Privacy Policy

Effective January 30, 2023


This Privacy Policy (“Privacy Policy” or “Policy”) describes how Care Access Research LLC and its affiliates (collectively “we,” “us,” “our,” or “CARE”), collect, use, share, and secure personal data, as defined below, through CARE’s website located at https://www.careaccess.com or an affiliated CARE clinical study recruiting website (together “Websites”). References in this Privacy Policy to "you" or "your" refer to both you and any person or entity on whose behalf you act, if any. If you visit a different CARE website or participate in a clinical trial, we will provide a separate privacy notice appropriate to the services described.

CARE is committed to keeping your personal data safe and secure. We use your personal data only as permitted in this Privacy Policy. By visiting our Websites, you agree to the collection and use of your personal data in accordance with this Privacy Policy. Except as set forth in this Privacy Policy, your personal data will not be used for any other purpose without your consent. You have the right to withdraw your consent to our processing of your personal data at any time by emailing us at [email protected].

Purpose

CARE is a national network of clinical research sites. We build clinical research programs at physician practices and equip them with the resources necessary to offer clinical research as a care option for their patients. Through our Sites On Demand™ platform, sponsors can tap into patient populations in a wide range of therapeutic areas. We offer patients clinical research study opportunities for a variety of medical conditions. Users of the CARE Websites include physicians, sponsors, contract research organizations (CROs), clinical research professionals, patients and other individuals who visit our Websites.

We Do Not Sell Your Personal Data

CARE does not sell or share (as those terms are defined under data privacy and security rules and regulations (“Data Protection Laws”) your personal data with third parties or non-affiliated companies, except to provide services you have requested, when we have your consent to disclose such personal data, or when we provide the personal data to companies or consultants working on our behalf under confidentiality agreements. These companies and consultants do not have any independent right to disclose your personal data.

Personal Data We Collect and Use

The type of personal data that we collect and receive while you use the CARE Websites or otherwise interact with CARE are described in this section and include both personal data that you voluntarily provide to us and personal data that we collect automatically when you use CARE Websites.

For the purposes of this Privacy Policy, “personal data” means information about an individual, including but not limited to your name, address, telephone number, email address, city, state, zip code, date of birth, and gender; as well as browsing and Log Data (as defined below), such as internet “cookies” or IP addresses. Personal data is defined broadly to include any information that can relate to an individual; certain regulations may use the term Personal Information. For the avoidance of doubt, references in this Privacy Policy to personal data include the term Personal Information.

“Sensitive personal data” is a subset of personal data and includes but is not limited to your social security number, banking or financial account information, and protected health information. CARE does not collect sensitive personal data through the Websites.

Personal Data You Share with CARE

Personal data you share: If you choose to share personal data with CARE, it may include your contact information.

How we use this personal data: We use your personal data to determine your eligibility for clinical trials and any other purpose described on the page where you shared your personal data. We do not share your personal data with any parties except our service providers.

For Recruitment and Hiring Purposes: For more information about CARE’s recruitment and hiring activities as they relate to your personal data, please refer to the Recruiting and Hiring section of this Privacy Policy.

Personal Data That May Be Collected Automatically

Log Data: Like many website operators, we collect information that your internet browser sends whenever you visit the CARE websites ("Log Data"). This Log Data may include personal data such as your computer's Internet Protocol ("IP") address, browser type, browser version, and statistical information about your use of the Websites, the pages of our Websites that you visit, the time and date of your visit, the time spent on those pages and other statistics.

How we use log personal data: We use the personal data that is collected automatically to troubleshoot our Websites and otherwise improve our services. The personal data collected is not used for marketing purposes.

Cookies, pixels, and similar technologies: We also collect information about your use of CARE Websites through tracking technologies such as cookies. A “cookie” is a unique text file that is transferred to your computer to track your interests and preferences and to recognize you as a returning visitor to our Websites. Cookies are personal data under Data Protection Laws. You may opt out of certain cookies as further outlined below.

The cookie is not connected to other personal data; it is used in aggregate form with other Websites users’ data in order to generate statistical reports on how people are navigating and using our Websites.

We use third parties to perform site analytics tracking. If you do not want your personal data used by third parties to perform site analytics, you can install the relevant opt-out browser add-on.

To learn more about cookies and other tracking technologies, including how to disable them, please visit https://www.allaboutcookies.org/. Please note that some cookies are essential to the functioning of our websites and deleting or disabling them will reduce the websites’ functionality.

How we use personal data from cookies, pixels, and similar technologies: We use this information to track the functionality of our Websites and to identify unique visitors. We do not sell or share this personal data. We also use cookies, pixels, and similar technologies to improve our services and measure the effectiveness of our advertising and marketing campaigns. We do not use cookies or similar technologies to target you for advertising or other marketing activities.

