Privacy Policy – 29 Nov 2023

Updated November 29, 2023

Purpose

“Signant Health” is the trademark name for a group of companies, including, but not limited to Bracket Global LLC, CRF Inc., Motentia, LLC, CRF Health Management Limited, VirTrial, LLC and any affiliates, successors, and subsidiaries, each as applicable.

Signant Health is committed to transparency when it comes to its collection and use of Personal Data. This notice sets out Signant Health’s commitment to privacy, data protection, and individual rights and obligations in relation to Personal Data.

This notice applies to all Personal Data of clients, clinical trial participants, health care professionals, vendors, job applicants, employees, contractors, former employees, and visitors to Signant Health’s website (such as cookies and internet tags) which is provided to, or collected and processed by Signant Health.

If you are a resident of certain states in the United States, this Policy also incorporates our Supplemental Privacy Notice for US Residents, which includes additional information required to be provided under certain state laws.

Signant Health respects individual privacy and values the confidence of its customers, employees, clinical trial participants, consumers, business partners and others. Signant Health strives to collect, use and disclose Personal Data in a manner consistent with the laws of the countries in which it does business.

This notice may occasionally be updated. When material updates are made, the date of the last revision will be reflected at the end of the page.

Data Protection Principles

Signant Health processes Personal Data in accordance with the following data protection principles:

· Processes Personal Data fairly, lawfully, and in a transparent manner.

· Collects Personal Data only for specified, explicit and legitimate purposes.

· Processes Personal Data only where it is adequate, relevant and limited to what is necessary for the purposes of Processing.

· Keeps accurate Personal Data and takes all reasonable steps to ensure that inaccurate Personal Data is rectified or deleted without delay.

· Keeps Personal Data only for the period necessary for Processing.

· Adopts appropriate measures to make sure that Personal Data is secure, and protected against unauthorized or unlawful Processing, and accidental loss, destruction or damage.

Signant Health takes responsibility for how it acquires, processes, and disposes of Personal Data, and for ensuring compliance with the above principles.

Information collected

Below is a high-level summary of the types of Personal Data we may collect from you. Following that high-level summary is additional detail and information on how we collect, process and use your Personal Data.

Signant Health does not knowingly collect, maintain, disclose, or otherwise process Personal Data from minors below the age of 16 without the permission of such minor’s parents or legal guardians.

Signant Health may process Personal Data as a data controller or as a data processor (or sub-processor). When Signant Health processes the Personal Data as a data processor (or a sub-processor), Signant Health (a) will only process the Personal Data in accordance with the applicable laws, rules, regulations, and as specifically directed by the data controller; (b) and will use the Personal Data only to the extent necessary to provide the services.

Clinical trial participants and candidates

Visitors to Our Corporate Websites and Physical Locations, and Senders of Inquiries 

Health Care Professionals

Employees, contractors or candidates 

Customers (sponsors and CROs)

Vendors

Attendees at events  

Clinical trial participants and candidates 

We may process your Personal Data when you participate or intend to participate in a clinical trial or you are a caregiver of a patient who participates in a clinical trial that is sponsored by one of our customers. Signant Health provides software and various other services to clinical trial sponsors and CROs (Contract Research Organizations). Under such circumstances, Signant Health is the data processor, and the clinical trial sponsor is the data controller. The data controller may provide you with additional data privacy information. In all event, if you decide to participate in a clinical trial, you will receive a separate privacy notice from the data controller, which describes how your Personal Data is processed in the clinical trial.   

Examples of the types of data we process:  

Depending on the services Signant Health provides to the data controller, and subject always to applicable laws, Signant Health may process the following types of data: 

Identity and contact information, such as: •   first and last name 
•   patient ID 
•   email address 
•   postal address 
•   phone number  
•   signature 
Other personal information, such as: •   age 
•   gender 
•   initials 
•   date of birth 
•   username 
•   password 
Visual and audio information, such as: •   still images 
•   video or audio recordings 
Technical Information, such as: •   Internet Protocol (IP) address 
•   browser type and browser language 
•   device type and/or device ID, if the device is provided by Signant Health 
•   location data to enable Bluetooth connection to study devices (only for TrailMax).  
•   activity on our website or applications •   data collected from cookies or other similar technologies  
Health information •   diseases 
•   study visit dates 
•   medical history and treatment information 
•   responses to questionnaires/e-diaries 
Anonymized / de-identified data •   Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified, and the information is no longer considered Personal Data under data protection laws 

Where do we get the data? 

