Effective 17 December 2018
This policy explains Our privacy practices for those websites managed and implemented by BBK Worldwide, LLC (collectively the "Websites"); BBK’s mobile applications (the "Apps"), and Our other software and services provided by BBK and its Corporate Affiliates. We'll refer to the Websites, the Apps, software and Our other services as the “Service” or "Services."
These Services are being implemented and managed by BBK Worldwide, LLC with principal offices at 117 Kendrick Street, Suite 600, Needham, Massachusetts 02494 USA, or one of its Corporate Affiliates including TCN® Technologies, LLC; 320Agency, LLC; RSG Suite Corp; or BBK Worldwide Japan G.K. (collectively “BBK”).
Some of Our Products and Services are offered only to individuals who are participating in or interested in participating in clinical trials. If You are eligible and choose to enroll in a study, one or more of these Services may become available to you which will require You to share Your Personal Information. Personal Information collected for the use in a clinical trial requires the application of additional privacy rights and limits. You will find information concerning Your privacy rights when participating in a clinical study under the section “Personal Information in Clinical Studies”.
To the extent that the Services are available to individuals located in the European Economic Area and the United Kingdom We are bound by and act in compliance with the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).
“We, Us, Our” means BBK Worldwide, LLC and Our Corporate Affiliates.
INFORMATION WE COLLECT AND HOW WE COLLECT IT
In the course of providing Our Services, We collect or receive Your Personal Information in a few different ways. Often, You choose what information to provide, but sometimes We require certain information in order for You to use, and for Us to provide You, the Services.
We will collect Personal Information from You if You voluntarily submit the information to Us through any mechanism (including online and offline channels), such as when You register for an account, provide responses to questionnaires, or submit inquiries to Us. We also will have access to any Personal and other information that You choose to share through Our Services.
Service Usage: Depending on which Services You choose to use, information may be required to use the Service. The information may include Internet Protocol (IP) addresses, browser types, information relating to Your device, domain names, and other statistical data involving the use of the Service, Your consents, preferences and self-identifying feedback may be necessary in order for Us to provide a particular Service. Such information may be combined, directly or indirectly, with any health information about You, including but not limited to, health information that BBK may receive from sources other than You.
Registration and Account Setup: For those Services that require registration, You may need to provide information including Your name, country of residence, research interests, and an e-mail address. Additional information, such as a telephone number, and/or a physical postal address, demographic information (for example, age, profession, gender, current location and other geolocation information, zip code, birth date, or year of birth) may also be required to provide a particular Service. You may need to provide this information to enable Us to provide You with the Services.
Information from Third Parties: We may receive Personal and other information about You from third parties in performance of Services for those third parties.
Automated Information: We may automatically collect device-specific information when You install, access, or use Our Services. This information may include information such as the hardware model, operating system information, app version, app usage and debugging information, browser information, IP address, and device identifiers. For more information about these online tools and how We use them, see Our Cookies & Similar Technologies Policy and “Use of Your Personal Information” section below.
Choice: You may choose not to provide Us with any Personal Information. In such an event, You may still access and use some of the Services. You will not be able to access and use those portions of the Services that require Your Personal Information.
PERSONAL INFORMATION IN CLINICAL STUDIES
Protection and Choices About the Use of Personal Information in Clinical Studies: Whenever a person interested in participating in a clinical study uses one of Our Services, such as contacting a call center or website that has been set up for the study, any Personal Information is provided voluntarily. The exact language of the questions asked and the consent sought is generally reviewed and approved by an independent board or committee overseeing the research at each study site. Each of these boards or committees (known as Institutional Review Boards [IRBs], Research Ethics Committees [RECs], and Institutional Ethics Committees [IECs]) is an independent body charged by government regulations with overseeing the study, including all recruitment efforts, in order to protect the welfare of the patients participating in the study. A person can choose at any time not to provide the information requested by a call center or website, but (as You will be notified at that time) this may exclude You from continuing to use the call center or website service.
Important information about the clinical study (contained in what is known as an informed consent form) is reviewed with each patient during the enrollment process by a study professional at the study site. Each patient must read and sign this written information before enrolling. The written information describes possible health risks and possible benefits of participating in the study, as well as what Personal Information will be collected in the study and who is able to use or disclose any Personal Information. Anyone can decline to participate in a study at any time. When a patient withdraws from a study after enrolling, no more Personal Information is collected. Any Personal Information collected prior to withdrawal, however, may not be deleted if it has been relied upon for purposes of completing the clinical study’s research (except to the extent that such deletion is permitted by law).
