PRIVACY POLICY

Effective 13 June 2014

This BIO Notifier® service (the “Service,” which term shall include any related services and websites of BBK offered with or through the Service) was created by BBK Worldwide, LLC, and is powered by TCN Technologies, LLC (“BBK” and “TCNTech,” respectively). BBK and TCNTech have created this privacy policy (the “Privacy Policy” or “Policy”) as part of the Service to help users understand what information We collect and what We may do with that information. This Privacy Policy discloses Our information gathering and dissemination practices for all users of the Service created to alert registered physicians and other relevant individuals about research project opportunities that may be of interest. By using the Service, You are signifying Your acceptance of this Privacy Policy. If You do not agree to this Privacy Policy, You are not permitted to use the Service.

DEFINITIONS: In this Privacy Policy, the following terms have the following meanings unless the context requires otherwise:

“Non-personally identifiable information” is information that any single item of which, by itself, cannot be used to identify or contact You, such as demographic information (for example, age, profession, gender, current location and other geolocation information, zip code, birth date, or year of birth), Internet Protocol (IP) addresses, browser types, information relating to Your device, domain names, and other statistical data involving the use of the Service. Certain non-personally identifiable information may be considered a part of Your personally identifiable information if it is combined with other identifiers (for example, combining Your zip code with Your street address) in a way that enables You to be identified. But the same pieces of information are considered non-personally identifiable information when they are taken alone. With respect to location information, please note that We may use satellite, Wi-Fi, or other network-based location data, such as Your IP address. Use of assisted positioning methods may involve exchanging Your location data wireless network identifiers along with Your unique device or network service provider identifiers with a location server. Your device may connect to other service providers’ servers, which are not controlled and operated by BBK.

“Personally identifiable information” is any information that could be used to identify, contact, or locate the person to whom it relates (such as name, residence, telephone number, e-mail address, user names and passwords; Your consents, preferences and self-identifying feedback, certain information relating to Your device; or any other identifying information). Such personally identifiable information may be combined, directly or indirectly, with any health information about that person, including but not limited to, health information that BBK may receive from sources other than such person.

“Personal information” is information relating to an identified or identifiable natural person

“We, Us, Our” means BBK Worldwide, LLC and TCN Technologies, LLC.

“You, Your, Yourself” means the person who accepts this Privacy Policy and applicable terms and conditions by using the Service.

SUMMARY OF POLICY: Except as provided herein or as authorized by You, Your personally identifiable information may be disclosed by Us only to the company sponsoring a research project, individuals and administrators involved in managing various aspects of the project, and regulatory and government entities. We use appropriate security measures to protect any personally identifiable information We transmit or store. BBK is certified to the Safe Harbor frameworks, as promulgated by the United States Department of Commerce to comply, respectively, with the European Union and Swiss privacy protection requirements (the “Safe Harbors”). BBK adheres to the U.S.-EU and U.S.-Swiss Safe Harbor Privacy Principles. To learn more about the Safe Harbors, please visit www.export.gov/safeharbor.

The following is Our Privacy Policy in detail.

HOW INFORMATION IS COLLECTED

Submission by You and Third Parties We will collect personally identifiable and other information from You if You voluntarily submit the information to Us through any mechanism (including online and offline channels), such as when You register for an account, provide responses to questionnaires, or submit inquiries to Us. In addition, We may receive personally identifiable and other information about You from third parties.

Cookies and Action Tags We may collect non-personally identifiable information passively using “cookies” and “action tags.” “Cookies” are small text files that are placed on Your computer or mobile device in order to identify Your web browser and the activities of Your computer or mobile device when using the Service. Cookies are used to personalize Your experience on the Service (such as dynamically generating content on webpages specifically designed for You), to assist You in using the Service (such as saving time by not having to reenter Your name each time You use the Service), and to allow Us to statistically monitor how You are using the Service to help Us improve Our offerings. You do not have to accept cookies to use the Service. Although most browsers are initially set to accept cookies, You may reset Your browser to notify You when You receive a cookie or to reject cookies generally. Most browsers offer instructions on how to do so in the “Help” section of the toolbar. However, if You reject cookies, certain features or resources of the Service may not work properly and You may experience some loss of convenience. “Action tags,” also known as web beacons or gif tags, are a web technology used to help track Service usage information, such as how many times a specific page has been viewed. Action tags are invisible to You, and accessing any online service, including advertisements, from the Service may result in the creation of action tags. By using cookies and action tags together, We are able to gain valuable information to improve Our Service and other services and measure the effectiveness of Our advertising and marketing campaigns. Finally, You should be aware that third parties may also use their own cookies or action tags when You click on their link to their websites or services on or from the Service. This Privacy Policy does not govern the use by such third-party websites or services or providers of third-party advertising.

