Elligo Health Research, Inc. (“Elligo” “we” or “us”) is assisting the Clinical Research Organization (CRO) PPD, part of Thermo Fisher Scientific (“PPD”), in providing certain services, including study advertising, study recruitment, study site support and hosting the Website (the “Services”), on behalf of the sponsor of the ASCENT studies, Othair Prothena Limited (“Prothena”).
The summary of this policy will give you a quick and clear view of our practices. Please take the time to read our full policy.
A Summary of The Policy
The Personally Identifiable Information That We Collect – We collect Personally Identifiable Information such as your name, age, contact details and certain health/medical related information. Read more.
How Do We Collect the Personally Identifiable Information Related to You – We collect the Personally Identifiable Information related to you, which you provide through your use of our Services. We collect Personally Identifiable Information on your use of the Website by using third party analytics and marketing automation services and cookies. Read more.
How Do We Use the Personally Identifiable Information? – We will use the Personally Identifiable Information related to you solely for the purposes mentioned in this policy, including improving our Services, contacting you, conducting studies and trial qualifications, complying with the applicable law and prevention of frauds. Read more.
Your Controls and Choice – You may opt-out of the following: (a) the data transfers to third parties which are not mentioned under this policy; (b) the process of the Personally Identifiable Information related to you for purposes other than those mentioned under this policy. Our Service does not respond to Do Not Track (DNT) signals. Read more.
Data Security and Integrity – We implement systems, applications and procedures to secure your personally identifiable information, to minimize the risks of unauthorized access, disclose and modification. Read more.
How Long We Keep Your Personal Information – We retain data to comply with our legal obligations and to provide you with our Services, as further explained in the data retention section of this policy. Read more.
Children’s Personal Information – Most of the services available on the Website are intended for persons 18 years of age and older. Any individual who requires information about any of our services, must be 18 and over. We will not knowingly collect, use or disclose Personal Information from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility through direct off-line contact. Read more.
California Consumer Privacy Act – Information for California Consumers – If you are a California resident, you are entitled to specific privacy rights. Read more.
Accessing or Correcting the Personally Identifiable Information Related to You – At any time you can request access to, correct or delete any Personally Identifiable Information related to you that you have provided to us. Read more.
Contact Us – For further information please contact us at: email@example.com or by phone at 512-580-4633 or at: Elligo Health Research, Attn: Privacy Officer, 11612 Bee Cave Road, Bldg. 1, Ste. 150, Austin, TX 78738. Read more.
The Applicability of This Policy
This policy does not apply to information collected:
- by us, offline or through any other means, including information collected through any other electronic means or any other website specified by us or a third party; or
- by any other third party, including through any application or content (including advertising) that may link to or be available from the Website.
If the changes have minor, if any, consequences, they will take effect 7 days after we notify you. Substantial changes will be effective 30 days after we initially posted or sent you the notice. If we need to adapt the policy to new legal requirements, the new policy will become effective immediately or as required by law.
Until the new policy takes effect, if it materially reduces the protection of your privacy right under the then-existing policy, you can choose not to accept it and terminate your use of the Services. Continuing to use the Website after the new policy takes effect means that you agree to the new policy.
The Personally Identifiable Information That We Collect
We collect certain information about you to provide you with the Services and use such information to meet legal, statutory and contractual obligations.
When you use the Services, we collect certain</strong >information about you (“Information”) in the following forms:
- “Personally Identifiable Information,” which means information that identifies you (either directly or indirectly), including:
- Full Name
- Zip Code
- Personal Email or Business Email
- Home or Mobile Telephone Number
- Health/Medical Information
- “Aggregate Information,” which means information that does not directly or indirectly identify, and cannot reasonably be used to identify, you.
How Do We Collect the Personally Identifiable Information Related to You?
We collect Information in the following ways:
- Use the Services: we collect Personal Information that you provide to us when you –
- fill out a form to be considered for potential opportunities;
- input information into the Services;
- request products, services or information from us; or,
- otherwise interact with us or the Services.d
- Web Analytics and Marketing Automation: we use third parties’ analytics tools to better understand who is using the Services, how people are using the Services and how to improve the effectiveness of the Services and its content. We also use third party marketing automation tools to help us with our marketing efforts.
The privacy practices of these third-party companies are subject to their own privacy policies. Please read these policies at: http://www.google.com/intl/en/policies/privacy/.
