Advarra, Inc., doing business as Advarra®, and any of our subsidiaries or affiliates (collectively, “Advarra”), provide this policy so that you can understand how we collect information from you, what information we collect, and how we use the information you provide.
- Information we collect.
- How we use information.
- How we share information.
- What rights you have in relation to your information.
- Information security.
- Website Visitors: Opt-out and Do Not Track.
- How to contact us.
1. Information we collect.
(a) Personal Information You Share With Us. We collect different types of Information about you when you interact with us, such as by visiting our Sites or using our Services. When you register or create an account anywhere on the Sites or when using our Services, we may collect any or all of the following information, (i) your name, (ii) home or business address, (iii) professional information, including specialty or nature of concern, (iv) organization with whom you are affiliated and its address, and (v) your email address. We may also collect Personally Identifiable Information when you contact us or send inquiries through the Sites or via email. This includes one or more of any combination of your: name, e-mail address, and home address. When you contact us for any reason, we may ask you to provide or confirm certain Personally Identifiable Information so that we can better respond to your inquiry.
Children’s Privacy. The Sites are designed for adults. These Sites are not designed to attract minors, in particular children under the age of 13. We do not knowingly collect information from anyone under the age of 13. Children should always get permission from their parents before sending any information about themselves (such as their names, email addresses, and phone numbers) to anyone over the Internet.
(b) Information automatically collected. When you visit the Sites, we may automatically record information that your browser sends whenever you visit a website. For example, we may receive and collect: the name of the domain and host from which you access the Internet; the Internet Protocol (IP) address of the computer you are using; the date and time you access the Sites or make uploads or post to the Sites; and the Internet address of the website from which you linked directly to the Site. This Information does not include any Personally Identifiable Information and we refer to this information as Non-identifiable Information. We use this Non-identifiable Information to monitor the usage of the Sites and to understand how to better serve our users.
The most common mechanisms for collecting this Information include:
- Service Analytics
- Pixel tags or clear Graphics Interchange Format files, known as GIFs
Cookies: Cookies are small files that are sent to your computer’s hard drive to tell us who you are when you are using the Site. Cookies help us to: (1) associate you with your account and enable you to update and modify your account; (2) speed navigation; (3) remember information you gave us so that you do not have to re-enter it; and (4) count the total number of visitors and pages viewed. Browsers are typically set to create cookies automatically. You can choose to have your browser notify you when cookies are being written to your computer or accessed, or you can disable cookies entirely. If you disable cookies, however, you may not be able to create an account on the Site. Also, by not using cookies, some features and services on the Sites may not function properly.
Service Analytics: From time to time, we may work with one or more third party service provider to help us better understand how you use the Site. The service provider may place cookies on your computer to collect information. The information that is collected will tell us things like which search engine referred you to the Site, how you navigated around the Site, how quickly we helped you to enter account information, and what Content you viewed. This information will help us to better serve you. We will not grant permission to the third-party service provider to collect your e-mail address or password information. The third-party service provider will be restricted to use your information to perform services for us, securely and in confidence, except they may be permitted to use the information on an aggregate, non-personally identifiable basis.
Pixel tags or clear GIFs: To help us understand the effectiveness of certain of our communications, we may use “message format” and “message open” sensing technologies that use pixel tags or clear GIFs (which are also called web beacons). These technologies allow us to know if your e-mail program is able to accept HTML e-mails and, if it is, to: (1) send you e-mails in that format; and (2) determine if you have opened our e-mail messages.
Information you provide through online blogs, reviews and community sources. In addition to the information described above, from time to time we may provide you with the ability on the Sites to create your own content and share your opinions and reviews with others viewing the Site. You may choose to post Information as part of a blog or online interactive community. Because any Information you choose to post on the Sites or make visible via social media will be available on the internet, we can make no assurance that others will not use or misuse that information.