Use of Personal Information in Clinical Studies: We may use the Personal Information volunteered by a person interested in participating in a clinical study to screen for likely study eligibility, to locate a convenient study site, to refer that person to a site for enrollment, and/or to conduct follow-up communications to ensure that the person has been contacted by the study site and received the information he or she requested, to monitor the quality of the contact with potential clinical study participants and to survey participants concerning their study participation experience. When We refer a person to a site for enrollment, We transmit to the site the Personal Information volunteered by the person to facilitate the person's enrollment or administer study-related services. When We analyze clinical study enrollment information in reports We prepare for a study sponsor, We use reasonable efforts to remove all Personal Information from such reports. If asked to do so, however, We may share Personal Information with government health officials and regulatory entities overseeing the clinical study and/or with the study sponsor or the sponsor's agents. We may also use information about groups rather than individuals to track and analyze study enrollment for various studies, or to show demographic trends, geographic groupings, or other aggregate statistics. These aggregate statistics may be disclosed to parties outside the study.
When We are called in by a clinical study sponsor to help recruit patients for a clinical study, We may receive Personal Information given voluntarily by people who might be interested in participating in the study, such as information related to medical or health conditions, and We may also receive Personal Information from the clinical study sites about people who may enroll in the study.
Study-Related Third Parties: We might share Our users’ responses to questionnaires, preferences, and e-mail addresses in order for third parties to assess a user’s qualification to participate in a clinical study.
Accessing, Opting Out, or Changing Personal Information: You may exercise your rights to access, opt out, or change Your Personal Information as stated in the Section “PROTECTIONS AND CHOICES ABOUT THE USE OF PERSONAL INFORMATION”. However, in certain circumstances, We may be prevented by law from deleting an individual’s Personal Information if such information has been relied upon for purposes of completing clinical study research.
Data Security: For many of Our Services We use Our proprietary web-based communication and database tool called TrialCentralNet®, which serves as the repository for survey responses, including any Personal Information We receive. Any Personal Information transmitted to or from TrialCentralNet® is encrypted using a 256-bit web server certificate designed to prevent unauthorized entry or interception. TrialCentralNet® uses distinct user access levels so that access to information is limited and appropriate for the needs of different users. In addition, TrialCentralNet® access requires a unique username and password for every user to prevent unauthorized access. Sessions are also time-limited in order to reduce the risk of unauthorized access if a user forgets to log out. The TrialCentralNet® database and codebase are staged on servers in a secure, limited-access building, allowing Us to completely control the operating environment and physical security of information. This also helps Us implement immediate recovery procedures, if necessary.
In connection with any clinical studies that We support, We build a separate website and database of the TrialCentralNet® application. This process ensures that any Personal Information received for a particular study is confined to its own single instance of the application.
HIPAA Compliance: The Health Insurance Portability and Accountability Act (HIPAA) is the United States federal law that controls the use and disclosure of individually identifiable health information by health insurers and healthcare providers, called “covered entities” under the statute. We are not a covered entity under the statute, and HIPAA does not apply to the individually identifiable information that a person interested in participating in a clinical study has voluntarily provided to a call center or website We set up for a clinical study.
USE OF YOUR PERSONAL INFORMATION
Except as otherwise stated in this Policy or as authorized by You, We do not use Personal Information for any purpose other than the purpose for which the information was originally supplied, or the purposes described in this Policy, unless We have obtained Your consent to do so.
Pursuant to the GDPR, We rely on the following legal bases for processing Your Personal Information:
- where You have given consent to the processing;
- where it is necessary to perform the contract We have entered into or are about to enter into with You (whether in relation to the provision of the Services or otherwise);
- where it is necessary for compliance with a legal obligation to which We are subject; and/or
- where it is necessary for the purposes of Our legitimate interests (or those of a third party) and Your interests or fundamental rights and freedoms do not override those legitimate interests.
Where Your Personal Information comprises special categories of personal data under the GDPR (in particular, health information), We process Your personal data only when You have given Your explicit consent for Us to do so.
Where We process Your information for the purposes of Our legitimate interests, We do so as follows:
Providing and Improving Our Services: In general, We use Your Personal Information and other information to deliver the Services or carry out the transactions You have requested, to help Us understand who uses Our Services, for internal operations such as to improve the Service, to facilitate the delivery of marketing outreach (including but not limited to, location-based advertising) by Us and third parties, to communicate with You generally, to survey You on Your satisfaction with Our Services, and to send certain mandatory Services-related communications. We also may contact individuals interested in clinical study participation about future opportunities. Except as provided herein or as authorized by You, We do not share, rent, or sell any Personal Information provided to Us.
