Last Revised: 05/23/2022
Elligo Health Research, Inc. (“Elligo,” “our,” “we,” or “us”) are assisting the Clinical Research Organization (CRO) Syneos Health, Inc. (“Syneos Health” or “Syneos”) in providing certain services, including study advertising, study recruitment, study site support and hosting the SHIMMER study website (the “Services”) on behalf of the Sponsor of the SHIMMER Study, Cognition Therapeutics, Inc. (“Cognition“).
The Applicability of This Policy– this policy applies to Personally Identifiable Information we collect on the Website, including through forms on the Website; electronic correspondence between you and the Website; and interactions via telephone. We can change, update or otherwise modify this policy by providing you a proper notice, as further detailed in the Applicability of This Policy section of this policy. Read more.
The Personally Identifiable Information That We Collect – We collect Personally Identifiable Information such as your name, age, contact details and certain health/medical related information. Read more.
How Do We Collect the Personally Identifiable Information Related to You– We collect the Personally Identifiable Information related to you, which you provide through your use of our Services. We collect Personally Identifiable Information on your use of the Website by using third party analytics and marketing automation services and cookies. Read more.
How Do We Use the Personally Identifiable Information? – We will use the Personally Identifiable Information related to you solely for the purposes mentioned in this policy, including to improve our Services, contact you, conduct studies and trial qualifications, comply with applicable laws and prevention of frauds. Read more.
Your Controls and Choice – You may opt-out of the following: (a) the data transfers to third parties which are not mentioned under this policy; (b) the processing of the Personally Identifiable Information related to you for purposes other than those mentioned under this policy. Our Service does not respond to Do Not Track (DNT) signals. Read more.
Data Security and Integrity – We implement systems, applications, and procedures to secure your Personally Identifiable Information, to minimize the risks of unauthorized access, to disclose, and modification. Read more.
How Long We Keep Your Personal Information– We retain data to comply with our legal obligations and to provide you with our Services, as further explained in the data retention section of the policy. Read more.
Children’s Personal Information – Most of the Services available on the Website are intended for persons 18 years of age and older. Any individual who requires information about any of our Services, must be 18 and over. We will not knowingly collect, use, or disclose Personal Information from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility through direct off-line contact. Read more.
California Consumer Privacy Act – Information for California Consumers – If you are a California resident, you are entitled to specific privacy rights. Read more.
Accessing or Correcting the Personally Identifiable Information Related to You – At any time you can request access to, correct, or delete any Personally Identifiable Information relating to you that you have provided to us. Read more.
Contact Us – For further information please contact us at: firstname.lastname@example.org or by phone at 857-496-0054 or at: Elligo Health Research, Attn: Privacy Officer/DPO, 11612 Bee Cave Road, Bldg. 1, Ste. 150, Austin, TX 78738. Read more.
The Applicability of This Policy:
This policy does not apply to information collected:
- by us, offline or through any other means, including information collected through any other electronic means or any other Website specified by us or a third-party;
- by Cognition Therapeutics, Inc., the sponsor of the SHIMMER study; or
- by any other third-party, including through any application or content (including advertising) that may link to or be available from the Website.
If the changes have minor, if any, consequences, they will take effect 7 days after we notify you. Substantial changes will be effective 30 days after we initially posted or sent you the notice. If we need to adapt the policy to new legal requirements, the new policy will become effective immediately or as required by law.
Until the new policy takes effect, if it materially reduces the protection of your privacy right under the then-existing policy, you can choose not to accept it and terminate your use of the Services. Continuing to use the website after the new policy takes effect means that you agree to the new policy.
The Personally Identifiable Information That We Collect
We collect, use, store, transfer and otherwise process different categories of personal data about you as set out below. However, your name and other directly identifying information including your contact details will not be accessed by Cognition. Instead, you will only be identified by a unique number (a code). Only the SHIMMER study research sites and authorized personnel will be able to connect this code with your name.
- Personal Identifier Data includes full name and internet protocol (IP) address.
- Contact Data includes zip code, email address and telephone numbers.
- Demographic Data includes date of birth, and gender.
- Internet or Other Electronic Activity Data includes your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website, and how you use our Website.
