Privacy Policy

Effective as of 06JAN2024

This “Privacy Policy” describes the privacy practices of Clinical Ink, Inc (“Clinical Ink”, “we”, “us”, or “our”).  This Privacy Policy defines Clinical Ink’s interpretation of the regulatory requirements related to Personally Identifiable Information, Personal Health Information, Patient Privacy, the Health Insurance Portability and Accountability Act (HIPAA), the EU General Data Protection Regulation (EU GDPR), and the California Consumer Protection Act (CCPA).

Respect for the privacy of personal information about our customers and website visitors is very important to Clinical Ink. Clinical Ink is committed to adhering to this Privacy Policy, as well as applicable laws, rules and regulations. This Privacy Policy applies to Personal Information (as defined below) collected by Clinical Ink’s online resources located under the domain name [https://www.clinicalink.com/], and subdomains of clinicalink.com, including all related pages. This Privacy Policy does not apply to personal information collected from offline resources and communications. This Privacy Policy also does not apply to third-party online resources to which this website may link, frame or otherwise reference.

This Privacy Policy describes how we collect, use, disclose and otherwise process personal information in connection with our websites, mobile apps, and other services, and explains the rights and choices available to individuals with respect to their information. For convenience, our websites and mobile apps are collectively referred to as the “Products”, and, together with our other services, collectively referred to as the “Services.” This Privacy Policy governs any of the Services on which the Privacy Policy is posted.

Individuals located in the European Union please read the important information provided here.

Individuals located in California please read the important information provided here.

 

Summary of our Privacy Practices

The Types of Information Clinical Ink Collects About You: We collect information that you provide to us, such as your contact details, as well as information that is automatically collected by our Products, such as your Internet Protocol (“IP”) address and information collected by our use of Cookies.

The Purposes of Processing Your Information: We process information about you to provide our Products and Services; to communicate with you; to comply with law and prevent fraud; and for other reasons with your consent. We may also anonymize your data – which means the data can no longer be used to identify you – to perform analytics to learn how to better provide our Products and Services.

Your Rights and Choices: Depending on your jurisdiction, you may have legal rights associated with our processing of your data, including rights to access, correct, delete, transfer, or object to the processing of your data. Regardless of where you live, we will honor your request to opt out of being contacted by us for marketing reasons.

How to Contact Us: Clinical Ink is the controller of your information when it is processed in the context of our Products and Services. Our Data Protection Officer may be contacted by emailing privacy@clinicalink.com.

Please note that Clinical Ink’s customers are the controllers of your data when it is processed in the Clinical ink platform, applications, and related services. For example, if you are a patient in a clinical trial, or an investigator who logs into our applications, your data controller is the Sponsor of that trial and/or the participating healthcare provider.

 

Clinical Ink’s Platform, Applications, and Customer Data

As part of Clinical Ink’s platform, applications and related services, our customer’s employees and authorized users may enter information from or about their authorized users, employees, and clinical trial subjects (collectively, “Customer Data”), into our Products.

This Privacy Policy does not apply to Customer Data, and we are not responsible for our customers’ handling of Customer Data. Our customers have their own policies regarding the collection, use and disclosure of your personal information. Our use of Customer Data is subject to the written contract for services between Clinical Ink and the customer that in no way involves the sale of your data. Clinical Ink’s responsibility under that contract is the obligation to keep Customer Data safe and secure.

Clinical Ink has no control or ownership of Customer Data. Please direct any questions regarding Customer Data to the customer for which you work, or which collected your information using Clinical ink Technology.

 

The Personal Information We Collect

We collect personal information about you in the following ways:

Information you give us


Personal information that you may provide through the Services or otherwise communicate with us includes:

  • Personal and Business Contact information, such as your first name, last name, postal address, email address, telephone number, job title, and employer name.
  • Profile information, such as your username and password and preferences.
  • Feedback and correspondence, such as information you provide when reporting a problem with the Products, receive customer support or otherwise correspond with us.
  • Usage information, such as information about how you use the Products and interact with us.
  • Clinical Ink collects identifying information when you use the Products (including, without limitation, any clinicalink.com web pages or landing pages), and when you submit data through a form such as those found on gated resources and contact pages.
  • Marketing information, such as your preferences for receiving marketing communications and details about how you engage with those communications.

We may combine other publicly available information, such as information related to the organization for which you work, with the personal information that you provide to us through our Products or Services.

