Effective Date: 03.01.2021
We have taken efforts to distinguish between the categories of individuals whose information we collect – namely, Trial Participants, Client business contacts, and Website visitors (who may also be Trial Participants or Client business contacts). In some cases, however, our activities apply generally. Thus, use of the terms “you” or “your” herein refers to all persons whose information we collect, whether a Trial Participant, Client business contact, or other individual.
Information We Collect
In the course of operating our Website and providing our Services, we collect the following types of information:
- Information Collected in Connection with our Services and Website
Services: We collect certain personal information from Trial Participants when providing our Services, including first and last name, mailing address, email address, phone number, information relating to a Trial Participant’s travel plans to and from the Trial, and any other information that a Trial Participant chooses to provide to us, such as health-related information needed for special accommodations or other aspects of our Services.
Because Clincierge acts as a “business associate” of Trial sites when providing our Services to Trial Participants, any personal information collected or received in this context is also considered Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and any regulations promulgated thereunder (collectively, “HIPAA”).
Website: Website visitors may also choose to provide us with certain personal information by contacting us through the Website or according to the instructions on the Website (by phone or email) or by responding to questions on the Website. This personal information may include full name, company name, title, email address, phone number, and any other information that such Website visitor chooses to provide (such as within a free-text message box).
Other: We also collect certain personal information from the business contacts of prospective or current Clients, such as name, title, email address, and business address, such as when you contact us on our Website or email, through referrals, trade shows and conferences, or where we may contact you via our direct sales team.
- Aggregate Data
In an ongoing effort to better understand the visitors to our Website and the recipients of our Services, we may analyze information in aggregate or, in the case of PHI (and as allowed pursuant to any applicable Business Associate Agreement) in “de-identified” form, to operate, maintain, manage, and improve our Website and Services. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners, including, without limitation, our Clients. We may also disclose aggregated user statistics in order to describe the Website or the Services to current and prospective business partners and to other third parties for other lawful purposes.
Purpose of Collection and Use
Transfer to Third Parties
We may share personal information related to Trial Participants with our Clients in connection with their hosting and administration of the Trials (unless a Client must remain “blind” to the Trial Participants, as in the case of Trial sponsors). With a Trial Participant’s prior approval, we may share personal information with such Trial Participant’s bank for reimbursement of Trial expenses to which she is entitled, to the extent such function has been designated to us as part of our Services to the Client.
We may disclose personal information to our service providers but only to the extent needed to enable them to provide such services. For example, we may share a Trial Participant’s personal information with our travel assistance and logistics partners, so that they may book transportation or accommodation on such Trial Participant’s behalf in connection with a Trial. Other such companies that may receive your personal information include: direct marketing vendors, billing support, customer service, data storage and hosting services, sales support, and technical assistance. To the extent that our service providers have access to your PHI, we require that they also sign Business Associate Agreements as required by HIPAA.
Related Entities; Business Transfers
We may share your personal information with any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us for aggregation, analysis, and benchmarking purposes.
Disclosure to Public Authorities
We are required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation, including, but not limited to, in response to court orders and subpoenas.
Opt-out for Direct Marketing
We may engage in direct marketing to the business contacts of our Clients regarding our Services. These business contacts may opt out at any time from the use of your personal information for such direct marketing purposes by contacting us at email@example.com. Please allow us a reasonable time to process your request. We do not engage in direct marketing to Trial Participants.
We will implement reasonable and appropriate security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in processing, the nature of such data, and applicable laws and regulations.
Our servers are located in the US. If you are located outside of the US, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the US. Your decision to provide such data to us, or to allow us to collect such data through our Website or through the provision of our Services, constitutes your consent to this data transfer to the extent permitted under applicable law.
We do not monitor, recognize, or honor any “Do Not Track” signals or similar signals.
Natural persons located in the European Economic Area (“EEA”) should review the GDPR Privacy Notice here.
E-mail us at firstname.lastname@example.org (preferable for fastest response)
Call us at 215.413.2034 or
Write to us at Gray Consulting, Inc. 190 N. Independence Mall West, Suite 201 Philadelphia, PA 19106
When visiting our Website, we may collect other information about you through technologies such as “cookies.”
When accessing or otherwise using a website, small pieces of data concerning your device and your visit are stored within your web browser (including when browsing on a mobile device), which can be retrieved upon future visits. These pieces of data make up a small file called a “cookie.” Information collected via cookies includes the type of device you use, your operating system, IP address, browser type, and geographic location, and ties it to a randomized ID called a “cookie ID,” rather than your name, address, or other similar “direct” identifiers.
Both first-parties (i.e., the operator of the website you are visiting) and third parties (such as analytics or advertising companies) can store their own cookies on your web browser. These are typically referred to as “first” or “third-party” cookies, respectively. When you visit the website again, the cookie allows that website (or other third parties) to recognize your browser and any stored information (such as user preferences).
We use two types of first/third-party cookies: session cookies and persistent cookies. Session cookies are temporary cookies that remain on your device until you leave the Website. Session cookies are typically essential to make our Website work correctly, as they enable you to move around our Website and use our features. Persistent cookies remain on your device for longer or until you manually delete it (how long the cookie remains on your device will depend on the duration or “lifetime” of the specific cookie and your browser settings).
Persistent cookies help us recognize you as an existing user of the Website, so it’s easier and convenient to return to the Website or interact with our Services without signing in again or changing certain settings (as applicable). In addition, persistent cookies help us understand your use of our Website during the lifetime of the persistent cookie or, potentially, your interactions with any of our advertisements on other websites.
