Privacy Policy

Overview

This Privacy Policy (the “Policy”) explains how Elligo Health Research® collects, uses, discloses, and protects personal data that we collect through our websites, https://www.elligo.com, https://elligocrc.com/, https://researchascare.com,and https://clin-edge.com/ (collectively, the “Sites”). We respect your security concerns and are committed to protecting your privacy. This privacy policy does not apply to sponsor-specific websites that we may operate on their behalf.

What Data Do We Collect?

We collect a variety of personal data from and about you through the Sites, including:

Data You Provide Directly to Us. We collect personal data from you when you provide it directly to us, such as:

• Contact information, such as your first name, middle name, last name, salutation, home address, email address, phone number, company name, job title, type of organization, your reason for contacting us, and therapeutic area. We collect contact information to contact you in the future and provide information we believe responds to your request or that may interest you.
• Authentication information, such as your username or email address and password. We collect authentication information to allow you to access your account and apply for career opportunities with us.
• Professional and employment-related information and education information you submit when you apply for a job with us, such as your resume, links to social media profiles, responses to application questions including your race, gender, veteran and disability status, and any other information you provide in your employment inquiries or applications. Additional inquiries include whether you need a visa sponsorship to work with us, your salary requirements, and whether you work or have worked with us before. We collect employment-related information and education information to assess whether you meet our hiring standards and needs.
• Referral information, including how you found out about us and the name of the person or source that referred you to us, if any. We collect referral information to develop effective marketing strategies and improve our overall growth.
• If you represent a site, sponsor, or CRO, information about your organization, such as your company name, therapeutic focus, address, phone number, the type of organization that you represent, and the services you are interested in. We collect information about your organization to contact you and to better serve your organization’s needs.
• If you represent a site, information about your clinical trial preferences and capabilities, such as whether you recommend clinical trials as a treatment option for select patients, whether you enjoy learning about innovation or new treatments, and other information about your facilities and practice size, and record management and billing practices. We collect information about your clinical trial preferences and capabilities to develop better clinical research strategies based on our network of sites.
• Any personal data you provide if you contact us generally with questions, requests, comments, requests for quotes, complaints, or to exercise your legal rights. When you contact us, we collect the personal data you choose to provide to answer your questions and address the issue you are contacting us about.

Data Collected Automatically. When you browse or use the Sites, we may collect other personal data through commonly-used logging and analytics tools that collect information about your browser, your device, the network used to access the Sites, and information about your use of the Sites (such as how you navigate and move around the Services). We collect this tracking data to better understand your use of the Sites, provide you with certain functionalities within the Sites, and improve the Sites and our services.

We also partner with third-party advertising companies. Advertisers sometimes include their own web beacons, cookies or pixels (or those of their other advertising partners) within their advertisements enabling them to set and read their own cookies. These third parties may place cookies on your computer and collect data about your online activities across websites or online services over time.

We use ad networks to serve advertisements across the Internet. These advertisers use cookies, pixel tags, and other tracking technologies to collect information about your online activity and provide online behavioral advertising.

Information collected automatically includes the software and hardware attributes of the device and browser you use to access the Sites, unique device ID information, regional and language settings, performance data about the Sites, network provider, clickstream data, information about the website from which you came, and IP address (a number assigned to your device when you use the Internet). In addition, information is collected automatically in the form of log files and third-party analytics that record website activity. For example, log file entries and analytics data are generated every time you visit a particular page on our website, and track the dates and times that you use the Sites, the pages you visit, the amount of time spent on specific pages, and other similar usage information, and general data (including the name of the web page from which you entered our website).

• Location Information. We may collect general location information provided by your device. See the “YOUR CHOICES” section below for more information about how to disable or limit the collection of location data.
• Cookies, Web Tracking, and Advertising. We, and our analytics and marketing automation service providers, may collect information about you through cookies. Cookies are pieces of information stored directly on users’ computers or other devices. Cookies allow us to automatically collect information as described above. We and third parties may also use cookies for purposes such as determining what features interest our users, personalizing and revising our site features or operations, and delivering advertisements and evaluating their effectiveness.
• Do Not Track (DNT). Do Not Track is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. Our Sites may not respond to Do Not Track signals.

