x

Join Advarra

Learn more about our company team, careers, and values. Join Advarra’s Talented team to take on engaging work in a dynamic environment.

See Jobs

Updated July 2024

Advarra, Inc., doing business as Advarra®, and any of our subsidiaries or affiliates (collectively, “Advarra”), provide this policy so that you can understand how we collect information from you, what information we collect, and how we use the information you provide.

This Privacy Policy (the “Privacy Policy”) applies to the personally identifiable information that you provide to us and that may be collected (“Personal Information” or “PII”) by us when you interact with us through our websites (individually and collectively, the “Websites”), when your Personal Information is provided to us by a customer or partner during use of one of our products or services (individually and collectively, the “Services”), or as otherwise described in this Privacy Policy.

Depending on how you interact with Advarra, your Personal Information may be processed in a particular manner (For example patients for whom we already have Personal Information may be processed differently than a visitor to our website). To determine how your Personal Information is processed, please review the relevant section below.  Note that your rights may also be addressed in Terms and Conditions or Contracts agreed to by you or our customer. We reserve the right to modify or amend this Privacy Policy at any time but will provide notice of any changes by posting at the top of this Privacy Policy. BY ACCESSING OR USING THE WEBSITES, YOU INDICATE YOUR UNCONDITIONAL ACCEPTANCE OF THIS PRIVACY POLICY. WE RESERVE THE RIGHT, IN OUR SOLE DISCRETION, TO UPDATE OR REVISE THIS PRIVACY POLICY. YOUR CONTINUED USE OF THE WEBSITES FOLLOWING THE POSTING OF ANY CHANGES TO THE PRIVACY POLICY CONSTITUTES ACCEPTANCE OF THOSE CHANGES.

Please be advised that whenever you click on links or banners that take you to a third-party website, you will be subject to the third party’s privacy policies, not ours. This Privacy Policy applies solely to Personal Information received or collected by us.

This Privacy Policy addresses:

  1. How we Collect, Process (use), and Share your Personal Information
    1. Patients
    2. Users of our Services
    3. Non-patients and non-users whose Personal Information is processed by our Services
    4. Business Contacts
    5. Employees and Job Candidates
    6. Visitors to the company Websites (Advarra.com)
  2. What rights you have in relation to your Personal Information
  3. Transfers of your Personal Information outside of the European Economic Area
  4. Information security
  5. Website Visitors: Opt-out and Do Not Track
  6. Privacy Policy changes
  7. How to contact us

1. How we Collect, Process (use), and Share your Personal Information

a) Patients / Caregivers

What Patient Personal Information do we collect?

Through your use of our Services to support you on your clinical trial, and with your consent, Advarra may collect your Personal Information and medical/health information (“Patient Personal Information”). This data may include, but is not limited to:

  • Your name;
  • Your contact information (such as email address, telephone number, etc.);
  • Your demographic information;
  • Your medical information and medical records; and
  • The unique IP address of the device you use to access the system or application.

This Patient Personal Information may also be linked to other data you or your clinical site provide to Advarra, such as the name of the sponsor running the clinical trial, the name of the clinical trial, the clinical site you are attending, your unique Patient ID, the medical condition under study on the trial, your medical history data, and your visit schedule for the clinical trial.

How do we collect this Patient Personal Information?

As part of our offerings to customers, you may be able to register with one of our Services. If you choose to register to use our Services (such as the Patient Portal application) to support you on your clinical trial, you will be asked to create a user account and agree to Advarra’s processing of your Patient Personal Information as outlined in this Privacy Policy. Creating a user account requires certain Patient Personal Information fields to be provided, such as your contact details.

If you choose to receive reminders about upcoming visits on your study, we may also process your mobile telephone number and time zone.

Your clinical site may also enter or upload your data into our system, such as your medical information and medical records.

If you contact our Support Helpdesk for technical support of the application, your personally identifiable contact information and details of your support request will be processed by Advarra.

As part of the Services Advarra offers to its customers, these customers may provide Patient Personal Information about you. The transfer of this Patient Personal Information is governed by a separate written agreement with the customer or partner to address applicable legal requirements for data use and data security involving the transfer of data between us and the customer.  This Patient Personal Information includes, but is not limited to:

  • Contact information (such as name, address and email address, social media, name of your company or department, and your business function or title);
  • Demographic information (such as age, gender, etc);
  • Professional information (such as work history, education, and other professional credentials)
  • Financial records (such as information provided to our customers as part of a financial disclosure process); and
  • Health information (such as patient records or researchers notes.

Any health information that we collect from other sources will be transferred to us under a separate written agreement to address applicable legal requirements for data use and data security and protection.

