PatientGO – Zásady ochrany osobních údajů
Illingworth Research Group Limited has been asked by the clinical trial sponsor/its authorised third party to facilitate transport, accommodation and/or expenses for the clinical trial. To do this, we need to collect, store and share your personal data, which makes us a "data processor". This means that we store and use your personal data.
This policy sets out how we collect and use personal information about you to facilitate the service of reimbursement of travel, accommodation and expenses (also known as PatientGO) in accordance with the General Data Protection Regulation (GDPR) and data protection legislation. This Policy applies only to Participants who will use the Service. The personal data you provide to us during your use of the App is separate and independent from the clinical study data as set out in the documentation with your consent, with the clinical trial sponsor/its appointed third party.
Please read the following carefully to understand our practices regarding your personal data and how we will use it in connection with the App and your use of the Service.
Consent to the installation of the Application
In accordance with data protection laws, we are required to provide you with certain information about who we are, how and for what purposes we process your personal data, and to inform you of your rights in relation to your personal data.
By installing the App, you consent to our processing of your personal and special category data (such as your name, contact details, passport details, financial and medical information) as described in this policy.
How you can withdraw consent
You can change your mind and withdraw your consent at any time. In this case, please contact us at PatientGO@illingworthresearch.com; However, this will not affect the lawfulness of the processing of data obtained before your withdrawal of consent. Please note that withdrawing your consent may affect our ability to process any requests you have made within the App, such as reimbursement of expenses.
Introduction
This policy (together with our End User License Agreement, set forth on the https://illingworthresearch.com/patientgo-terms (EULA), and any additional terms of use incorporated by reference to the EULA, together with our Terms of Use) applies to your use of:
- PatientGO mobile software applications version 1 (Apps) available on Google Play and Apple Store. Once you have downloaded or streamed a copy of the App to your mobile phone or other mobile device (Device).
- PatientGO Services accessible through the Application (Services), which is available on the App website or on our other sites (the Services Sites). This policy sets out the basis on which we will process any personal data (including special category data) that we collect from you or that you provide to us.
- This App is not intended for use by children ("Child" is anyone under the age of 18) and if the participant in a clinical trial is a child who wishes to use the App and the Service, the App and Services are available provided that the user of the App is a person who has parental responsibility for the Child. Please read the following carefully to understand our practices regarding your personal data (including special category data) and how we treat it.
Important information and who we are
Illingworth Research Group Limited is the data controller and responsible for your personal information (collectively referred to as "Illingworth", "we", "us" or "our" in this policy).
If you have any questions about this Privacy Policy, please contact us via the details below.
Contact details
Our full contact details:
- Full name of legal entity: Illingworth Research Group Limited
- E-mailová adresa: PatientGO@illingworthresearch.com
- Mailing address: 1 Pinehurst Road, Farnborough GU14 7BF
If you have downloaded the App outside of the UK, you have the right to lodge a complaint at any time with the Information Authority (ICO), the UK data protection supervisory authority or any other competent supervisory authority of an EU Member State.
Changes to the Privacy Policy and Your Obligation to Notify Us of Changes
We keep the Privacy Policy under constant review. This version was last updated on June 23, 2020.
We reserve the right to update this Privacy Policy at any time without prior notice. We encourage you to periodically review the Privacy Policy for any changes.
It is important that the personal and special data we hold about you is accurate and up-to-date. Please inform us of any changes during our cooperation.
Information we collect about you
We may collect, use, store and transfer various types of personal information about you, such as:
- Identity data.
- Contact details.
- Financial data.
- Transaction Data.
- Device Data.
- Content data.
- Profile data.
- Usage Data.
- Special category data.
Special category data
We collect special categories of personal data about you (this may include information about your race or nationality, religious or philosophical beliefs, and information about your health). We will only collect and process special category data about you where specifically required to do so in order to fulfil any requests you make within the App, such as travel or accommodation arrangements.
How We Collect Your Personal Information
We will collect and process the following data about you:
- Information you provide to us. This is information (including identity, contact and financial information) that you agree to provide by filling in forms on the App Pages and on the Service Pages (collectively, Our Sites) or by correspondence (for example, by email or chat). This includes information you provide when you register to use the App website, download or register the App, subscribe to our service, search for the App or service, and when you use the App to facilitate travel and accommodation requests, reimbursement of expenses, reporting a problem with the App, our services or any of our websites. If you contact us, we will keep a record of that correspondence.