Information automatically collected

We may collect an Internet Protocol (“IP”) address from visitors to our Products. We use IP addresses to help diagnose problems with our server(s), to administer the Products, and to monitor activities on and interactions with our Products.

We may also automatically log information about you and your computer or mobile device when you access our Products. For example, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Products, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Products.

Changes to your personal information


It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us by updating your Product profile or emailing us at 
privacy@clinicalink.com.

 

How We Use Your Personal Information

 

To provide our Services

If you have a Clinical Ink account or use our Products, we use your personal information to:

  • Operate, maintain, administer, and improve the Products.
  • Manage and communicate with you regarding your Clinical Ink account, if you have one, including by sending you service announcements, technical notices, updates, security alerts, and support and administrative messages.
  • Process and manage registrations you make through the Products, including to track and administer trainings or events you have registered for and attended.
  • Better understand your needs and interests and personalize your experience with the Products.
  • Provide support and maintenance for the Products and our Services.
  • Respond to your service-related requests, questions, and feedback.

To communicate with you

If you request information from us, register on the Products, or participate in our events, we may send you Clinical Ink-related marketing communications as permitted by law. You will have the ability to opt-out of such communications.

To comply with law

We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

With your consent

We may use or share your personal information with your consent, you instruct us to take a specific action with respect to your personal information, or you opt into marketing communications.

To create anonymous data for analytics

We may create anonymous data from your personal information and other individuals whose personal information we collect. We make “personal information” into “anonymous data” by excluding information that makes the data personally identifiable to you, so that it is no longer reasonably possible to use the data to identify you. We use this anonymized data for lawful business purposes, such as improving our Products and Services.

For compliance, fraud prevention and safety

We use your personal information as necessary or appropriate to:

  1. Enforce the terms and conditions that govern our Services.
  2. Protect our rights, privacy, safety or property, and/or that of you or others.
  3. Protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

How We Share your Personal Information

 
Except as described in this Privacy Policy, we do not share the personal information that you provide to us with other organizations. In cases where Clinical Ink contracts with a third-party that requires access to personal information that you provided to us, Clinical Ink will obtain assurances that the third-party will safeguard Personal Data and Clinical Study Data in a manner consistent with this Policy. Furthermore, when transferring personal information to a third party acting as an agent, Clinical Ink will:

  • Transfer such data only for limited and specified purposes.
  • Ascertain that the agent is obligated to provide at least the same level of privacy protection.
  • Take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with Clinical Ink’s obligations.
  • Require the agent to notify Clinical Ink if it decides that it can no longer meet its obligation to provide the same level of protection.
  • Upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing.

Such third-party agents are restricted from using this data in any way other than providing services for or on behalf of Clinical Ink. We disclose personal information to third parties under the following circumstances:

  • Service Providers: We may employ third party companies and individuals to administer and provide the Services on our behalf (such as training, shipping, customer support, hosting, email delivery, and database management services). These third parties may use your information only as directed by Clinical Ink and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose.
  • Professional Advisors: We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
  • Compliance with Laws and Law Enforcement; Protection and Safety: Clinical Ink may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to:
    a) Comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
    b) Enforce the terms and conditions that govern our Services.
    c) Protect our rights, privacy, safety or property, and/or that of you or others.
    d) Protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.
  • Business Transfers: Clinical Ink may sell, transfer, or otherwise share some or all of its business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, if such third party agrees to treat all such information in accordance with this Privacy Policy.

     

Privacy Notice for Employment & Workplace-Related Purposes Clinical ink (Winston Salem, USA)

 

The Purpose of this Notice
This Notice provides a comprehensive overview of the practices of Clinical ink and its affiliates with respect to the collection, use and disclosure of data for employment-related purposes about employees, their family members, job candidates, former employees, retirees, and other individuals about whom the Company and its affiliates have Personal Information as a result of the relationships those individuals have or had with the Company, or with employees of the Company. This Notice is not intended to replace other notices or consents provided by our company or its affiliates to current or former employees or others in accordance with national and local laws and regulations or for specific programs. In the event of any conflict between notices or consents required by local law and this Notice, the notices or consents required by local law will prevail.

Collection of Information
While conducting our business and complying with federal, state, and local government regulations governing such matters as employment, tax, insurance, etc., we must collect Personal Information from you. The nature of the Information collected varies somewhat for each employee, depending on your employment responsibilities, the location of the facility where you work, and other factors. We collect Personal Information from you solely for business purposes, including those related directly to your employment with the Company, and those required by governmental agencies.