How do we use this Patient Personal Information?

Advarra uses this data to support your use of our system during the clinical trial, to provide technical support to you when requested, to keep the system and your Patient Personal Information secure and confidential, and to improve our Services. Your Patient Personal Information will never be used for marketing purposes, or be sold to third parties.

How do we share this Patient Personal Information?

Within Advarra, Patient Personal Information will be accessible only to a small subset of authorized Advarra staff. All staff have been trained on Advarra’s relevant policies and procedures, and receive ongoing training on security awareness, data privacy, and ICH GCP.

Advarra may share this Patient Personal Information with its partners and partners, including but not limited to, Advarra’s customers, partners, service providers and technology partners to fulfill the purposes for how we use this Patient Personal Information. More Specifically, we may share any of your Patient Personal Information with third parties as follows:

  • Law Enforcement Officials and as Required by Law.We may release any or all of your Patient Personal Information to third parties when we determine, in our judgment, that it is necessary to (a) comply with the law, regulation, legal process, or enforceable governmental request; (b) enforce or apply the terms of any of our policies or user agreements; or (c) protect the rights, property or safety of us, our employees, our users, or others.
  • Sales, Mergers, and Acquisitions. If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, or other business transaction, your Patient Personal Information may be provided to the entities and advisors involved, and your Patient Personal Information may be transferred to a third party in connection with consummation of any such transaction. Such third parties will have appropriate technical controls to protect your Patient Personal Information and Advarra will place appropriate contractual controls through the use of a Data Protection Agreement.
  • Other Advarra Business Units. Patient Personal Information may be provided to other Business Units in Advarra’s offices than the Business Unit that initially collected or received the Information.
  • The Sponsor/CRO Study Team, Affiliates, or Other Authorized Study partners. We may share Patient Personal Information with the sponsor/CRO study team who are overseeing the clinical study, or with other partners that they have authorized to receive this information. For example, the study team will have access to the training records of clinical sites, as well as other high-level and anonymized metrics reports (number of patients screened, number of video views, etc.) Such third parties will have appropriate technical controls to protect your Patient Personal Information and Advarra will place appropriate contractual controls through the use of a Data Protection Agreement.
  • Third-Party Processors/partners. We use some third-party partners to support our Services; in order to provide these Services, we are required to share Patient Personal Information with these processors/partners. Advarra will take reasonable steps to require third parties to have appropriate technical controls to protect your Patient Personal Information, and Advarra will put into place appropriate contractual controls through a Data Protection Agreement.

How do we control access to Patient Personal Information?

Patient-facing products, applications, and data are hosted on Advarra’s secure and SOC2 controlled Advarra Cloud environment. Within Advarra, access to Patient Personal Information is tightly controlled based on the principle of least privilege. Only a small subset of authorized staff members will be able to access your Patient Personal Information.

How long do we retain Patient Personal Information?

Patient Personal Information is retained only as agreed to in our contract with our customer for the duration of our contract with our customer (generally the controller of the Patient Personal Information such as the pharmaceutical sponsor or contract research organization running the clinical trial) or as required by regulation or law. At the end of this period, all patient identifiable data is purged from our systems.

b)Users of our Services

What Personal Information do we collect?

Through your use of our Services, Advarra may collect:

  • Your name;
  • Contact information (such as name, address and email address, social media, name of your company or department, and your business function or title);
  • User account and login information;
  • Profile information you provide such as education, professional experience and publications; and
  • Operational and usage information about you contained within the Advarra Services.

How do we collect Personal Information?

When either you, or an Advarra customer creates for you, a user profile in one of our Services, you or they may supply Personal Information as part of that user profile.  Further as you use our Services our systems may collect usage information tied to your user profile.

When Advarra customers provide information about you, the transfer of this Personal Information is governed by a separate written agreement with the customer, which addresses applicable legal requirements for data use and data security involving the transfer of data between us and the customer.

How do we use this Personal Information?

Advarra uses Personal Information for its business purposes, including but not limited to the following purposes:

  • To populate your information across Advarra applications;
  • To improve and maintain Advarra Services;
  • To provide new Services;
  • To create analytics and insights from use of Advarra Services; and
  • To deliver Advarra Services requested by you.

Information may be additionally governed by the Terms and Services you agree to when signing up for account with us.

How do we share this Personal Information?