We may get your Personal Data (1) directly from you; (2) from the devices you use; (3) from your caregiver; (4) from health care professionals. 

Why do we process the data?  

  • to send you your login credentials 
  • to provide the software/services to you and to our customers 
  • to send you reminder messages 
  • to determine your eligibility to participate in the clinical trial 
  • to identify and authenticate you 
  • to detect security incidents 
  • to protect against malicious or illegal activity 
  • to ensure the appropriate use of our software 
  • to improve our software and services 
  • for short-term, transient use 
  • for administrative purposes 
  • for quality assurance 

Signant Health’s role in the data processing

Signant Health processes the Personal Data on behalf of the study sponsor as a data processor. The study sponsor is the data controller of the Personal Data.  

The legal basis of processing:   

As determined by the data controller. 

Who receives the data?  

  • Signant Health, our affiliates, subsidiaries, and related companies 
  • our customers (the data controller who sponsors the clinical trial) 
  • Health care professionals (members of the study team) 
  • vendors that assist us in providing our Services  

The device manufacturers or OS providers have no access to Personal Data. 


Visitors to Our Corporate Websites and Physical Locations, and Senders of Inquiries 

We may process your Personal Data when you (1) visit our websites or our physical locations; (2) submit inquiries to us online or offline; (3) sign up for our newsletters or other informational or marketing materials.  

Examples of the types of data we process:  

Identity and contact information, such as: •   first and last name •   email address •   postal address •   phone number  
Visual and audio information, such as: •   still images •   video (including via CCTV) •   recordings of your calls  
Technical Information, such as: •   Internet Protocol (IP) address •   browser type and browser language •   device type •   Uniform Resource Locators, or URLs (i.e., website addresses) visited prior to arriving and after leaving our website •   activity on our website and referring websites or applications •   data collected from cookies or other similar technologies 
Anonymized / de-identified data •   Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified, and the information is no longer considered Personal Data under data protection laws. 

Where do we get the data? 

 We may get the Personal Data (1) directly from you; (2) from the devices you use; (3) our security systems (CCTV); (4) third parties. 

Why do we process the data?  

  • to provide you with access to our website and to our services 
  • to communicate with you  
  • to send you updates 
  • to customize content for you 
  • to detect security incidents 
  • to protect against malicious or illegal activity 
  • to ensure the appropriate use of our website 
  • to improve our services 
  • for short-term, transient use 
  • for administrative purposes 
  • for marketing, internal research, and development 
  • for quality assurance  

Signant Health’s role in the data processing: 

Signant Health is the entity responsible for the collection and use of your Personal Data (known in some jurisdictions as the “data controller”) 

The legal basis of processing:   

  • for the purposes of our legitimate interests 
  • in circumstances where we have requested and received consent 
  • for other purposes that may be required or allowed by law 

Who receives the data?  

  • Signant Health, our affiliates, subsidiaries, and related companies 
  • vendors that assist us in providing our services or help us improve our marketing or administration. 

Health care professionals 

We may process your Personal Data if you work at a research site and participate in a clinical trial that is or has been sponsored by one of our customers.   

Examples of the types of data we process:  

Depending on the services Signant Health provides to its customers, Signant Health may process the following types of data: 

Identity and contact information, such as: •   first and last name •   email address •   postal address •   phone number  
Other personal information, such as: •   username •   password 
Visual and audio information, such as:  •   video or audio recordings 
Technical Information, such as: •   Internet Protocol (IP) address •   browser type and browser language •   device type and/or device ID, if the device is provided by Signant Health •   activity on our website or applications •   data collected from cookies or other similar technologies  
Professional and educational information •   job title or position •   employer •  medical license number •   work skills •   employment history •   degrees and certifications •   clinical trial experience •   specialized trainings and training records •   performance metrics  
Anonymized / de-identified data •   Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified and the information is no longer considered Personal Data under data protection laws 

Where do we get the data?  

We may get the Personal Data (1) directly from you; (2) from the devices you use; (3) from our customers; (4) data may be generated based on your interaction with Signant Health. 

Why do we process the data?  