See the “YOUR CHOICES” section below for more information about how to disable or limit cookies and ads.

Information Obtained from Other Sources. We receive personal data from third parties that we have engaged to provide services to us, as well as from third parties that provide web analytics and usage information to us such as Google Analytics. We receive personal data from third parties to learn more about the services these third parties perform for us and about your interactions with our Sites.

These third-party sources may include:

• Our affiliates.
• Service providers, including analytics and marketing automation service providers.
• Partners with whom we share and receive personal data.
• Publicly-available sources, such as open government databases.

Our Purposes for Processing Personal Data

As a general matter, we collect, use, disclose, and store your information in connection with our Sites when we have an appropriate legal basis:

1. Your Consent. We process personal data to the extent you provide your consent. For example, you may exercise choices about the technology we use in association with the Sites, and we will ask permission if we process personal data for a purpose that is not already identified by this Privacy Policy. Although you may have choices about our processing of personal data, please note that if you choose not to provide data necessary to access certain Sites’ functionalities or features, you may not be able to use that functionality or feature.
2. Legitimate Interests. We process personal data for our legitimate interests, consistent with your rights and appropriate to the context, for example:
   • Providing you with information tailored to your requests, responding to inquiries, and communicating with you about your account and use of the Sites, including responding to your comments, questions, and concerns;
   • Providing the Sites’ functionalities and features;
   • Storing information about your preferences and customizing your experience on the Sites;
   • Operating, maintaining, modifying, and improving the quality of the Sites and such content, products and/or services as we may make available through the Sites, including understanding our audience size and usage patterns and identifying and repairing issues impairing intended functionality;
   • Performing analytics;
   • Compliance with applicable laws, regulations, rules, and requests of relevant law enforcement and/or other governmental agencies and for other administrative and fraud detection purposes;
   • Endeavoring to protect and secure the Sites, including against fraud and other misuse, and our and our partners and affiliates’ rights, property, or safety, and the rights, property, and safety of our users and other third parties;
   • To engage in or enable internal uses of personal data consistent with our relationship with you, or compatible with the context in which you provided the information, such as internal research for technology development;
   • For marketing and advertising purposes, including contacting you regarding the services that we offer;
   • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding; and
   • For other purposes, as permitted or required by law or as authorized or directed by you.
3. Compliance with Legal Obligations and Protection of Individuals. We may process personal data to comply with the law and our legal obligations, as well as to protect you and other individuals from certain harms.

Sharing Personal Data

Some of the above processing may involve sharing collected personal data with third parties, including service providers, affiliates, and other partners, as described below.

• We may share personal data with third parties when you direct us to do so or as otherwise necessary to address your requests;
• We may share personal data among our affiliated entities and with our subsidiaries to address your requests and to provide you with the functionality of the Sites;
• We may share personal data with our service providers, including software and web developers, commercial email providers, security consultants, and other vendors we engage to allow them to fulfill the services they provide to us;
• We may share personal data we collect with certain partners, prospective partners, and service providers to comply with contracts and perform joint business transactions;
• We may share personal data to communicate with you and others, including for marketing purposes;
• We may share personal data to enforce our legal obligations and to protect our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties;
• We may share personal data to protect and secure the Sites, including against fraud and other misuse, and our and our partners’ rights, property, or safety, and the rights, property, and safety of our users and other third parties;
• We may share personal data with third parties when we believe it is required by, or necessary to comply with, applicable law, a court order, legal process, or other governmental or regulatory requests;
• We may share personal data with a buyer or other successor or organization in the event of an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all our assets, including as part of bankruptcy, liquidation, or similar proceedings; and
• We may share personal data for such purposes as you may authorize or direct us.