- Information we collect about you and your device. Each time you visit one of our sites or use one of our apps, we automatically collect personal information, including device, content, and usage data. We collect this data using cookies and other similar technologies.
- Information we receive from other sources, including third parties and publicly available sources. We may receive personal information about you from various third parties as set out below:
- Identity and contact details from the clinical trial sponsor or from a named third party based within OR outside the EU.
Cookies
We use cookies and/or other tracking technologies to distinguish you from other users of the App, App pages, distribution platform (Appstore) or Service Sites and to remember your preferences. This helps us to provide you with the best possible experience when using the App or browsing one of our websites, and also allows us to improve the App and our websites. For detailed information regarding the cookies we use, the purposes for which we use them and the choice of using cookies, you can contact us via email PatientGO@illingworthresearch.com.
How we use your personal and special category data
We will only use your personal data when we are permitted to do so by law. Most commonly, we use your personal data in the following circumstances:
- With your consent, prior to data processing.
- If we need to enter into a contract or are about to enter into a contract with you.
- Where it is necessary for our legitimate interests (or those of a third party) and these interests are not overridden by your interests and fundamental rights.
- When we need to comply with a legal or regulatory obligation.
Purposes for which we will use your personal and special category data
Purpose/Activity | Type of data | Legal basis for processing |
To install the Application and register as a new user of the Application | Identity Financial Contact Device |
Your consent Performance of a contract with you Necessary for our legitimate interests (to cover expenses) |
Processing of requests in the application and provision of the Service, including the management of transport/accommodation requests and the fulfillment of expense reimbursement requests. | Identity Contact Financial Transaction Device Place |
Your consent Performance of a contract with you Necessary for our legitimate interests (to cover expenses) |
To report our relationship with you, including notifying you of changes to the App or any Service | Identity Contact Financial Profile |
Your consent Performance of a contract with you Necessary for our legitimate interests (to keep our records updated and analysed of how customers use our services) Necessary to comply with a legal obligation (to notify you of any changes to our terms and conditions) |
To manage and protect our business and this app, including troubleshooting, data analysis and system testing | Identity Contact Device |
Necessary for our legitimate interests (for our business, provision of administrative and IT services, network security) |
Zveřejnění vašich osobních údajů
If you provide us with your personal and special category data, we will also ask for your consent to share your personal data with the third parties listed below for the purposes set out in the table:
- Internal third parties, as specified in the Glossary.
- External third parties, as specified in the Glossary.
- Third parties to whom we may decide to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire or merge with other businesses. If there is a change in ownership of a business, the new owners may use your personal and special category data in the same way as set out in this Privacy Policy.
International Transfers
Many of our external third parties are based outside the EEA, so the processing of your personal data by these suppliers will require the transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we will ensure that a similar level of protection is provided by maintaining at least one of the following safeguards:
- We will only transfer your personal data to countries that the European Commission considers to provide an adequate level of protection for personal data. For more details, see European Commission: Adequacy of the protection of personal data in countries outside the EU.
- Where we use certain service providers, we may use specific contracts approved by the European Commission that provide the same protection for personal data as in Europe. For more details, see European Commission: Model contracts for the transfer of personal data to third countries.
- If we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US. For more details, see European Commission: EU-US Privacy Shield.
Please contact us for further information about the specific mechanism we use when transferring your personal data out of the EEA.
Data security
All information you provide to us is stored on our secure servers. Data stored at rest on our secure servers is protected by industry-standard encryption. Where we have provided you with (or you have chosen) a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask that you do not share your password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal information from being accidentally lost and used or disclosed in an unauthorized manner. The data transmitted between you as a user (End User) and Illingworth within the Service is protected by industry-standard encryption methods. Data stored on our servers is protected using encryption at rest and state-of-the-art firewalls to prevent unauthorized access.
No personally identifiable data is stored on the End User's device. Two encrypted tokens are stored on the End user's device to facilitate sign-in.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any relevant regulators if legally required.
Data Retention
By law, we are required to retain basic information about you (including contact details, identity, financial and transaction data) for seven years after the completion of the clinical trial for financial audit purposes.
In some cases, you can request that we delete your data: for more information, see Your Legal Rights below.
In certain circumstances, we anonymize your personal data (so that it can no longer be linked to you) for research or statistical purposes. In this case, we may use this information without restriction without further notice.
Your legal rights
In certain circumstances, you have the following rights under data protection laws in relation to your personal data.
