Medable Legal Center

Processor Clinical Trial App

English
English

Effective Date: June 3, 2022

Thank for you reviewing our Processor Clinical Trial App Privacy Policy (“Privacy Policy”).  Medable, Inc. ‎(collectively, “Medable,” “we,” “our,” and “us”)‎ provides a platform, web-based and mobile applications, and various processing services in connection with clinical trials and research to assist in solving systemic challenges inherent in such clinical trials (collectively, the “App”). On behalf or at the direction of Sponsors or Sites (defined below), Medable may process personal information and Subject Data (defined below) submitted to the App or collected through the App. 

This App was created by Medable to be used by individuals who are participating in one or more clinical research study projects (each a “Study”) conducted or administered by a Study sponsor or clinical research organization (collectively, “Sponsor”) and/or a Study site (“Site”).  Prior to your participation in a Study, you will be required to review and sign an informed consent form (the “ICF”). The specific Study Sponsor and Study site is identified in the associated ICF.  You should refer to the associated Study ICF for details regarding your specific Study. Medable is committed to applying the appropriate standard of care to our processing of personal information and data entrusted to us.  This Privacy Policy explains how your data may be  processed by Medable in connection with the Study in which you are a participant. The Study Sponsor and/or Site controls your personal information and data. Medable acts as a data processor for each Sponsor or Site (in such Sponsor’s or Site’s capacity as the data controller) in order to process the personal information and data of participants in each Study through this App.  

This Privacy Policy is hosted on our website (www.medable.com) (the “Website”), and should be read in conjunction with our Website Privacy Policy, which can be viewed here

BASIS FOR PROCESSING PERSONAL INFORMATION

Medable processes your personal information obtained from the App to fulfill its contractual obligations to the specific Study Sponsor and/or Site and to enable them to conduct and facilitate performance of the Study. Medable may also process your personal information to enroll you in and complete your registration in the Study, including when you complete an ICF. In particular, Medable hosts the digital platform used by such Sponsor or Site to run the Study.  The Sponsor works in conjunction with the Study Site, where you may attend and participate in person or virtually, in order to provide (i) personal information (including but not limited to health data) and (ii) consent for the processing of your personal information and data, including accepting and signing the ICF. 

You are not permitted to participate in any Study unless and until you have signed an ICF providing your informed consent for the collection and use of the information to be collected for the Study.  You acknowledge and agree that the Sponsor and/or Site of the Study are responsible for ensuring all appropriate and required monitoring of the Study for its duration.  If you have any questions regarding the Study, the ICF, or the information collected during the Study, you will need to directly contact the Sponsor or the Study Site identified in your ICF, as applicable. 

By downloading, accessing, viewing or otherwise using the App, you acknowledge that you (i) expressly consent to the collection and use of your information by us in accordance with this Privacy Policy and our Medable Privacy Policy, which can be viewed here; (ii) have read and understand this Privacy Policy; and (iii) understand how we collect, use and process your personal information and data. 

INFORMATION COLLECTION

In connection with each Study, Medable actively collects and processes personal information from you when you register to use the App, respond to a Medable communication such as an email, or otherwise use the App in any manner.  You may provide through the App (and we may process) certain personal information that may include sensitive or special categories of data‎ as defined in the GDPR and as directed by the specific Study Sponsor and/or Site. Personal information processed will vary with each Study, but may include:

  • Identity Data: Such as your name, date of birth, sex at birth, ethnicity, and race.
  • Contact Data: For example, your email address, telephone number, zip code.
  • Health Data: For example, health indicators, clinical data as part of the Study, and any other relevant information on your general health and wellness.
  • Data from your smartphone devices: Where applicable, your data is collected during your use of the App on your smartphone. This information is then stored on HIPAA-compliant cloud infrastructure.

MEDABLE'S APP AND SUBJECT DATA

As part of Medable’s platform, applications and related services, Study Sponsors, Sites and their authorized ‎users may enter information from or about their authorized users, employees, and clinical trial ‎subjects (collectively, “Subject Data”), into our servers.‎

We are not responsible for the control of a Sponsor’s or Site’s ‎handling of Subject Data. Each Sponsor and Site has its own policies regarding the use and ‎disclosure of personal information and data. Our use of such data is subject to the written ‎agreement for services between Medable and the Sponsor or Site, but in no way involves the sale of your ‎data. Medable’s primary responsibility under any such agreement is the obligation to keep Subject Data safe ‎and secure. To learn about how a particular Sponsor or Site handles your personal information and Subject Data, we ‎encourage you to read that Sponsor’s or Site’s privacy statement or contact them directly.‎

Medable has no control or ownership of Subject Data. Please direct any questions regarding Subject ‎Data to the Sponsor or Site collecting your information under the Study through the App.‎


INFORMATION USE

We host your personal information (including Subject Data) on our systems (which may involve storing it on HIPAA-compliant cloud infrastructure and delegating certain processes to sub-processors) so that the Sponsor or Site may perform the Study with the information.

