Curebase Online Privacy Policy

Effective date: September 15, 2023

This Privacy Policy explains how Curebase, Inc. (“Curebase,” “we,” “our,” “us,”) collects, uses, and discloses personal information that we collect through our website www.curebase.com (the “Website”), the Curebase decentralized trials platform (the “Curebase platform”), and any other online services that we operate and that include a link to this Privacy Policy (collectively with the Website and Curebase platform, the “Services”). As used in this Privacy Policy, “Personal Information” means information that identifies or that could be used to identify you.

The Curebase decentralized trials platform allows our customers who subscribe to the platform to enter information collected in connection with clinical trials (“Platform Subscribers,” which include, for example, trial sponsors and clinical research organizations, each of whom may provide access to the platform to their users). Curebase acts as a “data processor” for Personal Information that we collect or process on behalf of Platform Subscribers.

This Privacy Policy does not apply to information that Platform Subscribers collect, create, or provide to the Curebase platform, which we refer to as “Customer Data.” Customer Data, which may include Personal Information contained in text, images, photos, chat logs, or audio or video recordings that are created or shared in connection with a clinical trial, is owned and controlled by the Platform Subscriber. Our use and disclosure of Customer Data is governed by our agreements with Platform Subscribers. If you have questions about the information practices of the Platform Subscriber that uses the Curebase platform for clinical trial management and services, please review the Platform Subscriber’s privacy policy or contact them directly.

The Personal Information We Collect and How We Use It

The Personal Information we collect and how we use it depends on the context of your interactions with us. As explained below, we collect some of this Personal Information when you provide it directly to us, and in some cases we receive Personal Information from third parties. We also collect certain information automatically when you interact with the Services.

Information You Provide Directly

You may provide certain Personal Information to us when you sign up for a Curebase account and use the Services, consult with our customer service team, send us an email, or communicate with us in any other way. This information may include the categories described below.

  • Personal and Business contact information, such as your name, email address, mailing address, telephone number, job title, and employer name;
  • Account log-in credentials such as your email address and password when you sign up for an account with us;
  • Troubleshooting and support data, which is data you provide, or we otherwise collect in connection with support queries we receive from you. This may include contact or authentication data, the content of your chats and other communications with us, and the product or service you are using related to your help inquiry;
  • Feedback and correspondence, such as information you provide in your responses to surveys, report a problem with the Services, receive customer support or otherwise correspond with us;
  • Payment information and other financial information that we/our payment processors need in order to provide the Services;
  • Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them.
  • Professional and employment-related information and education information you submit when you apply for a job with us, such as your resume, links to social media profiles, responses to application questions, and any other information you provide in your employment inquiries or applications.
  • Any other information you submit when you contact us through the Website, including any information you provide in a submission through our contact form.

Information We Collect Automatically from Your Use of the Services.

We also may collect certain other information automatically when you use or access the Services, such as the following:

  • Browser and Device Information. Certain information may be automatically collected by most browsers or devices, such as information about user devices (such as IP addresses and MAC addresses), operating systems, and browsers.
  • Information Stored in Cookies and Web Beacons. The Services may also use available web-based technologies to collect personal information, such as cookies or web beacons. Cookies are pieces of information stored directly on users’ computers or devices. Cookies allow us to collect information such as browser type, time spent on the online services, pages visited, referring URL, and other traffic and usage data. We may also use cookies for purposes such as determining what features interest our users, revising our site features or operations, and as further described below. For more information, see the “Your Rights and Choices” section below. Please note that some cookies and web beacons may be set by third parties, who may use the Services to collect personal information about your online activities over time and across different Services, applications, and other online products or services.
  • Pixel Tags and Log Files. The Services may also use other tracking systems such as log files and pixel tags. For example, pixel tags, sometimes called web beacons, are similar in function to a cookie and can tell us certain information like what content has been viewed.
  • Information Collected in Connection with Analytics Technology. We may use various technologies to learn more about how visitors use the Services, such as Google Analytics. Google Analytics uses cookies to help us analyze how visitors use the Website. The information generated by the cookies about your use of the Website includes your IP address. If you so choose, you may be able to opt out by turning off cookies in the preferences settings in your browser. For more information on Google Analytics, including how Google Analytics collects, uses, and discloses information, refer to the following page: www.google.com/policies/privacy/partners/. We may also use other technologies to monitor your activities on our Website.
  • Location Information. When you use the Services, we may collect information about your location, including general location information that may be associated with your device’s IP address, and, if you allow your device to share information about your location with the Services, the geolocation of the device you use to access the Services, which may indicate your precise geolocation.