- Special Categories of Data: Information relating to your health.
- “Aggregate Information,” which means information that does not directly or indirectly identify, and cannot reasonably be used to identify, you.
How Do We Collect the Personally Identifiable Information Related to You?
We collect Information in the following ways:
- Use the Services: we collect Personal Information that you provide to us when you –
- fill out a form to be considered for potential study opportunities;
- provide personal information in the completion of the Prescreening Questionnaire;
- request products, services or information from us; or,
- otherwise interact with us or the Services.
- Web Analytics Automation: We use third parties’ analytics tools to better understand who is using the Services, how people are using the Services, and how to improve the effectiveness of the Services and its content.
- The privacy practices of these third-party companies are subject to their own privacy policies. Please read these policies at: http://www.google.com/intl/en/policies/privacy/.
From time to time, we will change our analytics service providers and will provide additional information about these services when we update this policy.
- They may combine information they collect from your interaction with the Services with Personal Information they collect from other sources. We do not combine the information collected through the use of analytics services with your Personal Information. You can prevent analytics services from recognizing you on return visits to our Website by disabling third party cookies on your web browser.
- Online Forms: When we collect your Personal Information, it is secured in our database and stored in portals for sites to securely access and follow up with potential participants to determine eligibility for this study.
- Website Cookies: We and our analytics service providers collect information about you. This information may include the internet protocol (IP) address that your device used, the time and length of your visit, the pages you looked at on our Website, and the site you visited just before coming to ours. We only use this information to measure website activity and to develop ideas for improving our Website.
- Via Phone Call and Text: You may be contacted by a staff member at a research study site if you meet the study requirements to discuss participation in the study. By providing your phone number and/or email to us through the Services, you consent to being contacted by us.
Do Not Track
Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. Our Services do not respond to Do Not Track (DNT) signals.
How Do We Use the Personally Identifiable Information?
The purposes and reasons for processing your Personal Information are detailed below: –
- We use your Personal Information to provide you with the Services, make it better, and to continue developing the Services.
- We use your Personal Information to contact you, respond to your questions or to provide you with information you requested.
- We collect your Personal Information for study and trial qualification.
- We collect and store your Personal Information as you expressed interest in participating in a study or trial.
- We will use your Personal Information to enforce our terms, policies, and legal agreements.
- We will use your Personal Information to comply with court orders and warrants and assist law enforcement agencies.
- We will use your Personal Information to prevent fraud, misappropriation, infringements, identity thefts, cyber security attacks, and any other misuse of your Personal Information and the Services.
- We will use your Personal Information to take any action in any legal dispute and proceeding.
Sharing the Personally Identifiable Information with Others
The ways in which we share your Information include the following:
- When we make your Personal Information available to the study research sites for study and trial qualification.
- When we share Personal Information with third parties in connection with the sale of our business (including merger, acquisition, sale of all or a material portion of our assets, change in corporate control, or insolvency or bankruptcy proceedings).
Your Controls and Choices
We provide you the ability to exercise certain controls and choices regarding our collection, use, and sharing of your information, including the right to request access to the Personal Information we hold about you and that we amend, if you find that your Personal Information is not accurate, complete or up-to-date, or to delete it.
At any time, you can exercise your following opt-out options:
- object to the transfer of your Personal Information to a third-party, other than to third parties who help us perform tasks as explained in this policy, or,
At any time following your opt-out request, we can remove or de-identify your Personal Information altogether and request that you stop using the Website.
Following the termination or expiration of the Services, we will stop collecting any Personal Information from or about you.
You may exercise your controls and choices or request access to your Personal Information by modifying your profile or by contacting us at email@example.com or following instructions provided in communications sent to you.
We will need to ask you to provide us certain credentials to make sure that you are who you claim to be, and to the extent required under the applicable law will make good-faith efforts to locate the Personal Information that you request to access.
We can delete your Personal Information by removing any identifying information and transforming Personally Identifiable Information that relates to you into anonymized information.
Please be aware that, if you do not allow us to collect Personal Information from you, we may not be able to deliver certain services to you, and some of our services may not be able to take account of your interests and preferences. If you have questions regarding the specific Personal Information about you that we process or retain, please contact us at firstname.lastname@example.org.