From time to time, we will change our analytics and marketing service providers and will provide additional information about these services when we update this policy.
They may combine information they collect from your interaction with the Services with Personal Information they collect from other sources. We do not combine the information collected through the use of analytics services with your Personal Information. You can prevent analytics and marketing automation services from recognizing you on return visits to our Website by disabling third party cookies on your web browser or through the Cookie Banner.
- Online Forms: when we collect your Personal Information, it is secured in our database and stored in portals for sites to securely access and follow up with potential participants to determine eligibility for this study.
- Website Cookies: We, and our analytics and marketing automation service providers, collect information about you, with your permission. This information may include the internet protocol (IP) address that your device used, the time and length of your visit, the pages you looked at on our Website, and the site you visited just before coming to ours. We only use this information to measure Website activity and to develop ideas for improving our Website.
- Via Phone Call and Text: you may be contacted by a staff member to respond to your inquiry. By providing your phone number and/or email to us through the Services, you consent to being contacted by us.
Do Not Track
Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. Our Services do not respond to Do Not Track (DNT) signals.
How Do We Use the Personally Identifiable Information?
The purposes and reasons for processing your Personally Identifiable Information are detailed below: –
- We use your Personally Identifiable Information to provide you with the Services, make it better, and to continue developing the Services
- We use your Personally Identifiable Information to contact you, respond to your questions or to provide you with information you requested
- We collect your Personally Identifiable Information for potential qualification and enrollment in the ASCENT Studies
- We collect and store your Personally Identifiable Information as you expressed interest in participating in the ASCENT Studies
- We will use your Personally Identifiable Information to enforce our terms, policies and legal agreements
- We will use your Personally Identifiable Information to comply with court orders and warrants, and assist law enforcement agencies
- We will use your Personally Identifiable Information to prevent fraud, misappropriation, infringements, identity thefts, cyber security attacks and any other misuse of your Personally Identifiable Information and the Services
- We will use your Personally Identifiable Information to take any action in any legal dispute and proceeding
Where you have consented to us providing you with information or marketing, you are free to withdraw this consent at any time and unsubscribe from our mailing lists or newsletters, by sending an opt-out request to: firstname.lastname@example.org.
Sharing the Personally Identifiable Information with Others
The ways in which we share your Information include the following:
- When we make your Personally Identifiable Information available to the clinical research study sites for potential qualification and enrollment in the ASCENT Studies.
- When we share Personally Identifiable Information with third parties in connection with the sale of our business (including merger, acquisition, or sale of all or a material portion of our assets, change in corporate control, or insolvency or bankruptcy proceedings).
- In addition, we share Aggregate Information with third parties, however we will use industry standard measures and appropriate technical and legal guidance to make sure that such information will not likely identify you.
Your Controls and Choices
We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your Information, including the right to request access to the Personally Identifiable Information we hold about you and that we amend, If you find that your Personally Identifiable Information is not accurate, complete or up-to-date, or delete it.
At any time, you can exercise your following opt-out options:
- object to the transfer of your Personally Identifiable Information to a third party, other than to third parties who help us perform tasks as explained in this policy, or
At any time following your opt-out request, we can remove or de-identify your Personally Identifiable Information altogether and request that you stop using the Website.
You may exercise your controls and choices, or request access to your Personally Identifiable Information, by modifying your profile or by contacting us at email@example.com or following instructions provided in communications sent to you.
We will need to ask you to provide us certain credentials to make sure that you are who you claim to be and to the extent required under the applicable law, will make good-faith efforts to locate the Personally Identifiable Information that you request to access.
We can delete your Personally Identifiable Information, by removing any identifying information and transforming personally identifiable information that relates to you into anonymized information.
Please be aware that, if you do not allow us to collect Personally Identifiable Information from you, we may not be able to deliver certain services to you, and some of our services may not be able to take account of your interests and preferences. If you have questions regarding the specific Personally Identifiable Information about you that we process or retain, please contact us at firstname.lastname@example.org.
Data Security and Integrity
The security, integrity and confidentiality of your Personally Identifiable Information are important to us.
We have implemented technical, administrative, and physical security measures that are designed to protect your Personally Identifiable Information from unauthorized access, disclosure, use and, modification, including: SSL, TLS, encryption, pseudonymization, restricted access, two factor authentication, firewalls and anti-virus/malware.