Protecting Personal Data

We maintain safeguards intended to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal data. The safeguards in place are those that we deemed appropriate to protect from unauthorized access.

However, no method of safeguarding information is completely secure. While we use measures designed to protect personal data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Sites is or will be secure.

Accessing or Correcting Your Information

You may send us an email at privacy@elligodirect.com to request access to or correction of any personal data you believe we have collected by the Sites. If you reside in a jurisdiction that provides additional rights to access or correct personal data, such as California or the European Union, more information about your rights is provided below.

Your Choices

You have choices about the personal data we collect, how we communicate with you, and how we process certain personal data. For example, when you are asked to provide personal data, you may decline to do so. However, if you choose not to provide personal data that is necessary to provide any aspect of our Sites’ features or functionalities, you may not be able to use those features or functionalities. Other examples of your choices, and how to exercise them, include:

Cookie Preferences. You can accept or reject certain cookies for the Sites, including those relevant to our targeted ads, through our Cookie Preference Center. You can also manage cookies by adjusting your web browser controls.

Tailored Advertising. We currently employ third-party service providers to deliver display and banner ads or links on our behalf, throughout the Internet. Our service providers use cookie and pixel technologies as described above to deliver tailored advertising based on your engagement with our website. You may click the preference icon that may appear on some of our display or banner ads to suppress future tailored advertisements. You also may be able to manage your third-party advertising preferences through the Network Advertising Initiative. You can manage cookies as described above.

Communications Opt-Out. You may opt out of receiving marketing or other communications from us at any time through a given communications channel (such as text, email or telephone) by following the opt-out link or other unsubscribe instructions provided in the communication received, or by contacting us as provided in the CONTACT INFORMATION AND ASSISTANCE section at the end of this Privacy Policy. If you wish to opt out by sending us an email to the address provided below, please include “Opt-Out” in the email’s subject line and include your name and the email address you used to sign up for communications in the body of the email.

Location Information. If you want to limit or prevent our ability to receive location information, you can manage permissions though some browsers or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.

International Data Transfers

Your personal data will be stored and processed in your region, in the United States, and in any other country where we or our affiliates, subsidiaries, or service providers operate. By your use of the Sites, you acknowledge that we will transfer your data to, and store your personal data in, jurisdictions which may have different data protection rules than in your country. In addition, your personal data may become accessible as permitted by law in those territories, including to law enforcement and/or national security authorities in those territories.

When we transfer personal data subject to the data protection laws of the European Economic Area, Switzerland, or the United Kingdom to entities located outside those jurisdictions, we will rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, or frameworks deemed adequate by the European Commission or relevant governmental authorities of Switzerland or the United Kingdom.

Additional Information for Residents of the European Economic Area, Switzerland, or the United Kingdom

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you may have rights in respect to your personal data. Please note that these rights extend to personal data we collect and process through the Sites; personal data we collect and process on behalf of customers in our role as a data processor is not subject to this policy. Your rights may include, depending on the circumstances surrounding the processing of personal data:

• The right to object to or request restriction of processing of personal data or object to processing of personal data carried out pursuant to (i) a legitimate interest or (ii) performance of a task in the public interest;
• The right to access your personal data and other information about our processing of your personal data;
• The right to correct inaccurate personal data about you that we process;
• The right to data portability, which means that you can request that we provide certain personal data we hold about you in a format you can more readily use;
• The right to erasure, which means that you can request deletion or removal of certain personal data we process about you;
  • Where processing of personal data about you is based on consent, the right to withdraw your consent to such processing; and
  • The right to lodge a complaint with a supervisory authority.

You may exercise these rights, to the extent they apply, by contacting us as provided at the end of this Privacy Policy. Please be prepared to provide reasonable information to identify yourself and authenticate your requests.

Retention of European Economic Area, Switzerland, or United Kingdom Personal Data. We retain personal data for as long as necessary to carry out the processing activities described in this Policy, including but not limited to providing the features and functionalities of the Sites or other services we make available through the Sites, compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and protecting our and our business partners’ and customers’ rights, property, or safety, and the rights, property, and safety of our users and other third parties.

