Privacy Policy
Effective October 28, 2024
Crucial Data Solutions, referred to here as “CDS”, provides a variety of clinical and healthcare research, trial, and development tools for helping researchers with efficient and effective data collection. These are collectively referred to as the “Services” or “Products” provided by CDS.
Section 1 of this policy is intended to serve as a clear overview and help you identify the CDS privacy practices enforced by CDS which apply to your use of any CDS websites or applications.
1. Privacy Policy Overview
1.1 CDS’s Privacy Principles
CDS is committed to:
- Protecting the privacy of its customers and their end users, whether you are a patient, a study participant, or a professional user of CDS products.
- Informing you of the types of personal data CDS collects;
- Informing you of the ways in which CDS can use the personal data we collect;
- Informing you with whom CDS may share your personal data, and why;
- Complying will all applicable laws which help protect your privacy;
- Making ourselves available to answer any additional questions you have about our use, maintenance, or disclosure of your personal data.
1.2 CDS as a Data Processor
As a technology solution provider, CDS provides its customers with applications and platform solutions enabling our Customers to interact with their own users and study participants more effectively. In such instances, CDS acts as a data processor working on behalf of the customer under a legal basis of contract. Because each trial or study is different in design, our Customers who will collect and use information gathered through the CDS Services should provide privacy information to their own data subjects.
1.3 CDS as a Data Controller
CDS also acts as the data controller through its sales and marketing activities, including events, for information you provide to us as part of your interaction with our websites or communications. This includes any of the following:
When you apply for a job at CDS; if you are an employee of CDS; or if your personal data is provided to CDS in your role as a supplier or a customer. The legal basis for this data collection is that of legitimate interest where data needs to be processed and stored for CDS to deliver relevant information about its services, conduct some its services for users, or retain employee records.
2. Contact Information
CDS Corporate Headquarters
18124 Wedge Parkway
Suite 139
Reno, NV 89511
United States
Email: privacy@crucialdatasolutions.com
CDS’s Article 27 Representative for the European Union
Maetzler Rechtsanwalts GmbH & Co KG
Schellinggasse 3
1010 Vienna
AUSTRIA
Requests: https://prighter.com/q/16577536253
CDS’s Article 27 Representative for the United Kingdom
Prighter Ltd (UK)
20 Mortlake Mortlake High Street
London SW14 8JN
UNITED KINGDOM
Requests: https://prighter.com/q/16577536253
3. CDS Privacy Statement
This Privacy Statement applies to your use of the crucialdatasolutions.com websites and applications (the “Sites”) as well as certain CDS Services (the “Services”).
If You participate(d) in a study or trial, please see the privacy statements in Your specific study or trial for more information or contact Your study sponsor or investigator for assistance.
Please note that some CDS Applications are subject to their own specific Privacy Statements, which are linked either in the Application or the applicable app store. This Privacy Statement is designed to inform you of the information we gather as part of your use of the Sites and Services where CDS is the data controller. If you have any questions or concerns regarding this Statement, or wish to exercise an access, data portability, or deletion right, please see the section “Exercising Access, Data Portability, and Deletion Rights” below for more information.
By accessing or using the Sites or Services, you acknowledge your acceptance of the practices described in this Privacy Statement and consent to our processing of your information as set forth in this Privacy Statement.
3.1 Changes to this Privacy Statement
Crucial Data Solutions, Inc. (“CDS” or “We”) may modify this Privacy Statement from time to time. The date of any revisions will be displayed at the top of this Privacy Statement.
3.2 CDS’s Platform, Customized Applications, and Services
Please note that CDS supplies its Customers with Applications and Services in life sciences. When you use CDS Services as part of your engagement with a CDS Customer, you will be subject to a Privacy Statement issued by that CDS Customer. In such instances, CDS acts as a data processor, working on behalf of that CDS Customer.
3.3 Information We Collect
You will be required to establish an account in order to take advantage of certain features of the Services. If you wish to establish an account you will be required to provide us with information (including personally identifiable information and non-personally identifiable information). In addition, we may obtain your personally identifiable information from you if you identify yourself to us by sending us an e-mail with questions or comments.
Depending on your use of the Service, we collect two types of information: personally identifiable information and non-personally identifiable information.
Personally Identifiable Information
Personally identifiable information identifies you or can be used to identify or contact you. Examples of personally identifiable information may include your name, IP address, company name, job title, address, e-mail address, telephone number, and billing and credit card information.
Non-Personally Identifiable Information
Non-personally identifiable information is information, any single item of which, by itself, cannot be used to identify or contact you, which may include demographic information (such as age, profession, company industry, gender, current location, or zip code), IP addresses, browser types, domain names, and statistical data involving the use of the CDS Service. Certain non-personally identifiable information may be considered a part of your personally identifiable information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information may be considered non-personally identifiable information when they are taken alone or combined only with other non- personally identifiable information (for example, your account preferences).