Data collected may include, without limitation, such as:

• Your name
• User ID(s)
• Phone numbers
• Email addresses
• Mailing addresses
• Banking and other financial data
• Government identification numbers, e.g., Social Security number, driver’s license number
• Date of birth
• Gender, race, and ethnicity
• Health and disability data
• Family-related data, e.g., marital status,
• Personal and health -related data for you and your family

Use of the Information We Collect
The primary purposes for collection, storage and/or use of your Personal Information include, but are not limited to:

• Human Resources Management. We collect, store, analyze, and share (internally) Personal Information to attract, retain and motivate a highly qualified workforce. This includes recruiting, compensation planning, succession planning, reorganization needs, performance assessment, training, employee benefit administration, compliance with applicable legal requirements, and communication with employees and/or their representatives.
• Business Processes and Management. Personal Information is used to run our business operations including, for example, scheduling work assignments, managing company assets, reporting and/releasing public data (e.g., Annual Reports, etc.), and populating employee directories. Information may also be used to comply with government regulation.
• Safety and Security Management. We use such Information as appropriate to ensure the safety and protection of employees, assets, resources, and communities.
• Communication and Identification. We use your Personal Information to identify you and to communicate with you.

Security of Your Personal Information
We employ reasonable security measures and technologies, such as password protection, encryption, physical locks, etc., to protect the confidentiality of your Personal Information Only authorized employees have access to Personal Information. If you are an employee with such authorization, it is imperative that you take the appropriate safeguards to protect such Information. Paper and other hard copy containing Personal Information (or any other confidential information) should be secured in a locked location when not in use. Computers and other access points should be secured when not in use by logging out or locking. Passwords and user IDs should be guarded and not shared. When no longer necessary for business purposes, paper and hard copies should be immediately destroyed using paper shredders or similar devices. Do not leave copies in unsecured locations waiting to be shredded or otherwise destroyed. Do not make or distribute unauthorized copies of documents or other tangible medium containing personal data. Electronic files containing Personal Information should only be stored on secure computers and not copied or otherwise shared with unauthorized individuals within or outside of Company.

The Company will make reasonable efforts to secure Personal Information stored or transmitted electronically secure from hackers or other persons who are not authorized to access such Information.

Compliance with this Privacy Policy is important to the Company. Any violation or potential violation of this Policy should be reported to the Sr. Director of Human Resources. The failure by any employee to follow these privacy policies may result in discipline up to and including separation of the employment.

Your Choices

 

Access, Update, Correct or Delete Your Information

All Clinical Ink account holders may review, update, correct or delete the personal information in their Product profile by logging into their account. Clinical Ink account holders may also contact us at privacy@clinicalink.com if you have additional requests or questions.

Marketing Communications

You may opt out of marketing-related emails by by clicking on the ‘unsubscribe’ link at the bottom of each such email or by contacting us at privacy@clinicalink.com. You may continue to receive service-related and other non-marketing emails.

Testimonials

If you gave us consent to post a testimonial on our Products, but wish to update or delete it, please contact privacy@clinicalink.com.

Choosing not to share your personal information

Where permitted by law, your ability to access and correct personal information will be limited where access and correction would:

[1]    inhibit Clinical Ink’s ability to comply with a legal or ethical obligation.

[2]    inhibit Clinical Ink’s ability to investigate, make or defend legal claims, result in disclosure of personal information about a third party; or

[3]    result in a breach of a contract or disclosure of trade secrets or other proprietary business information belonging to Clinical Ink or a Third-Party.

Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Services to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with the Services and may need to close your account. We will tell you what information you must provide to receive the Services by designating it as required in our Products and Services or through other appropriate means.

 

Cookies and Similar Technologies

 

What are Cookies?

As is common practice with almost all professional websites this site uses cookies, which are very small files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use them and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored.  However, this may downgrade or ‘break’ certain elements of the Products functionality.

The Cookies We Set

This site also offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to those subscribed.

When you submit data through a form, such as those found on contact pages or comment forms, cookies may be set to remember your user details for future correspondence.

Third-Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third-party cookies you might encounter through this site.

