Your privacy is critically important to us. At Cisiv we have a few fundamental principles:
- We don’t ask you for personal information unless we truly need it.
- We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.
- We don’t store personal information on our servers unless required for the on-going operation of one of our services.
Cisiv operates cisiv.com. It is Cisiv’s policy to respect your privacy regarding any information we may collect while operating our website.
Like most website operators, Cisiv collects non-personal information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Cisiv’s purpose in collecting non-personal information is to better understand how Cisiv’s visitors use its website. From time to time, Cisiv may release non-personal information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
Cisiv also collects personal information like Internet Protocol (IP) addresses. Cisiv does not use such information to identify its visitors, however, and does not disclose such information, other than under the same circumstances that it uses and discloses personal information, as described below.
Gathering and Retention of Personal Information
Certain visitors to Cisiv’s websites choose to interact with Cisiv in ways that require Cisiv to gather personal information. The amount and type of information that Cisiv gathers depends on the nature of the interaction. For example, we ask visitors who sign up to a blog to provide a username and email address. Those who engage in transactions with Cisiv are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, Cisiv collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with Cisiv. Cisiv does not disclose personal information other than as described below. And visitors can always refuse to supply personal information, with the caveat that it may prevent them from engaging in certain website-related activities.
We will only keep your personal data within the timeframes allowed by law and for as long as necessary to comply with our legal obligations. The length of time we keep your data will depend on the type of personal data we have collected. Please contact us on email@example.com for details of any specific retention period.
Cisiv may collect statistics about the behavior of visitors to its websites. For instance, Cisiv may monitor the most popular blogs. Cisiv may display this information publicly or provide it to others. However, Cisiv does not disclose personal information other than as described below.
Protection of Personal Information
Cisiv discloses personal information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Cisiv’s behalf or to provide services available at Cisiv’s websites, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organisations may be located outside of your home country; by using Cisiv’s websites, you consent to the transfer of such information to them. Cisiv will not rent or sell personal information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Cisiv discloses personal information only when required to do so by law, or when Cisiv believes in good faith that disclosure is reasonably necessary to protect the property or rights of Cisiv, third parties or the public at large. If you are a registered user of Cisiv’s website and have supplied your email address, Cisiv may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Cisiv and our products. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Cisiv takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of personal information.
Access to or correction of Personal Information
You have a right to access to your personal data and to require the correction or deletion of your personal data that is inaccurate or incomplete to the extent permitted by applicable law. If you wish to exercise one of the above-mentioned rights, please send us your request via email to firstname.lastname@example.org. We will respond to your request for access within 30 days. In coordination with our security standards, please do not send any sensitive information to us via unencrypted email. Also, please note that we will need to verify and authenticate any emailed requests for access or changes to your information.
There is no automatic subscription to any marketing emails once you submit your enquiry on our ‘Contact us’ page.
App & Patient Portal Privacy Notice
Last updated: 25 March 2022
Cisiv Limited, a limited liability company located at 12th Floor, CI Tower, St George`s Square, New Malden, KT3 4HG, United Kingdom, hereinafter referred to as “Cisiv”.
Cisiv Ltd (“Cisiv“) respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice only applies to personal information that we collect through your use of our app, Baseline Patient (“App“) and Web Portal (“Portal”), hereinafter both referred to as Application.
For information on the collection of personal information via our website, please see our website privacy notice above.
About us and our Application
Cisiv provides this Application (as a supplement to our Baseline Plus technology) to support research into licensed medicines that happen after approval of a drug. Our Application can only be used by patients who are participating in a post-approval study. It provides the opportunity for patients to input their own health information in order to contribute to the study.
Your doctor will ask you if you wish to participate and will give you a unique registration code which will allow you to download and register on the Application
What information does Cisiv collect via our Application
Cisiv complies with the principle of minimisation: we collect only the personal data that is needed.
- Information you provide during the registration process
When you register to use our Application, we will collect your registration code given to you by your doctor as well as your name and email address. We will ask you to choose a unique password. We will also be able to identify which study you are participating in based on your registration code.
- Information we collect automatically
When you use our Application, we may automatically collect device-related information, such as your device’s unique ID, performance data and configuration data (such as crash logs) to assess the use and performance of our Application and other aggregate or statistical information related to your usage of the Application.
- Information specific to our Application, including that provided during your use of the Application
When you use our Application, we will also collect any information you input into the Application on behalf of our customer in response to the post-approval study questions. This information will include current health information and information about your adherence to the regime prescribed by your doctor. You may also be asked to input demographic information as part of the study. We carry out analytics on the data you provide in order to share charts and statistics with you based on your own data.
What do we use this information for?
We collect registration data in order to allow you to use the Application. The purpose of this personal data processing is to conduct medical research. Refer to the Informed Consent Form (ICF) or your doctor for the precise purpose of the personal data processing.