Why do we Need your Personal Data?
We do not sell any data, including your personal data. We will only collect and process your personal data in accordance with applicable data protection and privacy laws. We need to collect and process certain personal data in order to provide you with access to the services. If you registered with us, you will have been asked to check a tick box indicating your agreement to provide this data in order to access our services. This consent provides us with the legal basis we require under applicable law to process your data. You maintain
the right to withdraw such consent at any time.
Information we collect automatically when you use the Services:
We collect information about you when you use our Services, such as browsing our websites and taking certain actions within the Services, including:
- Your use of the Services: We keep track of certain information about you when you visit
and interact with any of our Services. This information includes the features you use; data
you submit; frequently used search terms; and how you interact with others on the
Services. We also collect information about the teams and people you work with and how
you interact with them. - Device and Connection Information: We collect information about your computer, phone,
tablet, or other devices you use to access the Services. This device information includes
your connection type and settings when you install, access, update, or use our Services.
We also collect information through your device about your operating system, browser
type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use
your IP address and/or country preference in order to approximate your location to
provide you with a better Service experience. Precise geolocation may be collected with
your explicit device-level permission granted. How much of this information we collect
depends on the type and settings of the device you use to access the Services. - Payment information (including name, address, and payment method) if you make a
purchase from CDS using the Sites or Services; - Cookies and Other Tracking Technologies: CDS and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. For more information, please see our Cookies and Tracking policy,
which includes information on how to control or opt out of these cookies and tracking
technologies. - Log files: We collect non-personally identifiable information through our Internet log
files, which record data such as user IP addresses, browser types, domain names, and
other anonymous statistical data involving the use of the Service. This information may
be used to analyze trends, to administer the Service, to monitor the use of the Service,
and to gather general demographic information. We may link this information to personally identifiable information for these and other purposes, such as personalizing your experience on the Service, and evaluating the Service in general.
Information we receive from other sources
We receive information about you from other Service users, from third party services, and
from our business and channel partners.
- Other users of the Services: Other users of our Services may provide information about
you when they submit content through the Services. For example, you may be mentioned
by someone else on a form, or a team member may upload content about you to the
service. We also receive your email address from other Service users when they provide
it in order to invite you to the Services. Similarly, an administrator may provide your
contact information when they designate you as another Administrator. - Other services you link to your account: We receive information about you when you or
your administrator enable third-party apps or integrate or link a third-party service with
our Services. For example, you or your administrator may also integrate our Services
with other services you use, such as to allow you to access, store, share and edit certain
content from a third-party through our Services. For example, you may authorize our
Services to access and display files from a third-party document-sharing service within
the interface, or for health data to be pulled from a third-party health application. The
information we receive when you link or integrate our Services with a third-party service
depends on the settings, permissions and privacy policy controlled by that third-party
service. You should always check the privacy settings and notices in these third-party
services to understand what data may be disclosed to us or shared with our Services. - Other partners: We may receive information about you and your activities on and off the
Services from third-party partners, such as advertising and market research partners who
provide us with information about your interest in, and engagement with, our Services
and online advertisements, or in cases where you give such third parties permission to
share information with us or where the information is publicly available online or through
your device or browser data. - CDS use of information received, and CDS transfer of information to any other app, from
APIs which will adhere to those API Services User Data Policy, including the Limited
Use Requirements. See the list of Sub-Processors for potential app APIs utilized.
3.4 How CDS Uses Personal Information
CDS will use Personal Data and other information we collect from you to:
- Provide you with technical support, customer service, and account maintenance;
- Fulfill the reason for which you provided us information;
- Tailor your experience using the Sites and Services;
- Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections where applicable;
- Improve our Sites and Services, including for testing, research, and product development purposes;
- Send e-mails to our customers and users who want to receive e-mail from us;
- Protect the security of your account and our business;
- Prevent or detect fraud or abuses of our Sites and Services;
- Comply with applicable law;
- Provide, operate, and maintain the Sites and Services;
- Authenticate and verify user identities;
- Direct you to localized versions of the Sites and Services (which may include language optimized versions or versions which comply with the laws of a specific jurisdiction); and
- Communicate with you about services, features, surveys, newsletters, offers, promotions, and events, and to provide other news or information about us and our select partners.
