PatientGO - Política de privacidade
The sponsor/designated third party of the Clinical Trial has asked Illingworth Research Group Limited to facilitate travel, accommodation and/or expenses for its clinical trial (Clinical Trial) as part of the Clinical Trial. To do this, we must collect, store and share your personal information, which makes us the "processor". This means that we store and use your personal data.
This policy sets out how we collect and use personal information about you to facilitate the Travel, Accommodation and Expense Reimbursement Service (also known as PatientGO), in accordance with the General Data Protection Regulation (GDPR) and data protection legislation. This policy applies only to participants who will be using the Service. The personal data provided to us during your use of the App is separate and independent from the Clinical Trial data as described in your consent documentation with the designated Clinical Trial sponsor/third party.
Please read the following carefully to understand our practices regarding your personal data and how we will use it in connection with the Application, and your use of the Service.
Consent to install the App
Under data protection laws, we are required to provide you with certain information about who we are, how we process your personal data and for what purposes, and your rights in relation to your personal data.
By installing the App, you are giving your consent for us to process your personal and Special Categories data (such as your name, contact information, passport details, financial and medical information) as described in this policy.
How you can withdraw your consent
You can change your mind and withdraw your consent at any time by contacting us at the email address PatientGO@illingworthresearch.com; however, this will not affect the lawfulness of any processing carried out before you withdraw your consent. Please note that withdrawing your consent may affect our ability to fulfill any requests you have made through the App, such as expense reimbursements.
Introduction
This policy (together with our End User License Agreement as set forth in https://illingworthresearch.com/patientgo-terms (EULA) and any additional terms of use incorporated by reference in this EULA together represent our Terms of Use) applies to your use of:
- PatientGO Mobile Application Software Version 1 (App) available on both Google Play and Apple Store. Once you download or stream a copy of the App to your mobile phone or mobile device (Device).
- PatientGO Service accessible through the App (Services) that is available on the App Site or other websites owned by us (Service Sites). This policy sets out the basis on which any personal data (including Special Categories data) that we collect from you, or that you provide to us, will be processed by us.
- This Application is not intended for use by children (a "Child" is anyone under the age of 18) and where the Clinical Trial participant is a Child who wishes to use the Application and the Service, the Application will be made available and the Services will be provided only in cases where the person who has parental authority of the Child is the User of the Application. Please read the following carefully to understand our practices with respect to your personal data (including Special Category data) and how we will treat it.
Important information and who we are
Illingworth Research Group Limited is the controller of your personal data (hereinafter collectively referred to as "Illingworth", "we", "us", or "our" in this policy).
If you have any questions regarding this privacy policy, please contact us using the information below.
Contact information
Our complete data are:
- Full name of legal entity: Illingworth Research Group Limited
- Endereço de e-mail: PatientGO@illingworthresearch.com
- Postal address: 1 Pinehurst Road, Farnborough GU14 7BF
You have the right to lodge a complaint at any time with the Information Commissioner's Office (ICO) or other competent supervisory authority of an EU member state if the App is transferred outside the UK.
Changes to the privacy policy and your duty to inform us of changes
Our privacy policy is subject to periodic reviews. This version was last updated on June 23, 2020.
We reserve the right to update this Privacy Policy at any time without notice. We recommend that you regularly check the Privacy Policy for any changes.
It is important that the personal and Special Category data we hold about you is accurate and current. Please keep us informed if any changes occur during our relationship with you.
The data we collect about you
We may collect, use, store and transfer different types of personal data about you as follows:
- Identification Data.
- Contact Details.
- Financial data.
- Transaction data.
- Device data.
- Content data.
- Profile data.
- Usage Data.
- Special Category Data.
Special Category Data
We collect Special Categories of Personal Data about you (this may include information about your race or ethnicity, religious or philosophical beliefs, and information about your health). We will only collect and process Special Category Data where it is specifically necessary to fulfill any requests you make through the App, such as arranging travel or accommodation.
How is your personal data collected?