DISCLOSURE OF YOUR PERSONAL INFORMATION
Third Parties: We may provide to third parties non-personally identifiable information, including where such information is combined with similar information of other users of the Services. For example, We might inform third parties regarding the number of unique users who use the Services, or the demographic breakdown of Our users of the Services.
We may also provide Personal Information to third parties. The third parties to which We may provide personally identifiable and non-personally identifiable information may include s actual or potential commercial partners, sponsors, licensees, researchers, and other similar parties.
Legal Compliance: Except as otherwise provided in this Policy, or as authorized by You, We will keep Your Personal Information private and will not share it with third parties outside Our controlled subsidiaries, affiliates, and suppliers, unless such disclosure is necessary and permitted by applicable law to: (a) comply with applicable law, legal process (such as a court order, subpoena, or search warrant) or other legal requirements of any governmental authority; (b) protect Our rights or property; (c) enforce any terms and conditions of use or agreements applicable to the Services and that incorporate this Policy by reference; (d) protect the interest of users of Our Services (other than You), or any other person or the general public; (e) detect fraud; or (f) operate or conduct maintenance and repair of Our Services or equipment.
PROTECTIONS AND CHOICES ABOUT THE USE OF PERSONAL INFORMATION
Accessing, Opting Out, or Changing Personal Information: Upon request BBK will provide You with information about whether We hold any of Your Personal Information. In certain circumstances, and to the extent that the GDPR applies, You have the following rights with respect to that information:
- To access and review the information that You have supplied to Us
- To request that We correct any errors, outdated information, or omissions in information that You have supplied to Us
- To request that Your information not be used to contact You
- To request that Your information be deleted from Our records, where there is no good reason for Us continuing to process it
- To object to Us processing Your Personal Information, where We are relying on a legitimate interest (or that of a third party)
- To request the restriction of processing of Your Personal Information
- To request the transfer of Your Personal Information to another party
- To the extent that We process Personal Information relating to individuals in the European Economic Area and the United Kingdom, to lodge a complaint with the relevant supervisory authority as defined in the GDPR within Your country.
Notwithstanding the foregoing, if You request that We no longer use Your information to contact You, We will need to retain enough of Your Personal Information sufficient to comply with that request. Please be aware that Your Personal Information may have been disclosed to third parties prior to Our receipt of Your notification. We will notify relevant third parties of any change or deletion of Personal Information or restrictions on processing, unless this proves impossible or involves disproportionate effort.
To exercise any of these rights, please contact Us at firstname.lastname@example.org or by mail to BBK Worldwide, LLC, 117 Kendrick St., Suite 600, Needham, MA 02494. Attention: Data Protection Officer. We will respond to Your request within a reasonable timeframe and notify You of the action We have taken, or the reason why no action can be taken.
Data Security: The security of Your data is important to Us. Whenever We store or transmit Personal Information, We use a number of security procedures to prevent unauthorized access or disclosure. Our Services have security measures in place intended to protect the loss, misuse, and alteration of the information under Our control. We take reasonable steps to safeguard Personal Information We collect from unauthorized access or disclosure or accidental loss, misuse, alteration, or destruction. Notwithstanding the above commitments, be aware that there is always some risk involved in transmitting information over the Internet. There is also some risk that others could find a way to thwart Our security systems. As a result, while We strive to protect Your Personal Information, We cannot ensure or warrant the security or privacy of any information You transmit to Us, and You do so at Your own risk.
For many of Our Services We use Our proprietary web-based communication and database tool called TrialCentralNet®, which serves as the repository for survey responses, including any Personal Information We receive. Any Personal Information transmitted to or from TrialCentralNet® is encrypted using a 256-bit web server certificate designed to prevent unauthorized entry or interception. TrialCentralNet® uses distinct user access levels so that access to information is limited and appropriate for the needs of different users. In addition, TrialCentralNet® access requires a unique username and password for every user to prevent unauthorized access. Sessions are also time-limited in order to reduce the risk of unauthorized access if a user forgets to log out. The TrialCentralNet® database and codebase are staged on servers in a secure, limited-access building, allowing Us to completely control the operating environment and physical security of information. This also helps Us implement immediate recovery procedures, if necessary.