Our Products use Google Analytics which is one of the most widespread and trusted analytics solutions on the web. We use Google Analytics to help us understand how you use our site and ways that we can improve your experience. Cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Analytics page. For more information about Google Analytics, or to opt-out of Google Analytics, please go to https://tools.google.com/dlpage/gaoptout

Disabling Cookies

You can typically remove or reject cookies via your browser settings. To do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.

Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.

 

Cookie Settings

On-Site Tracking

We may also use tracking tags (which are also known as web beacons) on our Site to track the actions of users while on our Site. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, tracking tags are embedded on webpages. Tags compile statistics about usage of the Site, so that we can manage our content more effectively. The information we collect using tracking tags is not linked to our users’ personal data.

 

Security

The security of your personal information is important to us. Clinical Ink employs reasonable safeguards to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.  Clinical Ink strictly controls access to Clinical Study Data through multiple security mechanisms and adheres to a Defense-In-Depth approach about data security which includes the following:

  • environmental monitoring,
  • anti-virus software,
  • network segmentation with multilayer security access controls,
  • intrusion detection monitoring and alerting,
  • database logging and auditing,
  • multi-factor authenticated VPN,
  • data at rest encryption,
  • transport layer encryption,
  • anonymization of certain data elements.

However, no security safeguards are 100% secure and we cannot guarantee the security of your information.

 

International Transfer

 

Clinical ink is headquartered in Winston-Salem, North Carolina, United States and has service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.

European Union users should read the important information provided here about the transfer of personal information outside of the European Economic Area.

 

Other Products and Services

 

The Products may contain links to other websites and services. These links are not an endorsement, authorization, or representation that we are affiliated with that third party. We do not exercise control over third party websites or services and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.

 

User Generated Content

 

We may make available on our Products, or link to, features that allow you to share information online (e.g., on message boards, in chat areas, in file uploads, through events, etc.). Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use, storage, or dissemination of such publicly disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties.

 

Changes to this Privacy Policy

 

We reserve the right to modify this Privacy Policy at any time. Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes in the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Products and Services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

 

Representations / Liability

Clinical Ink makes no representations about the content of the information found on this website. The information presented on this website is provided to you “AS IS,” WITHOUT ANY WARRANTY, IMPLIED OR EXPRESSED, INCLUDING BY WAY OF EXAMPLE BUT WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR OTHERWISE.

Under no circumstances shall Clinical Ink assume liability for the use or interpretation by you of information found on this website; rather, this will be your responsibility.

Clinical Ink expressly disclaims liability for any direct, indirect, incidental, consequential or special damages arising out of your visit to this website and/or the information contained on this website, even if Clinical Ink is proven negligent.

 

Reservation of Rights

Clinical Ink reserves the right to share Personal Data as required by law to respond to duly authorized information requests of government authorities.  For such requests involving Clinical Study Data, Clinical Ink shall provide notice to affected customers, but shall not necessarily seek permission, before disclosing any data to regulatory agencies.

Clinical Ink will fully cooperate with all customer requests to investigate potential violations related to Clinical Study Data and will do so expeditiously and at no cost to the individual.  Individuals, including employees, who feel that Clinical Ink has violated this Policy in any way, may contact the designated Data Protection Officer directly to initiate a formal inquiry.  Employees found willfully disregarding this Policy shall be terminated.

 

Contact Us

 

If you have any questions or concerns at all about our Privacy Policy, please feel free to email us at privacy@clinicalink.com, or write to us at:

Clinical Ink, Inc.
Attn: Data Protection Officer
632 W 4th St,
Winston-Salem, NC 27101
Tel: 1-800-301-5033
Fax: 1-336-922-1707

 

Information for European Union Users

 

Personal information

References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller and Data Protection Officer

Clinical Ink, Inc. is the controller of your personal information for purposes of European data protection legislation. Our Data Protection Officer can be reached at privacy@clinicalink.com. See the “Contact Us” section above for additional contact details.

Legal basis for processing

We only use your personal information as permitted by law. We are required to inform you of the legal basis of our processing of your personal information, which are described in the list below. If you have questions about the legal basis of how we process your personal information, contact us at privacy@clinicalink.com.

  • With your consent: Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at privacy@clinicalink.com.
  • To provide the Services: Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services.
  • To communicate with you: To create anonymous data for analytics; and for compliance, fraud prevention and safety. These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • To comply with law: Processing is necessary to comply with our legal obligations.