We may de-identify and aggregate personal information for the purpose of the Study and for maintaining our platform and services. Aggregated data is information that has been combined with that of other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified.  De-identified information is information that has been stripped of your identifiers, such as your name, contact information, and any other identifying data, such that you cannot reasonably be identified as an individual. We may use this de-identified and aggregated information to conduct diagnostic testing to ensure that the App is working correctly from time to time or to investigate any issues arising from the usage or performance of the App in relation to a Study.

GDPR SPECIFIC PRIVACY TERMS

If we process your personal data in the context of the activities of our establishments in the European Economic Area (EEA) ‎or the United Kingdom (UK), or intentionally market our products to you as an individual if you reside in the EEA or UK, additional General Data Protection Regulation (GDPR) terms for how we collect, process and use your personal data (as defined under GDPR) may apply.  Such terms may be viewed in Medable’s general Privacy Statement and are incorporated into this Privacy Policy.   

AUTOMATED INFORMATION COLLECTION

We may automatically collect certain information when you visit or use the App or visit our Site (including viewing this Privacy Policy). Further information about how such information may be collected when using this App is set out in our Website Privacy Policy, which can be viewed here.

HOW AND WHEN WE SHARE INFORMATION WITH THIRD PARTIES

We may share information with the Study Sponsor and Site and we may share your personal information (including Subject Data) with service providers (including but not limited to sub-processors) who assist us in our business operations. We may also share information where required by law or to satisfy any applicable law, regulation, subpoena, government request, or other legal process. We may also share information with third parties, including law enforcement, to protect our Website, the App and to enforce our Terms of Use. We also reserve the right to share the information that we collect with our subsidiaries and affiliates and with any subsequent owner in the event of a merger, consolidation, sale of our assets, or other change in our business, subject to our agreements with the Sponsor, Site and your ICF. 

UPDATING YOUR INFORMATION

The Study Sponsor or Site controls your information.  In order to exercise your relevant rights, contact the Study Sponsor or Site directly.  In limited circumstances, this App may allow you to update certain information that we collect from you, such as the contact information that you provide when you register for an account. Any ability to update your information, however, will only be carried out by Medable at the direction of the Sponsor or Site. You may request an update to your information by completing the web form located here and Medable will forward the request to the Sponsor or Site for updating.

EEA and UK users may update their information and exercise other rights under the GDPR (including exercising rights to data erasure, data portability, objecting to or restricting processing, and exercising a subject access request) by contacting the Study Sponsor or Site (as applicable) as the data controller. 

YOUR CALIFORNIA PRIVACY RIGHTS

If you are a California resident, California law may provide you with additional rights regarding the Sponsor’s or Site’s use of your personal information and data.  In certain circumstances under California law, you have the right to request certain details about the categories of personal information collected, how certain types of information are shared with third parties and for what business/commercial purpose.

Under the California Consumer Privacy Act (“CCPA”) Medable is a service provider for the Sponsor and/or Site of the Study. To learn more about your California privacy rights, visit the applicable Sponsor’s or Site’s Web site or Privacy Policy, or contact the Sponsor or Site directly.

INFORMATION SECURITY

Medable has in place physical, electronic and organizational procedures to safeguard and secure personal data (including Subject Data) stored on its systems. Medable deploys encryption, firewalls, access controls, and other procedures to protect data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Access to Medable facilities is controlled via a combination of technical and physical controls. Medable maintains a disaster recovery plan and system back up plan in the event that its systems are damaged or destroyed. All employees receive training on security and are required annually to review and understand global data protection standards applicable to Medable.

CHANGES/UPDATES

We reserve the right to change, modify, add or remove portions of this App Privacy Policy at any time, without prior notice. Any updated version of this Privacy Policy will be maintained in the “Privacy Policy Section” in the app store. Changes take effect on the date that appears on the revised App Privacy Policy.  If you use the App following a change in this App Privacy Policy, your continued use will be understood to signal that you accept and agree to be bound by the changes.  Accordingly, we recommend that you review this App Privacy Policy regularly. All changes will comply with applicable law and your ICF. 

CONTACT INFORMATION

If you have any questions or concerns regarding the way in which your personal information (including Subject Data) is processed and used by Medable, please submit here

If you are a United States resident, please direct your mail to the following address:

Medable Inc.

Privacy Office

Attn: Data Protection Officer

525 University Ave, Ste A70

Palo Alto, CA 94301 USA

Email: privacy@medable.com 


If you are a United Kingdom resident, please direct your mail to the following address:

Medable’s Article 27 Representative for the United Kingdom

Lionheart Squared Limited

Attn: Data Privacy

17 Glasshouse Studios

Fryern Court Road 

Fordingbridge 

Hampshire, SP6 1QX

United Kingdom

Email: Medable@LionheartSquared.co.uk


If you are a European Union resident, please direct your mail to the following address:


Medable’s Article 27 Representative for the European Union

Squared (Europe) Ltd.

2 Pembroke House

Upper Pembroke Street 28-32

Dublin, D02 EK84

Republic of Ireland

Email: Medable@LionheartSquared.eu