PRIVACY POLICY
Last Revised: June 30, 2024
Welcome to the Privacy Policy for the M‑PACT study.
This Privacy Policy describes how Elligo Health Research, Inc. (“Elligo”, “we”, “us”, “our”) collects, uses and discloses information about users of the M‑PACT study website, including its content, applications, services, tools and features (the “Website”) and otherwise related to the services Elligo provides for the M‑PACT study (together with the Website, the “Services”). Please read this Privacy Policy carefully.
The summary of this policy will give you a quick and clear view of our practices. Please take the time to read our full policy.
A Summary of The Policy
The Applicability of This Policy – This policy applies to Personal Information we collect on the Website, including through forms on the Website, through electronic correspondence between you and us, including via the Website, and otherwise related to the Services. We can change, update or otherwise modify this policy by providing you a proper notice, as further detailed in the “Applicability of This Policy” section of this policy. Read more.
The Personal Information That We Collect – We collect Personal Information such as your name, age, contact details and certain health/medical related information. Read more.
How Do We Collect the Personal Information Related to You – We collect the Personal Information related to you, which you provide through your use of our Services. We collect Personal Information on your use of the Website by using third party analytics and marketing automation services and cookies. Read more.
How Do We Use the Personal Information? – We will use the Personal Information related to you solely for the purposes mentioned in this policy, including improving our Services, contacting you, conducting studies and trial qualifications, complying with applicable law and preventing frauds. Read more.
Sharing the Personal Information with Others – We will share the Personal Information related to you with our service providers, subject to such service providers’ undertakings to process such information in accordance with our terms and as permitted by applicable data protection laws; we will transfer information in the framework of a corporate transaction; and we will share the information to conduct studies and trial qualifications. Read more.
Your Controls and Choice – You may opt out of the following: (a) the data transfers to third parties which are not mentioned under this policy; (b) the processing of the Personal Information related to you for purposes other than those mentioned under this policy. Our Service does not respond to Do Not Track (DNT) signals. Read more.
Data Security and Integrity – We implement systems, applications and procedures that are designed to secure your Personal Information, to minimize the risks of unauthorized access, disclosure and modification. Read more.
How Long We Keep Your Personal Information – We retain data to comply with our legal obligations and to provide you with our Services, as further explained in the data retention section of the policy. Read more.
Children’s Personal Information – Most of the Services, including the Website, are intended for persons 18 years of age and older. Any individual who requires information about any of our services, must be 18 and over. We will not knowingly collect, use or disclose Personal Information from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility through direct off-line contact. Read more.
California Consumer Privacy Act – Information for California Consumers – If you are a California resident, you are entitled to specific privacy rights. Read more.
Accessing or Correcting the Personal Information Related to You – At any time you can request access to, correct or delete any Personal Information Related to you that you have provided to us. Read more.
Contact Us – For further information please contact us at: privacy@elligodirect.com or by phone at 512-580-4633 or at: Elligo Health Research, Inc., Attn: Privacy Officer, 11612 Bee Cave Road, Bldg. 1 Ste. 150, Austin, TX 78738.
If you are located in the EU, you may also contact us at: info@eubusinesspartners.com or at: EU Business Partners, Attn: Flor McCarthy, 10 Ashe Street, Clonakilty, County Cork, P85 E4303, Ireland.
If you are located in the UK, you may also contact us at: info@ukgdprrepresentative.com or at: UK GDPR Representatives Limited, Attn: Flor McCarthy, 7 Bell Yard, London, WC2A 2JR, United Kingdom. Read more.
The Applicability of This Policy
This policy does not apply to information collected:
- by us and not related to the Services, offline or through any other means, including information collected through any other electronic means or any other website specified by us or a third party; or
- by any other third party, including through any application or content (including advertising) that may link to or be available from the Website.
We may periodically change, modify, add or remove or otherwise update this privacy policy at our discretion, in which case we will notify you by email to you at the last email address you provided us, by posting notice of such changes on the website, or by other means, consistent with applicable law.
If the changes have minor, if any, consequences, they will take effect 7 days after we notify you. Substantial changes will be effective 30 days after we initially posted or sent you the notice. If we need to adapt the policy to new legal requirements, the new policy will become effective immediately or as required by law.
In accordance with applicable law, specifically in the EU and UK, Elligo Health Research, Inc. is the processor of Personal Information processed pursuant to the Policy, unless expressly stated otherwise, and can be contacted using the contact details provided in this policy.
The Personal Information That We Collect
We collect certain information about you to provide you with the Services and use such information to meet legal, statutory and contractual obligations.
We will not use information collected about you for any other purpose without your consent, other than for the purposes specified in this Privacy Policy or where there is a legal requirement to do so.
When you use the Services, we collect certain information about you (“Information”) in the following forms:
- “Personal Information” which means information that relates (either directly or indirectly) to an identified or identifiable individual, including:
- Full Name
- Age
- Zip Code
- Personal Email or Business Email
- Home or Mobile Telephone Number
- Health/Medical Information
- “Aggregate Information,” which means information that does not directly or indirectly identify, and cannot reasonably be used to identify you.
