patientprivacy Document

For the purposes of this patientprivacy document ‘you’ and ‘your’ refer to

  1. the patient to whom this document relates and
  2. legal guardian who may be completing the Data Collection Form (DCF) or Informed Consent Form (ICF) on the patient’s behalf
  3. the caregiver accompanying the patient

HOW WE COLLECT INFORMATION AND WHAT INFORMATION WE COLLECT

The ways we collect information about you:

  • By completing the DCF/ICF or other forms (such as, the Reimbursement Form / Expense Claim Form and Guidelines) or by corresponding with us over the phone or in writing
  • When contacting our team for support
  • When liaising with our travel and finance teams regarding your claims, e.g travel, accommodation or reimbursements
  • When using our Apps or providing feedback about our Apps
  • From third parties, such as the sponsor, the site, the service providers, e.g. local taxis/ambulances, hotels or airlines

The categories of information we may collect:

Personal information may include:

  • Name, address, gender, date of birth, email address, phone number, patient study ID, emergency contacts, the study you are taking part in, the site where you will be attending, any special assistance, dietary requirements, travel preferences, passport information and other identity documents for travel arrangement purposes, bank details/payment information required for reimbursement claims, the feedback you may give us in relation to the Study or our services.

Transactions details: information related to your use of patientprimary and expensefirst mobile applications (‘Apps’)

  • The patientprimary app including: visit details, travel and accommodation requests, dates and times of requests and the service provided, travel related information (location, date, time etc.)
  • The expensefirst app including: the type of reimbursement claims you submit, copies of the receipts, dates and times of claim submissions, the value of the expenses claimed, the status of your claims

We may also collect personal information about people connected to you, e.g. emergency contact detail.

We would not collect information about your health except where you deliberately disclose such information.

Information we may collect via our Apps:

If you use our Apps we may collect the following information from you:

Information about your device such as:

  • Operating system and version
  • Unique device identifiers

Information about your activity within the App such as:

  • Access dates and times
  • App crashes

Information we collect from third parties:

We may collect information from third parties, such as the sponsor, the site, the service providers which may include:

  • Information communicated by the site regarding your participation in the study such as: your visit dates, any cancellation(s), postponements of visits, method of reimbursement, any card details given to you
  • Information communicated by the service providers we use to support your travel, accommodation and expense reimbursement claims
  • Information communicated by other parties such as the sponsor (i.e. visit dates)

We may combine the information collected from these sources with other information in our possession.

HOW WE USE YOUR INFORMATION – PURPOSES OF COLLECTION AND PROCESSING

We may collect and use your information for the following purposes:

  • To provide our services (as described in more detail below) 
  • Security purposes: We may confirm your identity against our records to prevent fraud or identity misuse 
  • To report to the clinical research organization (‘CRO’) and/or Sponsor about the services provided to you on their behalf 
  • To report to the CRO and/or Sponsor regarding the delivery of our services 
  • To report to the CRO and/or Sponsor where you have disclosed to us some medical related information about you 
  • To perform internal operations necessary to provide our services including testing and monitoring 
  • To comply with our legal obligations and for (external and internal) audit purposes 
  • Legal proceedings: We may use the information to investigate and address claims or disputes and protect our business interests hence we may save your data after the end of the study you are taking part of (as described in more detail below).

When we are providing our services, we may use your personal information for the following purposes:

  • To arrange travel and accommodation for you (either through your use of the App(s) or offline)
  • To process reimbursement claims and facilitate repayment to you (either through your use of the App(s) or offline)
  • To provide you with support when you contact us, including directing your questions to the relevant person and investigating and addressing any concerns you may have
  • To liaise with the site when required in order to support your travel/accommodation arrangements and reimbursements

WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH – RECIPIENTS

We may share the personal information we collect:

  • Within our company group

We may share information within our different offices around the world, where appropriate.  For example, the person dealing with your reimbursement claim may need to communicate some of your information to another person in our company (i.e. banking details) for the reimbursement to then be processed

  • With our clients/sites

We collect your personal information on behalf of the CRO/Sponsor and we may share it with them, for example when seeking approval in relation to your reimbursement claim. Rest assured that the confidentiality of your identity will always be maintained as we only use your patient study ID, not your full details, in this situation. To assist in maintaining the confidentiality of your information, please ensure that all enquiries about the study are and the services we provide are directed to patientprimary.  