Data Security and Integrity
The security, integrity, and confidentiality of your Personal Information are important to us.
We have implemented technical, administrative, and physical security measures that are designed to protect your Personal Information from unauthorized access, disclosure, use and, modification, including: SSL, TLS, encryption, pseudonymization, restricted access, two factor authentication, firewalls, and anti-virus/malware.
From time to time, we review our security procedures to consider new appropriate technology and methods. Please be aware though that, despite our best efforts, no security measures are perfect or impenetrable and we cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
The safety and security of your Personal Information also depends on you.
How Long We Keep Your Personal Information
Elligo retains Personal Information as needed to comply with legal obligations and we have strict review and retention policies in place to meet these obligations.
If we retain your Personal Information for any legitimate business purpose other than to provide the services, we will make efforts to limit the access to such information and keep the retention time to a minimum.
We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify Personally Identifiable Information, when we no longer need to process the information.
Children’s Personal Information
Most of the Services available on this Website are intended for persons 18 years of age and older. Any individual who requires information about any of our Services must be 18 and over.
We will not knowingly collect, use, or disclose Personal Information from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility through direct off-line contact.
We will provide the parent or guardian with notice of the specific types of Personal Information being collected from the minor and the opportunity to object to any further collection, use, and storage of such information.
We abide by the laws designed to protect children. If we become aware that we have unknowingly collected Personal Information from persons under the age of 13, we will make commercially reasonable efforts to delete such information from our database.
If you are the parent or guardian of a minor child who has provided us with Personal Information, you may contact us at email@example.com to request it be deleted.
California Consumer Privacy Act – Information for California Consumers
This section provides specific information for residents of California (“consumers”), as required under California privacy laws, and is intended to satisfy the California Consumer Privacy Act (“CCPA”), which requires that we provide certain information to consumers about how we handle certain personal information that we have collected.
Personal Information That We Collect
We have collected the following categories of personal information from consumers within the last twelve (12) months:
- Identifiers and Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). These include, names, zip code, telephone number, email address, Internet Protocol address and business email address.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with the Website.
- Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences and characteristics.
Categories of Sources for Personal Information
We obtain the categories of personal information listed above from the following categories of sources:
- Directly and indirectly from you when you visit the Website.
- Third parties as further detailed above.
Purposes for which Personal Information is Used
The categories of personal information described above are collected and disclosed for the purposes detailed under the section titled “How We Use Your Information” above.
Our Use and Disclosure Practices
In the preceding twelve (12) months, we have disclosed the following categories of personal information for business purposes:
- Internet or other similar network activity;
In the preceding twelve (12) months, Elligo Health Research, Inc. did not sell your personal information.
California Consumer Rights
Subject to certain exceptions, you have the right to make the following requests, at no charge, up to twice every 12 months:
- Deletion: the right to request deletion of your personal information that we have collected about you, subject to certain exemptions, and to have such personal information deleted.
- Right to Know: the right to request that we disclose certain information about how we have handled your personal information in the previous 12 months, including the:
- categories of personal information collected
- categories of sources of personal information collected
- business and/or commercial purposes for collecting and selling your personal information
- categories of third parties with whom we have disclosed or shared your personal information
- categories of personal information that we have disclosed or shared with a third-party for a business purpose
- categories of third parties to whom the consumer’s personal information has been shared
- The specific pieces of personal information we collect from you
You can submit a deletion or right-to-know request by calling out toll-free number at 857-496-0054 or by emailing us at firstname.lastname@example.org; we will respond to verifiable requests received from California consumers as required by law. We will also ask you for additional information necessary to verify or process your request. We may also carry out checks, including with third party identity verification services, to verify your identity before taking any action with your personal information. We will respond substantively to your verifiable requests within 45 days, unless additional time (up to 45 additional days) is needed, in which case we will let you know. If we determine that your request warrants a fee, we will inform you of the reasons for such decision and provide you with a cost estimate before completing your request.
Accessing or Correcting Your Information
You may send us an email at email@example.com to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
If we need to delete your personal data following your request, it will take some time until we completely delete residual copies of your personal data from our active servers and from our backup systems.