Log Files We also may collect non-personally identifiable information through our Internet log files, which record data such as user IP addresses, browser types, domain names, and other anonymous statistical data involving the use of the Service. This information may be used to analyze trends, to administer the Service, to monitor the use of the Service, and to gather general demographic information. We may link this information to personally identifiable information for these and other purposes such as personalizing Your experience on the Service and evaluating the Service in general.

USE OF PERSONALLY IDENTIFIABLE INFORMATION: Except as otherwise provided in this Policy, or as authorized by You, We will keep Your personally identifiable information private and will not share it with third parties outside Our controlled subsidiaries, affiliates, and suppliers, unless such disclosure is necessary and permitted by applicable law to: (a) comply with applicable law, legal process (such as a court order, subpoena, or search warrant), or other legal requirements of any governmental authority; (b) protect Our rights or property; (c) enforce any terms and conditions of use or agreements applicable to the Service or other of Our services or websites (“Services”) and that incorporate this Policy by reference; (d) protect the interest of users of Our Services (other than You), or any other person or the general public; (e) detect fraud; or (f) operate or conduct maintenance and repair of Our Services or equipment. In order for You to access certain services that We may offer via the Service or otherwise, We may require You to provide Us with personally identifiable information. In general, We use Your personally identifiable information and other information to deliver the Services or carry out the transactions You have requested, to help Us understand who uses Our Services, for internal operations such as to improve the Service, to contact You for various purposes, to facilitate the delivery of advertising (including but not limited to, location-based advertising) by Us and third parties, to communicate with You generally, and to send certain mandatory Services-related communications. You may choose not to provide Us with any personally identifiable information. In such an event, You can still access and use much of the Service. You, however, will not be able to access and use those portions of the Service that require Your personally identifiable information. When We are called in by a research sponsor to conduct a research project, We may receive personally identifiable information given voluntarily by individuals interested in participating in one or more projects. We may use the personally identifiable information volunteered by an individual to determine if a project opportunity would be appropriate to him or her, to provide him or her with information on how to participate in a project, or to conduct follow-up communications about a project. When We refer an individual interested in project participation on to the sponsor of the project, We transmit to the sponsor the personally identifiable information volunteered by the individual to facilitate the assessment process. When We analyze project information and results in reports We prepare for a research sponsor, We may use personally identifiable information in such reports. If asked to do so, We may also share personally identifiable information with government health officials and regulatory entities overseeing the research project and/or with the sponsor or the sponsor’s agents. We may also use information about groups rather than individuals to track and analyze participation in various projects, or to show demographic trends, geographic groupings, or other aggregate statistics. These aggregate statistics may be disclosed to parties outside the research project. Except as provided herein or as authorized by You, We do not share, rent, or sell to anyone outside the research project any personally identifiable information provided to Us. Except as otherwise stated in this Policy or as authorized by You, We do not use personally identifiable information for any purpose other than the purpose for which the information was originally supplied, or the purposes described in this Policy, unless We have obtained consent from the affected persons. We may contact individuals interested in research project participation about future opportunities. Notwithstanding anything herein to the contrary, We may transfer, sell, or assign information concerning Your use of the Service including, without limitation, personally identifiable information and personal information to third parties, as a result of the sale, merger, consolidation, change in control, transfer of substantial assets, reorganization, discontinuation of business or liquidation of BBK or TCNTech or in the event that We file a petition or have filed against Us a petition in bankruptcy, reorganization, or similar proceeding, provided that the third parties agree to adhere to the terms of this Privacy Policy.

ACCESSING, REVIEWING, AND CHANGING YOUR PROFILE: Following registration, You can review and change the information that You submitted during the registration process. If You change Your password and e-mail address, We will retain a record of Your previous password(s) and e-mail address(es). You can also change Your information such as: name, address, city, state, ZIP/postal code, country, phone number, and e-mail. Upon Your notification that You wish to opt out of The BIO Notifier®, We will remove Your Profile from our active databases as soon as reasonably possible in accordance with Our policy and applicable law. We will retain in Our files information that You have requested be removed from Our active databases for certain purposes, such as to resolve disputes, troubleshoot problems, and enforce our Terms and Conditions. Further, such prior information may never be completely removed from Our databases due to technical and legal constraints, including stored “back up” systems. Therefore, You should not expect that all of Your personally identifiable information will be completely removed from our databases in response to any request that You may submit.

CONTROL OF YOUR PASSWORD: You are responsible for all actions taken with Your login information and password. Therefore, we do not recommend that You disclose Your BIO Notifier password or login information to any third party. If You choose to share this information with any third party, You are responsible for all actions taken with Your login information and password. If Your password has been compromised in any way, You should immediately change Your password.

