Last Revised: March 30, 2021
This Privacy Statement applies to your use of the Medable.com websites (the “Sites”) as well as certain Medable Services (the “Services”).
If You participate(d) in a study or trial, please see the privacy statements in Your specific study or trial for more information or contact Your study sponsor or investigator for assistance.
Please note that some Medable Applications are subject to their own specific Privacy Statements, which are linked either in the Application or the applicable app store.
This Privacy Statement is designed to inform you of the information we gather as part of your use of the Sites and Services where Medable is the data controller. If you have any questions or concerns regarding this Statement, or wish to exercise an access, data portability, or deletion right, please see the section “Exercising Access, Data Portability, and Deletion Rights” below for more information.
By accessing or using the Sites or Services, you acknowledge your acceptance of the practices described in this Privacy Statement and consent to our processing of your information as set forth in this Privacy Statement.
1.0 CHANGES TO THIS PRIVACY STATEMENT
Medable, Inc. (“Medable” or “We”) may modify this Privacy Statement from time to time. The date of any revisions will be displayed at the top of this Privacy Statement.
2.0 MEDABLE’S PLATFORM, CUSTOMIZED APPLICATIONS, AND SERVICES
Please note that Medable supplies its Customers with Applications and Services, particularly for purposes of clinical trials and healthcare research. When you use Medable Services as part of your engagement with a Medable Customer, you will be subject to a Privacy Statement issued by that Medable Customer. In such instances, Medable acts as a data processor, working on behalf of that Medable Customer (the data controller). Please see the Medable Privacy Center at: https://www.medable.com/privacy for more information.
3.0 TYPES OF INFORMATION MEDABLE COLLECTS
As part of your use of the Sites and Services, We may collect:
4.0 HOW MEDABLE USES PERSONAL INFORMATION
Personal Data which we collect via the Sites and Services for a particular purpose will only be retained and used for that purpose, unless you have agreed to allow us to use it for additional purposes as described in this Privacy Statement.
Generally, We will use Personal Data and other information we collect from you to:
5.0 HOW MEDABLE SHARES PERSONAL INFORMATION WITH OTHERS
When you have provided Personal Data to us for a particular purpose, we may disclose your information to other companies that we have engaged to assist us in fulfilling your request. This may include, but is not limited to fulfillment houses, billing services, transaction managers, credit verification services, and other third-party service providers. We may also disclose any of your Personal Data to law enforcement or other appropriate third parties in connection with criminal investigations, investigation of fraud, infringement of intellectual property rights, or other suspected illegal activities, or as otherwise may be required by applicable law, or, as we deem necessary in our sole discretion, in order to protect the legitimate legal and business interests of Company.
We sometimes share general, demographic, or aggregated (non-identifiable) information with third parties about our user base, but that information does not include any Personal Data.
Your Personal Data may also be disclosed if Company assigns all of its rights and obligations regarding the use of your Personal Data at the time of a bankruptcy, merger, acquisition, sale of all or substantially all of Company’s assets to a subsequent owner or operator, or similar event.
To the extent we collect any aggregated anonymous information, we may share that information and information derived from the aggregated anonymous information with our business partners.
6.0 HOW MEDABLE SECURES PERSONAL INFORMATION
Medable implements physical, administrative, and technical safeguards designed to protect your personal information from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. We contractually require that our suppliers implement similar measures designed to protect personal information from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. No online service can ever be 100% secure, and as a result we do not guarantee the security of any personal information you provide.
The Medable Sites, and some services and advertisements on the Sites, may contain “cookies.” A cookie is a piece of data that is sent to your browser, which will store the cookie on your computer if your browser is enabled to accept cookies.
Most internet browsers will allow you to erase cookies from your computer hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You should refer to your browser instructions or “Help” screen to learn more about how to manage cookies. Please note, however, that if you block cookies, some portions of the Site and services may not function properly.
We do collect general, aggregated, demographic, and non-Personal Data using cookies and automated means (this includes technical information about your session with our website, such as your browser version and IP address, as well as information about your use of our website, such as how you navigate it and how long you spend viewing it). We will not seek to identify you through cookies or other means without your consent. This type of anonymous, aggregated profiling and session data may also include information that you have provided to us through surveys, polls, etc., but will not be tied to any Personal Data, without your consent.
You can manage your preferences in relation to Cookies and Automated Tracking on the sites by clicking in the shield icon on the bottom left of this webpage.
8.0 CHILDRENS PERSONAL INFORMATION
The Sites and Services are not intended for anyone under the age of eighteen. Medable does not knowingly collect information from children under the age of eighteen unless we have obtained consent from a parent or guardian or such collection is subject to a separate agreement with us which specifically provides for us to obtain such information. If you believe your child’s personal information has been collected by Medable in error, please contact us at email@example.com.
9.0 DO NOT TRACK
The Website does not support Do Not Track at this time. Do Not Track (DNT) is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For all the details, including how to turn on Do Not Track, visit donottrack.us.
10.0 SPECIAL NOTICE TO CALIFORNIA RESIDENTS – YOUR CALIFORNIA PRIVACY RIGHTS
The California Consumer Privacy Act (the “CCPA”) provides California residents the right, once a year, to receive information about third parties with whom Medable has shared information about you for its marketing purposes during the previous calendar year, and a description of the categories of personal information shared. To make such a request, please send an email to firstname.lastname@example.org and please include the phrase “California Privacy Request” in the subject line, and provide your name, address and email address. Medable will respond to you within thirty days of receiving such a request.
10.1 Medable does not sell consumer data for monetary or other valuable consideration.
If you are a California Resident, you may have additional rights under the California Consumer Privacy Act (the “CCPA”). These include:
11.0 SPECIAL NOTICE TO UK AND EU RESIDENTS
Residents of the EU and UK may be entitled to additional privacy rights consistent with the General Data Protection Regulation (GDPR).
Please email email@example.com (or connect via the alternative methods listed in the “CONTACT US” section below) with any questions or concerns regarding the processing of your personal data.
If Medable’s processing of your personal data is covered by UK or EU law, you can also lodge a complaint with the corresponding data protection supervisory authority in your country of residence. You can find the relevant EU supervisory authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm and the UK supervisory authority contact details under https://ico.org.uk/global/contact-us/.
11.1 International Transfers, Processing and Storage of Personal Information.
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates and third parties that are based in other countries. This means that your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate data processing agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulator. Where required by applicable law, we will only share, transfer or store your Personal Data outside of your jurisdiction with your prior consent.
11.2 Exercising Personal Data Access, Portability, and Deletion Rights.
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at firstname.lastname@example.org (or connect via one of the alternative methods listed in the “CONTACT US” section below).
To fulfill your request, please:
We cannot complete your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a request to verify the requestor's identity and/or authority to make the request. We may refuse to act on requests that are insufficiently substantiated, unfounded, or excessive.
12.0 CONTACT US
Medable’s Corporate Headquarters
Medable Privacy Team
525 University Avenue
Palo Alto, CA 94301
Medable’s Article 27 Representative for the European Union
Lionheart Squared (Europe) Ltd.
2 Pembroke House
Upper Pembroke Street 28-32
Dublin, D02 EK84
Republic of Ireland
Medable’s Article 27 Representative for the United Kingdom
Lionheart Squared Limited
Attn: Data Privacy
17 Glasshouse Studios
Fryern Court Road
Hampshire, SP6 1QX