Compliance with International and United States Requirements: BBK complies with the GDPR and applies those principles to Personal Information collected through the Services regardless of the citizenship of data subjects. When BBK serves as a processor or sub-processor of data on behalf of an organization based in the EU, BBK does so under the written instructions of that organization, and the transfer of Personal Information is subject to the Standard Contractual Clauses approved by the European Commission.
Within the United States, BBK complies with state and federal data privacy regulations, including the California Online Privacy Protection Act (CalOPPA).
EU–U.S. Privacy Shield and Swiss–U.S. Privacy Shield: BBK participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework. BBK is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/.
BBK is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. BBK complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, BBK is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, BBK may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
You may direct any inquiries or complaints related to Our Privacy Shield compliance to email@example.com. If You have an unresolved privacy or data use concern that We have not addressed satisfactorily, You may contact Our U.S.-based third party dispute resolution provider (free of charge) at http://go.adr.org/privacyshield.html.
Under certain conditions, more fully described on the Privacy Shield website, You may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
CONSENT: By using BBK Services, You signify Your understanding of and assent to Our Policy. If You do not accept this Policy, You are not permitted to use Our Services.
ENFORCEMENT, OTHER INQUIRIES, COMMENTS, OR COMPLAINTS: BBK uses the self-assessment method to verify the attestations and assertions made herein and to ensure that its privacy practices have been implemented as presented herein. If You have a question, concern, or complaint about Our handling of Your Personal Information, or if You believe Our response to an inquiry has not been satisfactory, please contact Our Data Protection Officer at firstname.lastname@example.org. Our Data Protection Officer will investigate and try to resolve in a timely manner any concern or complaint about Our use or disclosure of Your Personal Information in accordance with the principles contained in this Policy, including correcting any Personal Information, reversing or correcting the effects of noncompliance, and assuring that future processing of Personal Information will be in conformity with this Policy.
Cookies & Similar Technologies Policy
Cookies and Action Tags
We may collect non-personally identifiable information passively using “cookies” and “action tags.”
“Cookies” are small text files that are placed on Your computer or mobile device in order to identify Your web browser and the activities of Your computer or mobile device when using the Service. Cookies are used to personalize Your experience (such as dynamically generating content on webpages specifically designed for You), to assist You in using the Service (such as saving time by not having to reenter Your name each time You use the Service), and to allow Us to statistically monitor how You are using the Service to help Us improve Our offerings.
You do not have to accept cookies to use the Service. Although most browsers are initially set to accept cookies, You may reset Your browser to notify You when You receive a cookie or to reject cookies generally. Most browsers offer instructions on how to do so in the “Help” section of the toolbar. However, if You reject cookies, certain features or resources of the Service may not work properly and You may experience some loss of convenience.
“Action tags,” also known as web beacons or gif tags, are a web technology used to help track Service usage information, such as how many times a specific page has been viewed. Action tags are invisible to You, and accessing any online service, including advertisements, from the Service may result in the creation of action tags.
By using cookies and action tags together, We are able to gain valuable information to improve Our Service and other services and measure the effectiveness of Our advertising and marketing campaigns.
We also may collect non-personally identifiable information through Our Internet log files, which record data such as user IP addresses, browser types, domain names, and other anonymous statistical data involving the use of the Service. This information may be used to analyze trends, to administer the Service, to monitor the use of the Service, and to gather general demographic information. We may link this information to Personal Information for these and other purposes such as personalizing Your experience on the Service and evaluating the Service in general.
Location Information: With respect to location information, please note that We may use satellite, Wi-Fi or other network-based location data, such as Your IP address. Use of assisted positioning methods may involve exchanging Your location data wireless network identifiers along with Your unique device or network service provider identifiers with a location server. Your device may connect to other service providers’ servers, which are not controlled and operated by BBK.
Analytics Information: We use data analytics to ensure site functionality and improve the Services. For example, We use mobile analytics software to allow Us to understand the functionality of Our Apps on Your phone. This software may record information such as how often You use the Apps, what happens within the Apps, aggregated usage, performance data, App errors and debugging information, and where the Apps were downloaded from. We do not link the information We store within the analytics software to any Personal Information that You submit within the mobile application.
Do Not Track: The term “Do Not Track” refers to an HTTP header offered by certain web browsers to request that websites refrain from tracking the user. We take no action in response to Do Not Track requests.
Copyright © by BBK Worldwide, LLC. All rights reserved.