Effective Date: 08.NOV.2021
This website and policy are provided and maintained by Trialbee AB (Trialbee), corporate registration number 556814-3019, with its principal place of business at Södra Tullgatan 3, SE-211 40 Malmö, Sweden.
Trialbee is committed to the privacy of our users and the security of their personal information serious.
Trialbee’s approach to protecting personal data worldwide recognizes various jurisdictions and legal systems will apply:
TABLE OF CONTENTS
- DEFINITIONS AND ACCRONYMS
- DATA WE COLLECT ABOUT YOU
- HOW YOUR PERSONAL DATA IS COLLECTED
- HOW WE USE AND DISCLOSE YOUR DATA
- DATA PROCESSING
- TRANSFER OF PERSONAL DATA
- DATA SECURITY
- DATA RETENTION
- YOUR DATA PRIVACY RIGHTS UNDER GDPR AND UK PRIVACY
- YOUR DATA PRIVACY RIGHTS UNDER CCPA
- OTHER INFORMATION
1.2. CONTACT DETAILS
Trialbee’s contact details for privacy rights questions and requests are:
Full name of legal entity: Trialbee AB, Data Privacy Officer
Email Address: firstname.lastname@example.org
You have the right to make a complaint at any time to the relevant supervisory authority in the country where you reside.
We would however appreciate the chance to deal with your concerns before you approach one of the national supervisory authorities, so please contact us in the first instance at email@example.com.
To find more about this right and to locate the appropriate Data Privacy Authority, go to the following:
- If you reside in Europe, then contact the European Commission website: https://ec.europa.eu/info/policies/justice-and-fundamental-rights_en
- If in the UK, go to the Information Commissioner’s Office (ICO) website: www.ico.org.uk
- If you reside in the United States, you may contact the US Federal Trade Commission at: https://www.ftc.gov/faq/consumer-protection/submit-consumer-complaint-ftc.
1.5. THIRD-PARTY LINKS
2. DEFINITIONS AND ACCRONYMS
Anonymized: is a type of information sanitization whose intent is privacy protection. It is the process of removing of personally identifiable information from data sets, so that the person’s identity becomes anonymous.
EEA: European Economic Area
GDPR: is the European Union General Data Protection Regulation
CCPA: is the United States California Consumer Privacy Act
ICO: is the United Kingdom Information Commissioner’s Office
PII: Personal Identifiable Information
PHI: Protected Health Information
Third Parties means:
- Service providers acting as processors and who provide services to us.
- Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services to us.
- Regulators and other state authorities acting as processors or joint controllers in any jurisdiction in which we are operating and who require reporting of processing activities in certain circumstances.
Covered Entity: This is in reference within the United States, and means an institution, organization or other entity that is subject to the rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Covered Entities include: (i) a health plan, (ii) a healthcare clearinghouse and, (iii) a healthcare provider who transmits any personal identifiable health information in electronic form in connection with a transaction covered by HIPAA.
Personal Identifiable Health Information (“PIHI”) means any information including demographic information collected from an individual that:
- relates to (a) the past, present or future physical or mental health or condition of an individual; (b) the provision of healthcare to an individual; or (c) the past, present or future payment for the provision of healthcare to the individual; and
- identifies the individual or there is a reasonable basis to believe it can be used to identify the individual; and
- PIHI does not include education records or medical records covered by the Family Education Rights and Privacy Act or employment records held by Trialbee in its role as an employer.
Personal Information: According to the California Consumer Privacy Act, and means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
3. DATA WE COLLECT ABOUT YOU
Like many commercial organizations we monitor the use of this website by collecting aggregate information using cookies.
Typically, we collect information about the number of visitors to the website, to each web page and the originating domain name of the visitor’s Internet Service Provider.
This information is used to understand the visitor’s use of the website and may be shared with our affiliates and/or other third parties. We have no means reasonably available to us to ascertain the identity of individual users from aggregate information.
We may collect, use, and share Aggregated Data such as general statistical data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
We may also perform or collect categories of personal data about you which are grouped as follows:
- Monitor customer traffic patterns and
- Site usage information to help us to improve the design and layout of our site, to personalize your experience by tailoring the content you see thus optimizing your user experience.