DATA INTEGRITY: Except as otherwise stated in this Policy or as authorized by You, We use Your personal information in a way that is compatible with and relevant for the purpose for which it was collected. To the extent necessary for these purposes, We take reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.

OPT-OUT CHOICES: If You no longer wish to have Your personal information disclosed to third parties, You may choose to “opt-out” by notifying Us to that effect. To do so, send an e-mail to inquiry@bbkworldwide.com. Please be aware that Your personal information may have been disclosed to third parties prior to Our receipt of Your notification. Also, BBK will provide You with notice before using Your personal information for a purpose other than that for which it was originally collected or subsequently authorized by You, and You may choose to “opt-out” of such use by following the directions provided in the notice. However, even after any “opt-out” or removal of Your personal information, We reserve the right to disclose Your personal information to a third party when We believe in good faith that We are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, or other valid legal process.

SENSITIVE INFORMATION: If We collect information from You specifying medical or health conditions; racial or ethnic origin; political opinions; religious, ideological, or philosophical beliefs; trade union membership; information on social security measures or administrative or criminal proceedings or sanctions (which are treated outside pending proceedings); or information with respect to personal sexuality (collectively, “Sensitive Information”), We will not (a) disclose such Sensitive Information to a third party or (b) use such Sensitive Information for a purpose other than those for which it was originally collected or subsequently authorized by You without obtaining Your affirmative “opt-in” (unless We believe in good faith that We are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, or other valid legal process).

ONWARD TRANSFER: Before We disclose any of Your personal information to a third party, We will ascertain that the third party subscribes to the Safe Harbors or is subject to the European Commission’s Directive on Data Protection, or We will require the third party to agree in writing to provide at least the same level of privacy protection as is required by this Privacy Policy.

INFORMATION FROM CHILDREN UNDER 13 YEARS OF AGE: We are committed to protecting the privacy of children. The Service is not designed for or directed to children under the age of 13, and We do not collect personally identifiable information from any person We actually know is under the age of 13.

AFFILIATES: We may disclose information (including personally identifiable information) about You to Our Corporate Affiliates. For purposes of this Privacy Policy, “Corporate Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with Us, whether by ownership or otherwise. Any information relating to You that We provide to Our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.

THIRD PARTIES GENERALLY: We may provide to third parties non-personally identifiable information, including where such information is combined with similar information of other users of the Service. For example, We might inform third parties regarding the number of unique users who use the Service, the demographic breakdown of Our users of the Service, or the products and/or services purchased using the Service and the vendors of such products and services. We may also provide to third parties personally identifiable information. For example, We might share our users’ responses to questionnaires, preferences, and e-mail addresses with third parties in order for third parties to assess a user’s qualification to participate in a research project. The third parties to which We may provide personally identifiable and non-personally identifiable information may include potential or actual advertisers, providers of advertising products or services (including vendors and website tracking services), merchants, affiliates, and other actual or potential commercial partners, sponsors, licensees, researchers, and other similar parties.

OUTSIDE CONTRACTORS: We may employ independent contractors, consultants, vendors, and suppliers, such as a call center, mail house, or any other third party who may need to receive or handle personally identifiable information on Our behalf (collectively, :Outside Contractors:) in connection with the performance of obligations and exercise of rights under this Privacy Policy and the Service Terms and Conditions and to provide specific services and products related to the Service, such as hosting and maintaining the Service, providing credit card processing and fraud screening, providing shipping services, and developing applications for the Service and e-mail services. In the course of providing products or services to Us, these Outside Contractors may sometimes have access to information collected through the Service, including Your personally identifiable information. If We have not ascertained that such Outside Contractors subscribe to the Safe Harbors or are subject to the European Commission’s Directive on Data Protection, We require these Outside Contractors to agree in writing to provide at least the same level of privacy protection with respect to Your personal information as is required by this Privacy Policy; and not to use Your personally identifiable information for any purpose other than the purpose for which We retained them.

DATA SECURITY: Whenever We store or transmit personally identifiable information, We use a number of security procedures to prevent unauthorized access or disclosure. Our Service has security measures in place intended to protect the loss, misuse, and alteration of the information under Our control. We take reasonable steps to safeguard personal information We collect from unauthorized access or disclosure and accidental loss, misuse, alteration, or destruction. Notwithstanding the above commitments, be aware that there is always some risk involved in transmitting information over the Internet. There is also some risk that others could find a way to thwart Our security systems. As a result, while We strive to protect Your information, We cannot ensure or warrant the security or privacy of any information You transmit to Us, and You do so at Your own risk.