We collect and store other information on behalf of the pharmaceutical company carrying out the post-approval study (our customer) as part of our Baseline Plus service, providing statistical analysis to users of their own data and for any other purposes as instructed by our customer. We act as a processor for our customers and do not use the health data you provide with respect to the post-approval study for our own purposes.
We may also use your contact information to send you service or Application-related announcements, trouble shooting and technical support. In addition, any data we collect automatically we may use for product performance or improvement purposes.
Legal basis for processing
As you may know, under data protection law, personal data can only be collected, used or otherwise processed if this is permitted by law (this is sometimes called a “legal basis”) and there is an obligation to tell individuals what these legal bases are for each processing activity. In relation to most of the personal data collected through the Application, where that is processed for your doctor or the study sponsor / pharmaceutical company, it will be your doctor, or the pharmaceutical company, that are responsible for providing you with information about their legal bases for collecting and using the data as part of the relevant post-approval study. You will have been asked for your informed consent with respect to the collection and sharing of personal data. You can withdraw your consent at any time, without reason. The withdrawal of your consent will not affect the validity of any processing carried out prior to your withdrawal.
Cisiv is known as the Data Processor for your healthcare data and processes your personal data on the instructions of SPONSOR known as the Data Controller.
We are responsible (the “controller”) for some of the data collected; namely, registration data and certain information we collect automatically. In relation to registration data, we collect this in order to allow you to use the Application (this is “performance of a contract”).
Where we collect information from your device automatically, or where we use your contact details to provide you with technical support we do so in reliance on our legitimate interests. These interests are to operate our Application effectively and to communicate with you as necessary to provide you with support, and for our legitimate commercial interest to improve our Application.
Your personal data might be reused by SPONSOR for medical research for a similar purpose. Refer to the informed consent form or your doctor for the potential reuse of your personal data.
Sharing your personal data
Your personal data will be shared with the SPONSOR.
Your data will be stored with our hosting provider based in Ireland and Netherlands that we have carefully selected. Such an external company is bound by contract to comply with the data privacy laws mentioned above and is acting as a Data Sub-Processor. Your data is encrypted to prevent the hosting provider from accessing the data.
We may share your contact information or technical information obtained automatically from your device with our third party service providers in order to provide technical support with respect to the Application.
In addition, we may be required to disclose information to the following categories of recipients:
- to the clinical site, a Contract Research Organisation, monitoring CRAs appointed by the sponsor, by auditors, or by inspectors from local authorities.
- to any law enforcement body, regulatory, government agency, court or other third party, where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- to any actual or potential buyer (and its agents and advisors) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
- to any other person with your consent to the disclosure.
Your personal information is transferred to or processed and stored in the EU, the UK and other countries where our third party service providers and partners are located, including the U.S.. Any transfer between these countries will be in accordance with applicable law and, where required, we have taken appropriate safeguards to require that your personal data will remain protected. You can obtain a copy of such safeguards by contacting the Data Protection Officer of Cisiv, see contact details below.
Cisiv understands the importance of protecting the personal information we store on behalf of our customers and has an ISO 27001 certification. We implement technical and organizational measures to protect your personal information including through the use of encryption.
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Notice and in accordance with the instructions of our customer unless a longer period is required or permitted by applicable law.
Your data protection rights
For all information you provide relating to the post-approval study, the relevant pharmaceutical company (our customer) will be the controller of this information and you will need to contact them directly or through your doctor if you wish to exercise any of your data protection rights. We will then assist our customers with such requests where possible and in accordance with our contractual agreement with them.
Where you wish to exercise any of your data protection rights (access, rectification, portability, erasure or restriction, as well as any withdrawal of consent) in relation to your Application “account” or any of the technical information we obtain from your device, you can contact us directly using the contact information below. You also have a right to complain to the Information Commissioner’s Office.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time to ensure it is up to date with applicable law and any developments of the Application itself. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. You can see when the Privacy Notice was last updated by checking the “Last Updated” date at the top of this Privacy Notice.
As explained above, generally your doctor or the pharmaceutical company conducting the post-approval trial will be your main point of contact. However, if you have any questions or concerns about our processing of your personal information, please do contact our Data Protection Officer by email at email@example.com or by post mail at DE-Q2C Ltd, Data Protection Officer for Cisiv, 6 Edison Village, Nottingham Science & Technology Park, Nottingham, United Kingdom, NG7 2RF.
The EU Data Protection representative for Cisiv is Mr Nikolay Kirilov, 105 D Tcherkovna Str., 3rd floor, ap. 12, 1111 Sofia, Bulgaria.
Refer to the informed consent form or your physician for the name and postal address of the Sponsor, and also its Data Protection Representatives in the EU and in the UK if relevant and how to contact its Data Protection Officer.