Updated 27th November 2024
Our management of data is founded upon the collection and analysis of confidential information about people. Individuals will only share their sensitive information where there is a culture of trust and where stakeholders implement safe data handling practices. We recognize that when we handle information about any individual, we do so responsibly, with due care to individual privacy, complying with laws/rules/regulations on data and confidentiality.
We are committed to safeguarding your privacy. We have put into place policies, procedures and training programs to compliance with applicable laws. Our policies, procedures and training programs are reviewed on a regular basis, and managed by professionals with senior management oversight.
This Privacy Notice/Policy (“Notice”) describes the main types of Personal Information we process within our organization, how that information is used and disclosed, and our commitments to the individuals whose information we handle as well as their rights.
This Notice explains in general how we seek to comply with data privacy laws/regulations, including but not limited to, the General Data Protection Regulation (“GDPR”), the Health Insurance Portability and Accountability Act (“HIPPA”), state security breach laws in the United States, data protection legislation adopted by an increasing number of other jurisdictions globally, and the privacy and confidentiality requirements of ICH Good Clinical Practice (“GCP”).
While visiting our site, we may need additional information about you to provide the information or services you are requesting. This Notice explains data collection and use in those situations. Please read this Notice completely
“Data Processor” means any person or entity (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.
“Data Controller” means the person or company that alone or jointly with others determines the purposes for which and the means by which Personal Information is processed.
“Data Subject” means the person whose personal information is being held or processed by us for various purposes including managing clinical trials or contacting individuals about future clinical trial opportunities.
“Personal Data” means the information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier – e.g. name, unique identifier, contact details and/or email address. This does not include information about organizations, companies and agencies but includes information relating to identified or identifiable individuals such as individual volunteers or employees within an organization, company, or agency.
“Sponsor” means a third party entity financing or organizing the clinical trial.
“Sensitive Data” means a subset of personal information regarding:
We collect the following types of personally identifiable information (“Personal Information”) through our websites including but not limited to: name, title, contact details, including email address and telephone numbers provided by you.
As part of the services/products we offer our clients/customers, we design, manage, and analyze information obtained from various sources. For these purposes, we collect and use certain information about individuals (i) on behalf of Sponsors (where we act as a “Data Processor”) for the purpose of the analyzing the information from clinical trials and/or (ii) on behalf of ourselves (where we are acting as a “Data Processor”) for the purpose of contacting individuals for various projects including future clinical trial opportunities.
We may also collect, host, and analyze health data relating to Data Subjects on behalf of our Sponsors.
All clinical and medical information processed by us is done so under contract with our Sponsors. In terms established by GDPR, we consider that the Sponsor is ultimately in control of how and why clinical and medical data are processed within our services and as such is the “Data Controller,” while we and our affiliates are “Data Processors.”
We analyze the professional profiles of doctors and other health care providers for the purpose of identifying potential investigators to assist in clinical and medical research on specific indications. We use available contact information, including email addresses, for the purpose of inviting potential investigators to apply to participate in research. We will source health professional information from our own databases and also indirectly from public sources, data brokers, and referrals. For operational purposes, we will also collect information relating to the involvement and performance of investigators and supporting study staff. We will also process financial information of investigators to support payment for services.
In the course of conducting our business, we will interact with employees, consultants, contractors and other third parties employed or engaged by our Sponsors involved in clinical and medical research. We will record and use the names, contact details and other professional information on these individuals for legitimate business related purposes, including project and financial administration. We may use the information we obtain, including email addresses, to provide relevant information on our services to our Sponsors.
We collect Personal Data from applicants seeking employment with us, including private contact details, professional qualifications, and previous employment history to inform employment decisions. We conduct various background checks on applicants, including where law allows on criminal history and professional disbarment. Once employed, we collect information on staff for human resource, performance, payroll, and tax purposes. We will collect and record employee level information in various company systems, consistent with standard business operations. We processes similar information related.
Data protection legislation imposes additional safeguards for Sensitive Data, for example, tighter obligations around when such information can be collected and the need for explicit consent when collecting and using Sensitive Data. While we aim at minimizing the amount of Sensitive Data that we process, we may process such information in certain circumstances such as when we are obliged by the Data Controller or by law to do so.
We ask that you not send us or disclose any Sensitive Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through our website or via other unsecure means.