- Perform statistical analysis on our members’ accounts to determine,
- how many are active
- how frequently they are used
- and how many of our other websites you are registered with.
- Identity Data includes first name, maiden name, last name, username, or similar identifier.
- Contact Data includes physical address, delivery address, email address and telephone numbers.
- Transactional Data includes details of products and services you have received or purchased from us and/or affiliates.
- Technical Data includes Internet Protocol (“IP”) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the device you use to access this website.
- Usage Data includes information about how you use our website, products, and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and/or affiliates.
- Health Data includes information in relation to any aspect of your health and/or consequences of taking part in any clinical trials organized by our clients.
We may also obtain information about your opinions if, for example, you send us feedback, or ask us questions.
We may also, occasionally, receive information about you from other sources which we will add to the information that we may already hold about you to help us improve and personalize our service to you.
4. HOW YOUR PERSONAL DATA IS COLLECTED
We use various methods to collect the categories of data described above through but not limited to:
- Data Interactions. You may have given your personal data by filling in forms or by corresponding with us by mail, phone, and email or otherwise. This includes personal data you provide when you:
- Apply online
- Contract to receive services or information
- Request marketing material to be sent to you
- Automated Technologies or Interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions or patterns.
- We collect this personal data by using cookies, log files, and other similar technologies.
- We may also receive technical data about you from other you visit employing our cookies. This aggregate data gives a “macro-view” of the visitor traffic patter and insight to what sections of the website users visit the most. None of this information is linked to any personal information.
- We passively collect and log the following information from visitors to our website such as:
- Browser type
- IP Address
- Domain Name
- Access Time
- Operating System
- We passively collect and log the following information from visitors to our website such as:
- Third-parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below.
- Analytics such as Google
- Advertising Networks
- Search Information Providers
- Contact and Transaction Data from providers of technical, payment and delivery services.
- Identity and Contact Data from data brokers or aggregates.
5. HOW WE USE AND DISCLOSE YOUR DATA
Trialbee will not sell, trade, or lease to third parties your Personal Data. However, we may sometimes engage other companies and individuals to perform services on our behalf.
We will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter or have entered with you, or to perform other legal obligations.
- Where it is necessary for our legitimate interests or those of a third party, and your interests and fundamental rights do not override those interests (this applies to the EEA).
- Where we need to comply with a legal or regulatory obligation.
We may disclose Personal Data to comply with a legal or regulatory obligation. Unless we have informed you otherwise and have obtained your permission, or the law forces us to, we will only use the collected Personal Data within Trialbee or with business partners that act on our behalf.
In the EEA, in relation to sending direct marketing communications to you via email or text message, we will only do so where (i) we have your express consent or (ii) you are an existing client. You have the right to withdraw consent to marketing at any time by contacting us.
5.1. PURPOSES WE USE YOUR DATA
Note, that we may process your personal data for more than one lawful ground depending on the specific purposes, this has been set out in the table below:
|Purpose||Category||Lawful basis for processing, including legitimate interest|
|To register you as a new customer.||
||Performance of a contract with you.|
|To process and deliver services and/or perform contractual obligations for you.||
To manage our relationship with you which could include:
|To enable you to complete a survey/questionnaire.||
|To consider whether you are eligible/suitable for participating in a clinical trial, related to a clinical investigation, or clinical support program sponsored by our clients.||
|To administer and protect our business and this website, including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data.||
|To deliver relevant website content and advertisements to you and measure or understand that effectiveness of the advertising we serve to you.||
||Necessary for our legitimate interests, to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy.|
|To use data analytics to improve our website, products and services, marketing, customer relations, experience and to provide audit record for consent.||
||Necessary for our legitimate interests, to define types of customers for our products and services, to keep our website updated and relevant, to develop our business, and inform our marketing strategy.|
|To make recommendations to you about products or services that may be of interest to you.||
||Necessary for our legitimate interests, to develop our products and services, and grow our business.|
|To comply with legal obligations, including government investigations, subpoenas, or other legal process or as otherwise necessary to prevent physical or financial harm or to prevent crime and fraud.||
5.2. DISCLOSING INFOROMATION TO THIRD PARTIES
Trialbee may share your personal data with trusted clients and service providers where needed for clinical trials, as set out below for the purposes set out in the table in section 5.1 above.