Use for new purposes

We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we must keep basic information about our customers (including Contact, Identity, Financial and Transaction Information) for seven years after they cease being customers for financial and tax purposes.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Your Rights

European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

  • Opt-out: Stop sending you direct marketing communications. You may continue to receive service-related and other non-marketing emails;
  • Access: Provide you with information about our processing of your personal information and give you access to your personal information;
  • Correct: Update or correct inaccuracies in your personal information;
  • Delete: Delete your personal information;
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice;
  • Restrict: Restrict the processing of your personal information;
  • Object: Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You can submit these requests by email to privacy@clinicalink.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Cross-Border Data Transfer

Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on the following safeguard recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation:

Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer. For further details, see European Commission Model contracts for the transfer of personal information to third countries.

Please contact us if you want further information on the mechanism used by us when transferring your personal information out of the EEA.

EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF

Clinical Ink and its subsidiaries and affiliates (“Digital Artefacts”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Clinical Ink has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Clinical Ink has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

  1. In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Clinical Ink commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Clinical Ink’s Data Privacy Officer at: privacy@clinicalink.com.
  2. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Clinical Ink commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to The International Centre for Dispute Resolution (ICDR), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit please visit for more information or to file a complaint. The services of The International Centre for Dispute Resolution (ICDR) are provided at no cost to you at https://go.adr.org/dpf_irm.html

Privacy Policy Principles

The Clinical Ink Privacy Policy is based upon the following required EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Principles:

NOTICE:

In all cases where Clinical Ink is acting on our own behalf, such as with employee or customer Personal Data, the collection vehicle will specifically provide notice stating the purpose for which the information is being collected and how that information will be stored. As a Software-as-a-Service (SaaS) provider of clinical trial software and services, Clinical Ink acts as an agent on behalf of clients to collect Clinical Study Data.

With respect to all Clinical Study Data, Clinical Ink shall act in a manner governed by the contractual relationship with each customer consistent with the notice provisions specified by the customer in their relationship with the individuals participating in the clinical study. Clinical Ink will disclose all information regarding how Clinical Study Data is secured to facilitate customer’s Notice responsibilities.

Data Subjects may initiate a request relating to their data, and, under certain circumstances, may invoke binding arbitration. Clinical Ink will use commercially reasonable efforts to respond to individual requests within forty-five (45) days of receipt of such request and proper identity verification. All requests in this regard should be submitted via email to privacy@clinicalink.com.

Clinical Ink may share Clinical Study Data with agents, third-parties, or partners approved by our customers and as required by contract. Therefore, Clinical Ink is liable for the onward transfers to these approved agents, third-parties, or partners.

Additionally, it is important to note that Clinical Ink may be required to disclose the personal information of individuals, including certain personally identifiable information, in response to a lawful request by public authorities or under any applicable law, including to meet national security or law enforcement requirements.

By self-certifying with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Clinical Ink is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

CHOICE:

Clinical Ink will not share Personal Data with third parties except in cases where the third party is acting on behalf of Clinical Ink consistent with the purposes for which such Personal Data was originally obtained. All Clinical Study Data is owned by our customer who retains the responsibility to permit individuals to withdraw consent to have their personal Clinical Study Data used for purposes other than for the originally intended purpose.

ACCOUNTABILITY FOR ONWARD TRANSFER:

Clinical Ink may share Clinical Study Data with agents, third-parties, or partners approved by our customers and as required by contract. Clinical Ink will not disclose any Clinical Study Data to third parties without explicit approval from our Customer. In cases where Clinical Ink contracts with a third-party, then Clinical Ink will obtain assurances that they will safeguard Personal Data and Clinical Study Data in a manner consistent with this Policy.

Furthermore, when transferring personal information to a third party acting as an agent, Clinical Ink will:

  1. Transfer such data only for limited and specified purposes
  2. Ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF);
  3. Take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles;
  4. Require the agent to notify the organization if it decides that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
  5. Upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and
  6. Provide a summary or a representative copy of the relevant privacy provisions of our contract with that agent to the Department of Commerce or Federal Trade Commission upon verified request.

Additional information, resources and Privacy Policy FAQs can be found here Enforcement of Data Privacy Framework.

 

Additional Information for California Users

 
California Privacy Notice
 

We are providing this supplemental privacy notice to California users pursuant to the California Consumer Privacy Act of 2018 (“CCPA”).