We collect named information about visitors to company websites where this is voluntarily provided to meet a request from those individuals, for example where Sponsor contact requests information on a company service, a health professional is interested in participating in a clinical trial, or where someone wants to apply for a vacant position with the company. In certain cases, these virtual identities are linked to the real world identities of visitors when they provide their named information as described above.
Certain information is collected by most browsers or automatically through your device, such as your media access control (MAC) address, computer operating system (Windows or MacOS), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version, the name and version of the websites you are using, and your “IP Address”.
Your “IP Address” is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP Address may be identified and logged automatically in our server log files whenever you access the sites, along with the time of the visit and the page(s) that you visited. Collecting IP Addresses is standard practice and is done automatically by many websites, applications, and other services. We use IP Addresses to calculate usage levels of its websites, help diagnose problems with its servers, administer the websites, and monitoring the regions from which you navigate to our website.
Through the use of cookie-based technologies, we may collect information and data linked to virtual identities allocated to visitors when they access our websites. This information and data is used for various purposes including site analytics (see Online Issues below).
We may also use web analytics services, which includes Google Analytics. Google Analytics is a web analytics service provided by Google Inc. (“Google“). Google Analytics uses cookies and similar technologies to analyze how users use the domains. The information generated about domain usage (including your shortened IP Address) is transmitted to Google in the U.S. This information is used to evaluate visitors’ use of the domain, compile statistical reports on domain activity, and provide other services related to the websites and internet use. Google may also collect information about domain visitors’ use of other websites. For more information about Google Analytics, or to opt out of Google Analytics, please go to: https://analytics.google.com .
We may collect Personal Data through mobile/personal electronic device apps, email, telephone, SMS messages, surveys, chats, letters, and correspondence that refer to this Notice.
We may collect Personal Data from you offline, such as when you attend one of our events, during phone calls with our representatives or experts, or when you contact us.
Personal Data about our users is an integral part of our business. Personal Data will be shared within our organization, companies working as our agents, and third parties only on a “need to know” basis to meet stated legitimate business purposes. We do not trade or sell Personal Data.
We contract with other companies and people to perform tasks on our behalf and may share your Personal Data with them to provide products or services to you, or to otherwise communicate with you. Examples may include removing repetitive information from customer lists, analyzing data, conducting billing, processing credit card payments, engaging technical support for our services, providing customer service, and performing analyses related to our products or services. We may also provide your Personal Data to agents and service providers to verify or compile aggregate usage data that we provide to our business partners. When we share this information in this way, we contractually require the agent or service provider to maintain the privacy, confidentiality and security of the Personal Data.
Under some circumstances, we may be required to disclose your Personal Data (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates, and (f) as part of investigations or for litigation purposes.
Companies working as our vendors are required to sign data protection and/or confidentiality agreements whereby they will commit to only process Personal Data consistent with contracted purposes and apply appropriate organizational and technical security safeguards.
Access to databases and folders containing Personal Data is restricted to appropriate employees, agents, consultants, and service providers with whom we contractually require to maintain the privacy, confidentiality and security of the Personal Data.
Your Personal Data may be stored and processed in any country in which we engage service providers. By disclosing information to us, you consent to the transfer of information to countries outside of your country of residence. These countries may have different data protection rules than those of your country of residence or citizenship or the country in which you were located when you initially provided the information. We have put in place measures to ensure that adequate protection is provided to such data where legally mandated.
At the point of data collection, we will provide notice to individuals in a clear and conspicuous language about how their information will be used, disclosed and transferred; what choices they have in relation to how their data are handled; what informational rights they have under data privacy law or under this Notice; and who to contact with any questions or complaints. These privacy notices are tailored to specific situations of data collection. In providing such notice, we are transparent and fair with individuals as is required by many data privacy laws. Dependent on the medium, notice may be given in person, by email, post, telephone, or by posting on our website. The notice contemplated herein includes this Privacy Notice.
In many situations, including where mandated by data privacy law, and also where it is a matter of good practice, we will seek consent of individuals to collect, use and disclose their data consistent with the relevant privacy notice. We will use and disclose Personal Data without consent where required by law and judicial order. Consistent with GCP, laws on confidentiality and data privacy regulations, we will collect necessary informed consents of Data Subjects on behalf of its clients.
Data quality and accuracy are fundamentally important principles to us. Crucial to the integrity of medical/clinical research is the accuracy of data relating to Data Subjects. In general, our privacy notices provide individuals easy means of validating, correcting errors and updating information. We retain Personal Data in accordance with contractual, legal and regulatory requirements.