(c) Information we receive from other sources. As part of the Services Advarra offers to its clients, these clients may provide information about you. We may also receive information from vendors that provide additional information. The transfer of this information is governed by a separate written agreement with the Client or Vendor to address applicable legal requirements for data use and data security involving the transfer of data between us and the client. This information includes, but is not limited to:
- Personal or business contact information (such as name, address and email address, social media, name of your company or department, and your business function or title);
- Demographic information (such as age, gender, etc);
- Professional Information (such as work history, education, and other professional credentials)
- Financial Records (such as information provided to our Clients as part of a financial disclosure process); and
- Health Information (such as patient records or researcher’s notes. Any health information that we collect from other sources will be transferred to us under a separate written agreement to address applicable legal requirements for data use and data security and protection.
2. How we use Information.
We use the Information collected to provide our Services to Clients. We also use the Information we collect to maintain and improve our Services. Further, we may use Information collected to offer or advertise new products and services.
Finally, we collect your Information to provide you with easy access to the Site. We use the Information to fulfill your online requests, provide services, facilitate customer service, and inform individuals of our products, services and events that may be of interest to. Your Information also allows us to communicate with you about the Sites, Services, and the Content.
We use or may use your Information to:
- Perform our contractual obligations with Clients who make use of our Services;
- Conduct research and perform analyses in order to measure, maintain, protect, develop and improve the Site, our services and products, and the Content provided through the Site;
- Provide analytical related products and services to our Clients
- Make communications necessary to notify you regarding the products or services that you have purchased, security, privacy, or administrative issues;
- Communicate with you about information or Content you have posted to the Site; or
- Administer assessment tools and surveys, where participation is completely voluntary, and you, therefore, have a choice whether or not to disclose any information requested in connection with the assessment tool. Information requested may include contact information (such as name and email address), and demographic information (such as zip code, years of professional or clinical experience), among other information.
3. How we share Information.
We may share, sell or rent your Non-identifiable Information with: (i) our Clients, (ii) third parties through scholarly publications relating to the Sites and its subject matter, (iii) reputable service providers, subcontractors, vendors and agents who perform services on our behalf, and (iv) third parties who may benefit from the study or use of such information.
We may share any of your Information, which includes your Personally Identifiable Information, with third parties as follows:
- Law Enforcement Officials and as Required by Law.We may release any or all of your Information to third parties when we determine, in our judgment, that it is necessary to (a) comply with the law, regulation, legal process, or enforceable governmental request; (b) enforce or apply the terms of any of our policies or user agreements; or (c) protect the rights, property or safety of us, our employees, our users, or others.
- Sales, Mergers, and Acquisitions. If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, or other business transaction, your Information may be provided to the entities and advisors involved, and your Information may be transferred to a third party in connection with consummation of any such transaction.
- Other Advarra Business Units. Information may be provided to other Business Units in Advarra’s offices than the Business Unit that initially collected or received the Information.
- The Sponsor/CRO Study Team, Affiliates, or Other Authorized Study Vendors. We may share data with the sponsor/CRO study team who are overseeing the clinical study, or with other vendors that they have authorized to receive this information. For example, the study team will have access to the training records of clinical sites, as well as other high-level and anonymized metrics reports (number of patients screened, number of video views, etc.)
- Clients. Aggregated information may be provided to clients as part of a data analytical related product or service.
- Third-Party Processors/Vendors. We use some third-party vendors in support our services and in order to provide these services we are required to share data with these processors/vendors.
Certain links through the Sites may link to organizations located in or with facilities that are located in a different jurisdiction than either you or us. If you elect to link to a third-party’s website, then your Information may become subject to the laws of the jurisdiction(s) in which that third party or its facilities are located. As an example, if you are located in Canada and you link to a website in the United States, then your Information collected through that website may be subject to disclosure under United States legislation, including the Patriot Act.
4. What rights you have in relation to your information.
If you are interacting with the Sites from outside the United States and provide us with any Information, please note that your Information will be transferred, stored and processed within the United States. The data protection laws in the United States may not be as comprehensive as those in your country. By interacting with the Site, you are consenting to the transfer of your Information to facilities located in the United States and other facility locations that we select.
Rights to your personal information if you reside in the EEA, UK, or Switzerland
If you reside in the European Economic Area (EEA), the United Kingdom, or Switzerland, our use of your personal information is governed by the European Union’s General Data Protection Regulation, or “GDPR” or applicable EEA, UK or Swiss national laws. These grant you particular rights in your personal information, including the right to alter, correct, receive, or delete personal information processed by Advarra, subject to our business interests and any legal requirements we may face.