How Do We Collect the Personal Information Related to You?
We collect Information in the following ways:
- Use of the Services: we collect Personal Information that you provide to us when you:
- fill out a form to be considered for potential opportunities;
- input information into the Services;
- request products, services or information from us; or
- otherwise interact with us or the Services.
- Web Analytics and Marketing Automation: we use third parties’ analytics tools to better understand who is using the Services, how people are using the Services and how to improve the effectiveness of the Services and its content. We also use third party marketing automation tools to help us with our marketing efforts. These service providers use cookies, pixel tags or other technologies to collect and store Information, such as time of visit, pages visited, time spent on each page of the Website, device identifiers, type of operating system used and other website(s) you may have visited.They may combine information they collect from your interaction with the Services with Personal Information they collect from other sources. We do not combine the information collected through the use of analytics services with your Personal Information. You can prevent analytics and marketing automation services from recognizing you on return visits to our Website by disabling third party cookies on your web browser or through the Cookie Banner.
- Website Cookies: We, and our analytics and marketing automation service providers, collect information about you through the use of cookies. When required by law, we will only do so with your permission. This information may include the internet protocol (IP) address that your device used, the time and length of your visit, the pages you looked at on our Website, and the site you visited just before coming to ours. We only use this information to measure Website activity and to develop ideas for improving our Website.
- Via Phone Call and Text: you may be contacted by a staff member in response to your inquiry and during such engagement, you may provide further Personal Information.Please be aware that if you do not allow us to collect Personal Information from you, we may not be able to deliver certain Services to you, and some of our Services may not be able to take account of your interests and preferences. If you have questions regarding the specific Personal Information about you that we process or retain, please contact us at privacy@elligodirect.com.
Do Not Track
Do Not Track (DNT) is a privacy preference that some users can set in certain web browsers, allowing users to opt out of tracking by websites and online services. Our Services do not respond to Do Not Track (DNT) signals.
How Do We Use the Personal Information?
Elligo takes your privacy seriously and will only use your Personal Information for the purposes specified in this Privacy Policy or where there is a legal requirement to do so. We only retain your Personal Information for as long as is necessary and for the purpose(s) specified in this Privacy Policy.
The purposes and reasons for processing your Personal Information are detailed below:
- We use your Personal Information to provide you with the Services, make it better, and to continue developing the Services
- We use your Personal Information to contact you, respond to your questions or to provide you with information you requested
- We collect your Personal Information, including your health data, for study and trial qualification assessment purposes
- We collect and store your Personal Information, including your health data, as you expressed interest in participating in a study or trial
- We will use your Personal Information to enforce our terms, policies and legal agreements
- We will use your Personal Information to comply with court orders and warrants, and assist law enforcement agencies, where required by law to do so
- We will use your Personal Information as needed to prevent fraud, misappropriation, infringement, identity theft, cyber security attacks and any other misuse of your Personal Information and the Services
- We will use your Personal Information to take any action in any legal dispute and proceeding.
We only retain your Personal Information for as long as necessary for the purpose(s) specified in this Privacy Policy.
If we provide you with information or marketing, you are free to unsubscribe from our mailing lists or newsletters, or if you have consented, withdraw your consent, at any time by sending an opt-out request to: privacy@elligodirect.com.
If you are located in the EU or the UK, our processing of your Personal Information is based on following lawful grounds:
- All processing of your Personal Information which are not based on the lawful grounds indicated below, are based on your consent.
- We will process your personal data to comply with a legal obligation and to protect your and others’ vital interests.
- We will further rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:
- Communications with you, including direct marketing where you are a user of our Services, or where you make contact with us through the Website or through other digital assets.
- Cyber security.
- Support, customer relations and Services and Website operations.
- Enhancements and improvements of user experience with the Services and Website.
- Fraud detection and misuse of the Services and Website.
Data Security and Integrity
The security, integrity and confidentiality of your Personal Information are important to us.
We have implemented technical, administrative, and physical security measures that are designed to protect your Personal Information from unauthorized access, disclosure, use and, modification, including: SSL, TLS, encryption, pseudonymization, restricted access, two factor authentication, firewalls and anti-virus/malware.
From time to time, we review our security procedures to consider appropriate new technology and methods. Please be aware though that, despite our best efforts, no security measures are perfect or impenetrable and we cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
How Long We Keep Your Personal Information
Elligo retains Personal Information as needed to comply with our legal obligations and we have retention policies in place to meet these obligations.
In any case, as long as we use your Personal Information to provide our Services or otherwise for a lawful purpose, we will keep the information about you, unless the law requires us to delete it, or if we decide to remove it at our discretion, according to the terms of this Privacy Policy.
If we retain your Personal Information for any legitimate business purpose other than to provide the Services, we will do so in accordance with applicable law.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information, when we no longer need to process the information.
Children’s Personal Information
Most of our Services, including this Website, are intended for persons 18 years of age and older. Any individual who requires information about any of our Services must be 18 and over.
