Sign In
Book a demo

Privacy Policy

 
Last Updated: 21 Nov 2023
 
This Privacy Policy applies to your Personal Data when you use the Platform and Services or visit trialhub.com. Please, take the time to read it carefully. We want you to be clear how we use your information and the ways in which you can protect your privacy.
 

1. WHO USES YOUR INFORMATION

The company that uses your information is: FINDMECURE LTD. – a company incorporated under the law of England and Wales, registered into the Registrar of Companies for England and Wales under company number 10821379.

Contract person for privacy matters:

It is important to note that FindMeCure may act both as a Data Controller and Data Processor. The Security and Privacy Section in the Terms of Use as well as the Data Processing Agreement attached thereto settle the cases where FindMeCure is the Data Processor and the Customer is the Data Controller. For the avoidance of any doubt, this Privacy Policy applies to FindMeCure acting as Data Controller.

2. PERSONAL DATA WE COLLECT AND HOW WE USE IT

Personal data is data that describes and is linkable to someone as a person. We collect some personal data in order to provide the services to all our Customers.

We may process the following personal data for the following purposes:

      • Email addresses – these are necessary for providing demo access of our Services to any stakeholders, authenticating the Customers/Authorised Users before allowing their access to the Platform and the Services, as well as for providing technical support, newsletters and notifications on the scope of our Services, their update, upgrade, amendment, new releases, development and/or termination.
      • Phone numbers – provision of a phone number is optional. If the Customer has opted to provide a phone number, it shall be used for providing technical support and communicating conditions in respect to the Services.

Data processing activities, listed above, are necessary for the performance of the agreements with our Customers. We also process the above data to provide you with information about the latest updates on features and developments of the Platform. All such notifications shall be strictly service-related. We shall not be using your contacts to promote third-party products or services

3. METHOD OF COLLECTION

Each Authorised User provides personally the Personal data, entered or uploaded to the Platform. Customers and Authorised Users are not allowed to enter third party personal data or provide such data to be entered by us in the respective account, including sign up a third party using their email address, without due authorization by such third party. We do not monitor or control the content, entered or uploaded by Authorised Users. It is the Customer’s and each Authorised user’s responsibility to provide and guarantee that the personal data processing activities, performed by the Customer and Authorised User with the Platform are compliant with the requirements of the applicable Data Protection Legislation.

4. SECURITY MEASURES

We take appropriate technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is only accessible by only those who need access to do their job, and that they are properly trained and authorised. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.

5. PROCESSORS AND PROCESSING OUT OF EU

For providing quality Services we engage third-party service providers – processors, carefully selected according to their capacity for personal data protection and processing in compliance with our obligations under the applicable data protection legislation. We provide personal data to our processors to process it for us only based on our instructions and only in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. We do not sell or disperse your personal data otherwise.

We might transfer data we collect from you to persons/legal entities (‘Recipients’) outside the European Economic Area (‘EEA’) and the UK. When we do such transfers to third countries, we do so in accordance with the terms of this Privacy Policy, the UK and the EU data protection rules, in particular with the GDPR and the UK-GDPR. This may include (i) the transfer of data to Recipients located in countries, territories or part of specified sectors within such countries that are recognized as ensuring an adequate level of protection of the natural persons concerned; (ii) transfers pursuant to data transfer agreements that incorporate the Standard Contractual Clauses approved by the EU Commission/Commissioner; or (iii) derogations for specific situations provided for in the UK and the EU data protection law, etc.

  • Hubspot, USA (Massachusetts)
  • Intercom, USA (California)
  • SendGrid, USA (Colorado)
  • OpenAI, USA (California)
  • Slack, USA (California)
  • Segment, USA (California)
  • Amplitude, USA (California)
  • June, USA (Delaware)
  • SmartLook, EU (Czechia)
  • Microsoft, EU (Ireland)
  • Google, EU (Ireland)
  • Typeform, EU (Spain)
In addition to the aforementioned measures, we want to explicitly clarify our stance on the use of data within our TrialHub IQ platform. It is important for our users to know that TrialHub IQ does not incorporate a learning component that utilizes user queries to enhance or modify its knowledge base. This means that any queries submitted through TrialHub IQ are not used to train or inform any Large Language Models (LLMs) such as GPT or similar technologies.