In jurisdictions with data privacy laws, and where contractual commitments require, we ensure that you can exercise all relevant informational rights with respect to your Personal Data processed by the company, including but not limited to the right of access and correction, to withdraw consent at any time, object to data processing, request data deletion, restrict aspects of data processing, and request transmission of personal data in a common digital format (e.g., pdf) to another organization.
In all other respects, where no overriding interest prevails, we will endeavor to allow the following informational rights under this Notice as a matter of good practice:
We have implemented measures in an effort to protect Personal Data within our organization, including security controls that are intended to prevent unauthorized access to our systems, including standard operating procedures, firewalls and restricted access. While we take these reasonable steps to secure your Personal Data from loss, misuse, interference and unauthorized access, modification and disclosure, you should be aware no security procedures or protocols are ever guaranteed to be fully secure from intrusion or hacking, and there is therefore always some risk to sharing Personal Data online. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us at spryvoc@spryinsights.com
We also maintain a comprehensive information security policy that seeks to apply technical and organizational security measures that protect Personal Data, particularly Sensitive Data, against unauthorized access or loss. Consistent with regulatory requirements, particularly under U.S. state law and GDPR, we also maintain a policy, which establishes a procedural response to dealing with any breach of Personal Data, including making any necessary notifications to, as applicable, individuals, Data Controllers, or governmental authorities.
A cookie is a data file that is placed by a website operator on the hard drive of a visitor to their site. Cookies with the following functions may be enabled to the computers of visitors to our websites: to allow the site to deliver the service requested by the visitor; to remember repeat visitors; to improve the user experience of the site; to allow the company to perform site analytics. Your online relationship with us may be managed by using settings available on most internet browsers. For example, most browsers will allow a visitor to choose which cookies can be placed on his/her computer, to delete or disable cookies, and to set “Do Not Track” as a function. Please note that disabling cookies may prevent a visitor from using certain features on our website.
We do not knowingly or specifically collect information about minors under the age of 18, and believe that children of any age should get their parents’ or legal guardians’ consent before providing any Personal Data. No part of our online presence is directed to anyone less than 18 years. If you believe that we have mistakenly or unintentionally collected such information, please notify us at spryvoc@spryinsights.com so that we may delete the information from our servers.
Our websites may permit you to link to other websites on the internet through direct links or through applications such as “share” or “Like” buttons, and other websites likewise may contain links to our website. The information practices or content of such other websites is governed by the privacy statements of those websites and not by this Notice. We encourage you to review the privacy policies found on such other websites, services, and applications to understand how your information may be collected and used. Similarly, please note that we are not responsible for the collection, use and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, LinkedIn, social media platform providers, operating system providers, wireless service providers, or device manufacturers, including any Personal Data you disclose to other organizations through or in connection with your use of the Apps or the Social Media Pages.
Communications, queries or requests to exercise informational rights (e.g., access, correct, amend, remove, or limit the use or disclosure of your Personal Data) or complaints can be emailed tospryvoc@spryinsights.com . For purposes of compliance with GDPR, the General Counsel of Spry Insights is the nominated Data Protection Officer and may be contacted at spryvoc@spryinsights.com .
For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will respond to your request within 30 days.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such access, change or deletion.
Within the EU, individuals have the right in law to complain about how their information is handled to a supervisory authority that is responsible for regulating compliance with GDPR. A list of all EU supervisory authorities is available on the European Commission website: http://ec.europa.eu/justice/dataprotection/article-29/structure/data-protection-authorities/index_en.html .
This Notice is not a contract, and it does not create any legal rights or obligations. We reserve the right to modify or amend this Notice. For instance, the Notice may need to change as new legislation is introduced or as it is amended.
We will regularly assess and evaluate its methods and performance in relation to handling Personal Data. This Notice will be updated as necessary to reflect best practice in data management, security and control. This Notice was last updated on the Effective Date.
Your privacy is important to us. If you have any questions, concerns, or complaints regarding the way we collect and handle your information, please contact us by email at spryvoc@spryinsights.com or by mail at 43509-001, BUILDING A1, IFZA BUSINESS PARK, DDP, DUBAI, UAE, ATTN: Data Protection Officer/General Counsel. Because email communications are not always secure, please do not include Sensitive Data in your emails to us.
We take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may require.