We will not knowingly collect, use or disclose Personal Information from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility through direct off-line contact.
We will provide the parent or guardian with notice of the specific types of Personal Information being collected from the minor and the opportunity to object to any further collection, use, and storage of such information.
We abide by the laws designed to protect children. If we become aware that we have unknowingly collected Personal Information from persons under the age of 13, we will make commercially reasonable efforts to delete such information from our database.
If you are the parent or guardian of a minor child who has provided us with Personal Information, you may contact us at privacy@elligodirect.com to request it be deleted.
Your Data Protection Rights
You may have the right to access any Personal Information that Elligo processes about you and to request information about:
- What Personal Information we hold about you
- The purposes of the processing
- The categories of Personal Information concerned
- The recipients to whom the Personal Information has/will be disclosed
- How long we intend to store your Personal Information
- If we did not collect the Personal Information directly from you, information about the source
If you believe that we hold any incomplete or inaccurate Personal Information about you, you may have the right to ask us to correct and/or complete the Personal Information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also may have the right to request erasure of your Personal Information or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to certain processing by us, including any direct marketing from us.
Where applicable, you have the right to data portability of your Personal Information and the right to be informed about any automated decision-making we may use.
You may seek to exercise any of these rights by contacting us at privacy@elligodirect.com or following instructions provided in communications sent to you. We may need to ask you to provide us certain credentials to make sure that you are who you claim to be.
You may also have a right to lodge a complaint with a data protection supervisory authority of your habitual residence or place of work of an alleged infringement of applicable data protection legislation.
California Consumer Privacy Act – Information for California Consumers
This section provides specific information for residents of California (“consumers”), as required under California privacy laws, and is intended to satisfy the California Consumer Privacy Act (“CCPA”), which requires that we provide certain information to consumers about how we handle certain personal information that we have collected.
Personal Information That We Collect
We have collected the following categories of personal information from consumers within the last twelve (12) months:
- Identifiers and Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). These include, names, zip code, telephone number, email address, Internet Protocol address and business email address.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with the Website.
- Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences and characteristics.
Categories of Sources for Personal Information
We obtain the categories of personal information listed above from the following categories of sources:
- Directly and indirectly from you when you visit the Website and engage with us regarding our Services.
- Third parties as further detailed above.
Purposes for which Personal Information is Used
The categories of Personal Information described above are collected and disclosed for the purposes detailed under the section titled “How We Use Your Information” above.
Our Use and Disclosure Practices
We disclose Personal Information to third parties for business purposes as described above under the section titled “Sharing Data with Third Parties” in this Privacy Policy.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for business purposes:
- Identifiers;
- Internet or other similar network activity;
- Inferences.
In the preceding twelve (12) months, Elligo Health Research did not sell your Personal Information.
California Consumer Rights
Subject to certain exceptions, you have the right to make the following requests, at no charge, up to twice every 12 months:
- Deletion: the right to request deletion of your Personal Information that we have collected about you, subject to certain exemptions, and to have such Personal Information deleted.
- Right to Know: the right to request that we disclose certain information about how we have handled your Personal Information in the previous 12 months, including the:
- categories of Personal Information collected
- categories of sources of Personal Information collected
- business and/or commercial purposes for collecting and selling your Personal Information
- categories of third parties with whom we have disclosed or shared your Personal Information
- categories of Personal Information that we have disclosed or shared with a third party for a business purpose
- categories of third parties to whom the consumer’s Personal Information has been shared
- The specific pieces of Personal Information we collect from you
Submitting Requests
You can submit a deletion or right-to-know request by calling out toll-free number at 857-496-0054 or by emailing us at privacy@elligodirect.com; we will respond to verifiable requests received from California consumers as required by law. We will also ask you for additional information necessary to verify or process your request. We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. We will respond substantively to your verifiable requests within 45 days, unless additional time (up to 45 additional days) is needed, in which case we will let you know. If we determine that your request warrants a fee, we will inform you of the reasons for such decision and provide you with a cost estimate before completing your request.
Accessing or Correcting Your Information
You may send us an email at privacy@elligodirect.com to request access to, correct or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If we need to delete your personal data following your request, it will take some time until we completely delete residual copies of your personal data from our active servers and from our backup systems.
Contact Us
For any questions regarding the way we process your Personal Information or this Privacy Policy, you can contact us by sending an email to privacy@elligodirect.com or by phone at 512-580-4633 or at: Elligo Health Research, Attn: Privacy Officer/DPO, 11612 Bee Cave Road, Bldg. 1 Ste. 150, Austin, TX 78738.
EU Residents:
If you are located in the EU, you may also contact us at: info@eubusinesspartners.com or at: EU Business Partners, Attn: Flor McCarthy, 10 Ashe Street, Clonakilty, County Cork, P85 E4303, Ireland.
UK Residents:
If you are located in the UK, you may also contact us at: info@ukgdprrepresentative.com or at: UK GDPR Representatives Limited, Attn: Flor McCarthy, 7 Bell Yard, London, WC2A 2JR, United Kingdom.