How We Disclose Your Personal Data

At CARE, we are careful to limit the disclosure of your personal data. Personal data is disclosed only to service providers with whom we have an agreement for services. A service provider is an entity or individual only permitted to use your personal data as we instruct them. However, there are a number of circumstances in which CARE could be legally obligated to disclose your personal data, including;

Lawful requests: We may be required to disclose your personal data in response to a legal process, for example, in response to a court order or a subpoena. We also may disclose your personal data in response to a law enforcement agency's request, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, to verify or enforce compliance with our Privacy Policy, or as otherwise required by law.

Corporate events: We may transfer your personal data to an entity or individual that acquires, buys, or merges with CARE, or our other business units. In such cases, your personal data would remain subject to the promises and commitments contained in this Privacy Policy until such time as this Privacy Policy is updated or amended by the acquiring party upon notice to you, as described in this Privacy Policy.

Deidentified and Aggregated Information

In addition to the uses of personal data described above, we may remove the identifiable parts of your personal data to create deidentified forms (“Deidentified Information”). Deidentified Information may be compiled with other data in aggregated forms for product improvement purposes. For example, the data we use for analytics to monitor the use of our services or to increase the functionality and user-friendliness of our Websites is aggregated, meaning we cannot identify you or any other individual.

Storage, Accuracy and Retention

CARE stores your personal data in a secure database and in accordance with industry standards and Data Protection Laws. You have the right to request access, changes, or deletions to your personal data and request information about our collection, use and disclosure of your personal data by contacting us at [email protected]. We use best efforts to keep our records as accurate and complete as possible. You can help us maintain the accuracy of your personal data by notifying us of any changes to your personal data. We retain your personal data only so long as necessary to provide the services. Personal data is destroyed in due course in accordance with CARE’s policy on records management and retention (“Records Management Policy”).

Opt-Out

If you wish to opt-out from receiving further communications from CARE, you may opt-out at any time by sending a request via email to [email protected]. We will retain some of your personal data to avoid further contact with you.

Security

The security of your personal data is of utmost importance to us and CARE takes reasonable and appropriate administrative, physical and technical safeguards, as required under Data Protection Laws, to secure our Websites and prevent unauthorized parties from accessing your personal data.

Recruiting and Hiring

This section applies only to the processing of personal data that CARE collects about you as a potential candidate for employment or for contractual services.

Personal Data We Collect. CARE may collect and process personal data and sensitive personal data of potential candidates for employment or for contractual services (collectively “Employment Data”) that is either collected by or on behalf of CARE through publicly available records as part of its independent recruitment efforts or submitted directly to CARE through the online application process, professional recruitment firms, and/or through alternative channels.CARE’s processes Employment Data for the following purposes:

Use of Your Employment Data. CARE collects and processes your Employment Data for operational purposes to:

Lawful Basis for Processing Your Employment Data. If applicable law requires a lawful basis for processing, CARE’s lawful basis for collecting and processing your Employment Data described in this section will depend on the type of Employment Data concerned and the specific context in which we collect or use it.

Generally, CARE processes your Employment Data where the processing is in our legitimate interest and not overridden by your data protection interests or rights (e.g., to communicate with you, to evaluate you in the recruitment process), or where applicable, where CARE has obtained your consent to process your Employment Data for a specific purpose. CARE may also process your Employment Data where it is necessary to comply with a legal obligation (e.g., to assess your suitability in connection with your engagement in a regulated role), or to enter into a contract of employment with you.

How We Share Your Employment Data. CARE may share your Employment Data in the following circumstances.

Verification and Background Checks using Employment Data. If your application is successful, it may be necessary for CARE to conduct a pre-employment background check or to instruct a third party to conduct a preemployment background check. CARE conducts background checks where permitted by law and to the extent necessary and proportionate to the role for which you are being considered. If a background check is required, you may be contacted by a third-party vendor to obtain your consent to conduct the background check, and to provide you with further information regarding the process and Employment Data involved. CARE’s legal basis for conducting background checks is to ensure CARE is performing appropriate due diligence in establishing employment relationships.

Retention of Your Employment Data. CARE will keep your Employment Data for no longer than necessary to fulfill the purposes for which it was collected and processed. The retention period depends on the purposes for which your Employment Data was collected and processed and/or as required to comply with applicable laws. If you accept CARE’s offer of employment, your Employment Data will become part of your personal records and retained in accordance with CARE’s privacy notice applicable to CARE employees and CARE’s Records Management Policy. If your application for employment is unsuccessful or if you decline CARE’s offer, CARE will retain and destroy your Employment Data in accordance with our Records Management Policy unless there are technical or legal limitations that prevent deletion. CARE will safeguard any retained Employment Data and limit further uses and disclosures.

Third-Party Websites

CARE Websites may contain links to websites outside of the company. Linked websites are not under the control of CARE. This Privacy Policy does not apply to linked websites outside the CARE organization. It is recommended that users review the privacy policy of each individually linked website. Moreover, CARE is not responsible for any disclosures to third parties to whom you choose to disclose your personal data directly. This Privacy Policy applies solely to personal data collected by CARE in relation to our Websites.