We will be liaising with the site regarding your participation in the study and will therefore be sharing information about you, e.g. to confirm when the travel is arranged, and accommodation requirements are met. We will only do this if we are duly authorised by the Sponsor to liaise with the site

  • With business partners and service providers

We may share information with third parties when needed to support the services delivered to you. For example, if you need travel and/or accommodation or expenses to be reimbursed, your personal information will be shared with the travel, airline, hotel provider and/or for expenses reimbursement the payment card provider.  We will only do this if there is an agreement in place with the relevant third party to ensure that it protects your information or if we can be confident that your information will be adequately protected.

For legal reasons or in the event of a dispute To our auditors, lawyers, accountants, consultants and other professional advisors

  • where it is reasonably necessary for the purposes of obtaining professional advice or managing legal disputes and risks.
  • Where such disclosure is necessary for compliance with a legal obligation to which we are subject.
  • For external auditing purposes for example if we were to be audited by a client or a regulatory authority.

TRANSFERS AND STORAGE OF YOUR DATA OUTSIDE OF EUROPE / USA

We may transfer your personal information outside Europe/USA:

  • Within our company group (please see above). 
  • With our selected service providers who may need to have access to your data, e.g.such as travel agents, airlines, local transportation provider, payment card provider to provide the services (i.e. travel arrangements) you may require. Please note that these providers may also store your data outside of Europe and especially the USA where the level of protection may not be as high as you could expect in Europe. 
  • With the CRO/Sponsor responsible for managing the study you are taking part in. This will be done using your patient study ID in order to preserve the confidentiality of your identity. 
  • We will take all reasonable steps to ensure your data is treated securely (and check what protection can be given such as the Privacy Shield Certification), as well as prevent unauthorised access and misuse of personal data.

RETENTION AND DELETION OF YOUR PERSONAL INFORMATION

How long do we keep your personal information?

  • We retain your information according to our retention policies unless the applicable legislation requires a longer/shorter retention period. Our retention policies are always subject to applicable laws and are based upon the following criteria
    • The duration of the trial and our involvement in the services we provide
    • The need for our company to protect ourselves from legal claims and use these records as evidence when required
    • If there is an outstanding issue relating to you
    • In accordance with applicable laws that Sponsor/CRO may be subject to  
    • In accordance with the instructions that are specifically be given by a CRO/Sponsor
  • The duration will, whenever possible, be provided to you on the DCF/ICF. If not please feel free to contact us for further information.

YOUR RIGHTS AS A DATA SUBJECT

You have a number of rights as a data subject under data protection law, in particular:

  • Right to access

You have the right to request confirmation of your personal data we have processed, and where we do, to be provided access to the personal data. Providing the rights and freedoms of others are not affected, we will supply you a copy of your personal data. This service and in particular the first copy will be provided free of charge, but we reserve the right to charge a reasonable fee to cover administrative charges in the event of additional requests from you. 

  • Right to rectify/complete your data

You have the right to have your personal data rectified and/or completed by (if the data we hold about you is incorrect or needs to be amended in the event of a change of bank details for instance) 

  • Removal of your personal data

Upon your request, and provided that the processing of your personal information is no longer necessary for the services we provide to you on behalf of our clients and subject to applicable laws, you may request your personal data to be deleted. Please note that we will store a copy of your personal information on our servers in order to comply with applicable laws and for the protection of our legitimate interests. 

  • Restrict our use of your personal information

You may request, under certain conditions, our use of your personal data to be restricted

 You can exercise any of those rights by contacting the patientprimary team (contact details on the DCF/ICF)