PatientGO – Politique de confidentialité
The Clinical Trial Sponsor or its designated third party has requested Illingworth Research Group Limited to arrange your travel and accommodation, as well as the reimbursement of your expenses in connection with your Clinical Trial ("Clinical Trial"). To do this, we need to collect, store and share your personal information, which makes us the "processor". This means that we hold and use personal data about you.
This policy sets out how we collect and use your personal information to arrange your travel, accommodation, and expense reimbursement (hereinafter Service or PatientGO), in accordance with the General Data Protection Regulation (GDPR) and applicable data protection legislation. This policy applies only to participants who use the Service. The personal data provided to us in connection with your use of the App is separate and independent from the Clinical Trial data set forth in the documents giving the Clinical Trial sponsor or its representative your permission.
Read the following carefully to understand our practices regarding your personal data and how we use it in connection with the App and how we use the Service.
Permission to install the App
Under data protection legislation, we are required to provide you with certain information about us, how we process your personal data and for what purposes, and your rights in relation to your personal data.
By installing the App, you agree to our processing of your personal data, including that which is considered Special Category Data (e.g., your name, contact information, passport information, financial and medical information), as described herein.
How to revoke your authorization
You can change your mind and revoke your consent at any time by contacting us at patientGO@illingworthresearch.com, but this will not affect the lawfulness of any processing carried out prior to the withdrawal of your consent. Please note that withdrawing your consent may affect our ability to complete any request you have made through the App, such as the reimbursement of expense claims.
Presentation
This Policy and our End User License Agreement (EULA) described on https://illingworthresearch.com/patientgo-terms and any additional provisions incorporated by reference into the EULA, collectively referred to herein as the Terms of Use) apply to your use of:
- version 1 of the PatientGO mobile application software (hereinafter the Application) available on Google Play and Apple Store, once you have downloaded or "streamed" a copy of the Application to your mobile phone or mobile device (hereinafter the Device).
- The PatientGO service accessible through the Application (hereinafter Services) available on the Application Site or other site belonging to us (Service Sites). This policy sets out the basis on which any personal data (including Special Category Data) that we collect from you or that you provide to us will be processed by us.
- The Application is not designed for use by minors (a Minor is a person under the age of 18), and where the Clinical Trial participant is a Minor who wishes to use the Application and the Service, the Application will only be made available and the Services will only be provided if the user of the Application is the person with parental responsibility for the Minor. Read the following carefully to understand our practices regarding your personal data (including special category data) and how we treat it.
Important information and about us
Illingworth Research Group Limited is the data controller responsible for processing your personal data (referred to herein as "Illingworth", "we", "us" or "our" in this Policy).
If you have any questions about this Privacy Policy, please contact us using the contact information below.
Coordinates
Our contact details:
- Raison sociale : Illingworth Research Group Limited
- Adresse e-mail : patientGO@illingworthresearch.com
- Postal address: 1 Pinehurst Road, Farnborough GU14 7BF
You have the right to lodge a complaint at any time with the ICO, the supervisory body for data protection matters in the United Kingdom, or any other competent supervisory authority of a member state of the European Union if the App is downloaded outside the United Kingdom.
Changes to the Privacy Policy and Your Duty to Notify Us of Changes
We regularly review our privacy policy. This version was updated on June 23, 2020.
We reserve the right to update this Privacy Policy at any time without notice. We therefore encourage you to regularly review the Privacy Policy to check if it has changed.
It is important that the personal data and Special Category Data we hold about you is accurate and up-to-date. Please keep us informed of any changes during our relationship.
Data collected about you
We may collect, use, store and transfer different types of personal data about you, including:
- Personally Identifiable Information
- Coordinates
- Financial data
- Transaction data
- Device data
- Content data
- Profile data
- Usage Data.
- Special Category Data
Special Category Data
We collect special categories of personal data about you (e.g. information about your ethnic origin, religious or philosophical beliefs and health status). We will only collect and process this special category data where specifically required in order to fulfil any request made through the App, for example to arrange your travel or accommodation.