Advarra may share this information with its partners and partners, including but not limited to, Advarra’s customers, partners, service providers and technology partners to fulfill the purposes for how we use this information. More specifically, we may share any of your information, which includes your Personally Identifiable Information, with third parties as follows:

  • Law Enforcement Officials and as Required by Law.We may release any or all of your Personal Information to third parties when we determine, in our judgment, that it is necessary to (a) comply with the law, regulation, legal process, or enforceable governmental request; (b) enforce or apply the terms of any of our policies or user agreements; or (c) protect the rights, property or safety of us, our employees, our users, or others.
  • Sales, Mergers, and Acquisitions. If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, or other business transaction, your Personal Information may be provided to the entities and advisors involved, and your Personal Information may be transferred to a third party in connection with consummation of any such transaction.
  • Other Advarra Business Units. Personal Information may be provided to other Business Units in Advarra’s offices than the Business Unit that initially collected or received the Personal Information.
  • The Sponsor/CRO Study Team, Affiliates, or Other Authorized Study partners. We may share data with the sponsor/CRO study team who are overseeing the clinical study, or with other partners that they have authorized to receive this information. For example, the study team will have access to the training records of clinical sites, as well as other high-level and anonymized metrics reports (number of patients screened, number of video views, etc.)
  • Third-Party Processors/partners. We use some third-party partners to support our Services; in order to provide these Services, we are required to share Personal Information with these processors/partners. Advarra will take reasonable steps to require third parties to have appropriate technical controls to protect your Personal Information, and Advarra will put into place appropriate contractual controls through a Data Protection Agreement.

How long do we retain Personal Information?

Personal information is retained only as needed to comply with our policies, regulations, or law.

c) Non-patients and non-users whose Personal Information is processed by our Services

What Personal Information do we collect?

As part of the Services Advarra offers to its customers, Advarra may collect certain Personal Information about you. This includes, but is not limited to:

  • Contact information (such as name, address and email address, social media, name of your company or department, and your business function or title);
  • Demographic information (such as age, gender, etc);
  • Professional information (such as work history, education, and other professional credentials); and
  • Financial records (such as information provided to our customers as part of a financial disclosure process).

How do we collect this Personal Information?

As part of the Services Advarra offers to its customers, these customers may provide Personal Information about you. We may also receive information from partners that provide additional Personal Information. The transfer of this Personal Information is governed by a separate written agreement with the customer or partner to address applicable legal requirements for data use and data security involving the transfer of data between us and the customer.

How do we use this Personal Information?

We use or may use this Personal Information to:

  • Perform our contractual obligations with customers who make use of our Services;
  • Conduct research and perform analyses in order to measure, maintain, protect, develop and improve the Websites, our Services, and the content provided through the Websites;
  • Improve and maintain Advarra Services;
  • Provide new Services; and
  • Create analytics and insights from use of Advarra Services.

How do we share this Personal Information?

Advarra may share this information with its partners and partners, including but not limited to, Advarra’s customers, partners, service providers and technology partners to fulfill the purposes for how we use this information. More Specifically, we may share any of your Information, which includes your Personally Identifiable Information, with third parties as follows:

  • Law Enforcement Officials and as Required by Law.We may release any or all of your Personal Information to third parties when we determine, in our judgment, that it is necessary to (a) comply with the law, regulation, legal process, or enforceable governmental request; (b) enforce or apply the terms of any of our policies or user agreements; or (c) protect the rights, property or safety of us, our employees, our users, or others.
  • Sales, Mergers, and Acquisitions. If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, or other business transaction, your Personal Information may be provided to the entities and advisors involved, and your Personal Information may be transferred to a third party in connection with consummation of any such transaction.
  • Other Advarra Business Units. Personal Information may be provided to other Business Units in Advarra’s offices than the Business Unit that initially collected or received the Personal Information.
  • The Sponsor/CRO Study Team, Affiliates, or Other Authorized Study partners. We may share data with the sponsor/CRO study team who are overseeing the clinical study, or with other partners that they have authorized to receive this information. For example, the study team will have access to the training records of clinical sites, as well as other high-level and anonymized metrics reports (number of patients screened, number of video views, etc.)
  • Third-Party Processors/partners. We use some third-party partners to support our Services; in order to provide these Services, we are required to share Personal Information with these processors/partners. Advarra will take reasonable steps to require third parties to have appropriate technical controls to protect your Personal Information, and Advarra will put into place appropriate contractual controls through a Data Protection Agreement.

How long do we retain Personal Information?

Personal information is retained only as needed to comply with our policies, regulations, or law.

d) Business Contacts

What Personal Information do we collect?

As part of Advarra’s interactions with customers, partners, and other business contacts, we may collect certain Personal Information about you. This includes, but is not limited to:

  • Contact information (such as name, address and email address, social media, name of your company or department, and your business function or title); and
  • Professional information (such as work history, education, and other professional credentials).

How do we collect this Personal Information?

Advarra may collect Personal Information from business contacts when you interact with us, such as by visiting our Websites or using our Services.