EU Representative. We appointed EU Business Partners as our representative in the EU for the purposes of Article 27 of GDPR. You may contact us or our EU representative with questions regarding our processing of your personal data. The contact details are as follows:

EU Business Partners
10 Ashe Street, Clonakilty, County Cork, P85 E4303, Ireland
info@eubusinesspartners.com
Flor McCarthy, Director

UK Representative. We appointed UK GDPR Representatives Limited as our representative in the UK for the purposes of Article 27 of the UK GDPR. You may contact us or our UK representative with questions regarding our processing of your personal data. The contact details are as follows:

UK GDPR Representatives Limited
7 Bell Yard, London, WC2A 2JR, United Kingdom
info@ukgdprrepresentative.com
Flor McCarthy, Director

Additional Information for Residents of California

This section of the Privacy Policy applies solely to consumers who reside in the State of California (“consumers” or “you”), and generally to the personal data of a particular consumer or household (“California Personal Data”). Provided, however, that California Personal Data does not include, and this section of the Privacy Policy does not apply to, information excluded from or otherwise not regulated by the California Consumer Privacy Act, as amended, unless otherwise indicated below.

California Personal Data We Collect. We have collected the following categories of California Personal Data regarding consumers within the last 12 months:

• Personal data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, address, and telephone number. Some personal data included in this category may overlap with other categories.
• Identifiers such as your real name, alias, postal address, zip code, telephone number, email address, account name, IP address, or other similar identifiers.
• Unique and online identifiers such as device identifiers, internet protocol addresses, cookie identifiers, beacon identifiers, pixel tags or mobile ad identifiers or similar technology, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device.
• Internet or other electronic network activity information identifies or could reasonably be linked to you, such as browsing history, search history and information regarding an individual’s interaction with an internet website, application, or advertisement.
• Protected classification characteristics under California or federal law, which includes age if 40 years or older, race, color, citizenship, medical condition, physical or mental disability, sex (including gender, pregnancy or childbirth and related medical conditions), and veteran or military status for employment-related purposes.
• Inferences drawn from personal data, such as person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.

Sources of California Personal Data. We may obtain the categories of California Personal Data that we collect as indicated above from the following categories of sources.

• Directly from you. For example, through website forms you complete.
• Automatically and indirectly from you, such as through logging and analytics tools, cookies, pixel tags, and other automatic data collection.
• From third parties, such as our service providers, communications services, affiliates, and other business partners.

Use of California Personal Data. We may use the categories of California Personal Data that we collect, as described above, for one or more of the business purposes and commercial purposes described in the OUR PURPOSES FOR PROCESSING PERSONAL DATA section above.

Retention of California Personal Data. We retain California Personal Data, including California Sensitive Personal Information, for as long as necessary to carry out the processing activities described in this Policy, including but not limited to providing the features and functionalities of the Sites or other services we make available through the Sites, compliance with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, and protecting our and our business partners’ and customers’ rights, property, or safety, and the rights, property, and safety of our users and other third parties.

Disclosing California Personal Data. We may disclose the categories of California Personal Data that we collect as indicated above to the categories of third parties described in the HOW DO WE PROCESS PERSONAL DATA? section above. In the preceding 12 months, we may have disclosed categories of California Personal Data that we collected, as described above, for a business purpose.

We do not directly exchange California Personal Data for financial remuneration, such as monetary compensation. However, under the CCPA, a “sale” of California Personal Data is now defined in a manner that includes disclosures in exchange for anything of value, such as other information.