How your personal data is collected
We will collect and process the following data about you:
- Information You Provide to Us: Personal information (including personally identifiable information, contact information, and financial information) that you consent to give us by filling out forms on the App Site and Services Sites (collectively, Our Sites) or by communicating with us (e.g., by email or chat). They cover information you provide when you register to use the App Site, when you download or register an App, when you subscribe to our Service, when you search for an App or Service, or when you use the App to make a travel or accommodation request, get an expense refund or report a problem with the App, our Services or any of Our Sites. If you contact us, we will keep a record of this correspondence.
- Information collected about you and your device Whenever you visit one of Our Sites or use one of our Apps, we automatically collect certain personal data such as the device used, content and data usage. We collect this data using cookies and other similar technologies.
- Les informations que nous recevons d’autres sources, comme les tierces parties ou les sources accessibles au public Nous recevrons des données à caractère personnel vous concernant de plusieurs tiers :
- Les données d’identification personnelle et les coordonnées de la part du commanditaire de l’Essai clinique ou de son tiers désigné, basé dans l’Union européenne OU en dehors.
Cookies
Nous utilisons des cookies et/ou d’autres techniques de suivi afin de vous distinguer des autres utilisateurs de l’Application, du Site de l’Application, de la plateforme de distribution (Appstore) ou des Sites des Services, et de nous souvenir de vos préférences. Cela nous aide à vous offrir une expérience agréable lorsque vous utilisez l’Application ou parcourez Nos Sites, et nous permet aussi d’améliorer l’Application et Nos Sites. Pour en savoir plus sur les cookies utilisés, les raisons de leur utilisation ou les choix que vous pouvez faire concernant notre utilisation de cookies, envoyez un e-mail à PatientGO@illingworthresearch.com.
Comment nous utilisons vos données personnelles et données de catégorie spéciale
Nous n’utiliserons vos données personnelles que lorsque cela est permis par la loi en vigueur. Le plus souvent, nous utiliserons vos données personnelles dans les cas suivants :
- lorsque vous y avez consenti avant le traitement ;
- lorsque nous devons exécuter un contrat qui nous unit ou qui est sur le point de nous unir ;
- lorsque cela est nécessaire pour nos intérêts légitimes (ou ceux d’un tiers) et que vos intérêts et droits fondamentaux ne l’emportent pas sur ces intérêts ;
- lorsque nous devons nous conformer à une obligation légale ou réglementaire.
| À quelles fins nous utilisons vos données personnelles et données de catégorie spéciale | |||||||||||||||
|
Divulgation de vos données personnelles
Lorsque vous consentez à nous fournir vos données personnelles et vos données de catégorie spéciale, nous vous demanderons également votre autorisation avant de partager vos données personnelles avec les tierces parties citées ci-dessous aux fins énoncées dans le tableau:
- Internal third parties as defined in the Glossary
- External third parties as defined in the Glossary
- Third parties to whom we may choose to sell, divestigate, or merge certain aspects of our business or assets. We may also seek to acquire or merge with other companies. If a change occurs in our business, the new owners may use your personal data and special category data in the manner set out in this Privacy Policy.
International transfers
As many of our external third parties are based outside the EEA, the processing of your personal data by them involves a transfer of data outside the EEA.
Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection by ensuring that at least one of the following safeguards is in place:
- We will only transfer your personal data to countries that the European Commission has determined to provide an adequate level of protection for personal data. For more information, see the European Commission's adequacy decisions on the protection of personal data in non-EU countries.
- When we use certain service providers, we sometimes use specific contracts approved by the European Commission that provide personal data with the same protection as in Europe. For more information, see the European Commission's information on model contracts for the transfer of personal data to third countries.
- Where we use providers based in the United States, we may transfer data to them if they are part of the Privacy Shield Framework, which requires them to provide similar protection to personal data exchanged between the Europe and the United States. For more information, see the European Commission's information on the EU-US Privacy Shield.
Contact us if you would like more information about the specific mechanism we use for the transfer of your personal data outside the EEA.
