Privacy Policy
Privacy Policy
Effective Date: Friday, October 11
This Privacy Policy explains how Clincove (“we,” “our,” or “us”) collects, uses, discloses, and protects personal information in connection with our Clinical Trial software platform (the “Platform”). The Platform is used in clinical trials and healthcare research to capture and manage patient data securely. We are committed to ensuring that all personal information is handled in compliance with the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA)).
1. Information We Collect
1.1 Personal Information
We collect personal information necessary to operate the Platform and comply with applicable laws. This may include:
• Patient Information: Identifiable health information such as names, dates of birth, medical history, treatment records, and clinical trial data.
• Health Data: Information related to patient health, including diagnosis, laboratory results, medication history, and other clinical data.
• User Information: Information from healthcare providers, clinical research personnel, and other authorized users, such as names, email addresses, and job titles.
• Device and Usage Information: Data about how users interact with the Platform, including device information, IP addresses, browser type, and usage patterns.
1.2 Special Categories of Data (GDPR Compliance)
In accordance with GDPR, we may process special categories of personal data, including health information and biometric data. Processing is carried out only as necessary for scientific research purposes and clinical trials, and is based on explicit consent or another lawful basis under Article 9 of the GDPR.
2. How We Use Personal Information
We use personal information to:
• Facilitate Clinical Research: Manage and store clinical trial data in compliance with regulatory requirements, including FDA 21 CFR Part 11, GCP, and other applicable laws.
• Ensure Data Security and Integrity: Maintain the accuracy, security, and reliability of clinical trial data, ensuring compliance with HIPAA, GDPR, and California law.
• Improve Our Platform: Analyze user behavior to enhance functionality, resolve technical issues, and provide support to users.
• Comply with Legal Obligations: Ensure compliance with healthcare, privacy, and data protection regulations, including HIPAA, GDPR, CCPA, and CPRA.
• Anonymized/De-identified Data: Where applicable, we may de-identify or anonymize personal information for scientific research, statistical analysis, or aggregate reporting, in compliance with legal standards.
3. Legal Basis for Processing Personal Data (GDPR Compliance)
For users located in the European Economic Area (EEA), our legal basis for processing personal data under the GDPR includes:
• Consent: When explicit consent is provided for the processing of health data.
• Legal Obligations: Compliance with legal and regulatory obligations.
• Legitimate Interests: Where processing is necessary for our legitimate interests, including improving the Platform, provided these interests are not overridden by individuals’ data protection rights.
4. How We Share Personal Information
We do not sell or rent personal information. We may share personal information with third parties in the following circumstances:
• Clinical Trial Sponsors and Contract Research Organizations (CROs): We may share patient data with research sponsors and CROs as part of clinical trials.
• Healthcare Providers and Sites: Personal information may be shared with healthcare providers and research sites to facilitate clinical research.
• Regulatory Authorities: We may disclose information to regulators, government agencies, and legal authorities as required by law (e.g., for FDA submissions or GDPR compliance).
• Service Providers: We may share data with trusted third-party service providers who assist us in operating the Platform, subject to confidentiality and security obligations.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred, provided that the new entity agrees to comply with this Privacy Policy.
5. Your Rights
5.1 HIPAA Rights
• Access and Portability: Individuals have the right to access and receive copies of their health information.
• Correction: Patients may request corrections to their medical records.
• Restrictions: Individuals have the right to request limitations on the use or disclosure of their protected health information (PHI).
5.2 GDPR Rights (for EEA Users)
• Right to Access: You have the right to request access to your personal data and receive a copy of the information we hold about you.
• Right to Rectification: You have the right to request corrections to any inaccurate or incomplete personal data.
• Right to Erasure: In certain circumstances, you may request the deletion of your personal data.
• Right to Restrict Processing: You may request restrictions on the processing of your personal data in certain situations.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You may object to the processing of your personal data under certain conditions.
5.3 California Privacy Rights (CCPA/CPRA Compliance)
• Right to Know: California residents have the right to request information about the categories of personal data we collect, use, and share.
• Right to Delete: You have the right to request the deletion of your personal information, subject to certain legal exceptions.
• Right to Opt-Out: California residents have the right to opt out of the sale of their personal information, although we do not sell personal data.
• Non-Discrimination: We will not discriminate against California residents for exercising their privacy rights.
6. Data Security
We implement administrative, technical, and physical safeguards to protect personal information in compliance with HIPAA, GDPR, CCPA, and CPRA. This includes encryption, access controls, audit logs, and regular security assessments. Despite our efforts, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
7. Data Retention
We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including to meet legal, regulatory, or contractual obligations. De-identified or anonymized data may be retained for longer periods for research and analysis purposes.
8. International Data Transfers
For users located in the EEA, personal data may be transferred to countries outside the EEA. Where such transfers occur, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) or reliance on GDPR-approved transfer mechanisms.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if applicable) or by posting a notice on our Platform. Your continued use of the Platform constitutes acceptance of the updated Privacy Policy.
10. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Clincove Inc.
1209 Orange St. DE, USA
info@clincove.com
Compliance Notes:
1. HIPAA: This policy complies with HIPAA’s requirements for safeguarding PHI and ensuring individuals’ rights to access and amend their health data.
2. GDPR: Includes GDPR rights for users in the European Economic Area (EEA) and explains how data is handled under GDPR provisions.
3. CCPA/CPRA: Reflects the rights of California residents under CCPA and CPRA, including access, deletion, and opt-out rights.