MEDABLE ACCESS APP PRIVACY STATEMENT
Last updated: April 16, 2020
Thank you for reviewing this Medable ACCESS App Privacy Statement. Medable Inc (“Medable”, “we” or “us”) provides various products and services, to be used in clinical research studies or clinical trials. This ACCESS (American COVID-19 Collaborative Enabling Seamless Science or “ACCESS”) App was created during the epidemiological emergency created by the SARS-CoV-2 virus as an observational study pursuant to an IRB-approved protocol. In order to accelerate COVID-19 research amidst the barriers and challenges posed by containment and contagion, we have launched ACCESS to enable data collection and rapid substudy enrollment. This Medable Mobile ACCESS App Privacy Statement applies to products and services you may receive associated with our products and services associated in connection with our ACCESS app. Please note that this Privacy Statement does NOT apply to products, goods or services provided by other individuals or entities associated with the Collaboration.
The purpose of this policy is to detail and convey Medable’s commitment to protecting and respecting your privacy and any information about you that is personally identifiable to you (“Personal Information”) that we may collect from you or other sources. This Privacy Statement only applies to information we may collect through our ACCESS app.
Please read this policy carefully as it details:
• How we collect, use and disclose your information that we collect from you when you use our ACCESS App.
• The security approaches we use to protect your information.
• How you can access and request modification of certain information that we may store about you.
• Any applicable rights you may have.
Please note that this policy applies only to information collected via the ACCESS App; it does not apply to information you voluntarily disclose to us through other means or to information that we acquired or will acquire through other sources. It also does not apply to any Personal Information collected on any third-party website or application, of which we have no influence or control. The use of other sites or applications or the submission of Personal Information to other third parties is at your own risk.
Medical Disclaimer: The information on the ACCESS App is not intended or implied to be a substitute for professional medical advice, diagnosis or treatment. You are encouraged to confirm any information obtained from or through this mobile app with the principal investigator or the Independent Review Board (“IRB”), and review all information regarding any medical condition or treatment with your physician.
NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HAVE READ ON OR ACCESSED THROUGH A MEDABLE APP.
Your Acceptance of the ACCESS App Privacy Statement and Changes to It
If you do not agree to this Statement, you may not use this ACCESS app.
II. United States Residents
The ACCESS app and related Services are intended to be used by residents of the United
States. By using our ACCESS app and Services, you confirm that you are a resident of the United States.
III. WHAT INFORMATION WE COLLECT
In connection with your use of the Services, we collect and process Personal Information and other non-individually identifiable information from you when you register to use the ACCESS App, respond to communication such as email, or otherwise use the ACCESS App in any manner. This information is collected for the purpose of identifying you and contacting you with important information, such information may include:
• Identity Data: such as your name, date of birth, sex at birth, ethnicity, and race.
• Contact Data: For example, your mailing address, email address, telephone number, zip code and if applicable, the contact information for your designated emergency contact.
• Health Data: For example, health indicators (e.g. smoking history), clinical data as part of a past or current research study or clinical trial, and any other relevant personal medical history (including any medications you may take) and family history.
• Data from connected devices: Where applicable, your data is collected during your use of the ACCESS App in conjunction with a connected device. This information is then stored in a HIPAA-compliant cloud and may be combined with additional data from partners or others as described in this document. The combined or uncombined data may be analyzed for trends and insights into this disease as well as study or trial-specific aims.
• Geolocation Data: we may collect this data, after you opt-in, for epidemiological tracking of the spread of disease.
We may collect and use mobile device identifiers, IP addresses and session identifiers to analyze trends, to administer a Medable App, to track user activities, to infer user interests, and to otherwise gather information about individual users and market segments. We may also collect and store certain other personally non-identifiable information. This information is collected passively using various technologies, and cannot presently be used to specifically identify you.
IV. How We Use Your Information
We may use your Personal Information and other data we collect from you when you register, access, view, or use ACCESS in the in the following ways:
• To verify and validate your identity.
• To personalize your ACCESS experience and to allow us to deliver the content.
• To better understand your needs and how we can improve the ACCESS App.
• To administer a survey or other ACCESS App feature(s).
• To troubleshoot problems with the ACCESS App.
• To enforce our rights (including protecting our intellectual property), and to detect and
protect against error, fraud and other unauthorized or illegal activities.
• To respond to any of your subsequent requests.
• To recontact you for future health-related initiatives, including but not limited to
research participation opportunities, information about this or other Medable studies,
and philanthropic causes to support your local communities and research institutions.
• To provide any legitimate business service.
We may also de-identify and aggregate your Personal Information for our own purposes. Aggregated Data is information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified. De-identified Information is information that has been stripped of your identifiers, such as your name, contact information, and any other identifying data, such that you cannot reasonably be identified as an individual. We reserve the right to share Personal Information in response to duly authorized information requests of any law enforcement agency, court, regulator, government authority or other third party, where we believe such disclosure is necessary to comply with a legal or regulatory obligation, to prevent the unauthorized or illegal use of a our App, or to prevent or detect a crime.
