Subject Well Privacy Statement For Clinical Trial Recruitment

Effective Date: September 30, 2019

I. GENERAL

Subject Well, Inc. and its group entities (“Subject Well”, or “we”) offers clinical trial participant recruitment services (the “Services”). This privacy notice sets out how we use and protect any information that you provide to Subject Well in connection with the Services. In connection with the Services, you may sign up for clinical trial matching or may otherwise become a clinical trial candidate through us. Insofar as our Services process Personal Information, this Privacy Notice applies. If you wish to know about our privacy practices relating to our websites, please visit https://subjectwell.com/privacy.

II. WHAT WE MEAN BY “PERSONAL INFORMATION”

For purposes of this Privacy Notice, “Personal Information” means any information from or about a person that either identifies that person directly or that makes that person identifiable when it is combined with other information from or about that person from any source.

III. WHAT PERSONAL INFORMATION DO WE COLLECT?

(1) Information You Provide to Us

In connection with the Service, or when you otherwise communicate with us, we collect information that you provide to us directly. For example, we collect information in the following circumstances: when you sign up for clinical trial matching, when you contact us, and when you otherwise communicate with us.

The information you provide to us directly may include, without limitation, the following information that may, alone or in combination with other information, constitute Personal Information:

  • Information you provide via email or using the contact details listed on various parts of the website where this Privacy Notice appears, including your name, phone number, and any other information you provide to us; and
  • Information you provide in order to sign up for clinical trial opportunities, including your name, age, email address, your health conditions relevant to the clinical trial opportunities, or any other information you decide to provide us with;
  • Other information: We may also collect any other information you may want to share with us. Moreover, if you contact us, a record of this correspondence may be kept.

(2) Information Received From Third Parties

We may also obtain data from third-party sources such as data providers. Our data providers include, not by way of limitation Human API.

IV. PURPOSES FOR OUR COLLECTION AND USE OF PERSONAL INFORMATION

If you submit or we collect Personal Information through the Services, then such Personal Information may be used in the following ways: (i) to provide and administer the Services; (ii) to contact you in connection with the Services (v) to identify and authenticate your access to the Services that you are authorized to access; (vi) for our legitimate interests of documenting and managing our internal administration; and (vii) to protect the rights and/or our property. We use information about your health condition for the sole purpose of contacting you when a potential clinical trial is identified. You may be contacted at the phone number you provide including wireless number, if provided, by a representative of Northwest Medical or Subject Well. These calls may be generated using an automated technology.

In addition to the above, we use the Personal Information in order to comply with applicable laws and for our legitimate purposes of protection our legal rights, in connection with legal claims, and for compliance, regulatory, and investigative purposes. This may include sharing the Personal Information with third parties, such as governmental authorities or law enforcement officials subject to applicable law.

V. WHO DO WE SHARE PERSONAL INFORMATION WITH?

We may disclose Personal Information you provide to us in and through the Services with the following categories of third parties:

  • If you would like to participate in a clinical trial and there are matching clinical trials, we may share Personal Information about you with principal investigators, clinical research sites, and clinical trial service providers of clinical trials that are relevant to you;
  • Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and
  • Our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Services and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Notice.

VII. INDIVIDUAL RIGHTS

Where we process Personal Information, individuals are entitled to ask us for an overview of the Personal Information we have about them and also to access, correct or delete certain Personal Information, restrict processing of their Personal Information, or to ask us to transfer some of Personal Information to other organizations. Certain individuals can also object to some processing of their Personal Information and, where we have asked for their consent, they can withdraw their consent at any time. Insofar as Personal Information about them is processed, certain individuals also have a right to know more about the protection we apply when transferring Personal Information to non-European Economic Area countries.

Note that we are not legally obligated to agree to such requests in all circumstances, and in certain circumstances, agreeing to a request may be infeasible – for example, a deletion request when we are required by law to maintain the Personal Information. Please also note that we are not able to act on any of the above requests if we are not in a position to identify an individual filing such request.

Where applicable, these rights can be exercised by sending us an email through the contact details further below. Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information about you. We encourage you to first reach out to us at privacy@subjectwell.com so we have an opportunity to address your concerns directly before you do so. We are committed to compliance with the General Data Protection Regulation (“GDPR”) where applicable, so please contact us through the details listed below if you have any questions about these rights.

IX. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Subject Well is a U.S.-based company with domestic and international business clients. As a result, Personal Information that we collect through the Services may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may work with third-party service providers in the U.S. and in other countries to support our business activities. Thus, Personal Information may be transferred to, stored on servers in, and accessed from the United States and countries other than the country in which the Personal Information was initially collected. In all such instances, we use, transfer, and disclose Personal Information solely for the purposes described in this Privacy Notice.

X. TRANSFERS OF PERSONAL INFORMATION FROM THE EU OR SWITZERLAND TO THE UNITED STATES

Subject Well complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework (collectively, “Privacy Shield”) as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Information from European Union (the “EU”) member countries and Switzerland. Subject Well has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. A violation of our commitment to Privacy Shield may be investigated by the Federal Trade Commission and/or the United States Department of Commerce. If there is any conflict between the policies in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, to the extent available, please visit https://www.privacyshield.gov.

In compliance with the Privacy Shield Principles, Subject Well commits to resolve complaints about your privacy and our collection or use of Personal Information about you. Persons from the EU or Switzerland who have inquiries or complaints regarding this Statement should first contact us via email at: privacy@subjectwell.com.

Subject Well has committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.

These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Pursuant to the Privacy Shield, Subject Well remains potentially liable for the transfer of Personal Information to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.

In cases of onward transfer to third parties of Personal Information of EU individuals received pursuant to the EU-US and Switzerland-US Privacy Shield, Subject Well is potentially liable.

XI. DATA RETENTION

If for seven (7) years we do not find any potential clinical trials for you and we do not attempt to contact you, we will remove Personal Information about you from our database. Please note that even if you request the deletion of Personal Information about you, we may be required (by law or otherwise) to retain the Personal Information and not delete it. However, once those requirements are removed, we will delete Personal Information about you in accordance with your request.

XII. DATA SECURITY

The security of Personal Information is important to us. We follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security.

XIV. CHILDREN

The Services are not intended for children under the age of 13. Accordingly, we do not intend to collect Personal Information from anyone we know to be under 13 years of age.

XVI. CHANGES TO THE PRIVACY NOTICE

This Privacy Notice may change from time to time, effective from the date mentioned in the updated version of the Privacy Notice. Please check the website where this Privacy Notice appears periodically to review such changes in the Privacy Notice. We may email periodic reminders of our agreements and policies in the event of a change.

XVII. CONTACT US

If you have any questions or concerns about this Privacy Notice or about Subject Well’s privacy or data security practices, please contact us via the following:

E-mail: privacy@subjectwell.com

Address:
7000 N MoPac Expy

Ste 330

Austin, TX 78731

USA