Privacy Statement

This Privacy Statement applies to your use of the Medable.com websites (the “Sites”) as well as certain Medable Services (the “Services”).

If You participate(d) in a study or trial, please see the privacy statements in Your specific study or trial for more information or contact Your study sponsor or investigator for assistance.

Please note that some Medable Applications are subject to their own specific Privacy Statements, which are linked either in the Application or the applicable app store.

This Privacy Statement is designed to inform you of the information we gather as part of your use of the Sites and Services where Medable is the data controller. If you have any questions or concerns regarding this Statement, or wish to exercise an access, data portability, or deletion right, please see the section “Exercising Access, Data Portability, and Deletion Rights” below for more information.

By accessing or using the Sites or Services, you acknowledge your acceptance of the practices described in this Privacy Statement and consent to our processing of your information as set forth in this Privacy Statement.

1.0 Changes to this Privacy Statement

Medable, Inc. (“Medable” or “We”) may modify this Privacy Statement from time to time. The date of any revisions will be displayed at the top of this Privacy Statement.

2.0 Medable’s platform, customized applications, and services

Please note that Medable supplies its Customers with Applications and Services, particularly for purposes of clinical trials and healthcare research. When you use Medable Services as part of your engagement with a Medable Customer, you will be subject to a Privacy Statement issued by that Medable Customer. In such instances, Medable acts as a data processor, working on behalf of that Medable Customer (the data controller). Please see the Medable Privacy Center at: https://www.medable.com/privacy for more information.

3.0 Types of information Medable collects

As part of your use of the Sites and Services, We may collect:

• Information you submit to us (including contact information, demographic information, location information etc. which you supply via a web form or other input method);
• Non-Personal Data regarding your use of the Sites and Services - for example your “click-path” or how you navigate our Sites or Services, the duration of time you spend on a given webpage, how often you visit or use the Sites or Services, information about your browser or device from which you access the Sites and Services, pseudonymous IDs including information linked to DIIs (Device-Identified Information) such as Cookies, MAID (Mobile Advertising IDs), Statistical IDs, IP Addresses and other third-party identifiers which do not, by themselves, identify a specific individual);
• Payment information (including name, address, and payment method) if you make a purchase from Medable using the Sites or Services;
• Geolocation data (such as the location from which you access the Sites and Services);
• Log and event data related to the performance of the Sites and Services
  

4.0 How Medable uses personal information

Personal Data which we collect via the Sites and Services for a particular purpose will only be retained and used for that purpose, unless you have agreed to allow us to use it for additional purposes as described in this Privacy Statement.

Generally, We will use Personal Data and other information we collect from you to:

• Provide you with technical support, customer service, and account maintenance;
• Fulfill the reason for which you provided us information;
• Tailor your experience using the Sites and Services;
• Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections where applicable;
• Improve our Sites and Services, including for testing, research, and product development purposes;
• Send e-mails to our customers and users who want to receive e-mail from us;
• Protect the security of your account and our business;
• Prevent or detect fraud or abuses of our Sites and Services;
• Comply with applicable law;
• Provide, operate, and maintain the Sites and Services;
• Authenticate and verify user identities;
• Direct you to localized versions of the Sites and Services (which may include language optimized versions or versions which comply with the laws of a specific jurisdiction); and
• Communicate with you about services, features, surveys, newsletters, offers, promotions, and events, and to provide other news or information about us and our select partners.
  

4.1 Medable surveys

Online surveys provide Medable information about users' experiences with our products and services. We occasionally invite users to take optional surveys in studies we host for our customers to learn more about their experience with Medable's products. Medable does not ask users to provide any sensitive personally identifiable information, such as passwords, social security numbers, driver’s license, and medical records. If you receive a Medable survey requesting such information, please immediately submit a request here.

5.0 How Medable shares personal information with others

When you have provided Personal Data to us for a particular purpose, we may disclose your information to other companies that we have engaged to assist us in fulfilling your request. This may include, but is not limited to fulfillment houses, billing services, transaction managers, credit verification services, and other third-party service providers. We may also disclose any of your Personal Data to law enforcement or other appropriate third parties in connection with criminal investigations, investigation of fraud, infringement of intellectual property rights, or other suspected illegal activities, or as otherwise may be required by applicable law, or, as we deem necessary in our sole discretion, in order to protect the legitimate legal and business interests of Company.

We sometimes share general, demographic, or aggregated (non-identifiable) information with third parties about our user base, but that information does not include any Personal Data.

Your Personal Data may also be disclosed if Company assigns all of its rights and obligations regarding the use of your Personal Data at the time of a bankruptcy, merger, acquisition, sale of all or substantially all of Company’s assets to a subsequent owner or operator, or similar event.

To the extent we collect any aggregated anonymous information, we may share that information and information derived from the aggregated anonymous information with our business partners.

