PatientGO 隐私政策
As part of a clinical trial, the clinical trial sponsor/its designated third party has requested Illingworth Research Group Limited to facilitate travel, accommodation and/or expenses for your clinical trial ("Clinical Trial"). To do this, we must collect, store and share your personal information, which makes us a "data processor". This means that we hold and use your personal data.
This policy sets out how we collect and use your personal information in accordance with the General Data Protection Regulation (GDPR) and data protection laws to facilitate travel, accommodation and expense reimbursement services (also known as "PatientGO"). This Policy applies only to participants who will be using the Service. The personal data you provide to us during your use of the Application is independent of the clinical trial data contained in your consent form with the clinical trial sponsor/third party designated by the clinical trial sponsor.
Please read the following carefully to understand our practices regarding your personal data, how we will use your personal data in connection with the Application, and your use of the Service.
Agree to install this app
Under data protection law, we are required to provide you with certain information about who we are, how and for what purposes we process your personal data, and the rights you have in relation to your personal data.
By installing the App, you consent to the processing of your personal data and Special Category Data (such as your name, contact details, passport details, financial information and medical information) as described in this Policy.
How to withdraw consent
You can change your mind and withdraw your consent at any time by contacting us at PatientGO@illingworthresearch.com; However, this will not affect the lawfulness of the processing that took place before you withdraw your consent. Please note that withdrawing your consent may affect our ability to execute the requests you make in the App, such as reimbursement of expenses.
Brief introduction
This Policy, together with our End User License Agreement ("EULA") contained in https://illingworthresearch.com/patientgo-terms and any additional terms of use incorporated by reference into the EULA (collectively, the "Terms of Use"), applies to the use of:
- The PatientGO version 1 mobile application (the "App") is available on Google Play and the Apple Store, once you download or transfer the App to your mobile phone or handheld device (the "App").
- The PatientGO service (the "Service") is available through the App available from the App Website or our other websites (the "Service Site"). This Policy sets out the basis on which we process personal data (including special categories of data) that we collect from you or that you provide to us.
- The App is not intended for use by children ("Child" means a person under the age of 18); If a participant in a clinical trial is a child who wants to use the App and Services, the App and Services may only be provided if the person with parental responsibility for the child is a "user" of the App. Please read the following carefully to understand our practices regarding your personal data, including Special Category Data, and how we will treat it.
Important information and who we are
Illingworth Research Group Limited is the controller and is responsible for your personal data (collectively referred to in this policy as "Illingworth", "we", "us" or "our").
If you have any questions about this Privacy Policy, please contact us using the details set out below.
Contact details
Our full details are as follows:
- 法人实体全名: Illingworth Research Group Limited
- 电子邮箱地址: PatientGO@illingworthresearch.com
- Correspondence Address: 1 Pinehurst Road, Farnborough GU14 7BF
If the App is downloaded from outside the UK, you have the right to lodge a complaint at any time with the Information Commissioner's Office ("ICO"), the UK supervisory authority on data protection issues or other competent supervisory authority in an EU member state.
Privacy Policy and your obligation to notify us of changes
We review our Privacy Policy on a regular basis. This version was last updated on June 23, 2020.
We reserve the right to update this Privacy Policy at any time without prior notice. We encourage you to periodically review this Privacy Policy for any changes.
It is important that the personal data and Special Categories data we hold about you are up-to-date and accurate. Please feel free to let us know if any changes occur during our relationship with you.
Data We Collect About You
We may collect, use, store and transfer the following types of personal data about you:
- Identity Data.
- Contact Data.
- Financial data.
- Transaction Data.
- Device Data.
- Content Data.
- Profile Data.
- Usage Data.
- Special Category Data.
Special Category Data
We collect special categories of personal data from you (this may include details about your race, religious/philosophical beliefs, and your health information). We will only collect and process Special Category Data if it is specifically necessary to fulfill your request in the App, such as travel or accommodation arrangements.
How is your personal data collected?
We collect and process the following data about you:
- Information you provide to us. This refers to your information (including identity data, contact data, and financial data) that you agree to provide to us by filling in a form on the application website and service website ("Site") or by communicating with us (e.g., via email correspondence or communication). It includes information you provide when you register to use the App website, download or register for the App, subscribe to our Services, search for the App or the Services, and when you use the App to facilitate travel requests, accommodation requests, expense reimbursements, or to report problems with the App, our Services, or our Site. If you contact us, we keep a record of that correspondence.
- Information we collect about you and your device. Each time you visit our website or use our app, we automatically collect personal data, including device data, content data, and usage data. We use cookies and other similar technologies to collect this data.
- Information we receive from other sources, including third parties and publicly available sources. We receive your personal data from various third parties in the following ways:
- Identity and contact data received through the trial sponsor or its designated third party (which may be located within or outside the EU).