We utilize these Large Language Models via secure API connections, ensuring that all interactions are governed by stringent confidentiality protocols and the highest security standards. This approach aligns with our commitment to data privacy and security, as outlined in our Privacy Policy. For more detailed information about our data handling practices in this context, please refer to the OpenAI Enterprise Privacy Framework (https://openai.com/enterprise-privacy), which provides comprehensive insights into the secure and private use of advanced AI models.

6. INFORMATION WE SHARE

We do not share personal information with companies, organisations, and individuals. We may share some information regarding clinical trials with third parties, but such information shall be anonymized and no third party shall receive individualised information about you and your projects. We may also share non-personally identifiable information publicly and with our partners. For example, we may share information publicly to show trends in the general use of our Services.

We may share data in case one of the following circumstances applies:

  1. With your consent – we will share personal information with companies, organizations or individuals when we have your consent to do so.
  2. For making some services possible – to third-party processors, as described above.
  3. For legal reasons – we will share personal information with companies, organizations, or individuals, if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
    1. meet any applicable law, regulation, legal process, or enforceable governmental request.
    2. enforce the applicable Terms of Use, including investigation of potential violations.
    3. detect, prevent, or otherwise address fraud, security, or technical issues.
    4. protect against harm to the rights, property, or safety of our company, our users, or the public as required or permitted by law.

7. MINORS

We provide services to and allow our Platform to be used only by persons aged 18 and over. If aged under 18, please ask for the assistance of a person aged at least 18 in order to use our Services. If we obtain actual knowledge that we have collected personal data from a person under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data. Please contact us if you believe that we have mistakenly or unintentionally collected information from a person under the age of 18.

8. DATA DELETION

In general, we process data while the Customer is using our services and 12 months after terminating the account with us in order to prevent loss of data and compliance with applicable legislation, also to resolve disputes and enforce our agreements, or to the extent permitted by law.

9. DATA WE COLLECT FROM THE PUBLIC DOMAIN

In our platform we may present data, made publicly available on the following websites:

  • https://clinicaltrials.gov/
  • https://www.who.int/clinical-trials-registry-platform

These websites provide information on experts and investigators in different fields of clinical trials, such as:

  • Name and title
  • Country
  • State
  • City
  • Email
  • Phone
  • Affiliated Sites – health institutions where the person has conducted clinical trials

We may present this data on our Platform, after it has been made public by the respective websites, in order to facilitate easy access to such data for informational purposes only. We have not collected such data from the respective individuals, but from third parties, as quoted above.

Information will be visible only to Authorised Users of our Platform for information purposes. Authorised Users are advised not to use such data without following the requirements of GDPR and UK-GDPR and observing the rights of the data subjects.

We shall periodically update the date when it has been updated on the respective websites, quoted above.

Data shall be supported on our Platform until we receive a request from the respective data subject to delete it or when there is another legal ground for deletion of such data.

All data subjects have the rights under the applicable data protection legislation as stated below in the section “YOUR RIGHTS”, including the right to require at any time their data to be removed from our Platform.

10. NON-PERSONALLY IDENTIFIABLE INFORMATION

Content that does not personally identify you (“Non-Personal Identifiable Information”), may be collected in the following ways:

      • Information that your browser sends when you visit a website or online service (“Log Data”). This Log Data may include, but is not limited to, your approximate location, browser type, the web page you were visiting before you access the Service, and information you search for using the Service.
      • Like many services, our site uses “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service, and to monitor web traffic routing and aggregate usage of the Service. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit. If you do not accept cookies, however, you may not be able to use all portions or all functionality of the Service.
      • We may use automated devices and applications, such as Google Analytics, to evaluate the usage of the Service. We use these tools to help us improve the Service, performance, and user experience. We may also engage third parties to track and analyse Service data or provide other services on our behalf. Such third parties may combine the information that we provide about you with other information that they have collected. This Policy does not cover such third parties’ use of the data. For more information and adjustments to these options you must go to the control panel of your Google account.