Those in the EEA, UK, or Switzerland have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.
In addition to the choices described above you also have the following rights under the European General Data Protection Regulation (“GDPR”) if you are accessing the Services in Europe:
- Right of access to your Personal Data (Art. 15 GDPR): You have the right to ask us for confirmation on whether we are processing your Personal Data, and access to the Personal Data and related information on that processing (e.g., the purposes of the processing, or the categories of Personal Data involved). “Personal Data” is defined in the GDPR as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
- Right to rectification (Art. 16 GDPR): You have the right to have your Personal Data corrected, as permitted by law.
- Right to erasure (Art. 17 GDPR): You have the right to ask us to delete your Personal Data, as permitted by law. This right may be exercised among other things: (i) when your Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is based on your consent and where there is no other legal ground for processing; (iii) when you object to processing which is necessary for our legitimate interests (pursuant to Art. 21 (1) GDPR) and there are no overriding legitimate grounds for the processing, or when you object to your Personal Data being used for direct marketing purposes (pursuant to Art. 21 (2) GDPR); or, (iv) when your Personal Data has been unlawfully processed.
- Right to restriction of processing (Art. 18 GDPR): You have the right to request the limiting of our processing under limited circumstances, including: when the accuracy of your Personal Data is contested; when the processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of the use of your Personal Data instead; (and, when you have objected to processing which is necessary for our legitimate interests (pursuant to Art. 21 (1)) GDPR pending the verification whether the legitimate grounds of Advarra override your grounds.
- Right to data portability (Art. 20 GDPR): You have the right to receive the Personal Data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
- Right to object (Art. 21 GDPR): You have the right to object to our processing of your Personal Data, as permitted by law. This right is limited to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or processing which is necessary for the purposes of our legitimate interests (Art. 6 (1) (e) or (f) GDPR), and includes profiling based on those provisions, and processing for direct marketing purposes.
Contacting us to exercise your rights and with any questions
If you need help or wish to exercise any of the above rights or have questions about them, please email us at firstname.lastname@example.org.
We will consider all such requests and provide our response as soon as we can. Please note, however, that in certain circumstances that some personal information may be exempt from such requests if we need to keep processing your personal information for our legitimate interests, to protect the privacy of others, or to comply with a legal obligation. Please note that we may request you provide us with information necessary to confirm your identity.
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Transfers of your personal information outside of the European Economic Area
Advarra is based in the United States and we process and store information in the U.S. Therefore, we and our service providers will store and access your personal information in the U.S. The U.S. may not provide equivalent levels of data protection as regulated in your home jurisdiction.
In such instances, whenever your personal data is transferred to countries outside of the EAA, UK or Switzerland, we will ensure that at least one of the following safeguards is in place:
- The country is one that the European Commission have approved as providing an adequate level of protection for personal data;
- The transfer is subject to a specific derogation in the GDPR or national laws;
- Through the use the standard contractual clauses as the transfer mechanism when a case-by-case analysis has been performed; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data substantially similar protection as in the UE, EEA or UK.
If you reside in California, our use of your information is governed by California law, including the California Privacy Protection Act (CCPA). This section applies only to California residents.
CCPA: Personal Information Collected and Purposes of Use
We collect and use information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your devices when you visit our Websites, provide us your personal information, or have a contractual or business relationship with us or any of our customers, (“Personal Information”).
We collect Personal Information for the purposes identified in the section above called: “Information we collect”. We may have shared your Personal Information with the categories of third parties identified in the section above called: “How we share Information”.
In these arrangements, the use of the information we share is limited by policies, contracts, or similar restrictions. Certain information we collect may be exempt from CCPA because it is considered public information or it is covered by a federal privacy law, such as the Health Insurance Portability and Accountability Act.
CCPA: Your Privacy Rights under California Law
Californians have the following rights regarding the collection and use of your personal information. We may ask you to provide additional information to verify your request. Californians have the right to request the information regarding the personal information we have collected, sold, or disclosed about you. You have rights to information on:
- Categories of personal information collected about you, and sources from which collected;
- Our purpose for collecting personal information;
- Categories of third parties with which the personal information was shared; and
- Specific pieces of personal information collected about consumers.