- Requesting access to your personal data (commonly known as a "Data Subject Access Request")
- Request to correct the personal data we hold about you
- Request deletion of your personal information
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and your particular situation makes you object to the processing of data under these conditions because you feel it impacts on your fundamental rights and freedoms
- Request restriction of processing of your personal data
- Request to transfer your personal data to you or to a third party
- Withdraw consent at any time where we are relying on consent to process your personal data
You may exercise any of these rights at any time by contacting us at 1 Pinehurst Road, Farnborough GU14 7BF OR PatientGO@illingworthresearch.com
Glossary
Legal basis
Consent means the processing of your personal data where you have given your consent by making a statement or by clearly opting in to the processing of data for a specific purpose. Consent will only be valid if it is a free, specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us.
EEA stands for European Economic Area.
Legitimate interest means the interest of our business in conducting and managing our business so that we can provide the best service/products and the highest quality and most secure user interface. Before processing your personal data for our legitimate interests, we consider what potential impacts (both positive and negative) it may have on you and your rights. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law). If you would like more information about how we assess our legitimate interests in relation to the potential impact on you in relation to specific activities, you can contact us.
Performance of a contract means the processing of your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into such a contract.
Compliance with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation to which we are bound to comply.
Third parties
Internal third parties
Other Illingworth Group companies acting as joint controllers or processors, having their registered offices in Spain, France, Italy, Australia and the United States of America, provide IT and systems administration services and deal with management reporting.
External third parties
Service providers acting as processors to provide IT and systems management services.
Professional advisors acting as processors or joint controllers, including lawyers, bankers, auditors and insurance companies, who provide advisory, banking, legal, insurance and accounting services.
Service providers acting as processors who provide you with transportation and accommodation as part of the Services.
Revenue and Customs, regulators and other authorities acting as processors or joint controllers in the UK who require reporting of processing activities in certain circumstances.
Your legal rights
You have the right to:
- Request access to your personal data (commonly known as a "Data Subject Access Request"). This allows you to obtain a copy of the personal data we hold about you and to check whether we are lawfully processing it.
- Request correction of the personal data we hold about you. This allows you to correct any incomplete or inaccurate data we hold about you, although we may need to verify the accuracy of the new data you provide to us.
- Request deletion of your personal information. This enables you to request the deletion or removal of personal data where there is no reason for us to process it further. You also have the right to request that we delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your data unlawfully or where we are required to erase your personal data to comply with local laws. However, please note that for specific legal reasons notified to you at the time of your request, we may not always be able to comply with your request for erasure.
- Objecting to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and your particular situation will make you object to the processing of data under these conditions because you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your data that override your rights and freedoms.
- Request restriction of processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following situations:
(a) where you want us to establish the accuracy of the data;
(b) if our use of the data is unlawful but you do not want us to erase it;
(c) where we need to retain the data even if we no longer require it because you need it to establish, exercise or defend legal claims; or
(d) where you have objected to our use of your data but need to verify whether our right overrides its use.
- Request the transfer of your personal data to you or to a third party. We will provide your personal data to you, or to a third party you have chosen, in a structured, commonly used, machine-readable format. This right only applies to automated information that you provided to us when entering into a contract or where we used that information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of the data processing that took place before your consent was withdrawn. If you withdraw your consent, we may not be able to provide certain products or services to you. If this happens at the time of withdrawal, we will advise you on how to proceed.
Description of categories of personal data
- Identity Data: first name, last name, maiden name, username or similar identifier, marital status, title, date of birth, gender, passport details including number, name, country of issue and expiry date.
- Contact details: home address, email address, telephone numbers and emergency contact details.
- Financial information: bank account and credit card details.
- Transaction data: contains detailed information about payments and requirements in the application.
- Device Data: includes the type of mobile device you use, a unique device identifier (such as your device's IMEI number, the MAC address of your device's wireless network interface, or the mobile phone number used by the device),] mobile network information, your mobile operating system, the type of mobile browser you use, and time zone setting information.
- Content Data: includes information stored on your device, including photos, videos, or other digital content;
- Profile Data: includes your username and password, in-app request history, your preferences, and feedback.
- Usage Data: includes detailed information about your use of any of our applications or your visits to any of our servers, including, but not limited to, traffic data and other communication data, whether required for our own billing purposes or for other purposes, and the resources you use.
Special category data
This data includes any information you provide to us, specifically related to a request you have made within the App (for example, a request for transport or accommodation), and may include details about your race or ethnicity, religious or philosophical beliefs, and information about your health.