11. YOUR RIGHTS

You have the following rights regarding the processing of personal data:

  • Right of information. This Policy aims to inform you in detail about the processing of your personal data by FindMeCure Ltd.
  • Right of access. You are entitled to receive confirmation of whether your personal data are being processed, to receive access to such data, as well as information about the processing and your rights.
  • Right of rectification. You are entitled to have your data rectified in case it is incomplete or inaccurate. Your data may be rectified by us upon your request.
  • Right of erasure. You have the right to ask for your data to be erased where one of the respective grounds provided by the GDPR/UK-GDPR applies. Please note that after deleting your data, you shall not be able to use the Services adequately. You have the right to delete data in a manner consistent with the functionality of the Services if such deletion is in accordance with the GDPR/UK-GDPR. We will comply with this instruction as soon as reasonably practicable and within a maximum period of 30 days unless the applicable data protection legislation requires storage. Please note that we may keep some of the personal data for legitimate business or legal purposes or be required (including by contract or law) to keep certain information and not delete it (or to keep this information for a certain time, in which case we will comply with the deletion request only after we have fulfilled such requirements).
  • Right of restriction of the processing. The GDPR and the UK-GDPR provide for the possibility of restricting your personal data processing in case there are grounds for this as set forth therein.
  • Right of data portability. You have the right to receive the personal data you have provided, and which are related to you in a structured, commonly used, machine-readable format, and to use such data with another controller at your discretion, if the conditions provided for in the GDPR and the UK-GDPR are present.
  • The right not to be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning you or similarly significantly affects you unless there are grounds provided for in the applicable data protection legislation, as well as appropriate safeguards to protect your rights, freedoms and legitimate interests.
  • Right to withdraw consent. You have the right to withdraw at any time your consent for personal data processing that is based on prior given consent. Such withdrawal shall not affect the lawfulness of the processing based on consent before its withdrawal.
  • Right to object. You have the right to object, with respect to data processed, based on legitimate interest. In the event of such an objection, we will examine your request and, if justified, we will comply with it. If we believe there are enough legal grounds for the processing or where necessary for establishing, exercising, or defending legal claims we will inform you accordingly. You have an absolute right to object to personal data processing for marketing purposes.

12. SUPERVISORY AUTHORITY

If you think we have infringed your privacy rights, you can lodge a complaint with the respective supervisory authority: The Bulgarian Commission for personal data protection (www.cpdp.bg) or the UK Information Commissioner’s Office (https://ico.org.uk/).

You can also lodge your complaint in particular in the country where you live, your place of work, or place where you believe we infringed your right(s).

13. CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

CCPA defines Personal Information to include information that can identify, relate to, describe, be associated with, or be reasonably capable of being associated with a particular consumer or household.

Personal information we collect and how we use and share it
Our receipt and collection of any consumer personal information is made in order for us to provide our services.

The personal information we have collected from consumers in the last 12 months and, for each category of personal information collected, the categories of sources from which that information was collected, the business or commercial purposes for which the information was collected, and the categories of third parties with whom we shared the personal information, are described above in Sections “PERSONAL DATA WE COLLECT AND HOW WE USE IT”, “METHOD OF COLLECTION” and “PROCESSORS AND PROCESSING OUT OF EU”.

Sale of personal information
We do not sell your Personal Information.

Your rights and choices
CCPA provides consumers with specific rights regarding their personal information:

  • The right to know about the personal information we collect about you and how it is used and shared;
  • The right to delete personal information collected (with some exceptions);
  • The right to opt-out of the sale of your personal information; and
  • The right to non-discrimination for exercising their CCPA rights.

This means that you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. In addition, you have the right to ask us to delete personal information collected from you, subject to certain exceptions, e.g. when keeping the information is necessary for us to:

  • Complete the transaction for which we collected the personal information;
  • Provide a service that you requested or otherwise perform our contract with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for these activities; identify problems and repair them;
  • Comply with our legal obligations under other laws or exercise any of our legal rights;
  • Make other internal and lawful uses of that information that are compatible with the purpose for or the context in which you provided it.

We cannot discriminate against you for exercising a CCPA right.
To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/privacy-laws and https://oag.ca.gov/privacy/ccpa.

Consistent with California law, if you choose to exercise your applicable CCPA rights, we won’t charge you different prices or provide you with a different quality of services. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your personal information, we will not do so unless the benefits to you are reasonably related to the value of the personal information that you provide to us.

Exercising your rights
To exercise your rights under the CCPA, you may submit a request to us using the contact details provided in Section “WHO USES YOUR INFORMATION”.

Scroll to Top