We may also collect your Personal Information when you contact us or send inquiries through the Websites or via email. When you contact us for any reason, we may ask you to provide or confirm certain Personal Information so that we can better respond to your inquiry.

We may also collect Personal Information from your employer with whom we do business.

How do we use this Personal Information?

Your Personal Information allows us to communicate with you about the Websites, Services and the content. We use or may use your Personal Information to:

  • Provide you with access to our Services, fulfill your online requests, and facilitate customer service;
  • Perform our contractual obligations with customers who make use of our Services;
  • Conduct research and perform analyses in order to measure, maintain, protect, develop and improve the Websites, our Services, and the content provided through the Websites;
  • Make communications necessary to notify you regarding the Services that you have purchased and security, privacy, or administrative issues;
  • Offer or advertise new Services or events that may be of interest to you;
  • Communicate with you about Information or content you have posted to the Websites; or
  • Administer assessment tools and surveys, where participation is completely voluntary, and you, therefore, have a choice whether to disclose any information requested in connection with the assessment tool. Information requested may include contact information (such as name and email address), and demographic information (such as zip code, years of professional or clinical experience), among other information.

How do we share this information?

We may share any of your information, which includes your Personally Identifiable Information, with third parties as follows:

  • Law Enforcement Officials and as Required by Law.We may release any or all of your Personal Information to third parties when we determine, in our judgment, that it is necessary to (a) comply with the law, regulation, legal process, or enforceable governmental request; (b) enforce or apply the terms of any of our policies or user agreements; or (c) protect the rights, property or safety of us, our employees, our users, or others.
  • Sales, Mergers, and Acquisitions. If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, or other business transaction, your Personal Information may be provided to the entities and advisors involved, and your Personal Information may be transferred to a third party in connection with consummation of any such transaction.
  • Other Advarra Business Units. Personal Information may be provided to other Business Units in Advarra’s offices than the Business Unit that initially collected or received the Personal Information.
  • The Sponsor/CRO Study Team, Affiliates, or Other Authorized Study partners. We may share data with the sponsor/CRO study team who are overseeing the clinical study, or with other partners that they have authorized to receive this information. For example, the study team will have access to the training records of clinical sites, as well as other high-level and anonymized metrics reports (number of patients screened, number of video views, etc.)
  • Third-Party Processors/partners. We use some third-party partners to support our Services; in order to provide these Services, we are required to share Personal Information with these processors/partners. Advarra will take reasonable steps to require third parties to have appropriate technical controls to protect your Personal Information, and Advarra will put into place appropriate contractual controls through a Data Protection Agreement.

How long do we retain Personal Information?

Personal information is retained only as needed to comply with our policies, regulations, or law.

e) Employees and Job Candidates

What Personal Information do we collect?

If you apply for a job with Advarra, or are employed by Advarra we may collect certain Personal Information about you, including:

  • Biographical and identification information, such as first name, last name, date of birth, marital status, national identification/social security number, and copies of ID cards, driver’s licenses, and passports;
  • Contact and location information;
  • Professional and educational information;
  • Health information;
  • Financial information;
  • Employment information; and
  • Other information, such as photographs, audio and video recordings, and information from background checks (which may include criminal convictions and certification/license status).

How we collect this Personal Information?

As part of our human resources processes, we collect and process your Personal Information relating to job applicants and our staff. We may obtain your Personal Information when:

  • You submit it to us during the process of your job application, for example, when we collect Personal information from application forms, CVs, resumes, or LinkedIn profiles, your passport or other identity documents, or through interviews or other forms of assessment, including online tests;
  • Your recruitment agency submits your information to us;
  • You provide it to us during your working relationship with us; and we collect it in the course of job-related activities throughout the period when you work for us; and
  • We obtain Personal Information from other third parties, such as former employers, authorities, government entities, social networks, or other information providers.

Subject to applicable laws, your Personal Information may be obtained through background checks, security clearances, and other similar information sources as required by law or deemed necessary due to the nature and security requirements related to the position in question.

How do we use this Personal Information?

We may use this Personal Information for:

  • Professional recruiting and employment application review;
  • Managing employment;
  • Carrying out our contractual obligations with consumers, customers, and suppliers;
  • Responding to your requests or questions;
  • Preventing fraud or criminal activities;
  • Conducting criminal background checks;
  • Assuring network and information security, including access management to prevent unauthorized access to our systems; or
  • Enforcing our legal rights and complying with laws and regulations applicable.

Note that processing of Personal Information of Employees is governed by the relevant Advarra Employee Handbook, provided to you upon employment.

How do we share this Personal Information?