Cookie
We use cookies and/or other tracking technologies to distinguish you from other users of the App, App Sites, Distribution Platforms (App Stores) or Services Sites, and to remember your preferences. This helps us to provide you with a good experience when you use the App or browse any of our websites, and to enable us to improve the App and our website. For more information about the cookies we use, the purposes for which we use them, and how you can make choices about our use of your cookies, please email us at email PatientGO@illingworthresearch.com
How We Use Your Personal Data and Special Category Data
We will only use your personal data as permitted by law. Generally, we use your personal data in the following circumstances:
- Your consent is obtained before processing.
- We need to perform a contract that we are about/have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- We need to comply with a legal/regulatory obligation.
我们使用您的个人数据和特殊类别数据的目的
目的/活动 | 数据类型 | 处理的合法依据 |
安装本应用程序以及注册为本应用程序的新用户 | 身份数据 联系数据 财务数据 设备数据 | 您的同意 履行与您订立的合同 对于我们的合法权益有必要(以偿还您的费用) |
处理本应用程序中的申请以及提供本服务, 包括管理旅行/住宿申请以及满足报销申请。 |
身份数据 联系数据 财务数据 交易数据 设备数据 位置数据 特殊类别数据 | 您的同意 履行与您订立的合同 对于我们的合法权益有必要(以偿还您的费用) |
管理我们与您的关系,包括通知您本应用程序或本服务的变更 | 身份数据 联系数据 财务数据 个人资料数据 | 您的同意 履行与您订立的合同 对于我们的合法权益有必要(以保持更新记录以及分析客户如何使用我们的服务) 为了遵守法定义务而有必要(以告知您我们的条款变更) |
管理及保护我们的业务和本应用程序,包括故障排除、数据分析和系统测试 | 身份数据 联系数据 设备数据 | 对于我们的合法权益有必要(以运营我们的业务、提供管理服务和 IT 服务、网络安全) |
Disclosure of Your Personal Data:
When you agree to provide us with your personal data and special category data, we will also ask for your consent to share your personal data with the following third parties for the purposes set out in the [Purposes for which we use your personal data] form:
- Internal third parties as set forth in the Glossary.
- External third parties as set forth in the Glossary.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business/assets. Alternatively, we may seek to acquire or merge with other businesses. If there are changes to our business, the new owners may use your Personal Data and Special Categories Data in the same way as set out in this Privacy Policy.
International Transfers
Many of our external third parties are located outside the EEA and, as such, their processing of your personal data involves the transfer of data outside the EEA.
Whenever your personal data is transferred outside the EEA, we ensure that at least one of the following safeguards is in place to ensure a similar level of protection for your personal data:
- We will only transfer your personal data to countries that have been deemed by the European Commission to provide an adequate level of protection for personal data. For more details, see European Commission: Adequate protection of personal data in non-EU countries.
- In the case of the use of certain service providers, we may use specific contracts approved by the European Commission that provide the same protection for personal data as in Europe. For more detailed information, please refer to the European Commission: Model contract for the transfer of personal data to third countries.
- Where we use providers located in the United States, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protections for personal data shared between Europe and the United States. For more details, see European Commission: EU-U.S. Privacy Shield.
If you would like more information about the specific mechanisms we use when transferring your personal data outside of the EEA, please contact us.
Data Security
All information you provide to us is stored on our secure servers. Information stored "at rest" on our secure servers is protected using industry-standard data encryption. Where we have given you (or where you have opted) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask that you do not disclose your password to anyone.
Once we have received your information, we use strict procedures and security features to try to prevent the accidental loss or unauthorised use or access of your personal data. Data transmitted between you as a "user" ("End User") and Illingworth as part of the Service will be protected using industry-standard encryption methods. The data stored on our servers is protected with encryption at rest and state-of-the-art firewalls to prevent unauthorized access.
Personally identifiable data is not stored on end-user devices. To facilitate sign-in, two cryptographic token stores will be present on the end-user device.
We have put in place procedures for handling suspected personal data breaches and will notify you and the applicable regulator when required by law.
Data Retention
By law, we are required by law to retain your basic information (including contact data, identity data, financial data, and transaction data) for seven years after you complete a clinical trial for financial audit purposes.
You can ask us to delete your data in certain circumstances: please see [Your Legal Rights] below for more information.
In some cases, we anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without notice.
Your Legal Rights
Under certain circumstances, you have the following rights under data protection law in relation to your personal data.
- Request access to your personal data (commonly referred to as a "data subject access request")
- Request changes to the personal data we hold about you
- Request erasure of your personal data
- Object to the processing of your personal data, where we are processing your personal data on the basis of a legitimate interest (or the interests of a third party) but there are some things about your particular situation which therefore gives you the opportunity to object to the processing request as you feel it affects your fundamental rights and freedoms
- Request restriction of processing of your personal data
- Request the transfer of your personal data to you or to a third party
- Withdraw consent at any time and we process your personal data on the basis of consent
You can exercise these rights at any time by contacting us at the following address: 1 Pinehurst Road, Farnborough GU14 7BF OR PatientGO@illingworthresearch.com.