From time to time, we review our security procedures to consider appropriate new technology and methods. Please be aware though that, despite our best efforts, no security measures are perfect or impenetrable and we cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
The safety and security of your Personally Identifiable Information also depends on you.
How Long We Keep Your Personal Information
Elligo retains Personally Identifiable Information as needed to comply with our legal obligations and we have strict review and retention policies in place to meet these obligations.
If we retain your Personally Identifiable Information for any legitimate business purpose other than to provide the Services, we will make efforts to limit the access to such information and keep the retention time to a minimum.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information, when we no longer need to process the information.
Children’s Personal Information
Most of the services available on this Website are intended for persons 18 years of age and older. Any individual who requires information about any of our services, must be 18 and over.
We will not knowingly collect, use or disclose Personally Identifiable Information from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility through direct off-line contact.
We will provide the parent or guardian with notice of the specific types of Personally Identifiable Information being collected from the minor and the opportunity to object to any further collection, use, and storage of such information.
We abide by the laws designed to protect children. If we become aware that we have unknowingly collected Personal Information from persons under the age of 13, we will make commercially reasonable efforts to delete such information from our database.
If you are the parent or guardian of a minor child who has provided us with Personally Identifiable Information, you may contact us at email@example.com to request it be deleted.
Your Data Protection Rights
Our processing of your personal data is based on following lawful grounds:
- All processing of your personal data which are not based on the lawful grounds indicated below, are based on your consent.
- We will process your personal data to comply with a legal obligation and to protect your and others’ vital interests.
- We will further rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:
- Communications with you, including direct marketing where you are a user of our Services, or where you make contact with us through the Website or through other digital assets.
- Cyber security.
- Support, customer relations and Services and Website operations.
- Enhancements and improvements of user experience with the Services and Website.
- Fraud detection and misuse of the Services and Website.
You have the right to access any personal information that Elligo processes about you and to request information about:
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the GDPR.
California Consumer Privacy Act – Information for California Consumers
This section provides specific information for residents of California (“consumers”), as required under California privacy laws, and is intended to satisfy the California Consumer Privacy Act (“CCPA”), which requires that we provide certain information to consumers about how we handle certain personal information that we have collected.
Personal Information That We Collect
We have collected the following categories of personal information from consumers within the last twelve (12) months:
- Identifiers and Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). These include, names, zip code, telephone number, email address, Internet Protocol address and business email address.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with the Website.
- Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences and characteristics.
Categories of Sources for Personal Information
We obtain the categories of personal information listed above from the following categories of sources:
- Directly and indirectly from you when you visit the Website.
- Third parties as further detailed above.
Purposes for which Personal Information is Used
The categories of personal information described above are collected and disclosed for the purposes detailed under the section titled “How We Use Your Information” above.
Our Use and Disclosure Practices
In the preceding twelve (12) months, we have disclosed the following categories of personal information for business purposes:
- Internet or other similar network activity;
In the preceding twelve (12) months, Elligo Health Research did not sell your personal information.
California Consumer Rights
Subject to certain exceptions, you have the right to make the following requests, at no charge, up to twice every 12 months:
- Deletion: the right to request deletion of your personal information that we have collected about you, subject to certain exemptions, and to have such personal information deleted.
- Right to Know: the right to request that we disclose certain information about how we have handled your personal information in the previous 12 months, including the:
- categories of personal information collected
- categories of sources of personal information collected
- business and/or commercial purposes for collecting and selling your personal information
- categories of third parties with whom we have disclosed or shared your personal information
- categories of personal information that we have disclosed or shared with a third party for a business purpose
- categories of third parties to whom the consumer’s personal information has been shared
The specific pieces of personal information we collect from you
You can submit a deletion or right-to-know request by calling out toll-free number at 857-496-0054 or by emailing us at firstname.lastname@example.org; we will respond to verifiable requests received from California consumers as required by law. We will also ask you for additional information necessary to verify or process your request. We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. We will respond substantively to your verifiable requests within 45 days, unless additional time (up to 45 additional days) is needed, in which case we will let you know. If we determine that your request warrants a fee, we will inform you of the reasons for such decision and provide you with a cost estimate before completing your request.
Accessing or Correcting Your Information
You may send us an email at email@example.com to request access to, correct or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If we need to delete your personal data following your request, it will take some time until we completely delete residual copies of your personal data from our active servers and from our backup systems.