In our case, we primarily use persistent analytics cookies (primarily those provided through Google Analytics, though we may use other similar services) to collect information regarding how visitors use our Website, for example, which pages they go to most often, how long they stay on a page, what page or other website they came from, what general geographic area they are from, and similar “usage information.” We use this information to understand the utility of our Website and to generally optimize and improve it.
In some cases, we may wish to use advertising-related cookies, such as those that determine the effectiveness any of our marketing-related efforts (such as whether you clicked on any ads we displayed on other sites or a link to our Website through popular search engines).
You can control and/or delete cookies as you wish – for details, see aboutcookies.org or otherwise consult your browser’s privacy settings or related documentation. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our Website in the case some services and functionalities cease to work (however, this should be an unlikely occurrence).
With respect to Google Analytics, which Clincierge uses on the Website, Google provides an opt-out mechanism for various browsers as set forth here: https://tools.google.com/dlpage/gaoptout
GDPR Privacy Notice
We serve as a data processor (a “processor”) when providing our administrative and logistics support in connection with Trials on behalf of our Clients, such as transportation and expense management services to Trial participants. When serving as a processor, we have certain obligations under the GDPR including only processing personal data at our Clients’ instructions, providing assistance with fulfilment of rights requests, and implementing appropriate security for personal data. Our Clients are responsible for obtaining any required consents or authorizations for a European Individual’s use of our Services; in many cases, Clincierge will provide a draft “consent form” to our Clients, as reviewed and approved by such Clients, and provide such consent form to European Individuals on such Clients’ behalf. We will forward any inquiries, complaints, or requests received from European Individuals with respect to our Services to the appropriate Clients and await instructions before taking any action.
We are a data controller of personal data regarding the following categories of European Individuals: business contacts for European-based Clients and vendors (collectively, “Business Contacts”) for the purposes and under the legal bases described in the table below. As a data controller we decide why and how personal data relating to Business Contacts is processed. The personal data described below is provided to us either in the course of your performance of contractual duties for the organization for whom you work or on a voluntary basis in the course of your general business dealings with us (or your colleagues within your organization, such as those that provide your contact details as appropriate for the dealings in question or from third parties who may recommend you). If this data is not provided to us, then we, you, or the organization for whom you work may be unable to perform certain contractual obligations or communicate effectively.
Service-Related Communications: Outside of communications relating to clinical trial participants (i.e., where we serve as a “processor”), we process service-related communications with our Clients pursuant to our, our Clients, and clinical trial participants’ legitimate interests in performing our contracts, including any related Statement of Work. Given the low sensitivity of the data (i.e., basic contact details and correspondence) and routine nature of the communications, these legitimate interests are balanced with the rights and freedoms of the individuals to which such communications relate.
Procurement-Related Communications: We will process communications (comprising basic contact details and correspondence) with the procurement and legal departments of our Clients and vendors which is in our and our Clients’ legitimate interests. These legitimate interests are to establish and develop a commercial relationship for the purposes of providing our Services and to facilitate their provision.
Our representative in the European Union is:
ePrivacy GmbH (“ePrivacy”)
Große Bleichen 21
Germany Phone +49 40 60 94 518 – 10
Fax +49 40 60 94 518 – 20
Mobile +49 151 23 44 99 00
Clincierge personnel shall receive and process your personal data for the purposes described herein. Such personal data is also disclosed to the following recipients in connection with these purposes:
- Other Business Contacts (in the course of the procurement or provision of services)
- Amazon Web Services (an IT services company that provides hosting services)
- Microsoft (a software company that provides Office 365, its cloud-based software)
- Internal and external auditors and our legal and other professional services providers
The length of time for which we retain your personal data is determined by several factors including the purposes for which we use that information and our obligations under applicable laws.
We may need your personal information to establish, bring, or defend legal claims. In general, given this purpose, we typically retain your personal information for seven (7) years from the end of the year in which we receive it. The exceptions to this are where:
- the law (including a court, regulator, or other authority) requires us to hold your personal information for a longer period or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
- you exercise your right to require us to retain your personal information for a period longer than our stated retention period;
- we bring or defend such legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
- the information is no longer reasonably necessary, in our discretion, for the purposes discussed herein (in which case we may earlier delete such information).
As a natural person, you have a right to: (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may exercise these rights by contacting: email@example.com with the subject line “GDPR Notice.”
You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under Clincierge’s Standard Contractual Clauses.
Contact details for the EU data protection authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en and for the UK data protection authority can be found at https://ico.org.uk/global/contact-us/.
You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request to firstname.lastname@example.org with the subject line “GDPR Notice” (the latter for instances where, for example, you would not like to receive follow-ups from our sales team). In such case, your personal data will no longer be used for that purpose.
For data transfers, we may rely on appropriate Standard Contractual Clauses to ensure adequate protection for your personal data or a derogation under Article 49 of the GDPR (such as when you give us your explicit consent).
Clincierge may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.
In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this GDPR Notice.
If, in the future, we make any material changes to this GDPR Notice relating to our controller obligations, we will provide you with the relevant information at a reasonable time prior to those changes taking effect and the “Effective Date” at the top of this page will be updated accordingly.
Clincierge is located at 190 N. Independence Mall West, Suite 201 Philadelphia, PA 19106. Please use this address or, preferably, reach out to email@example.com regarding any questions, complaints, or requests regarding this GDPR Notice; please include the subject line “GDPR Notice.”