patientprivacy Document

This document is provided by patientprimary (‘we’/’us’) for you to have a full understanding of how your personal information will be used and stored.

For the purposes of this patientprivacy document ‘you’ and ‘your’ refer to

the patient to whom this document relates and
legal guardian who may be completing the Data Collection Form (DCF) or Informed Consent Form (ICF) on the patient’s behalf
the caregiver accompanying the patient

HOW WE COLLECT INFORMATION AND WHAT INFORMATION WE COLLECT

The ways we collect information about you:

By completing the DCF/ICF or other forms (such as, the Reimbursement Form / Expense Claim Form and Guidelines) or by corresponding with us over the phone or in writing
When contacting our team for support
When liaising with our travel and finance teams regarding your claims, e.g travel, accommodation or reimbursements
When using our Apps or providing feedback about our Apps
From third parties, such as the sponsor, the site, the service providers, e.g. local taxis/ambulances, hotels or airlines

The categories of information we may collect:

Personal information may include:

Name, address, gender, date of birth, email address, phone number, patient study ID, emergency contacts, the study you are taking part in, the site where you will be attending, any special assistance, dietary requirements, travel preferences, passport information and other identity documents for travel arrangement purposes, bank details/payment information required for reimbursement claims, the feedback you may give us in relation to the Study or our services.

Transactions details: information related to your use of patientprimary and expensefirst mobile applications (‘Apps’)

The patientprimary app including: visit details, travel and accommodation requests, dates and times of requests and the service provided, travel related information (location, date, time etc.)
The expensefirst app including: the type of reimbursement claims you submit, copies of the receipts, dates and times of claim submissions, the value of the expenses claimed, the status of your claims

We may also collect personal information about people connected to you, e.g. emergency contact detail.

We would not collect information about your health except where you deliberately disclose such information.

Information we may collect via our Apps:

If you use our Apps we may collect the following information from you:

Information about your device such as:

Operating system and version
Unique device identifiers

Information about your activity within the App such as:

Access dates and times
App crashes

Information we collect from third parties:

We may collect information from third parties, such as the sponsor, the site, the service providers which may include:

Information communicated by the site regarding your participation in the study such as: your visit dates, any cancellation(s), postponements of visits, method of reimbursement, any card details given to you
Information communicated by the service providers we use to support your travel, accommodation and expense reimbursement claims
Information communicated by other parties such as the sponsor (i.e. visit dates)

We may combine the information collected from these sources with other information in our possession.

HOW WE USE YOUR INFORMATION – PURPOSES OF COLLECTION AND PROCESSING

We may collect and use your information for the following purposes:

To provide our services (as described in more detail below)
Security purposes: We may confirm your identity against our records to prevent fraud or identity misuse
To report to the clinical research organization (‘CRO’) and/or Sponsor about the services provided to you on their behalf
To report to the CRO and/or Sponsor regarding the delivery of our services
To report to the CRO and/or Sponsor where you have disclosed to us some medical related information about you
To perform internal operations necessary to provide our services including testing and monitoring
To comply with our legal obligations and for (external and internal) audit purposes
Legal proceedings: We may use the information to investigate and address claims or disputes and protect our business interests hence we may save your data after the end of the study you are taking part of (as described in more detail below).

When we are providing our services, we may use your personal information for the following purposes:

To arrange travel and accommodation for you (either through your use of the App(s) or offline)
To process reimbursement claims and facilitate repayment to you (either through your use of the App(s) or offline)
To provide you with support when you contact us, including directing your questions to the relevant person and investigating and addressing any concerns you may have
To liaise with the site when required in order to support your travel/accommodation arrangements and reimbursements

WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH – RECIPIENTS

We may share the personal information we collect:

Within our company group

We may share information within our different offices around the world, where appropriate. For example, the person dealing with your reimbursement claim may need to communicate some of your information to another person in our company (i.e. banking details) for the reimbursement to then be processed

With our clients/sites

We collect your personal information on behalf of the CRO/Sponsor and we may share it with them, for example when seeking approval in relation to your reimbursement claim. Rest assured that the confidentiality of your identity will always be maintained as we only use your patient study ID, not your full details, in this situation. To assist in maintaining the confidentiality of your information, please ensure that all enquiries about the study are and the services we provide are directed to patientprimary.