California Personal Data Rights and Choices. The CCPA provides consumers with specific rights regarding their California Personal Data. The below sections describe the rights you may have and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights. You have the right to request that we disclose certain information to you about our sale, collection, use, and disclosure of your California Personal Data over the past 12 months. If we receive and confirm a verifiable consumer request from you pursuant to the Exercising Access, Data Portability, and Deletion Rights section below, we will disclose one or all of the following depending on the scope of the request:

• The categories of California Personal Data we collected about you over the past 12 months.
• The categories of sources for the California Personal Data we collected about you over the past 12 months.
• Our business or commercial purpose for collecting California Personal Data about you over the past 12 months.
• The categories of third parties with whom we shared California Personal Data over the past 12 months.
• The specific pieces of California Personal Data we collected about you over the past 12 months.
• If we disclosed or sold your California Personal Data for a business purpose, a list of the disclosures for a business purpose identifying the categories of California Personal Data disclosed and a list identifying the California Personal Data sold and the categories of third parties who purchased that California Personal Data.

Deletion Request Rights. Subject to certain exceptions, you have the right to request that we delete the California Personal Data that we collected about you. Once we receive and confirm your verifiable consumer request, we will delete your California Personal Data from our records, unless an exception applies.

Correction Request Rights. Subject to certain exceptions, you have the right to request that we make a correction to the California Personal Data that we collected about you if it is inaccurate. Once we receive and confirm your verifiable consumer request, we will correct your California Personal Data, unless an exception applies.

Sensitive Personal Information Rights. Subject to certain exceptions, you have the right to request that we limit the use and disclosure of the California Sensitive Personal Information. If you believe we have collected your Sensitive Personal Information for a purpose other than legal compliance, you may inquire by using the contact methods provided below. Once we receive and confirm your verifiable consumer request, we will limit the use and disclosure of your California Sensitive Personal Information, unless an exception applies.

Exercising Access, Data Portability, Deletion, Correction, and Sensitive Personal Information Rights. To exercise the access, data portability, deletion, correction, and sensitive personal information rights described above, please submit a verifiable consumer request to us by contacting us as provided at the end of this Privacy Policy. Please be prepared to provide reasonable information to identify yourself and authenticate your requests.

Only you, or an authorized agent registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your California Personal Data.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Your request must provide information sufficient to permit us to reasonably verify you are the person about whom we collected California Personal Data, or an authorized representative of that person. Your request also must include sufficient detail for us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with California Personal Data if we cannot verify your identity or authority to make the request and confirm the California Personal Data relates to you. We will provide a response to your verifiable consumer request within 25 days of receipt.

Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable request. If we cannot fulfill, or are permitted to decline, your request then we will alert you or your authorized representative. For data portability requests, we will select a format to provide your California Personal Data that is readily usable.

If your request is manifestly unfounded, repetitive, or excessive, including if you have made several repetitive requests, we may charge a reasonable fee to respond. We also may decline to respond, in which case we will notify you.

Third-Party Websites and Services

As a convenience, we may reference or provide links to third-party websites and services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business. When you access these third-party services, you leave our Sites, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any third-party websites and services. You access these third-party services at your own risk. This Privacy Policy does not apply to any third-party services; please refer to the Privacy Policies or notices for such third-party services for information about how they collect, use, and process personal data.

Modifications and Updates to This Privacy Policy

We reserve the right, in our sole discretion, to modify, update, remove, or otherwise change our Privacy Policy at any time and without prior notice to reflect changes regarding our information practices. This Privacy Policy replaces any previous disclosures we may have provided to you about our information practices. When we make changes to our Privacy Policy, we will update the Last Updated date of the Policy above. We encourage you to periodically review this Policy for the latest information on our privacy practices.

Contact Information and Assistance

If you have any questions or concerns about this Privacy Policy and/or how we process personal data, or would like to exercise any applicable legal rights set forth above, please contact via the methods provided below:

Elligo Health Research, Inc.

Individual Privacy Rights Requests: https://www.elligohealthresearch.com/data-subject-request-form/

Email: privacy@elligodirect.com
Phone: 512-351-4565
Toll Free (United States, Guam, Puerto Rico and Canada): 833-254-2356

Mail: Elligo Health Research, Inc.
Attn: Privacy Officer
11612 Bee Cave Road, Building 1, Suite # 150
Austin, TX 78738