We may share any of your information, which includes your Personally Identifiable Information, with third parties as follows:

  • Law Enforcement Officials and as Required by Law.We may release any or all of your Personal Information to third parties when we determine, in our judgment, that it is necessary to (a) comply with the law, regulation, legal process, or enforceable governmental request; (b) enforce or apply the terms of any of our policies or user agreements; or (c) protect the rights, property or safety of us, our employees, our users, or others.
  • Sales, Mergers, and Acquisitions. If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, or other business transaction, your Personal Information may be provided to the entities and advisors involved, and your Personal Information may be transferred to a third party in connection with consummation of any such transaction.
  • Other Advarra Business Units. Personal Information may be provided to other Business Units in Advarra’s offices than the Business Unit that initially collected or received the Personal Information.
  • customers. We may share data with customers as required in order to fulfill our agreements with them.
  • Third-Party Processors/partners. We use some third-party partners to support our Services; in order to provide these Services, we are required to share Personal Information with these processors/partners. Advarra will take reasonable steps to require third parties to have appropriate technical controls to protect your Personal Information, and Advarra will put into place appropriate contractual controls through a Data Protection Agreement.

Note that sharing of Personal Information of Employees is governed by the relevant Advarra Employee Handbook, provided to you upon employment.

How long do we retain Personal Information?

Personal information is retained only as needed to comply with our policies, regulations, or law.

f) Visitors to the company Websites (Advarra.com)

What Personal Information do we collect and how do we collect this Personal Information?

Personal Information You Share With Us. We collect different types of information about you when you interact with us, such as by visiting our Websites or using our Services. When you register or create an account anywhere on the Websites or when using our Services, we may collect any or all of the following information, (i) your name, (ii) home or business address, (iii) professional information, including specialty or nature of concern, (iv) organization with whom you are affiliated and its address, and (v) your email address. We may also collect Personally Identifiable Information when you contact us or send inquiries through the Websites or via email. This includes one or more of any combination of your: name, e-mail address, and home address. When you contact us for any reason, we may ask you to provide or confirm certain Personally Identifiable Information so that we can better respond to your inquiry.

Information automatically collected. When you visit the Websites, we may automatically record information that your browser sends. For example, we may receive and collect: the name of the domain and host from which you access the Internet; the Internet Protocol (IP) address of the computer you are using; the date and time you access the Websites or make uploads or post to the Websites; and the Internet address of the website from which you linked directly to the Websites. This Information does not include any Personally Identifiable Information and we refer to this information as Non-identifiable Information. We use this Non-identifiable Information to monitor the usage of the Websites and to understand how to better serve our users.

The most common mechanisms for collecting this Information include:

  • Cookies
  • Service Analytics
  • Pixel tags or clear Graphics Interchange Format files, known as GIFs

Cookies: Cookies are small files that are sent to your computer’s hard drive to tell us who you are when you are using the Websites. Cookies help us to: (1) associate you with your account and enable you to update and modify your account; (2) speed navigation; (3) remember information you gave us so that you do not have to re-enter it; and (4) count the total number of visitors and pages viewed. Browsers are typically set to create cookies automatically. You can choose to have your browser notify you when cookies are being written to your computer or accessed, or you can disable cookies entirely. If you disable cookies, however, you may not be able to create an account on the Websites. Also, by not using cookies, some features and Services on the Websites may not function properly.

Service Analytics: From time to time, we may work with one or more third-party service provider to help us better understand how you use the Websites. The service provider may place cookies on your computer to collect information. The information that is collected will tell us things like which search engine referred you to the Websites, how you navigated around the Websites, how quickly we helped you to enter account information, and what content you viewed. This information will help us to better serve you. We will not grant permission to the third-party service provider to collect your e-mail address or password information. The third-party service provider will be restricted to use your information to perform services for us, securely and in confidence, except they may be permitted to use the information on an aggregate, non-personally identifiable basis.

Pixel tags or clear GIFs: To help us understand the effectiveness of certain of our communications, we may use “message format” and “message open” sensing technologies that use pixel tags or clear GIFs (which are also called web beacons). These technologies allow us to know if your e-mail program is able to accept HTML e-mails and, if it is, to: (1) send you e-mails in that format; and (2) determine if you have opened our e-mail messages.

Information you provide through online blogs, reviews and community sources. In addition to the information described above, from time to time we may provide you with the ability on the Websites to create your own content and share your opinions and reviews with others viewing the Websites. You may choose to post Information as part of a blog or online interactive community. Because any Information you choose to post on the Websites or make visible via social media will be available on the internet, we can make no assurance that others will not use or misuse that information.

How do we use this Personal Information?