We will be liaising with the site regarding your participation in the study and will therefore be sharing information about you, e.g. to confirm when the travel is arranged, and accommodation requirements are met. We will only do this if we are duly authorised by the Sponsor to liaise with the site

With business partners and service providers

We may share information with third parties when needed to support the services delivered to you. For example, if you need travel and/or accommodation or expenses to be reimbursed, your personal information will be shared with the travel, airline, hotel provider and/or for expenses reimbursement the payment card provider. We will only do this if there is an agreement in place with the relevant third party to ensure that it protects your information or if we can be confident that your information will be adequately protected.

For legal reasons or in the event of a dispute To our auditors, lawyers, accountants, consultants and other professional advisors

where it is reasonably necessary for the purposes of obtaining professional advice or managing legal disputes and risks.
Where such disclosure is necessary for compliance with a legal obligation to which we are subject.
For external auditing purposes for example if we were to be audited by a client or a regulatory authority.

TRANSFERS AND STORAGE OF YOUR DATA OUTSIDE OF EUROPE / USA

We may transfer your personal information outside Europe/USA:

Within our company group (please see above).
With our selected service providers who may need to have access to your data, e.g.such as travel agents, airlines, local transportation provider, payment card provider to provide the services (i.e. travel arrangements) you may require. Please note that these providers may also store your data outside of Europe and especially the USA where the level of protection may not be as high as you could expect in Europe.
With the CRO/Sponsor responsible for managing the study you are taking part in. This will be done using your patient study ID in order to preserve the confidentiality of your identity.
We will take all reasonable steps to ensure your data is treated securely (and check what protection can be given such as the Privacy Shield Certification), as well as prevent unauthorised access and misuse of personal data.

RETENTION AND DELETION OF YOUR PERSONAL INFORMATION

How long do we keep your personal information?

We retain your information according to our retention policies unless the applicable legislation requires a longer/shorter retention period. Our retention policies are always subject to applicable laws and are based upon the following criteria
- The duration of the trial and our involvement in the services we provide
- The need for our company to protect ourselves from legal claims and use these records as evidence when required
- If there is an outstanding issue relating to you
- In accordance with applicable laws that Sponsor/CRO may be subject to
- In accordance with the instructions that are specifically be given by a CRO/Sponsor
The duration will, whenever possible, be provided to you on the DCF/ICF. If not please feel free to contact us for further information.

YOUR RIGHTS AS A DATA SUBJECT

You have a number of rights as a data subject under data protection law, in particular:

Right to access

You have the right to request confirmation of your personal data we have processed, and where we do, to be provided access to the personal data. Providing the rights and freedoms of others are not affected, we will supply you a copy of your personal data. This service and in particular the first copy will be provided free of charge, but we reserve the right to charge a reasonable fee to cover administrative charges in the event of additional requests from you.

Right to rectify/complete your data

You have the right to have your personal data rectified and/or completed by (if the data we hold about you is incorrect or needs to be amended in the event of a change of bank details for instance)

Removal of your personal data

Upon your request, and provided that the processing of your personal information is no longer necessary for the services we provide to you on behalf of our clients and subject to applicable laws, you may request your personal data to be deleted. Please note that we will store a copy of your personal information on our servers in order to comply with applicable laws and for the protection of our legitimate interests.

Restrict our use of your personal information

You may request, under certain conditions, our use of your personal data to be restricted.

You can exercise any of those rights by contacting the patientprimary team (contact details on the DCF/ICF)

Cookie	Duration	Description
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	5 months 27 days	Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Analytics" category.
cookielawinfo-checkbox-functional	1 year	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-non-necessary	1 year	GDPR Cookie Consent plugin sets this cookie to record the user consent for the cookies in the "Necessary" category.
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category along with the status of CCPA.
PHPSESSID	1 day	This cookie is native to PHP applications and is used to store and identify a users' unique session in order to manage user sessions on the website.
viewed_cookie_policy	1 year	This primary cookie monitors the user’s consent to the use of cookies when they click on the following buttons: "Accept": to give consent. "No": to deny consent. No personal information is collected by this cookie and its activation depends only on response to the user’s action (Accept/No).

Cookie	Duration	Description
__hstc	5 months 27 days	Hubspot set this main cookie for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.

Cookie	Duration	Description
__cf_bm	30 minutes	Cloudflare set the cookie to support Cloudflare Bot Management.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.

patientprivacy Document

Quick References

Signup here for news, views and opinions

patientprivacy Document

Quick References

Signup here for news, views and opinions

Cookies