Data Security
All information you provide to us is stored on our secure servers. Information stored "at rest" on our secure servers is protected by industry-standard data encryption. If we have given you (or you have chosen) a password that gives you access to certain parts of Our Sites, you must keep that password confidential. We ask that you do not share your password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent any accidental loss or unauthorised use/access of your personal data. Data transmitted between you, the user (the End User) and Illingworth in connection with the provision of the Service is protected using industry-standard data encryption methods. Data stored on our servers is protected using encryption at rest and state-of-the-art firewalls to prevent unauthorized access.
No personally identifiable data is stored on the End User's device. Two encrypted tokens are stored on the End User's device to facilitate login.
We have procedures in place to deal with all suspected cases of personal data breaches, and we will notify both you and the relevant regulator when we are legally required to do so.
Data Retention
We are required by law to retain certain basic information about you (such as contact information, personal identity data, financial and transaction data) for seven years after the end of the Clinical Trial for the purposes of a possible audit.
In certain circumstances, you can ask us to delete your data: see Your legal rights below for more information.
In certain circumstances, we will anonymise your personal data (so that it can no longer identify you personally) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
In certain circumstances, and under data protection legislation, you have the following rights over your personal data.
- Request access to your personal data (commonly referred to as a "Data Subject Access Request")
- Request correction of the personal data we hold about you
- Request erasure of your personal data
- Object to the processing of your personal data in cases where we state that we have (or a third party would) have a legitimate interest, and because of your particular situation, you wish to object to the processing of the data, as it affects your fundamental rights and freedoms.
- Request restriction of processing of your personal data
- Request the transfer of your personal data to you or a third party
- Withdraw your consent at any time in cases where we need that permission to process your personal data
You can exercise any of these rights at any time by contacting us at: 1 Pinehurst Road, Farnborough GU14 7BF OR at the email address patientGO@illingworthresearch.com
Glossary
Legal basis
Consent means that you have given your consent by means of a statement or explicit consent to the processing of personal data for a specific purpose. This permission will only be valid if it is freely given and indicates in a specific, informed and unambiguous way what you want. You can withdraw your consent at any time by contacting us.
The EEA means the European Economic Area.
Legitimate interests means the interests of our business to conduct and manage its business in such a way that we can provide you with the best possible service or product and a safe and optimal experience. We will consider and consider any potential impact on you (positive or negative) and your rights before processing your personal data in connection with our legitimate interests. We will not use your personal data in cases where the potential impact on you would outweigh our interests (unless we have your consent or it is required or permitted by applicable law). For more information on how we weigh our legitimate interests against potential impacts on you in connection with specific activities, please contact us.
Performance of contract means the processing of your data that is necessary for the performance of a contract to which you are a party or to take certain steps, at your request, prior to entering into such contract.
Comply with a legal obligation means the processing of your personal data that is necessary to comply with a legal obligation to which we are subject.
Third Parties
Internal Third Parties
Other companies in the Illingworth group acting as joint controllers or processors, based in Spain, France, Italy, Australia and the United States of America, which provide IT and systems administration services and are responsible for reporting to management.
External Third Parties
Service providers acting as processors who provide IT and systems administration services.
Professional consultants acting as processors or joint controllers, including lawyers, bankers, auditors and insurers, who provide a variety of services, including consulting, banking and legal services, insurance, accounting, etc.
Service providers acting as processors who provide travel, accommodation and transportation services in connection with the Services.
HM Revenue and Customs and regulatory bodies and other authorities serving as processors or joint controllers based in the United Kingdom, which in some cases require reporting on processing activities.
Your legal rights
You have the right to:
- Request access to your personal data (commonly referred to as a "Data Subject Access Request") You will then receive a copy of the personal data we hold about you and you will be able to check that the processing is lawful.
- Request correction of the personal data we hold about you This enables you to have any incomplete or inaccurate data about you corrected, although we will sometimes need to verify the accuracy of the new data provided.
- Demander l’effacement de vos données personnelles Vous pouvez nous demander d’effacer ou de supprimer des données personnelles dans les cas où leur traitement n’est plus nécessaire à vos yeux. Vous avez également le droit de nous demander d’effacer ou de supprimer vos données personnelles si vous avez exercé votre droit de vous opposer au traitement (voir ci-dessous), si nous avons traité vos informations de manière illicite, ou si nous sommes tenus d’effacer vos données personnelles pour respecter la législation locale. Notez cependant que nous ne serons pas toujours en mesure de répondre à votre demande d’effacement pour des raisons légales qui vous seront communiquées, le cas échéant, au moment de votre demande.