Your Information allows us to communicate with you about the Websites, Services and the content. We use or may use your Information to:

  • Provide you with access to our Services, fulfill your online requests, and facilitate customer service;
  • Perform our contractual obligations with customers who make use of our Services;
  • Conduct research and perform analyses in order to measure, maintain, protect, develop and improve the Websites, our Services, and the content provided through the Websites;
  • Make communications necessary to notify you regarding the Services that you have purchased and security, privacy, or administrative issues;
  • Offer or advertise new Services or events that may be of interest to you;
  • Communicate with you about Information or content you have posted to the Websites; or
  • Administer assessment tools and surveys, where participation is completely voluntary, and you, therefore, have a choice whether to disclose any information requested in connection with the assessment tool. Information requested may include contact information (such as name and email address), and demographic information (such as zip code, years of professional or clinical experience), among other information.

How do we share this Personal Information?

We may share, sell or rent your Non-identifiable Information with: (i) our customers, (ii) third parties through scholarly publications relating to the Websites and its subject matter, (iii) reputable service providers, subcontractors, partners and agents who perform services on our behalf, and (iv) third parties who may benefit from the study or use of such information.

We may share any of your information, which includes your Personally Identifiable Information, with third parties as follows:

  • Law Enforcement Officials and as Required by Law.We may release any or all of your Personal Information to third parties when we determine, in our judgment, that it is necessary to (a) comply with the law, regulation, legal process, or enforceable governmental request; (b) enforce or apply the terms of any of our policies or user agreements; or (c) protect the rights, property or safety of us, our employees, our users, or others.
  • Sales, Mergers, and Acquisitions. If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, or other business transaction, your Personal Information may be provided to the entities and advisors involved, and your Personal Information may be transferred to a third party in connection with consummation of any such transaction.
  • Other Advarra Business Units. Personal Information may be provided to other Business Units in Advarra’s offices than the Business Unit that initially collected or received the Personal Information.
  • The Sponsor/CRO Study Team, Affiliates, or Other Authorized Study partners. We may share data with the sponsor/CRO study team who are overseeing the clinical study, or with other partners that they have authorized to receive this information. For example, the study team will have access to the training records of clinical sites, as well as other high-level and anonymized metrics reports (number of patients screened, number of video views, etc.)
  • Third-Party Processors/partners. We use some third-party partners to support our Services; in order to provide these Services, we are required to share Personal Information with these processors/partners. Advarra will take reasonable steps to require third parties to have appropriate technical controls to protect your Personal Information, and Advarra will put into place appropriate contractual controls through a Data Protection Agreement.

Certain links through the Websites may link to organizations located in or with facilities that are located in a different jurisdiction than either you or us. If you elect to link to a third-party’s website, then your Personal Information may become subject to the laws of the jurisdiction(s) in which that third party or its facilities are located. As an example, if you are located in Canada and you link to a website in the United States, then your Personal Information collected through that website may be subject to disclosure under United States legislation, including the Patriot Act

How long do we retain Personal Information?

Personal information is retained only as needed to comply with our policies, regulations, or law.

Children’s Privacy

The Websites are designed for adults. These Websites are not designed to attract minors, in particular children under the age of 13. We do not knowingly collect Personal Information from anyone under the age of 13. Children should always get permission from their parents before sending any information about themselves (such as their names, email addresses, and phone numbers) to anyone over the Internet.

2. What rights do you have in relation to your information?

Generally

If you are interacting with the Websites from outside the United States and provide us with any Personal Information, please note that your Personal Information will be transferred, stored and processed within the United States. The data protection laws in the United States may not be as comprehensive as those in your country. By interacting with the Websites, you are consenting to the transfer of your Personal Information to facilities located in the United States and other facility locations that we select.

Rights to your Personal Information if you reside in the EEA, UK, or Switzerland

If you reside in the European Economic Area (EEA), the United Kingdom, or Switzerland, our use of your Personal Information is governed by the European Union’s General Data Protection Regulation, or “GDPR” or applicable EEA, UK or Swiss national laws. These grant you particular rights in your Personal Information, including the right to alter, correct, receive, or delete Personal Information processed by Advarra, subject to our business interests and any legal requirements we may face.

Those in the EEA, UK, or Switzerland have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.