Children Under 16

Our Websites are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are under 16, do not use or provide any personal data on our Websites. If we learn we have collected or received personal data from a child under 16, we will promptly delete that personal data. If you have a concern related to a child’s personal data, you may contact us at: [email protected].

United States Jurisdiction and Governing Law

We are located in the United States and our services and Websites are directed only at users within the United States and subject to applicable U.S. local, state and national laws. Those who choose to access the Websites from outside of the U.S.A. do so on their own initiative and understanding that their use of the Websites are subject to U.S. laws and regulations.

California Consumer Privacy Act (CCPA) Notice

We do not sell or share, as those terms are defined under Data Protection Laws, your personal data. We use personal data collected online or otherwise for the following CCPA “Business Purposes”:

1. Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.

2. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

3. Debugging to identify and repair errors that impair existing intended functionality.

4. Short-term, transient use, provided the personal data that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.

5. Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing, or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.

We do not sell or share personal data or use it for marketing or any other purpose including CCPA “Commercial Purposes”. You may contact us with any questions or requests related to your rights at [email protected].

Notice to Residents of Other States with “Do Not Sell” or “Do Not Share” Laws

If you live in a state other than California, for example Virginia, Connecticut, Colorado, or Utah, with Data Protection Laws that give you the right to opt-out of the sale or sharing of your personal data or the right to limit the use and disclosure of your sensitive personal data, you should know that except as outlined in this Policy, we do not sell or share your personal data. You may contact us with any questions or requests related to your rights at [email protected].

Individual Rights to Personal Data

If you reside in a state that has passed Data Protection Laws, you may be entitled to certain rights.

If you would like to exercise your privacy rights, you can contact [email protected] to initiate a request. However, we may ask you to provide additional personal data so that we can properly identify you in our dataset to track compliance with your request. We will only use personal data provided in a request to review and comply with the request. If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our data systems.

The Right to Knowledge / Specific Information

You have the right to request the following information relating to the personal data we may have collected and disclosed during the last 12 months:

The Right to Access / Data Portability

You have the right to access and obtain a copy of the specific pieces of personal data we have collected about you in the last 12 months, upon verification of your identity.

The Right to Correct

You have the right to request that CARE correct the inaccurate personal data that we collected and maintain about you.

The Right to Request Deletion

You have the right to request that CARE delete the personal data that we collected from you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal data from our records, unless an exception applies.

To Submit a Request to Exercise Your Right to Knowledge, Access (Portability) and Deletion

Contact us at [email protected] to initiate privacy rights request.

We will need to verify your identity before processing your request, and this verification may require us to obtain additional personal data from you. We will only use personal data provided in a consumer request to review and comply with the request. In certain circumstances, we may decline a request to exercise the rights described above.

Response Timing and Format

We will respond to a verifiable consumer request within forty-five (45) days of receipt. If we are unable to process your request in such time, we will inform you of the delay in writing.

We will deliver our written response by mail or electronically, depending on your preference selection. Any disclosures we provide will only cover the 12-month period preceding the receipt of your verifiable consumer request's receipt. If we are unable to comply with all or a portion of your request, we will explain the reasons we cannot comply.

We reserve the right to charge a fee to process or respond to your verifiable consumer request if we determine that such request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

The Right to Opt-Out of the Sale or Sharing of personal data

You have the right to direct CARE not to sell or share personal data we have collected about you. You have the right to limit the use and disclosure of sensitive personal data we have collected about you.

For clarity, CARE does not sell or share your personal data or your sensitive personal data.

HIPAA Compliance

HIPAA is the Health Insurance Portability and Affordability Act, which commonly applies to health data held by a healthcare provider or insurer. HIPAA does not apply to personal data that a person interested in participating in a clinical study has voluntarily provided for the purposes of determining eligibility for a clinical trial. CARE is not a “Covered Entity” or a “Business Associate” under HIPAA.

Changes to this Policy

We reserve the right to update or materially change our Privacy Policy at any time by posting a new version online, as indicated by the Effective Date at the beginning of the Privacy Policy. You should check this page periodically to review any changes to our Privacy Policy. Your continued use of our websites after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of receiving notice of the modifications and your consent to abide and be bound by the modified Privacy Policy.

Contact Us

If you have any questions, suggestions, or complaints about your privacy rights under this Privacy Policy, please contact us at: [email protected].

We are committed to resolving complaints about your privacy and our collection or use of your personal data in a timely fashion. If you submit a reasonable complaint or inquiry concerning your personal data, we will promptly investigate your complaint and we will respond to the inquiry or complaint within 45 days. If it is justified, we will take appropriate remediation measures.

Copyright 2023 © Care Access Research LLC. All rights reserved.