Glossary
Lawful Basis
Consent is your consent to the processing of your personal data for a specific purpose, either by a stated or expressly chosen means. Consent is only valid if it is given voluntarily, specifically, knowingly, and clearly stated that you want (give). You can withdraw your consent at any time by contacting us.
EEA refers to the European Economic Area.
Legitimate interest means our interest in conducting and managing our business in order to enable us to provide you with the best service/product and the best and most secure experience. We ensure that the potential impact (positive and negative) on you and your rights is considered and balanced before processing your personal data on our legitimate interests. We will not use your personal data for related activities when the impact on you outweighs our interests (unless we have your consent or are otherwise required or permitted by law). You can contact us for more information on how we can assess our legitimate interests and the potential impact on you in relation to a particular activity.
Performance of a contract means that the processing of your data is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into such a contract.
Compliance with a legal obligation means that the processing of your personal data is necessary to comply with a legal obligation to which we are subject.
third party
Internal Third Parties
Other companies in the Illingworth Group that act as joint controllers or processors for IT and systems administration services and undertake lead reporting and are based in Spain, France, Italy, Australia and the United States.
External Third Parties
Service providers who act as processors and provide IT and systems administration services.
Acting as professional advisers to processors or joint controllers, including lawyers, bankers, auditors and insurers who provide advisory, banking, legal, insurance and accounting services.
Service providers acting as processors to provide travel, accommodation and transportation services to you as part of the Services.
HM Revenue & Customs, and regulators and other authorities acting as processors or joint controllers in the UK and requiring reporting of processing activities in certain circumstances.
Your Legal Rights
You have the right to:
- Request access to your personal data (commonly referred to as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and lets you know whether we are lawfully processing it.
- Request correction of the personal data we hold about you. This enables you to have us correct incomplete or inaccurate data held about you, but we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we have to delete your personal data in order to comply with local law. Please note, however, that we may not always be able to comply with your deletion request for specific legitimate reasons, which will be notified to you at the time of your request, if applicable.
- 反对处理您的个人数据,即在我们依赖于合法权益(或第三方权益)以及在您的特定情况让您想要基于该原因反对处理(因为您认为其会影响您的基本权利和自由)的情况下。在某些情况下,我们可能会证明我们有令人信服的合法理由处理您的信息,而这些理由比您的权利和自由更为重要。
- 请求限制处理您的个人数据。这使您可以在以下情况下要求我们暂停处理您的个人数据:
- 您希望我们确定数据的准确性;
- 我们对数据的使用不合法,但您又不希望我们将其删除;
- 您需要我们保存数据,即使我们不再需要它,因为您需要它来确立、行使法律诉求或对法律诉求进行抗辩;或者
- 您反对我们使用您的数据,但我们需要核实我们是否有更为重要的合法理由来使用您的数据。
- 请求传输您的个人数据给您或第三方。我们将以结构化的常用机器可读格式向您或您选择的第三方提供您的个人数据。请注意,该权利仅适用于您最初同意我们使用的自动化信息,或我们使用该信息来履行与您订立的合同的情形。
- 随时撤销同意,即在我们依赖于同意来处理您的个人数据的情况下。但这不会影响在您撤销同意之前已发生的处理行为的合法性。如果您撤销同意,我们可能会无法向您提供某些产品或服务。我们会在您撤销同意时告知您是否属于这种情况。
个人数据类别说明
- 身份数据:姓名、娘家姓、用户名或类似身份识别信息、婚姻状况、职务、出生日期、性别、护照信息(包括号码、姓名、签发国家/地区和到期日)。
- 联系数据:家庭住址、电子邮箱地址、电话号码和紧急联系方式。
- 财务数据:银行账户和支付卡片详细信息。
- 交易数据:包括有关向您付款的详细信息以及本应用程序中请求的详细信息。
- 设备数据:包括您使用的移动设备类型、设备唯一识别码(例如,您的设备的 IMEI 号,设备无线网接口的 MAC 地址,或设备使用的手机号码)、移动网络信息、您的移动操作系统、您使用的移动浏览器类型、以及时区设置信息。
- 内容数据:包括储存在您设备上的信息,包括照片、视频或其他数字内容;
- 个人资料数据:包括您的用户名和密码、应用程序中的请求历史记录、您的偏好和反馈意见。
- 使用数据:包括有关您使用本应用程序或随访我们的网站的详细信息,包括但不限于流量数据和其他通信数据(无论是为了计费还是为了其他目的而有需要),以及您访问的资源。
特殊类别数据
此类数据包含您向我们提供的与您在本应用程序中提出的申请具体相关的信息(如交通申请或住宿申请),还可能包含有关您的种族、宗教/哲学信仰的详细信息以及您的健康信息。