In addition to the choices described above you also have the following rights under the European General Data Protection Regulation (“GDPR”) if you are accessing the Services in Europe:

  • Right of access to your Personal Information (Art. 15 GDPR): You have the right to ask us for confirmation on whether we are processing your Personal Information, and access to the Personal Information and related information on that processing (e.g., the purposes of the processing, or the categories of Personal Information involved). “Personal Information” is defined in the GDPR as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
  • Right to rectification (Art. 16 GDPR): You have the right to have your Personal Information corrected, as permitted by law.
  • Right to erasure (Art. 17 GDPR): You have the right to ask us to delete your Personal Information, as permitted by law. This right may be exercised among other things: (i) when your Personal Information is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is based on your consent and where there is no other legal ground for processing; (iii) when you object to processing which is necessary for our legitimate interests (pursuant to Art. 21 (1) GDPR) and there are no overriding legitimate grounds for the processing, or when you object to your Personal Information being used for direct marketing purposes (pursuant to Art. 21 (2) GDPR); or, (iv) when your Personal Information has been unlawfully processed.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request the limiting of our processing under limited circumstances, including: when the accuracy of your Personal Information is contested; when the processing is unlawful and you oppose the erasure of your Personal Information and request the restriction of the use of your Personal Information instead; (and, when you have objected to processing which is necessary for our legitimate interests (pursuant to Art. 21 (1)) GDPR pending the verification whether the legitimate grounds of Advarra override your grounds.
  • Right to data portability (Art. 20 GDPR): You have the right to receive the Personal Information that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
  • Right to object (Art. 21 GDPR): You have the right to object to our processing of your Personal Information, as permitted by law. This right is limited to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or processing which is necessary for the purposes of our legitimate interests (Art. 6 (1) (e) or (f) GDPR), and includes profiling based on those provisions, and processing for direct marketing purposes.
  • Right to object to profiling (Art. 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Contacting us to exercise your rights and with any questions

If you need help or wish to exercise any of the above rights or have questions about them, please email us at privacy@advarra.com.

We will consider all such requests and provide our response as soon as we can. Please note, however, that in certain circumstances that some Personal Information may be exempt from such requests if we need to keep processing your Personal Information for our legitimate interests, to protect the privacy of others, or to comply with a legal obligation. Please note that we may request you provide us with Personal Information necessary to confirm your identity.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

3. Transfers of your Personal Information outside of the European Economic Area

Advarra is based in the United States and we process and store information in the U.S. Therefore, we and our service providers will store and access your Personal Information in the U.S.  The U.S. may not provide equivalent levels of data protection as regulated in your home jurisdiction.

In such instances, whenever your Personal Information is transferred to countries outside of the EAA, UK or Switzerland, we will ensure that at least one of the following safeguards is in place:

  • The country is one that the European Commission have approved as providing an adequate level of protection for Personal Information;
  • The transfer is subject to a specific derogation in the GDPR or national laws;
  • Through the use the standard contractual clauses as the transfer mechanism when a case-by-case analysis has been performed; or
    • Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give Personal Information substantially similar protection as in the UE, EEA or UK.
    • Through compliance with the Data Protection Framework (see below).

    Data Protection Framework

    Advarra complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

    Advarra has also certified to the US Department of Commerce that it adheres to EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

    Advarra has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

    If there is any conflict between the terms in this policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. Advarra’s commitments under the Data Privacy Framework are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/s/.

    As set out above Advarra uses a limited number of third-party service providers to assist us in providing our services to our users and business customers. These third parties may access, process, or store personal data in the course of providing their services.  Advarra maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions.

    DPF Mediation and Arbitration

    In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Advarra commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

    In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, you have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For more information please see Q11 Invoke Arbitration and ANNEX-I-introduction on the DPF website.

    DPF Notice of Liability for Onward Transfers

    Even in the case of an onward transfer of your personal information, Advarra has responsibility for the processing of personal information it receives under the DPF Principles and subsequently transfers to a third party acting as an agent on its behalf.

    Advarra shall remain liable under the DPF Principles if its agent processes such personal information in a manner inconsistent with the DPF Principles, unless Advarra proves that it is not responsible for the event giving rise to the damage. For more information please see FAQs – Privacy Policy (11–12) on the DPF website.

Your Rights In the United States

As described in the sections above, we collect and use information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your devices when you visit our Websites, provide us with information, or have a contractual or business relationship with us or any of our customers, (“Personal Information”).

We collect and share Personal Information as described and for the purposes identified in the sections above.

If you reside in the United States, you may have certain rights related to your Personal Information under state privacy laws.

Depending on your state of residence, these rights may include the right to request information about the collection, sale, or disclosure of your Personal Information by us, including

  • Categories of Personal Information collected about you, and sources from which collected;
  • Our purpose for collecting Personal Information;
  • Categories of third parties with which the Personal Information was shared; and
  • Specific pieces of Personal Information collected about consumers.
  • Categories of your Personal Information sold in the preceding 12 months;
  • Categories of third parties to whom your Personal Information has been disclosed; and
  • Categories of Personal Information that we disclosed about consumers for a business purpose.