Information We Obtain from Third Parties.

In some cases, we receive Personal Information from third parties. For instance, if you have been invited to use the Curebase platform by a trial sponsor or other entity involved in managing a clinical trial in which you are participating, we may receive your name, address, phone number, and email address from such entities, to facilitate your registration and to enable us to maintain accounts and provide the Services.We may also receive Personal Information from other third-party sources, including:

  • Our service providers, such as online analytics providers; and
  • Data brokers from which we purchase demographic data to supplement that data we collect.

How we use personal information.

We may use the Personal Information that we collect or receive through the Services for our legitimate interests consistent with your rights and appropriate to the context, including:

  • To provide the Services’ functionality to you, such as arranging access to an account, responding to your inquiries, and to allow you to use our various Services features.
  • To respond to your inquiries and communicate with you about the Services.
  • To operate and provide support for your use of the Services, including to facilitate your registration for and participation in clinical trial activities hosted on the Curebase platform.
  • To manage and communicate with you regarding your Curebase account, if you have one, including by sending you service announcements, technical notices, updates, security alerts, and support and administrative messages.
  • To store information about your preferences and customize your experience on the Services.
  • To analyze usage trends and patterns and measure the effectiveness of the Services.
  • To perform our contracts with clinical trial sponsors and others involved in clinical trial management.
  • To promote our products and services including by sending you newsletters, special offers, and other information we think may be of interest to you, including information about other clinical trials which may be of interest.
  • To administer, evaluate, and improve our business and the Services (including developing new products and services; managing our communications; and performing accounting, auditing, billing, reconciliation and collection activities).
  • To comply with legal and regulatory requirements, judicial process, and our company policies (including due diligence and contracting activities).
  • To secure the Services, including by protecting against and responding to fraud, illegal activity (such as incidents of hacking or misuse of the Services), and claims and other liabilities, including by enforcing our agreements.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceeding.
  • To create aggregate or de-identified information.
  • To enforce our policies, terms of use, contracts, or other legal rights.
  • Such other purposes as you may authorize.

How We Disclose Personal Information

‍We may disclose Personal Information we collect about you to other parties that may include the following:

  • To trial sponsors or others involved in the clinical trial process.
  • To our affiliates and business partners, such as partners involved in joint business transactions.
  • To our contractors, service providers, and other third parties we use to support our organization, which may include support of any of the data uses described above.
  • To comply with applicable law, other legal requirements, and industry standards.
  • To enforce our policies, terms of use, contracts, or other legal rights.
  • To investigate or prevent unlawful activities or misuse of the Services.
  • To protect against malicious, deceptive, fraudulent, or illegal activity, and participating in any prosecution or enforcement of laws or agreements meant to prevent or punish such activity.
  • To operate, evaluate, debug, identify and repair errors, effectuate similar functional enhancements, and improve our Services and offerings.
  • To protect the legal rights, property, safety, and security of us, our users, our employees, and others.
  • To an actual or potential buyer, successor, or other organization in the event of an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceedings.
  • To such other parties as you may authorize.

We may also share aggregate and de-identified information created from our users’ data with selected third parties for statistical purposes.

Your Rights and Choices

‍We provide you with choices with regard to your Personal Information. For example, you can choose not to give us the Personal Information we request, as described in the “Information You Provide Directly” section of this Privacy Policy. However, in some cases, if you decide not to provide the information we request, we will not be able to provide the service or information you requested.

Other examples of your choices include:

  • You can browse our website without registering or directly submitting any information to us (although we may still collect some limited information automatically, as described above).
  • You may opt out of receiving our messages at any time by using the opt-out mechanism provided in the message.
  • A cookie banner will appear on your screen the first time when you visit our website, or access the website with a new device, informing you of our use of cookies. The cookie banner includes a link to our cookie settings preference center, which can also be accessed here: visit https://privacy.curebase.com/consent.
  • You may change your browser settings or to block, manage, or delete cookies. The means by which you can refuse cookies through your web-browser may vary from browser to browser and you should visit your browser’s help menu for more information.
  • Our Services do not currently respond to browser “do not track” signals, so you will need to use your browser settings to effectively manage cookies. In some cases, blocking or disabling cookies may cause the Services not to work as intended and some features may not be available.