- Third party sub-contractors who provide services for us and/or help to provide services to you.
- We may disclose personal information to law enforcement, government authorities or otherwise in response to a legal subpoena or process as required by applicable law or in the circumstances involving the possibility of physical or financial harm, fraud, or crime.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for the specified purposes and in accordance with our instructions.
We do not sell your personal data to any third party. Our use and disclosure of PHI is limited to the minimum amount needed to accomplish the intended purpose of the specific clinical trial and is used in the relation to pre-screen activities for such clinical research projects. This includes using study questionnaires that only ask questions related/associated to relevant clinical research project as specified in approved protocols, and information will not be disclosed unless we have clear consent from you to do so.
5.3. USE OF HEALTH DATA IN THE UNITED STATES
All PIHI data collected by Trialbee in connection with subject recruiting for a clinical research study is captured electronically and transmitted through a secure network connection to a secure database. Trialbee’s data security policies are consistent with Good Clinical Practices, HIPAA and GDPR standards.
5.4. OPTING OUT OF COMMUNICATIONS FROM TRIALBEE
You can opt-out and request us to stop sending you information, and/or reminders, at any time by contacting us at firstname.lastname@example.org.
Where you opt-out of receiving information., and or reminders, will not apply to personal data provided to us because of a product/service such as registration, product/service experience or other transaction.
- to learn how our website is used and how it performs, including cross-site statistics,
- to provide you with additional functionalities and personalization
- to provide you social media interactions and
- for targeting and marketing purposes.
5.5.1. COOKIE PRIVACY PREFERENCES AND CONSENT
5.5.2. USE OF DATA FOR MARKETING
5.5.3. TRIALBEE COOKIE STATEMENT
When you accept cookies, you consent that cookie will be stored on your computer, tablet, or smartphone. If you opt-out of cookies, the website may not work in an optimal fashion.
6. DATA PROCESSING
Consent to processing of personal data is as follows for each clinical trial study.
This policy describes how Trialbee AB, company registration number 556814-3019, address: Södra Tullgatan 3, 211 40 Malmö, Sweden, email@example.com, gathers, processes, stores and shares personal data on behalf of the Controller.
The Controller (aka Sponsor) intends to conduct a clinical study to evaluate the efficacy and safety of the study drug in Subjects with Palmoplantar Pustulosis. With regards to the processing of your personal data during the application process the Controller is the data controller responsible for processing your personal data in accordance with applicable data protection legislation. However, the Controller has assigned Trialbee AB (“Trialbee”) the task of processing your application for the study.
If you are interested in participating in this study Trialbee will ask you, on behalf of the Controller, to provide certain information about yourself to process your application for the study. This allows us to evaluate your eligibility for the study and to contact you during the application process. The information we intend to collect are your name, telephone number(s), e-mail address, and answers to questions we ask you for determining eligibility. These answers may include information about your health. Health information is only used for the purposes of determining your eligibility for the clinical study.
Information about you is stored in Trialbee’s system until the clinical study recruitment is completed or until you request that the data is deleted, whichever occurs first.
You can at any time withdraw your consent to the Controller’s processing of your personal data for the purposes of evaluating your application by contacting either the Controller (see contact details above) or Trialbee at firstname.lastname@example.org. If you withdraw your consent, the Controller and Trialbee will stop processing your personal data for such purposes and your application to participate in the study will be considered withdrawn.
For further information about the Trialbee’s processing of your personal data on Aristea Therapeutic’s behalf and your rights according to applicable data protection legislation, see section 6.1.
Note: The Controller and Trialbee are not both established in the EU/EEA. When submitting an application, your personal data will be transferred to Trialbee’s country of establishment (Sweden) and possibly the Controller’s country of establishment USA.
6.1. DATA SUBJECT INFORMATION
Information to be provided to the Data Subjects is as follows:
Information about Aristea Therapeutics, Inc.’s processing of personal data when processing your application for the clinical study.
Aristea Therapeutics, Inc. (the “Controller”)
12770 High Bluff Drive, Suite 380
San Diego, CA 92130
Relevant point of contact:
Trialbee AB (“Trialbee”)
Company registration no. 556814-3019
Södra Tullgatan 3
211 40, Malmö
Categories of personal data
Name, telephone number(s), e-mail address, gender, age and answers to questions we ask you for determining eligibility. These answers may include information about your health.
