Effective starting: May 25, 2018
Table of Contents
- Who we are
- How to contact us
- What is your data?
- Protecting your personal data
- What kind of personal data do we collect?
- You determine what happens with your personal data
- If your personal data matches with one of our studies we are recruiting for/how we use the information we collect
- Who can receive your personal data
- Children and adolescents
1) Who we are
Patiro collects, processes and stores your Personal Data with the purpose of connecting you to clinical studies, which we are currently recruiting for. Since we process your Personal Data, Patiro acts, according to the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) as a data controller, which means that we are responsible for a safe handling of your Personal Data. This does not apply for the EU, but we also handle your data safely and with great care within the USA and Canada.
2) How to contact us?
If you have any questions, you can always contact us directly at email@example.com and we will answer all your questions regarding the handling of your personal data.
3) What is your data?
When you become a member of the Health Panel, you go through a process where we directly collect information about you, by asking you for your contact information, address, birthday and health related information. This information is your Personal Data and we need this to find out which clinical study you possibly can participate in. Also, we do need the data to contact you if you match with one of the studies we are currently recruiting for.
4) Protecting your Personal Data
Your Personal Data is not only protected by our quality, commitment and high standards. It is also protected by law.
Patiro is compliant with:
- EU: General Data Protection (GDPR)
- USA: Health Insurance Portability and Accountability Act (HIPAA)
- Canada: Personal Information Protection and Electronic Document Act (PIPEDA)
Therefore, we collect, process and store your Personal Data in compliance with these regulations, and only if you actively consent to it.
Your Personal Data is encrypted and confidentially processed by a very small number of approved and trained Patiro employees. The Personal Data is stored at a sever in Northern Europe and remains within the EU.
5) What kind of Personal data do we collect?
In order to be able to match you with a clinical study we collect, process, and store the following information and Personal Data:
- Information which you provide by filling out the health profile via the Health Panel.
- Other information, which you deliver to us by e-mail or other communication channels in relation to your health profile or surveys/questionnaires sent to your e-mail.
- Your responses to member satisfaction surveys or other research that we carry out.
- Details of your visits to the Health Panel including, but not limited to, traffic data, location data, weblogs and other communication data.
If we see that e.g. false information has been provided, or the age limit has not been reached, we can delete the profile at any time.
In relation to customer service, we use your information (e.g. mail, phone number, name) to resolve technical issues you encounter, to respond to your request for assistance, to analyze crash information, and to repair and improve the services.
6) You determine what happens with your Personal Data
We will always ensure that your Personal Data is appropriately protected and only used for the purpose of connecting you to a clinical study that matches to your health profile, or to inform or to receive health-related e-mails and very rarely a text message.
Since it is you, who determines what happens with your Personal Data, the following applies:
- Upon request and free of charge, we will give you a copy of all your Personal Data stored, including its origin, the recipients of data and the purpose of the storage. The information can be obtained under the contact details described above. You have the right to correction, blocking or deletion of this data.
- Your Personal Data is stored until you withdraw your consent by contacting us to delete all your Personal Data, unless we are required by law to keep your data for longer. If you want us to delete this Personal Data, you can contact us by email, post or phone (see contact details above). In this case, your data will be deleted within 24 hours after reception and you will receive an e-mail, informing that your Personal Data has been deleted permanently from our systems.
- If you have not made any alterations within your health profile within the last 5 years, you will be notified 14 days prior to planned deletion, informing that we are going to delete your profile due to inactivity. If you wish to keep your profile, the e-mail must be answered, stating that you want to keep the health profile. In case of deletion, you will receive an email, informing that your Personal Data has been deleted. If you change your mind, you’re always welcome to establish a new health profile.
- You have the right to lodge a complaint with a supervisory authority. Patiro stores and processes the data compliant with the General Data Protection Regulation (GDPR) – Regulation 2016/679 within Europe, USA: Health Insurance Portability and Accountability Act (HIPAA), and Canada: Personal Information Protection and Electronic Documents Act (PIPEDA).
- You can contact Patiro if you for example are interested in the storage and processing of your personal information, to receive all your data which is stored in the Patiro database or to have false information deleted or altered.
- You have 24/7 access to your Personal Data by logging in to the Health Panel with your login information.
7) If your Personal Data matches with one of our studies we are recruiting for/how we use information we collect:
- We access your Personal Data to contact you via phone to verify your Personal Data, and to ask you for your oral consent to pass on your information to scientific institutions with ongoing research projects (private and public institutions). These research projects are always approved by respective Ethic Boards, responsible for the evaluation of clinical studies: the Research Ethic Committees (REC) within the EU, USA's Institutional Review Boards (IRB), and Health Canada's Research Ethics Board (REB)
- The amount of the Personal Data passed on is limited to the extend necessary for the scientific institution(s) to contact and to check your participation ability.
- The scientific institution(s) will contact you regarding health-related questions and participation in research projects - e.g. answering a questionnaire, participating in an interview or try a newly developed medicinal product.
- Remember that you always have, regardless at what stage you are within the process, the option to leave the research project, even though it has begun. You are not committed in any way and have not signed any contract to participate. You do not have to provide us or the research team with a reason as to why you wish to quit the research project.
For research and development: In order to adapt our services to you, to make it smarter, faster, secure, integrated and useful to you – we use collective learnings about how people use the Health Panel. This helps us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Health Panel. We automatically analyse and aggregate frequently used search terms to improve the accuracy and relevance of suggested topics that auto-populate when you use the search feature. In some cases, we apply these learnings across our Services to improve and develop similar features or to better integrate the services you use. We also test and analyse certain new features with some users before rolling the feature out to all users.
8) Who can receive your Personal Data?
Normally, scientific institutions are the only third parties your Personal Data will be forwarded to. In very few exceptions, we have to share respective Personal Data with law enforcement agencies, regulators or other authorities that are allowed to request your data.
We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
9) Children and adolescents
If the clinical study involves minors (age below 18 years), the parent(s), caretaker(s)or legal guardian are required to give consent allowing them to participate in the recruitment process. When answering the questionnaire, it is possible to fill in the contact information and health related state on behalf of the minor. Should the minor match for a current study, the contact to the minor is handled through the parent, caretaker or legal guardian.