For information about interest-based advertising, and to opt out of this type of advertising by third parties that participate in self-regulatory programs, please visit the Network Advertising Initiative (NAI) opt out tool (http://www.networkadvertising.org/choices/) and/or the Digital Advertising Alliance (DAA) Self-Regulatory Program for Online Behavioral Advertising (https://youradchoices.com/), or, for users in Europe, the EDAA’s opt-out page (http://youronlinechoices.eu/). Please note that any opt-out choice you exercise through these programs will apply to interest-based advertising by the third parties you select, but will still allow the collection of data for other purposes, including research, analytics, and internal operations.

Children

Our Services are not directed at children. We do not knowingly collect Personal Information from children under the age of 16, or such other applicable age of consent for privacy purposes in relevant individual jurisdictions, unless (a) we have obtained consent from a parent or guardian, (b) such collection is subject to a separate agreement with us, or (c) the visit by a child is unsolicited or incidental. If you are a parent or guardian and believe your child has provided us with Personal Information without your consent, please contact us under the How to Contact Us section below and we will take steps to delete their Personal Information from our systems.

Our Security

‍We maintain safeguards that are reasonably designed to protect the information collected through the Services. Please note, however, that we cannot and do not guarantee the security of your information, as no method of data storage or transmission is completely secure.

Changes to Your Personal Information

It is important that the Personal Information we hold about you is accurate and current. Please let us know if your Personal Information changes during your relationship with us by updating your registration profile or emailing us at support@curebase.com.

How Long We Keep Information

We will keep your Personal Information for the time period necessary to achieve the purposes for which it was collected, including provision of the Services and to comply with law, resolve disputes, and enforce our agreements, as applicable. For example, if you register on our Services, we will store your information for as long as needed to maintain your account, provide you the Services or other functionality as you request it, enforce any applicable terms that govern your use of the Services, and maintain appropriate records to reflect our delivery of Services to you.

Other Sites and Services

Our Services may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.

ADDITIONAL INFORMATION FOR RESIDENTS OF CALIFORNIA

This section applies only to residents of the State of California and to the Personal Information of a particular California consumer or household (“California Personal Information”). It describes how we collect, use, and share California Personal Information to the extent we act as a “business” under the California Consumer Privacy Act of 2018 (“CCPA”), and the rights that consumers have under the CCPA. California Personal Information does not include, and this section of the Privacy Policy does not apply to:

  • Personal information that is exempt from the CCPA;
  • Personal information we collect in connection with communications or transactions with consumers who are acting as representatives of companies and other organizations that occur solely within the context of conducting due diligence regarding, or providing or receiving a product or service to or from such companies or organizations; or
  • Personal Information we collect, use, and share on behalf of our customers as a “service provider” under the CCPA.

California Personal Information We Collect


We may collect, and may have collected the following categories of California Personal Information regarding consumers within the last 12 months:

  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), such as name, signature, address, telephone number, bank account number, credit card number, debit card number, or any other financial information. Some Personal Information included in this category may overlap with other categories;
  • Identifiers such as your real name, alias, postal address, zip code, telephone number, email address and account name;
  • Unique and online identifiers such as device identifiers, internet protocol addresses, cookie identifiers, beacon identifiers, pixel tags or mobile ad identifiers or similar technology, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device;
  • Commercial information that identifies or could reasonably be linked to you, such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  • Internet or other electronic network activity information identifies or could reasonably be linked to you, such as browsing history, search history and information regarding an individual’s interaction with an internet website, application, or advertisement;
  • Professional or employment-related information, such as current or past job history;
  • Sensory data, such as audio, electronic, visual, thermal, olfactory, or similar information;
  • Protected classification characteristics under California or federal law, which includes age if 40 years or older, race, color, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, pregnancy or childbirth and related medical conditions), veteran or military status, genetic information (including familial genetic information);
  • Inferences drawn from Personal Information, such as person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes; and
  • Geolocation data, such as precise location information from your device or rough location generated based on IP address.

Sources of California Personal Information


We collect California Personal Information from the sources described in the “The Personal Information We Collect And How We Use It” section of this Privacy Policy.

Use of California Personal Information


We may use the categories of California Personal Information that we collect, as described above, for one or more of the business purposes and commercial purposes described in the “How We Use Personal Information” section above.

Disclosures of California Personal Information for a Business Purpose


‍We may disclose the categories of California Personal Information that we collect as indicated above to the categories of third parties described in the How We Share Disclose Information section above. In the preceding 12 months, we may have disclosed all of the categories of California Personal Information listed above to our service providers and other third parties when you direct us to do so, or when you use our Services to do so.