3.5 CDS Surveys
Online surveys provide CDS information about users’ experiences with our products and services. We occasionally invite users to take optional surveys in studies we host for our customers to learn more about their experience with CDS’s products. CDS does not ask users to provide any sensitive personally identifiable information, such as passwords, social security numbers, driver’s license, and medical records. If you receive a CDS survey requesting such information, please immediately forward it to the following email address:
privacy@crucialdatasolutions.com
3.6 How CDS Shares Personal Information with Third Parties
Laws and Legal Rights
We may disclose your information (including personally identifiable information) if we believe in good faith that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, or other valid legal process. We may disclose personally identifiable information in special circumstances when we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may be violating our Terms of Service, to detect fraud, or to protect the safety and/or security of our users, the CDS Service or the general public. We are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
We also may be required to disclose an individual’s personal information in response to a
lawful request by public authorities, including to meet national security or law enforcement
requirements.
Outside Contractors
We may employ independent contractors, vendors and suppliers (collectively, “Outside Contractors”) to provide specific services and products related to the Services, such as hosting, credit card processing and fraud screening, and mailing list hosting for the Services. In the course of providing products or services to us, these Outside Contractors may have access to information collected through the Services, including your personally identifiable information. We require that these contractors agree to (1) protect the privacy of your personally identifiable information consistent with this Privacy Policy or the Data Protection Addendum and (2) not use or disclose your personally identifiable information for any purpose other than providing us with the products or services for which we
contracted or as required by law. Please see our Data Protection Addendum for more information about subprocessors.
Sale of Business
We reserve the right to transfer information to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of CDS or any of its Corporate Affiliates (as defined herein), or that portion of CDS or any of its Corporate Affiliates to which the Service relates, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding, provided that the third party agrees to adhere to the terms of this Privacy Policy.
Affiliates
We may disclose information (including personally identifiable information) about you to our Corporate Affiliates. For purposes of this Privacy Policy, “Corporate Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with CDS, whether by ownership or otherwise. Any information relating
to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.
Does this Privacy Policy apply when I link to other websites or services?
The CDS Products may provide you with access to other websites and services. Please be aware that we are not responsible for the privacy practices of any websites or services other than the CDS Services. We encourage you to read the privacy policies or statements of each and every such website and service. This Privacy Policy applies solely to information collected by us through the CDS Services.
Is the information collected through the Service secure?
We take precautions to protect the security of your information. We have physical, electronic, and managerial procedures to help safeguard, prevent unauthorized access, maintain data security, and correctly use your information. However, neither people nor security systems are foolproof, including encryption systems. In addition, people can commit intentional crimes, make mistakes or fail to follow policies. If applicable law imposes any non-disclaimable duty to protect your personally identifiable information, you agree that intentional misconduct will be the standards used to measure our compliance with that duty. For more information about our policies and standards used to ensure security, please see our Security Policy.
Could my Information be Transferred to other Countries?
Personally identifiable information collected on the CDS Services may be transferred from time to time to our offices or personnel, or to third parties, located throughout the world, and the CDS Services may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such data. To the fullest extent allowed by applicable law, by using the CDS Services and submitting such information on it, you voluntarily consent to the trans-border transfer and hosting of such information. To the fullest extent allowed by applicable law, if you are a User accessing the CDS Services from a jurisdiction with laws or regulations governing personal data collection, use, and disclosure that differ from those of the United States,
please be advised that all aspects of the CDS Services are governed by the internal laws of the United States and the State of California, USA, regardless of your location.
3.7. CALIFORNIA PRIVACY RIGHTS
CDS complies with the California Consumer Privacy Act (referred to in this Privacy Policy as “CCPA”) as amended by the California Privacy Rights Act (“CPRA”) as set forth by the State of California. If the CCPA applies to your personal information this Privacy Policy provides you with information regarding how to receive information about our privacy
practices, as well as request access to, and deletion of your personal information.
CDS does not sell the personal information we collect. We only share your personal information as described in this Privacy Policy. For detailed information about the personal information we have collected over the last 12 months, and the categories of sources of such information, please see the previous sections covering the information collected and how the information is used. We collect this information for business purposes set forth in the “What do we do with the information we Collect?”. We share this information with the categories of third parties as set forth in the “When do we Disclose Information to Third Parties?” Please note that we do use third-party cookies as further set forth in the “Cookie Policy.”
California consumers may make a request pursuant to their rights under the CCPA by contacting support@crucialdatasolutions.com. Upon receiving a request, we will verify your request using the information associated with the CDS Servicess, including your email address. Government identification may be required. Consumer can also designate an authorized agent to exercise these rights on the consumer’s behalf.
3.8 How CDS Secures Personal Information
CDS implements physical, administrative, and technical safeguards designed to protect your personal information from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. We contractually require that our suppliers implement similar measures designed to protect personal information from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. No online service can ever be 100% secure, and as a result we do not guarantee the security of any personal information you provide.