V. How We Communicate with You
When you send email or other communications to Medable, we may retain those communications in order to process your inquiries, respond to your requests, and improve
our App, our studies, trials and related products and services. When you send and receive messages, we may collect and maintain information associated with those messages. We may also send you service-related announcements on rare occasions when it is necessary to do so. For instance, if our App is temporarily suspended for maintenance, we might send you an email or text. Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account. Based upon the Personal Information you provide us, we may send you a welcome email to verify your username and password. We will communicate with you in response to your inquiries, to provide the services you request and to manage your account. We will communicate with you by email or telephone, in accordance with your preference.
VI. We May Disclose Your Personal Information to Certain Outside Parties
You understand and agree that we can disclose your Personal Information and other data to third parties, as follows:
• To our subsidiaries or affiliates, strategic partners and to third parties we engage to provide services on our behalf, such as web site hosting companies or companies who send communications to you on our behalf. Our agreements with these third parties require them to protect this data and prohibit these parties from using your Personal Information for any other purpose.
• To third parties who are involved in conducting our studies and trials, including investigators, clinical research organizations, IRBs, government regulatory agencies who may need access to Personal Information to ensure the studies are being conducted in accordance with law, and research institutions.
• To potentially share your information with other qualified third parties (e.g. researchers) consistent with the purposes herein.
• In the event of the sale or transfer of Medable, of one or more of our business units or of some or all of our assets, or in the context of some other business acquisition transaction.
• In response to a subpoena or court order, or a request from a law enforcement or other government agency; to establish or exercise our legal rights, or to defend against claims; or to protect the safety or security of the public or of users of a Medable App or study participants.
Medable does not currently use tracking cookies. Cookies are small data files that a site or its service provider transfers to your computer’s hard drive or mobile device through your Web browser that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. Although cookies do identify a user’s device, cookies do not personally identify users. Additionally, mobile device’s may use other tracking files which are similar to cookies. For example, iOS devices use Apple’s “identifier for advertisers” (IDFA) and Android devices use Google’s Android ID. In the context of tracking within an App, the concept of a cookie will include an IDFA and an Android ID. We may, however, use secure cookies for session management, (“Session Cookies”), but Session Cookies do not collect or store Personal Information and are only temporary. Information gathered by Session Cookies is not retained after the browser is closed. In the future, if we choose to use tracking cookies, we will update this policy with information on the types we use and how we use them.
VIII. “DO NOT TRACK”
Our Medable Apps currently do not respond to “Do Not Track” (DNT) signals.
IX. SAFEGUARDING YOUR PERSONAL INFORMATION
We follow generally accepted industry security standards to safeguard and help prevent unauthorized access and maintain data security of Personal Information. However, no commercial method of information transfer over the Internet or electronic data storage is known to be 100% secure. As a result, we cannot guarantee the absolute security of any Personal Information submitted to or otherwise collected during your use of the ACCESS App. Accordingly, you understand and agree that you transmit all data, including Personal Information, to us at your own risk.
X. RETENTION OF YOUR PERSONAL INFORMATION
In accordance with our record retention policy, we will store your Personal Information for as long as we have a relationship with you or believe it is necessary to carry out the purposes for which we collected it, or to comply with applicable laws, rules or regulations. Under our record retention policy, data will be destroyed at a future date that is dependent upon the study or trial consent form or the purposes for which the data was collected. To request that your Personal Information be deleted from our databases, please contact us as listed below.
XI. YOUR RIGHTS OVER YOUR PERSONAL INFORMATION
You may have certain rights regarding Your Personal Information, subject to local
law. These include the following:
• Right to access your Personal Information.
• Right to rectify the information we hold about you.
• Right to erase your Personal Information.
• Right to restrict our use of your Personal Information.
• Right to object to our use of your Personal Information.
• Right to receive your Personal Information in a usable electronic format and transmit it to a third party (right to data portability).
• Right to lodge a complaint with your local data protection authority, if one exists in your state.
We encourage you to contact us to update or correct your Personal Information if it changes or if the Personal Information we hold about you is inaccurate. Please note that we will likely require additional information from you in order to honor your requests.
Please note that should you request that your Personal Information be deleted, you may continue to receive materials for a short period while we are updating our lists. Your records will then be permanently deleted from our systems, other than information where you have been screened or participated as a clinical trial volunteer in which case such information may continue to be processed in connection with the clinical trial.
XII. CONTACT US
If you have any questions or concerns regarding the way in which your Personal Information is used, please contact us at firstname.lastname@example.org or via mail at:
Attn: Data Protection Officer
525 University Ave, Ste A70
Palo Alto, CA 94301