Sales of California Personal Information


‍We do not sell California Personal Information, and we do not have actual knowledge that we sell California Personal Information of consumers under 16 years of age.

California Personal Information Rights and Choices


The CCPA and other California laws provide consumers with specific rights regarding their California Personal Information. This section describes those rights and explains how to exercise those rights to the extent we direct the purposes and means of the processing of your California Personal Information processing and otherwise qualify as a “business” under the CCPA.

Access to Specific Information and Data Portability Rights

California residents have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your California Personal Information over the past 12 months. If we receive and confirm a verifiable consumer request from you pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will disclose to you, depending on the scope of the request:

  • The categories of California Personal Information we collected about you.
  • The categories of sources for the California Personal Information we collected about you.
  • Our business or commercial purpose for collecting California Personal Information about you.
  • The categories of third parties with which we share your California Personal Information.
  • The specific pieces of California Personal Information we collected about you.
  • If we disclosed your California Personal Information for a business purpose, a list of the categories of third parties to whom we disclosed California Personal Information for a business purpose identifying the categories of California Personal Information disclosed to those parties in the preceding 12 months.

Deletion Request Rights

California residents have the right to request that we delete California Personal Information, subject to certain exceptions. Once we receive and confirm your verifiable consumer request pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will delete your California Personal Information from our records, unless an exception applies.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us at https://privacy.curebase.com/ or privacy@curebase.com.

You may designate an authorized agent to submit requests on your behalf through a signed written permission that authorizes the agent to act on your behalf. We may mandate additional requirements when submitted through an authorized agent, such as requiring you to verify your identity directly with us or to directly confirm the authorized agent’s permission to act on your behalf.You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Your request must provide information sufficient to permit us to reasonably verify you are the person about whom we collected California Personal Information, or an authorized agent of that person. To verify your request, we may require you to provide additional information, including account profile information such as your Services email address and other information elements necessary to verify your identity. Your request also must include sufficient detail for us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with California Personal Information if we cannot verify your identity or authority to make the request and confirm the California Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, if you have a password-protected account with us we consider requests made through that account sufficiently verified when the request relates to California Personal Information associated with that specific account.

Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable request. If we cannot fulfill, or are permitted to decline, your request then we will alert you or your authorized agent. For data portability requests, we will select a format to provide your California Personal Information that is readily usable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision, and we reserve the right to either refuse to act on your request or charge you a reasonable fee to complete your request if it is excessive, repetitive, or manifestly unfounded.

Non-Discrimination


Subject to certain exceptions, you have a right to not receive discriminatory treatment for exercising your access, data portability, and deletion rights described above.

ADDITIONAL INFORMATION FOR INDIVIDUALS LOCATED IN THE EEA, SWITZERLAND, OR UK

‍If you are located in the EEA, Switzerland, or UK, you may have additional rights to withdraw consent, request access to, correction of, erasure of, or the transfer of your personal information, or object to or restrict the processing of your personal information. You may exercise these rights, if applicable, by contacting us as described in the “How to Contact Us” section of this Privacy Policy. Individuals located in the EEA, UK, or Switzerland may also have the right to lodge a complaint with an EEA, UK, or Swiss supervisory authority, as applicable.

International Transfers

‍We operate internationally and your personal information may be transferred outside the jurisdiction you are located. The data protection laws in other jurisdictions may differ from the jurisdiction where you are located and may not provide the same level of protection compared to the laws in the jurisdiction in which you are located.

When we transfer personal information subject to the data protection laws of the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland outside of the EEA, UK, or Switzerland, we will rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, or another framework deemed adequate by the European Commission.

Changes to this Privacy Policy


We may update this Privacy Policy to reflect changes in our privacy practices at any time and without notice to you. When we do so, we will update the Effective Date of the Privacy Policy, above. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices.

How to Contact Us


If you have any questions or comments about this Privacy Policy or our privacy practices, or if you would like to ask for access to or amendment of deletion of your Personal Information, please contact us at:
Email: privacy@curebase.com
Postal Mail: 548 Market Street PMB 86319, San Francisco, CA 94104-5401

Navigation

HomeePRO/eCOAeConsentUnified Participant ExperienceAbout UsResourcesContact Us

Contact

548 Market St PMB 86319
San Francisco, CA 94104-5401
hello@curebase.com

Curebase © 2024. All Rights Reserved
Privacy Policy
|
Terms & Conditions