3.9 Retention of Personal Data
CDS retains your personal data for the length of time we have an ongoing relationship with you, plus a period of 10 years of inactivity. You may request to have data removed at any time.
3.10 Use of Cookies and Automated Tracking on the Sites to Collect Personal Information
The CDS Sites, and some services and advertisements on the Sites, may contain “cookies.” A cookie is a piece of data that is sent to your browser, which will store the cookie on your computer if your browser is enabled to accept cookies.
Most internet browsers will allow you to erase cookies from your computer hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You should refer to your browser instructions or “Help” screen to learn more about how to manage cookies. Please note, however, that if you block cookies, some portions of the Site and services may not function properly.
CDS does not control cookies in third-party ads, and visitors are encouraged to check the privacy policies of advertisers and/or ad services to learn about their use of cookies and other technology. Ads appearing on our Sites may be delivered to you by third-party advertising companies. These companies may use information about your visits to this and other websites in order to provide advertisements on this site and other sites about goods and services that may be of interest to you.
We do collect general, aggregated, demographic, and non-Personal Data using cookies and automated means (this includes technical information about your session with our website, such as your browser version and IP address, as well as information about your use of our website, such as how you navigate it and how long you spend viewing it). We will not seek to identify you through cookies or other means without your consent. This type of anonymous, aggregated profiling and session data may also include information that you have provided to usthrough surveys, polls, etc., but will not be tied to any Personal Data, without your consent.
You can manage your preferences in relation to Cookies and Automated Tracking on the sites by clicking on the icon on the bottom left of the public website, crucialdatasolutions.com.
3.11 Children’s Personal Information
The Sites and Services are not intended for anyone under the age of eighteen. CDS does not knowingly collect information from children under the age of eighteen unless we have obtained consent from a parent or guardian, or such collection is subject to a separate agreement with us which specifically provides for us to obtain such information. If you believe your child’s personal information has been collected by CDS in error, please submit your request to the following email address: privacy@crucialdatasolutions.com
3.12 Do Not Track
The Website does not support Do Not Track at this time. Do Not Track (DNT) is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For all the details, including how to turn on Do Not Track, visit donottrack.us.
3.13 Special Notice to California Residents – Your California Privacy Rights
The California Consumer Privacy Act (the “CCPA”) provides California residents the right, once a year, to receive information about third parties with whom CDS has shared information about you for its marketing purposes during the previous calendar year, and a description of the categories of personal information shared. To make such a request, please submit here. CDS will respond to you within thirty days of receiving such a request.
3.13.1 CDS does not sell consumer data for monetary or other valuable consideration.
If you are a California Resident, you may have additional rights under the California Consumer Privacy Act (the “CCPA”). These include:
- The right to request that CDS disclose certain information to you about our collection and use of your personal information over the past 12
months. - The right to know the categories of personal information that we collect, and the categories of sources from which we obtained that information.
- The right to know our business or commercial purpose for collecting or selling personal information.
- The right to know the categories of third parties with whom we share personal information.
- The right to object to the sale of personal data.
- The right to access your own personal information collected by CDS (also called a data portability request).
- The right to equal service and price, even for consumers who exercisetheir privacy rights.
3.14 Special Notice to UK and EU Residents
Residents of the EU and UK may be entitled to additional privacy rights consistent with the General Data Protection Regulation (GDPR). These include:
- The right of access.
- The right to data portability.
- The right to rectification.
- The right to erasure.
- The right to object or restrict processing.
Please submit here with any questions or concerns regarding the processing of your personal data.
If CDS’s processing of your personal data is covered by UK or EU law, you can also lodge a complaint with the corresponding data protection supervisory authority in your country of residence. You can find the relevant EU supervisory authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm and the UK supervisory authority contact details under https://ico.org.uk/global/contact-us/.
3.14.1 International Transfers, Processing and Storage of Personal Information.
Your Personal Data may be collected, transferred to, and stored by us in the United States and by our affiliates and third parties that are based in
other countries. This means that your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an
adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the EEA. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate data processing agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or another applicable regulator. Where required by applicable law, we will only share, transfer, or store your Personal Data outside of your jurisdiction with your prior consent.
3.14.2 Exercising Personal Data Access, Portability, and Deletion Rights.
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us here (Or connect via one of the alternative methods listed in the “CONTACT US” section below).
To fulfill your request, please:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an
authorized representative. - Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot complete your request or provide you with personal information if we cannot verify your identity or authority to make the
request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account
with us. We will only use personal information provided in a request to verify the requestor’s identity and/or authority to make the request. We may refuse to act on requests that are insufficiently substantiated, unfounded, or excessive.