOR TRANSFER

Infrastructure and storage

a)     Secured storage of Personal Information.

b)     Backup of all data.

c)     Data management.

d)     Authentication and authorization services.

Online Service and Communications

a)     Email services.

b)     Other communication services

Analytics and Marketing

a)     To understand the usage trends and preferences of our users and generate statistical reports.

b)     To improve and personalize user experience.

c)     To create new features and functionality.

d)     To provide us with reports and insights on how to optimize promotional campaigns and to find people that might be interested in our Services and/or a clinical trial.

THIRD PARTY SERVICE PROVIDERS

 

Third Party Company

Has DPA with nRollmed?

Third Party policy or GDPR information

Salesforce

Automatic

See here.

Exist

 Twilio

Automatic

See here.

 Exist

 FormLogic

 Yes. Signed agreement in nRollmed’s drive

 Exist

 Unbounce

 

 Exist

Aircall

Automatic

See here.

 Exist

Jotform

Yes, signed agreement in nRollmed’s drive

 Exist

Gmail

 Automatic

https://gsuite.google.com/terms/dpa_terms.html

Exist

CloudAlly

 Automatic

https://www.cloudally.com/secure-saas-backup/

Exist