- Categories of your personal information sold in the preceding 12 months;
- Categories of third parties to whom your personal information has been disclosed;
- Categories of personal information that we disclosed about consumers for a business purpose.
If this Policy does not answer your questions, then you have the right to contact us and request further information on each of these topics.
Right to Opt-out
Californians have the right to opt-out of sharing, disclosure, or sale of your Personal Information. To exercise this right, you or your authorized representative may submit a request by contacting us at email@example.com or 6100 Merriweather Drive, Suite 600, Columbia Md 21044
Right to Request Deletion
Californians have the right to request that we delete the personal information we have about you. However, we are not required to delete information if it is necessary to retain your information to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by you, or a transaction reasonably anticipated within the context of our or one of our affiliate’s ongoing business relationship with you, or to otherwise perform a contract we have with you, or
- Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity or prosecute those responsible for that activity, or
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law, or
- Facilitate solely internal uses that are reasonably aligned with your expectations based on your relationship with us or one of our affiliates, or
- Comply with a legal obligation, or
- Otherwise use the personal information, internally, in a lawful manner that is compatible with the context in which it was provided.
CCPA: Contact Us
You can contact us with questions about this Privacy Notice for California Residents or to exercise your rights as described in this Notice.
Email: firstname.lastname@example.org with “Request for California Privacy Information” in the body and subject line of the email
If you reside in Nevada, our use of your information is governed by Nevada law. This section applies only to Nevada residents.
Personal Information Collected and Purposes of Use
- We collect certain personal information of Nevada consumers as identified in the section above called: “Information we collect.”
- We collect this personal information for the purposes identified in the section above called “How we use information”
Your Privacy Rights
You have the right to access and correct your personal information or opt-out of the sale of personal information. If you would like to review, correct, or update your personal information, you or your authorized representative may submit your request via email. We will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) days after receipt.
If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.
We generally do not disclose or share personal information for profit. Under Nevada law, you have the right to direct us to not sell or license your personal information to third parties. To exercise this right, if applicable, you or your authorized representative may submit a request via email. We will respond to your verified request as soon as reasonably practicable, but no later than sixty (60) days after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response.
For Residents of Other Jurisdictions
If the laws of your country or other jurisdiction are not mentioned above, you may also have rights under your home jurisdiction’s laws to access, erase, correct, and move your personal data. For more information, please contact us at email@example.com if you wish to exercise your rights.
You may have rights to file a complaint with a regulator in your jurisdiction if we do not adequately address your requests or concerns. Below is a list of various data protection authorities who you may contact about enforcing your data rights:
- Australia Information on how to file a complaint is available here https://www.oaic.gov.au/privacy/privacy-complaints/
5. Information Security
We take reasonable precautions and follow standard industry practices to make sure your Information is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed. While we have security measures to protect electronically transmitted information and frequently review and try to improve the security of the Sites and Services, we can’t guarantee that a third party won’t gain access to any Information provided to or collected through this Sites and Services.
6. Website Visitors - Opt-out and Do Not Track
OPT-OUT: For visitors to our website, if, at any time, you wish to no longer receive any or all communications from us, you will be able to follow instructions provided with our communications or on the Sites in connection with communications. Even if you opt-out of receiving communications, you may continue to receive e-mails relating to products and services that you have purchased, content you have posted, access and administration of the Site, account update information, and/or other interaction-related communications. Although the primary purpose of these emails is not to provide you with promotional material, they may contain within them some promotional material.
DO NOT TRACK: It may be possible for you to set your browser with a “Do Not Track” signal. Not all browsers provide this feature. This feature enables you to disable certain cookies and other tracking mechanisms on particular websites, removing the ability of the Sites owner to track where you visit on the web. If you choose to use the Do Not Track feature on your browser, we cannot commit or guarantee that the Site, or any of the third parties accessible through the Site, will respond or comply with the Do Not Track signal. If you block cookies from the Site, some or all features may not work correctly.
8. Questions or concerns.
If you would like to: access, correct, amend or delete any Information we have about you, register a complaint, or simply want more information, contact us at: firstname.lastname@example.org or 6100 Merriweather Drive, Suite 600, Columbia, Maryland 21044.
Updated: December 10, 2021