  • to send you your login credentials 
  • to provide the software/services to you and to our customers 
  • to send you reminder messages 
  • to communicate with you 
  • to provide you training 
  • to identify and authenticate you 
  • to detect security incidents 
  • to protect against malicious or illegal activity 
  • to ensure the appropriate use of our software 
  • to improve our software and services 
  • for short-term, transient use 
  • for administrative purposes 
  • for quality assurance 
  • for marketing, internal research and product development 
  • to assess your eligibility to participate in clinical trials 
  • to recommend you to clinical trial sponsors 

Signant Health’s role in the data processing: 

•  When Signant Health provides services to a sponsor of a clinical trial or Contract Research Organization (CRO), Signant Health processes the Personal Data on behalf of the study sponsor as a data processor. The study sponsor is the data controller of the Personal Data.  

•  Signant Health processes the Personal Data as a data controller for the following purposes: 

  • for marketing, internal research and product development 
  • to assess your eligibility to participate in clinical trials 
  • to recommend you to clinical trial sponsors 
  • for administrative purposes 
  • for quality assurance 

The legal basis of processing:   

  • As determined by the data controller 
  • for the purposes of our legitimate interests 
  • for other purposes that may be required or allowed by law 
  • your consent that you provided to the study sponsor/CRO or directly to Signant Health 

Who receives the data?  

  • Signant Health, our affiliates, subsidiaries, and related companies 
  • our customers  
  • If you agree, your data may be shared with our other customers 
  • vendors that assist us in providing our services  

The device manufacturers or OS providers have no access to Personal Data. 


Employees, contractors or candidates 

We may process your Personal Data if you apply for a position at Signant Health or if you are an employee or a contractor at Signant Health. If you are a candidate, please visit our Recruitment Privacy Policy for further information on how we process your Personal Data.  If you are an employee or a contractor, please visit the separate privacy notice that was provided to you for further information on how we process your Personal Data.  

Examples of the types of data we process:  

Identity and contact information, such as: •   first and last name •   email address •   postal address •   phone number  
Other personal information, such as: •  age •  gender •  date of birth •  marital status, dependents 
Visual and audio information, such as: •   still images •   video (including via CCTV) •   recordings of your calls 
Technical Information, such as: •   Internet Protocol (IP) address •   browser type and browser language •   device type and/or device ID, if the device is provided by Signant Health •   activity on our website or applications •   data collected from cookies or other similar technologies •   geolocation  
Health information •   disability •   maternity, parental leave •   sick leave 
Commercial and financial information •   bank account information •   tax information •   salary  
Professional and educational information •   job title or position •   employer •   work skills •   employment history •   degrees and certifications •   training records •   performance metrics  
Anonymized / de-identified data •   Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified, and the information is no longer considered Personal Data under data protection laws 

Where do we get the data?  

We may get the Personal Data (1) directly from you; (2) from the devices you use; (3) from third parties (e.g. background checks); (4) data may be generated based on your interaction with Signant Health. 

Why do we process the data?  

  • to communicate with you 
  • to provide you training 
  • to identify and authenticate you 
  • to detect security incidents 
  • to protect against malicious or illegal activity 
  • to ensure the appropriate use and operation of our software and services 
  • to improve our software and services 
  • for short-term, transient use 
  • for administrative purposes 
  • for quality assurance 
  • for marketing, internal research and product development 
  • to assess your eligibility for a position 
  • to evaluate your performance 
  • to perform other employment related tasks 

Signant Health’s role in the data processing

Signant Health is the entity responsible for the collection and use of your Personal Data (known in some jurisdictions as the “data controller”). 

The legal basis of processing:   

  • for the purposes of our legitimate interests 
  • for other purposes that may be required or allowed by law 
  • to comply with legal obligations 
  • in preparation for or to perform a contract 
  • your consent that you provided to Signant Health 

Who receives the data?  

  • Signant Health, our affiliates, subsidiaries, and related companies 
  • our customers  
  • vendors that assist us in providing our Services  
  • public and governmental authorities, to the extent required by law 

Customers (sponsors and CROs) 

We may process your Personal Data if work at one of our customers (sponsors and CROs) and interact with Signant Health and/or access our software.     

Examples of the types of data we process:  

Identity and contact information, such as: •   first and last name •   email address •   postal address •   phone number  
Other personal information, such as: •   username •   password •   job title •   employer 
Technical Information, such as: •   Internet Protocol (IP) address •   browser type and browser language •   device type and/or device ID, if the device is provided by Signant Health •   activity on our website or applications •   data collected from cookies or other similar technologies  
Anonymized / de-identified data •   Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified, and the information is no longer considered Personal Data under data protection laws 

Where do we get the data? 