- Vous opposer au traitement de vos données personnelles dans les cas où nous déclarons avoir (ou un tiers aurait) un intérêt légitime, et qu'en raison de votre situation particulière, vous souhaitez vous opposer au traitement des données, car celui-ci affecte à vos yeux vos droits et libertés fondamentaux. Dans certains cas, il se peut que nous démontrions que nous avons des raisons légitimes et impérieuses de traiter vos informations, qui l’emportent sur vos droits et libertés.
- Demander la restriction du traitement de vos données personnelles Ceci vous permet de demander la suspension du traitement de vos données personnelles dans les cas suivants :
(a) Vous souhaitez que nous vérifiions l’exactitude des données ;
(b) Notre utilisation des données est illicite mais vous ne souhaitez pas que nous les effacions ;
(c) Vous souhaitez que nous conservions les données, même si nous n’en avons plus besoin, afin de lancer une action en justice, de la faire respecter ou de vous défendre dans ce cadre ;
(d) Vous vous êtes opposé(e) à notre usage de vos données, mais nous devons vérifier si nous avons des raisons légitimes et impérieuses de les utiliser.
- Demander le transfert de vos données personnelles vers vous ou un tiers Nous fournirons à vous-même ou au tiers que vous avez choisi vos données personnelles sous un format structuré, communément utilisé et qui peut être lu par un ordinateur. Notez que ce droit ne s’applique qu’aux informations automatisées que vous nous aviez autorisés à utiliser, ou dans les cas où nous avons utilisé ces informations pour exécuter un contrat qui nous liait.
- Retirer votre autorisation à tout moment dans les cas où nous avons besoin de cette autorisation pour traiter vos données personnelles Cependant, ceci n’affectera pas la légalité de tout traitement réalisé avant le retrait de votre autorisation. Si vous retirez votre autorisation, sachez qu’il est possible que nous ne puissions pas vous offrir certains produits ou services. En pareil cas, nous vous en informerons au moment où vous retirerez votre autorisation.
Description des catégories de données personnelles
- Données d’identification personnelle : prénom, nom, nom de jeune fille, nom d’utilisateur ou identifiant similaire, état civil, titre de civilité, date de naissance, sexe, numéro de passeport et nom, pays de délivrance et date d’expiration indiqués sur le passeport.
- Coordonnées : adresse du domicile, adresse électronique, numéros de téléphone et personne à contacter en cas d’urgence.
- Données financières : numéro de compte bancaire et informations figurant sur la carte de paiement.
- Données de transaction : incluent des informations sur les paiements qui vous sont versés et les demandes effectuées par le biais de l’Application.
- Données sur l’appareil : comprend le type d’appareil mobile que vous utilisez, un identifiant unique de l’appareil (par exemple, le numéro IMEI, l’adresse MAC de l’interface réseau sans fil de l’Appareil, ou le numéro de téléphone mobile utilisé par l’Appareil), les informations de réseau mobile, votre système d’exploitation mobile, le type de navigateur mobile utilisé et le fuseau horaire de la zone où vous vous trouvez.
- Données de contenu : comprend des informations stockées sur votre Appareil, comme des photos, des vidéos ou autres contenus numériques.
- Données de profil : comprend vos nom d’utilisateur et mot de passe, l'historique des demandes que vous avez créées dans l’Application, vos préférences et vos commentaires.
- Les données d’utilisation : comprennent des informations sur votre utilisation de nos Applications et vos visites sur Nos Sites, notamment les données de trafic et autres données de communication, qu’elles soient requises aux fins de facturation ou autres, et les ressources auxquelles vous accédez.
Données de catégorie spéciale
Elles comprennent toute information que vous nous fournissez et qui est spécifiquement liée à une demande que vous faites au sein de l’Application (comme une demande de transport ou d’hébergement), et peuvent inclure des détails sur votre origine ethnique, vos convictions religieuses ou philosophiques ou votre état de santé.