Purpose of processing
To administer your application for the study by evaluating your eligibility for the study and contacting you during the application process.
Legal basis for processing
Legal basis for processing personal data regarding your health
Categories of recipients
The personal data will be processed by Trialbee on behalf of the Controller. Your personal data may also be shared with those involved with processing your application on behalf of Trialbee, i.e medical professionals acting on behalf of the Controller and/or engaged by Trialbee on behalf of the Controller and/or staff from a study clinic who may contact you to determine study eligibility. These will be the only parties with access to this information. As the study will be performed as a double-blind study, the Controller will not know your identity during the study and Trialbee will only produce aggregated anonymous reports to the Controller, on the numbers of candidates passing the application process. The data from these reports cannot be traced back to you.
Trialbee will retain your personal data, on behalf of the Controller, until the clinical study recruitment is completed or until you request that the data is deleted, whichever occurs first.
In accordance with applicable data protection legislation, you have a right to request access to or rectification of your personal data. Further, and to the extent set out in applicable data protection legislation, you may request erasure of personal data or restriction of the processing of your personal data. Under certain circumstances, you also have a right to object to processing as well as the right to data portability in accordance with applicable data protection legislation. If you want to exercise any of the above-mentioned rights, please do not hesitate to contact Trialbee (see contact details above). Where the processing of your personal data is based on your consent, you can withdraw such consent at any time by contacting either the Controller or Trialbee. Should you be dissatisfied with our processing of your personal data, please let us know, and we will do our best to meet your complaints. Your integrity is very important to us, and we always strive to protect and secure your personal data in the best possible way. Should we nevertheless, in your opinion, fail in this ambition, please note that you are also entitled to lodge a complaint with the Swedish Data Protection Authority, Box 8114, 104 20 Stockholm, Sweden or the (local equivalent for sponsor).
7. TRANSFER OF PERSONAL DATA
7.1. EUROPE (EU/EEA)
We take all reasonable measures to ensure that your personal data is protected when transferred to a country inside the EU/EEA, for example by entering the Standard Contractual Clauses with the recipient. The Standard Contractual Clauses can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm.
7.2. UNITED STATES (US)
7.3. UNITED KINGDOM (UK)
We ensure similar degree of personal data protection by using specific contracts approved by the European Commission or UK ICO (www.ico.org.uk) which give personal data the same protection it has in Europe.
7.4. OTHER REGIONS
8. DATA SECURITY
9. DATA RETENTION
To determine the appropriate retention period for persona data, we consider the amount, nature and sensitivity of the personal data, the potential risk or harm from unauthorised use or disclosure or your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We also anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
10. YOUR DATA PRIVACY RIGHTS UNDER GDPR AND UK PRIVACY
Under certain circumstances in the EEA and UK, you have the following rights under data protection laws in relation to your personal data:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us at email@example.com.
In the EEA, you have the right to make a complaint at any time to the relevant national supervisory authority. For example, in the UK this would be the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach one of the national supervisory authorities so please contact us in the first instance.
A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
10.1. NO FEE REQUIRED
11. YOUR DATA PRIVACY RIGHTS UNDER CCPA
If you are a resident of California, you have the following rights under the California Consumer Privacy Act (https://oag.ca.gov/privacy/ccpa), with respect to your Personal Data:
- The right to know what Personal Information we have collected, used, disclosed, and sold about you. To submit a request to know, please contact us. You also may designate an authorized agent to make a request for access on your behalf.
- The right to request that we delete any Personal Information we have collected about you. To submit a request for deletion, please contact us. You also may designate an authorized agent to make a request for deletion on your behalf.
- The right to opt-out of the sale of their personal information.
- The right to non-discrimination for exercising your rights under the CCPA rights.
When you exercise these rights and submit a proper request to us, we will verify your identity by asking you for identifying information such as your email address, telephone number, and/or information about your account with us. We also may use a third-party verification provider to verify your identity. Please note that we are only required to honour such requests twice in a 12-month period.
Your exercise of these rights will have no adverse effect on the price and quality of our goods or services.
13. OTHER INFORMATION
For quality control and training purposes, we may monitor or record your communications with us.