We may get the Personal Data (1) directly from you; (2) from the devices you use; (3) from your employer. 

Why do we process the data?  

  • to send you your login credentials 
  • to provide the software/services to you or to your employer 
  • to communicate with you 
  • to identify and authenticate you 
  • to detect security incidents 
  • to protect against malicious or illegal activity 
  • to ensure the appropriate use of our software 
  • to improve our software and services 
  • for short-term, transient use 
  • for administrative purposes 
  • for quality assurance 
  • for marketing, internal research and product development 

Signant Health’s role in the data processing: 

•  When Signant Health provides services to a sponsor of a clinical trial or Contract Research Organization (CRO), Signant Health processes the Personal Data on behalf of the study sponsor as a data processor. The study sponsor is the data controller of the Personal Data.  

•  Signant Health processes the Personal Data as a data controller for the following purposes: 

  • for marketing, internal research and product development 
  • for administrative purposes 
  • for quality assurance 

The legal basis of processing:   

  • as determined by the data controller 
  • for the purposes of our legitimate interests 
  • for other purposes that may be required or allowed by law 
  • to comply with a legal requirement 
  • in preparation for or to perform a contract 
  • your consent  

Who receives the data?  

  • Signant Health, our affiliates, subsidiaries, and related companies 
  • vendors that assist us in providing our Services  

The device manufacturers or OS providers have no access to Personal Data. 


Vendors 

We may process your Personal Data if you provide any services to Signant Health.   

Examples of the types of data we process:  

Depending on the services you provide to Signant Health, Signant Health may process the following types of data: 

Identity and contact information, such as: •   first and last name •   email address •   postal address •   phone number  
Technical Information, such as: •   Internet Protocol (IP) address •   browser type and browser language •   device type and/or device ID, if the device is provided by Signant Health •   activity on our website or applications •   data collected from cookies or other similar technologies  
Commercial information •   bank account information •   tax information, including tax number 
Professional and educational information •   job title or position •   employer •   work skills •   degrees and certifications •   specialized trainings and training records •   performance metrics  
Anonymized / de-identified data •   Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified, and the information is no longer considered Personal Data under data protection laws 

Where do we get the data?  

We may get the Personal Data (1) directly from you; (2) from the devices you use; (3) from third parties; (4) data may be generated based on your interaction with Signant Health. 

Why do we process the data?  

  • to provide the software/services to our customers 
  • to communicate with you 
  • to provide you training 
  • to identify and authenticate you 
  • to detect security incidents 
  • to protect against malicious or illegal activity 
  • to ensure the appropriate use of our software 
  • to improve our software and services 
  • for short-term, transient use 
  • for administrative purposes 
  • for quality assurance 
  • for marketing, internal research and product development 
  • for vendor assessment and qualification 

Signant Health’s role in the data processing

Signant Health is the entity responsible for the collection and use of your Personal Data (known in some jurisdictions as the “data controller”). 

The legal basis of processing:   

  • for the purposes of our legitimate interests 
  • for other purposes that may be required or allowed by law 
  • your consent  
  • to comply with a legal requirement 
  • in preparation for or to perform a contract 

Who receives the data?  

  • Signant Health, our affiliates, subsidiaries, and related companies 
  • our customers  
  • other vendors that assist us in providing our Services  

Attendees at events 

We may process your Personal Data if you attend professional events we sponsor or hold.      

Examples of the types of data we process:  

Identity and contact information, such as: •   first and last name •   email address •   postal address •   phone number  
Visual or audio information, such as: •   still images •   video (CCTV)   
Professional and educational information: •   job title •   employer •   employment history •   certifications and education •   responses to questionnaires 
Anonymized / de-identified data •   Anonymized data is data for which your individual personal characteristics have been removed such that you are not identified, and the information is no longer considered Personal Data under data protection laws 

Where do we get the data? 

We may get the Personal Data (1) directly from you; (2) from our business partners; (3) from your employer. 

Why do we process the data?  

  • to communicate with you 
  • to identify and authenticate you 
  • to detect security incidents 
  • to protect against malicious or illegal activity 
  • to improve our software and services 
  • for short-term, transient use 
  • for administrative purposes 
  • for quality assurance 
  • for marketing, internal research and product development 

Signant Health’s role in the data processing

Signant Health is the entity responsible for the collection and use of your Personal Data (known in some jurisdictions as the “data controller”). 