In connection with any research projects that We support, We use a web-based communication and database tool called TrialCentralNetSM, which serves as the repository for data collected in conjunction with the research project, including any personally identifiable information We receive. Any personally identifiable information transmitted to or from TrialCentralNet is encrypted using a 256-bit web server certificate designed to prevent unauthorized entry or interception. TrialCentralNet uses distinct user access levels so that access to information associated with the research project is limited and appropriate for the needs of different users including BBK staff, research sponsors, associated personnel, and You. In addition, TrialCentralNet access requires a unique username and password for every user to prevent unauthorized access. Sessions are also time-limited in order to reduce the risk of unauthorized access if a user forgets to log out. The TrialCentralNet database and codebase are staged on servers in a secure, limited-access building, allowing Us to completely control the operating environment and physical security of information stored within TrialCentralNet. This also helps Us implement immediate recovery procedures, if necessary.

LINKS TO OTHER SERVICES OR ONLINE SERVICES: Our Service may contain links to other websites or online services not owned or operated by BBK (for example, if You “click” on a banner advertisement, You will likely be taken off the Service). Please be aware that We are not responsible for the privacy practices of such third-party Services or services. We encourage You to be aware when We enable You to link to other Services or services. You should read the privacy policies or statements of such websites and services. This Privacy Policy applies solely to information collected through use of the Service

DO NOT TRACK: The term “Do Not Track” refers to an HTTP header offered by certain web browsers to request that websites refrain from tracking the user. We take no action in response to Do Not Track requests.

HIPAA COMPLIANCE: The Health Insurance Portability and Accountability Act (HIPAA) is the United States federal law that controls the use and disclosure of personally identifiable health information by health insurers and healthcare providers, called “covered entities” under the statute. We are not a covered entity under the statute, and HIPAA does not apply to the personally identifiable information that a person interested in participating in a research project has voluntarily provided to a call center or website We set up.

COMPLIANCE WITH INTERNATIONAL REQUIREMENTS: BBK is certified to the Safe Harbor frameworks, as promulgated by the United States Department of Commerce to comply, respectively, with the European Union and Swiss privacy protection requirements (the “Safe Harbors”). BBK adheres to the U.S.-EU and U.S.-Swiss Safe Harbor Privacy Principles. To learn more about the Safe Harbors, please visit www.export.gov/safeharbor.

BUSINESS TRANSITION: If We experience a business transition that affects the way personally identifiable information is treated in any material way, such changes will be included in an updated version of this Policy posted in the same locations as the previous version of this Policy. We encourage You to check such locations periodically for any changes.

ACCEPTANCE OF PRIVACY POLICY: By using Our Service or other BBK Services, You signify Your assent to Our Policy. If You do not agree with this Policy, You are not permitted to use Our Service.

ACCESSING OR CHANGING PERSONAL INFORMATION: Anyone wishing to review or change or correct (or delete, if inaccurate) his or her own personal information should contact Our privacy officer at BBK Worldwide, LLC, 117 Kendrick Street, Suite 600, Needham, MA 02494, +1 (617) 630-4477, inquiry@bbkworldwide.com by mail, telephone, or e-mail. Notwithstanding the foregoing, We may be prevented by law from deleting an individual’s personal information if such information has been relied upon for purposes of completing clinical study research.

ENFORCEMENT, OTHER INQUIRIES, COMMENTS, OR COMPLAINTS: BBK uses the self-assessment method to verify the attestations and assertions made herein and to ensure that its privacy practices have been implemented as presented herein. If You have a question, concern, or complaint about Our handling of Your personal information, or if You believe Our response to an inquiry has not been satisfactory, please contact Our privacy officer at the address above. Our privacy officer will investigate and try to resolve in a timely manner any concern or complaint about Our use or disclosure of Your personal information in accordance with the principles contained in this Policy, including correcting any personal information, using personal information consistent with the U.S.-EU and U.S.-Swiss Safe Harbor Privacy Principles, reversing or correcting the effects of noncompliance, and assuring that future processing of personal information will be in conformity with this Policy, including the U.S.-EU and U.S.-Swiss Safe Harbor Privacy Principles. For any concern or complaint that cannot be resolved in this way, We have registered with and agreed to cooperate with the American Arbitration Association to resolve any disputes relating to this Policy. The American Arbitration Association can be contacted at www.adr.org or +1 (800) 778-7879.

POLICY CHANGES: You should be aware that We may revise this Privacy Policy at any time. However, We will not make changes that result in significant additional uses or disclosures of Your personally identifiable information without sending You an electronic notification that such changes have been made, or allowing You to “Opt In” to such changes. We may also make non-significant changes to this Privacy Policy that generally will not significantly affect Our use of Your personally identifiable information. We will post a notice advising of such change at the beginning of this Policy and on the home page of the Service for 30 days following the adoption of such non-significant changes. We encourage You to check the home page of the Service periodically for any changes. Your continued use of the Service following the posting of such non-significant changes to this Privacy Policy will mean that You accept those changes.

Copyright © by BBK Worldwide, LLC. All rights reserved.