We will collect and process the following data about you:
- Information you provide to us. This is information about you (including Identification, Contact, and Financial Data) that you consent to transmit to us by filling in forms on the App Site and Service Sites (collectively, Our Sites), or by contacting us (e.g., by email or chat). This includes information you provide when you register to use the Application Site, download or register an Application, subscribe to our Service, search for an Application or Service, and when you use the Application to facilitate travel and accommodation requests, reimburse expenses, report a problem with an Application, our Services, or any of Our Sites. If you contact us, we will keep a record of that communication.
- Information we collect about you and your device. Whenever you visit one of Our Sites or use one of our Apps, we will automatically collect personal data, including Device, Content, and Usage Data. We collect this data using cookies and other similar technologies.
- Information we receive from other sources, including third parties and publicly available sources. We will receive personal data about you from a number of third parties as set out below:
- Identification and Contact Details of the trial sponsor or its designated third party whose registered office may be inside OR outside the EU.
Cookies
We use cookies and/or other tracking technologies to distinguish you from other users of the App, Appstore, or Service Sites and to save your preferences. This helps us to provide you with a good experience when you use the App or browse any of Our Sites and also allows us to improve the App and Our Sites. For detailed information about the cookies we use, the purposes for which we use them, and how you can exercise your choices regarding our use of your cookies, please email PatientGO@illingworthresearch.com.
How we use your personal and Special Category data
We will only use your personal data where the law permits us to do so. We will typically use your personal data in the following circumstances:
- In cases where you have given your consent prior to processing.
- Nos casos em que precisarmos de executar um contrato que estamos prestes a celebrar ou que já celebrámos consigo.
- Nos casos em que seja necessário para os nossos interesses legítimos (ou de terceiros) e os seus interesses e direitos fundamentais não se sobreponham a esses interesses.
- Nos casos em que seja necessário cumprir uma obrigação legal ou regulamentar.
Fins para os quais iremos utilizar os seus dados pessoais e de Categorias Especiais
Fim/atividade | Tipo de dados | Base legal para o tratamento |
Para instalar a Aplicação e registá-lo como novo utilizador da Aplicação | Identificação Contacto Financeiros Dispositivo |
O seu consentimento Execução de um contrato consigo Necessário para os nossos interesses legítimos (para reembolsar as suas despesas) |
Para processar pedidos realizados na Aplicação e prestar Serviços, incluindo a gestão de pedidos de viagem/alojamento e o cumprimento de pedidos de reembolso. | Identificação Contacto Financeiros Transações Dispositivo Localização Dados de Categorias Especiais |
O seu consentimento Execução de um contrato consigo Necessário para os nossos interesses legítimos (para reembolsar as suas despesas) |
Para gerir a sua relação connosco, incluindo as notificações que lhe são enviadas relativas a alterações na Aplicação ou em quaisquer Serviços | Identificação Contacto Financeiros Perfil |
O seu consentimento Execução de um contrato consigo Necessário para os nossos interesses legítimos (para manter os registos atualizados e para analisar a forma como os clientes utilizam os nossos Serviços) Necessário para o cumprimento de obrigações legais (para o informar sobre quaisquer alterações nos nossos termos e condições) |
Para administrar e proteger a nossa atividade e esta Aplicação, incluindo a resolução de problemas, análise de dados e testes de sistema | Identificação Contacto Dispositivo |
Necessário para os nossos interesses legítimos (para gerir as nossas atividades; prestação de serviços administrativos e informáticos; segurança da rede) |
Divulgação dos seus dados pessoais
Quando consentir em fornecer-nos os seus dados pessoais e de Categorias Especiais, pediremos também o seu consentimento para partilhar os seus dados pessoais com os terceiros abaixo indicados para os fins indicados na tabela:
- Terceiros internos, tal como estabelecido no Glossário.
- Terceiros externos, tal como estabelecido no Glossário.