The legal basis of processing:   

  • for the purposes of our legitimate interests 
  • for other purposes that may be required or allowed by law 
  • in preparation for or to perform a contract 
  • to comply with a legal requirement 
  • your consent  

Who receives the data?  

  • Signant Health, our affiliates, subsidiaries, and related companies 
  • Other event attendees 
  • vendors that assist us in providing our Services  

How We Share Personal Data 

In addition to the third parties described under each category in the above section, we may share Personal Data with the following categories of third parties to accomplish the purposes set out above and for the additional purposes set forth below. 

  • To Protect Our Legal Rights or Comply with Legal Requirements. We may disclose Personal Data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. 
  • Sale or Transfer of Corporate Assets. In the event of a merger, sale, joint venture or other transaction involving a transfer of our business or assets, we may transfer your information to other parties involved in the transaction. Any entity acquiring our data assets will do so with the express, written commitment to use the data only for authorized purposes, and to maintain a similar level of privacy and information security protection. You will be notified via email or notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information. 
  • With Your Consent. We may disclose your personal information to other third parties with your prior opt-in consent. 

Individual Rights 

You may have a right under your jurisdiction’s data protection law to the following rights with respect to some or all of your Personal Data: 

  • To request access to your Personal Data (including under GDPR Article 15); 
  • To request that we rectify or erase your Personal Data (including under GDPR Articles 16 and 17); 
  • To request that we restrict or block the processing of your Personal Data (including under GDPR Articles 18, 21 and 22 and to object to the sale or sharing of your Personal Data under other relevant laws); 
  • To provide your Personal Data directly to another organization, i.e., a right to data portability (including under GDPR Article 20); 
  • When we previously obtained your consent, to withdraw consent to processing (including under GDPR Article 21); and 
  • To lodge a complaint with the data protection authority in your area. 

We will make reasonable efforts to respond promptly to your requests in accordance with applicable laws. We may, after receiving your request, require additional information from you to honor the request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.  

When we receive your Personal Data from our customers and process your Personal Data on their behalf, we do so in the capacity of a data processor. In such cases Signant Health may need to contact the data controller and follow the data controller’s instructions.  

To exercise these rights, please use Signant Health’s contact page https://signanthealth.com/contact-us/, direct email to dpo@signanthealth.com, or contact a Signant Health HR representative, as the case may be. 

Data Security 

Signant Health takes the security of Personal Data seriously. Signant Health has internal policies and controls in place to reasonably protect Personal Data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed by unauthorized users. However, as is the case with all websites, applications, products, and services, we unfortunately are not able to guarantee security for data collected through our products and services. In addition, it is your responsibility to safeguard any passwords, PIN codes, or similar individual information associated with your use of our products and services. 

Where Signant Health engages third parties to process Personal Data on its behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of data. 

Signant Health recognizes potential liability in cases where Personal Data may be transferred to third parties. Signant Health will not transfer any Personal Data to a third party without first ensuring that the third-party adheres to principles or similar laws providing an adequate and equivalent level of protection.  

International Data Transfers 

Your Personal Data may be transferred and maintained outside your state, province, country, or other jurisdiction where the privacy laws may not be as protective as those in your location, including the United States. We have put in place lawful transfer mechanisms and adequate safeguards, in accordance with applicable legal requirements, to protect your Personal Data.   

How long your personal data will be retained 

We generally retain Personal Data for as long as needed for the specific business purpose or purposes for which it was collected. In some cases, we may be required to retain Personal Data for a longer period of time by law or for other necessary business purposes. Whenever possible, we aim to anonymize the information or remove unnecessary identifiers from records that we may need to keep for periods beyond the specified retention period. 

When we act as a data processor, the retention period is determined by the data controller.  

Cookies and similar technologies 

Signant Health uses cookies which are small data files that are served by our platform and stored on your device. Our site uses cookies dropped by us or third parties for a variety of purposes including to operate and personalize the website to improve users’ experience and for targeted advertising purposes. Cookies may expire at the end of your browsing session, or they may be stored on your computer ready for the next time you visit the website. You can prevent the setting of cookies by adjusting the settings on your browser (see your browser “Help” section for how to do this). Disabling cookies will affect how you experience our website.  

Contact us 

If you have questions or comments about this Notice or about how your Personal Data is processed, please contact us by using Signant Health’s contact page https://signanthealth.com/contact-us/ or email to dpo@signanthealth.com