The provisions contained in this section apply to all Users who are persons residing in the state of California, United States of America, according to “The California Consumer Privacy Act of 2018” (persons are referred to below, simply as “you”, “your”, “yours”), and, for such consumers, these provisions supersede any other possibly divergent or conflicting provisions contained in the privacy policy.

This part of the Privacy Policy uses the term “personal information” as it is defined in The California Consumer Privacy Act (CCPA).

Categories of personal information collected

This section summarizes the categories of personal information that Clinical Ink collects and the purposes thereof.

As part of its services provided to clients, Clinical Ink may collect the following categories of personal information about identifiers, commercial information, internet information.

We will not collect additional categories of personal information without notifying you.

How personal information is collected

We collect the above-mentioned categories of personal information, either directly or indirectly, from you when you or your employer use the services provided by Clinical Ink.

As outlined in this policy, Clinical Ink is a provider of software and services to life sciences companies for use in the conduct of clinical trials throughout the world. Acting as a third-party agent for our clients, for each clinical project Clinical Ink receives Personal Data (name, email, work address, title, and phone number) from study sponsors, research site staff, various consultants/subcontractors, and employees.

Additionally, as specifically authorized by our customers, Clinical Ink may also collect and store Clinical Study Data, which is collected pursuant to a project-specific informed consent with clinical research subjects, and may include detailed information regarding health status, medical assessments, test results, and other data required for a particular study. Detailed contractual arrangements, SOPs and business policies govern all our work with customer data. Clinical Ink’s internal policies are available for audit/review by our clients, provided that Clinical Ink remains responsible for the adequacy of our business practices and technical infrastructure.

Clinical Ink does not, and will not, sell the personal information collected about you.

Personal information processing purpose limitation

Clinical Ink may process your personal information in a fashion necessary and proportionate to the business purpose for which it was collected, and strictly within the limits of compatible operational purposes as outlined in the contractual arrangements our clients.

We will not use your personal information for different, unrelated, or incompatible purposes without notifying you.

California privacy rights and how to exercise them

Right to know and to portability

You have the right to request that we disclose to you:

  • the categories and sources of the personal information that we collect about you, the purposes for which we use your information and with whom such information is shared;
  • in case of disclosure for a business purpose, we disclose the personal information categories obtained by each category of recipient.

The disclosure described above will be limited to the personal information collected or used over the past 12 months.

If we deliver our response electronically, the information enclosed will be “portable”, i.e. delivered in an easily usable format to enable you to transmit the information to another entity without hindrance – if this is technically feasible.

Right to the deletion of personal information

You have the right to request that we delete any of your personal information, subject to exceptions set forth by the law (such as, including but not limited to detect security incidents and protect against fraudulent or illegal activities, to exercise certain rights etc.).

If no legal exception applies, because of exercising your right, Clinical Ink will delete your personal information and direct any of our service providers to do so.

How to exercise your rights

To exercise the rights described above, you need to submit your verifiable request to us by contacting us via the details provided in this policy.

For us to respond to your request, it is necessary that we know who you are. Therefore, you can only exercise the above rights by making a verifiable request which must:

  • provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative;
  • describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Clinical Ink will not respond to any request if we are unable to verify your identity and therefore confirm the personal information in our possession relates to you.

If you are unable to personally submit a verifiable request, you can authorize a person registered with the California Secretary of State to act on your behalf.

If you are an adult, you can make a verifiable request on behalf of a minor under your parental authority.

You can submit a maximum number of 2 requests over a period of 12 months.

Individuals with inquiries or complaints regarding this Privacy Policy should first contact Clinical Ink at privacy@clinicalink.com. You can submit requests using the following contact information:

Clinical ink
Attn: Data Protection Officer
632 W 4th Street
Winston-Salem, NC 27101

Tel: 1-800-301-5033

Request Response

We will confirm receipt of your verifiable request within 14 days and provide information about how we will process your request.

We will disclose and deliver the required information to a consumer free of charge within 45 days of receiving your verifiable consumer request. If more time is required to process your request, we will explain to you the reasons why, and how much more time we need. In this regard, please note that we may take up to 90 days to fulfill your request.

Our disclosure(s) will cover the preceding 12-month period.

Should we deny your request, we will explain and provide you with a justification behind our denial.

We do not charge a fee to process or respond to your verifiable request unless such request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee considering administrative costs or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind it.

Scroll to Top