- Third parties to whom we may choose to sell, transfer, or merge portions of our business or assets. Alternatively, we may acquire other businesses or merge with them. If there is a change in our business, the new owners may use your personal and Special Category data in the same way as set out in this privacy policy.
International transfers
Many of our external third parties are based outside the EEA, so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data outside the EEA, we ensure a similar degree of protection by ensuring that at least one of the following safeguards applies:
- We will only transfer your personal data to countries that the European Commission says provide an adequate level of protection for personal data. For more information, please refer to the European Commission: Adequacy of the protection of personal data in countries outside the EU.
- Where certain service providers are used, we may use specific contracts approved by the European Commission that give personal data the same protection as it does in Europe. For more information, see the European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the U.S., we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection as personal data shared between Europe and the U.S. For more information, please see the European Commission: EU-US Privacy Shield.
Please contact us if you would like more information about the specific mechanism used by us when transferring your personal data outside the EEA.
Data security
All information you provide to us is stored on our secure servers. Information stored "at rest" on our secure servers is protected by industry-standard data encryption. Where we have given you (or have chosen) a password that enables you to access certain parts of Our Sites, you are responsible for keeping such password confidential. We ask that you do not share your passwords with anyone.
Once we receive your information, we will use strict procedures and security mechanisms to try to prevent your personal data from being inadvertently lost, used or accessed in an unauthorised way. Data that is transmitted between you as a User (End User) and Illingworth in connection with the Service is protected using industry-standard encryption methods. The data stored on our servers is protected through encryption at rest and state-of-the-art firewalls to prevent unauthorized access.
No personally identifiable data is stored on the End User's device. Two encrypted tokens are stored on the End User's device to facilitate login.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulatory authority where we are legally required to do so.
Data retention
To the extent permitted by law, we must retain basic information about you (including Contact, Identification, Financial and Transaction Data) for seven years after the completion of the Clinical Trial for financial audit purposes.
In some circumstances, you can ask us to delete your data: see Your legal rights below for more information.
In some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without notice to you.
Your legal rights
In certain circumstances, you have the following rights under data protection laws in relation to your personal data.
- Request access to your personal data (commonly known as a "data subject access request")
- Request correction of the personal data we hold about you
- Request deletion of your personal data
- Object to processing where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on that ground, as you feel that it has an impact on your fundamental rights and freedoms
- Request restriction of processing of your personal data
- Request the transfer of your personal data to you or a third party
- Withdraw your consent at any time where you have given us your consent to process your personal data
You can exercise these rights at any time by contacting us at 1 Pinehurst Road, Farnborough GU14 7BF OR at the email address PatientGO@illingworthresearch.com
Glossary
Legal basis
Consent means the processing of your personal data where you have agreed through a statement or a clear consent to the processing for a particular purpose. Consent will only be valid if it is a voluntarily given, specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us.
EEA means the European Economic Area.
Legitimate Interest means the interest of our business in conducting and managing our business in order to enable us to offer you the best service/product and a better and safer experience. We make sure that we consider and weigh up any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests outweigh the impact on you (unless we have your consent or are required or permitted to do so by law). You can learn more about how we assess our legitimate interests against any potential impact on you with respect to specific activities by contacting us.
Performance of the Contract means the processing of your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into such a contract.
Compliance with a legal obligation means the processing of your personal data where it is necessary for compliance with a legal obligation to which we are subject.
Third party
Internal third parties
Other companies of the Illingworth Group that act as joint data controllers or processors and that are based in Spain, France, Italy, Australia and the United States of America, and that provide IT and system administration services and carry out reports on administration.
External third parties
Service providers acting as subcontractors who provide IT and systems administration services.
Professional advisers acting as processors or joint controllers, including lawyers, bankers, auditors and insurers providing consultancy, banking, legal, insurance and accounting services.
Service providers acting as subcontractors who provide you with travel, accommodation, and transportation as part of the Services.
UK Revenue and Customs Administration (HM Revenue and Customs), regulatory authorities and other authorities acting as processors or joint controllers based in the UK who require reporting of processing activities in certain circumstances.