6.0 How Medable secures personal information

Medable implements physical, administrative, and technical safeguards designed to protect your personal information from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. We contractually require that our suppliers implement similar measures designed to protect personal information from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. No online service can ever be 100% secure, and as a result we do not guarantee the security of any personal information you provide.

7.0 Retention of personal data

Medable retains your personal data for as long as reasonably necessary or as permitted in accordance with the purpose(s) outlined in this Privacy Statement.

The criteria used to determine our retention periods include the length of time we have an ongoing relationship with you, contractual requirements, or whether there is a legal obligation to which we are subject.

8.0 Use of cookies and automated tracking on the sites to collect personal information

The Medable Sites, and some services and advertisements on the Sites, may contain “cookies.” A cookie is a piece of data that is sent to your browser, which will store the cookie on your computer if your browser is enabled to accept cookies.

Most internet browsers will allow you to erase cookies from your computer hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You should refer to your browser instructions or “Help” screen to learn more about how to manage cookies. Please note, however, that if you block cookies, some portions of the Site and services may not function properly.

Medable does not control cookies in third-party ads, and visitors are encouraged to check the privacy policies of advertisers and/or ad services to learn about their use of cookies and other technology. Ads appearing on our Sites may be delivered to you by third-party advertising companies. These companies may use information about your visits to this and other web sites in order to provide advertisements on this site and other sites about goods and services that may be of interest to you.

We do collect general, aggregated, demographic, and non-Personal Data using cookies and automated means (this includes technical information about your session with our website, such as your browser version and IP address, as well as information about your use of our website, such as how you navigate it and how long you spend viewing it). We will not seek to identify you through cookies or other means without your consent. This type of anonymous, aggregated profiling and session data may also include information that you have provided to us through surveys, polls, etc., but will not be tied to any Personal Data, without your consent.

You can manage your preferences in relation to Cookies and Automated Tracking on the sites by clicking on the shield icon on the bottom left of this webpage.

9.0 Childrens personal information

The Sites and Services are not intended for anyone under the age of eighteen. Medable does not knowingly collect information from children under the age of eighteen unless we have obtained consent from a parent or guardian, or such collection is subject to a separate agreement with us which specifically provides for us to obtain such information. If you believe your child’s personal information has been collected by Medable in error, please submit your request here.

10.0 Do not track

The Website does not support Do Not Track at this time. Do Not Track (DNT) is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For all the details, including how to turn on Do Not Track, visit donottrack.us.

11.0 Special notice to california residents – your California privacy rights

The California Consumer Privacy Act (the “CCPA”) provides California residents the right, once a year, to receive information about third parties with whom Medable has shared information about you for its marketing purposes during the previous calendar year, and a description of the categories of personal information shared. To make such a request, please submit here. Medable will respond to you within thirty days of receiving such a request.

11.1 Medable does not sell consumer data for monetary or other valuable consideration.

If you are a California Resident, you may have additional rights under the California Consumer Privacy Act (the “CCPA”). These include:

• The right to request that Medable disclose certain information to you about our collection and use of your personal information over the past 12 months.
• The right to know the categories of personal information that we collect, and the categories of sources from which we obtained that information.
• The right to know our business or commercial purpose for collecting or selling personal information.
• The right to know the categories of third parties with whom we share personal information.
• The right to object to the sale of personal data.
• The right to access your own personal information collected by Medable (also called a data portability request).
• The right to equal service and price, even for consumers who exercise their privacy rights.
  

12.0 Special notice to UK and EU residents

Residents of the EU and UK may be entitled to additional privacy rights consistent with the General Data Protection Regulation (GDPR). These include:

• The right of access.
• The right to data portability.
• The right to rectification.
• The right to erasure.
• The right to object or restrict processing.
  

Please submit here with any questions or concerns regarding the processing of your personal data.

If Medable’s processing of your personal data is covered by UK or EU law, you can also lodge a complaint with the corresponding data protection supervisory authority in your country of residence. You can find the relevant EU supervisory authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm and the UK supervisory authority contact details under https://ico.org.uk/global/contact-us/.

12.1 International transfers, processing and storage of personal information.

Your Personal Data may be collected, transferred to, and stored by us in the United States and by our affiliates and third parties that are based in other countries. This means that your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate data processing agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or another applicable regulator. Where required by applicable law, we will only share, transfer, or store your Personal Data outside of your jurisdiction with your prior consent.

12.2 Exercising personal data access, portability, and deletion rights.

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us here (Or connect via one of the alternative methods listed in the “CONTACT US” section below).

To fulfil your request, please:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
  

We cannot complete your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a request to verify the requestor's identity and/or authority to make the request. We may refuse to act on requests that are insufficiently substantiated, unfounded, or excessive.