If this Policy does not answer your questions, then you have the right to contact us and request further information on each of these topics.

Depending on your state of residence, these rights may also include:

  • The right to access your Personal Information in a portable format;
  • The right to ask us to correct your Personal Information;
  • The right to opt-out of sharing, disclosure, or sale of your Personal Information; and
  • The right to request that we delete the Personal Information we have about you. However, we are not required to delete information if it is necessary to retain your information to:
    • Complete the transaction for which the Personal Information was collected, provide a good or Service requested by you, or a transaction reasonably anticipated within the context of our or one of our affiliate’s ongoing business relationship with you, or to otherwise perform a contract we have with you;
    • Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity or prosecute those responsible for that activity;
    • Debug to identify and repair errors that impair existing intended functionality;
    • Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
    • Facilitate solely internal uses that are reasonably aligned with your expectations based on your relationship with us or one of our affiliates;
    • Comply with a legal obligation; or
    • Otherwise use the Personal Information, internally, in a lawful manner that is compatible with the context in which it was provided.

You can contact us with questions about this Privacy Notice or to exercise your rights as described above by emailing privacy@advarra.com with “Request for California Privacy Information” in the body and subject line of the email.

Additionally, you may have the right to appeal the denial of any of these rights by submitting a form that will be provided to you if we deny a data request. Certain Services may be limited or unavailable if information is deleted or processing is stopped. To ensure the security of your Personal Information, we will generally ask you to verify your requests under these rights.

In these arrangements, the use of the Personal Information we share is limited by policies, contracts, or similar restrictions. Certain information we collect may be exempt from some state privacy laws because it is considered public information or it is covered by a federal privacy law, such as the Health Insurance Portability and Accountability Act.

For Residents of Other Jurisdictions

If the laws of your country or other jurisdiction are not mentioned above, you may also have rights under your home jurisdiction’s laws to access, erase, correct, and move your Personal Information. For more information, please contact us at privacy@advarra.com if you wish to exercise your rights.

You may have rights to file a complaint with a regulator in your jurisdiction if we do not adequately address your requests or concerns. Below is a non-exhaustive list of various data protection authorities who you may contact about enforcing your data rights:

  • Australia: Information on how to file a complaint is available here https://www.oaic.gov.au/privacy/privacy-complaints/
  • Canada: Information on how to file a complaint is available here https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/

4. Information Security

  • We take reasonable precautions and follow standard industry practices to help prevent your Personal Information from being inappropriately lost, misused, accessed, disclosed, altered or destroyed. While we have security measures to protect electronically transmitted information and frequently review and try to improve the security of the Websites and Services, we can’t guarantee that a third party won’t gain access to any Personal Information provided to or collected through this Websites and Services.

5. Website Visitors: Opt-out and Do Not Track.

OPT-OUT: For visitors to our Websites, if, at any time, you wish to no longer receive any or all communications from us, you will be able to follow instructions provided with our communications or on the Websites in connection with communications. Even if you opt-out of receiving communications, you may continue to receive e-mails relating to Services that you have purchased, content you have posted, access and administration of the Websites, account update information, and/or other interaction-related communications. Although the primary purpose of these emails is not to provide you with promotional material, they may contain within them some promotional material.

DO NOT TRACK: It may be possible for you to set your browser with a “Do Not Track” signal. Not all browsers provide this feature. This feature enables you to disable certain cookies and other tracking mechanisms on particular websites, removing the ability of the Websites owner to track where you visit on the web. If you choose to use the Do Not Track feature on your browser, we cannot commit or guarantee that the Websites, or any of the third parties accessible through the Websites, will respond or comply with the Do Not Track signal. If you block cookies from the Websites, some or all features may not work correctly.

If you desire to disable cookies, remove your Personal Information from any of our communication lists, require confirmation of removal, or have any questions regarding this Privacy Policy or our use of your Information, please contact us at:  privacy@advarra.com or 6100 Merriweather Drive, Suite 600, Columbia, Maryland 21044.

6. Privacy Policy changes

We reserve the right to modify this Privacy Policy at any time as changes in circumstance, laws and regulations may necessitate changes to this policy. Changes and clarifications will take effect immediately upon their posting on the Websites. If we make material changes to this Privacy Policy, we will provide a notice on our home page that it has been updated.

7. How to contact us

If you would like to: access, correct, amend or delete any Personal Information we have about you, register a complaint, or simply want more information, contact us at: privacy@advarra.com or 6100 Merriweather Drive, Suite 600, Columbia, Maryland 21044.

Updated: July 2, 2024

To learn more about the following aspects of Advarra’s privacy practices, please click on the link below: