Privacy Policy - Clara Health

Privacy Policy

Effective September 14, 2022

M&B Sciences, Inc (d/b/a Clara Health) and its affiliates and subsidiaries (collectively, "M&B Sciences", “Clara,” “we,” “us” and “our”), is committed to protecting the privacy of your information. This Privacy Policy describes how we collect, use, disclose and store information you provide to us. The Privacy Policy applies to all of the information collected in the provision of services via the Clara website and mobile app (collectively, the “Services”).

Clara Health has subscribed to the EU-U.S. Privacy Shield Framework (collectively, “Privacy Shield”). Clara Health adheres to the Privacy Shield Principles for Personal Data received from entities in the European Economic Area (the “EEA”). If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles as concerns the Personal Data received under the Privacy Shield, the Privacy Shield Principles shall govern to the extent of the conflict. To learn more about the Privacy Shield program visit https://www.privacyshield.gov, and to view our certification, please visit https://www.privacyshield.gov/list.

This Privacy Policy describes:

  • Information we collect and how we collect it
  • How we use the information that we collect
  • How we may share information with third parties
  • The security of your information

PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. When you submit information to or through the Services, you consent to the collection, use, sharing and processing of your information as described in this Privacy Policy. By using the Services, you accept the terms of this Privacy Policy and our Terms of Service and consent to our collection, use, disclosure and retention of your information as described in this Privacy Policy. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS OF USE, THEN PLEASE DO NOT USE ANY OF THE SERVICES.

Linked Sites.

For your convenience, we may provide links on our Website to third party websites (“Third Party Sites”), with which we have no affiliation. Please remember that this Privacy Policy is not applicable to such Third Party Sites. A link to any Third Party Sites does not mean that we endorse it or the quality or accuracy of information presented on it. If you decide to visit a Third Party Site, you are participant to its privacy policy and practices and not this Privacy Policy. We encourage you to carefully review the legal and privacy notices of all other digital services that you visit.

Effective Date and Changes to Privacy Policy.

The Effective Date of this Privacy Policy is set forth at the top of this webpage. We reserve the right to make changes to this privacy policy from time to time. We will post changes to this Privacy Policy to this webpage, so please return often to ensure you are aware of our current privacy practices. We will not make retroactive changes that reduce your privacy rights unless we are legally required to do so. Your continued use of the Services after the Effective Date of the Amendment constitutes your acceptance of the amended Privacy Policy. The revised Privacy Policy supersedes all previous versions.

Information We Collect and How we Collect It.

What We Collect Online

  1. Personally Identifiable Information

    We collect certain personal information about you when you provide it to us while using the Services. For example, you may provide us with this information in order to verify your identity, post a new research study, set up a participant profile, apply to be a participant in a research study, or respond to a survey. “Personal information” includes:

    • contact information (such as your name, address, email address and telephone number)
    • demographic information (such as age, date of birth, gender, marital status, ethnicity and sexual orientation)
    • health information (such as diagnosis, health status, prior treatment regimens, smoking and drug use)
    • specific information collected on behalf of a research study in which you are participating
    • financial information necessary to enable direct deposits of funds you may receive for participating in a research study or referring a friend, and
    • other information necessary for or related to your activities with us (such as research studies you are conducting or in which you are participating, the location and/or IP address of the computer you use to access the Services, education and employment history and identification numbers).

    Certain personal information, such as information about personal health or finances, is characterized as sensitive and participant to stricter regulation than other personal information. Before providing it to us, we urge you to carefully consider whether to disclose your sensitive personal information to us. If you do provide sensitive personal information to us, you consent to its use and disclosure for the purposes and in the manner described in this Privacy Policy.

    "When you provide your personally identifiable information to us in connection with our services, we may make that information available to the researchers, trial sponsors, pharmaceutical companies, and other entities that are conducting studies which you may be able to participate in. By signing up, you are authorizing us to collect and store this information, use your email and any phone number provided to contact you, and share your PII with researchers who may contact you directly about your interest to participate in their studies. We may also use this information as described in the “How Information is Used” section of this Privacy Policy.

    Under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), some demographic, health and/or health-related information that we collect as part of providing the Services may be considered “protected health information” or “PHI.” HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. To the extent HIPAA is applicable, we may only use and disclose your PHI in the ways permitted by HIPAA.

    You have the right to revoke this consent at any time by sending an email to [email protected], however, please note that the revocation will not apply to the extent that we have already released your information to researchers based on this consent. We will move expeditiously to process the revocation request, but please note that revocation may take effect up to within 3 business days of being received."

  2. Non-Personally Identifiable Information

    We also collect non-personally identifiable information about visitors’ web activity and equipment. This information includes the operating system a visitor is using, the date and time the user visited a website or mobile app, referring URLs (what website the visitor came from), Internet service provider, browser type, device identifier, and information on the pages that visitors access or visit. Most non-personally identifiable information is collected via cookies or other analysis technologies, and is discussed in greater detail below.

What We Collect Offline

We may also obtain information about you when you interact with us outside of our website, such as in person, over the phone or by email. Further, we may collect information about you from third parties. For example, we use a third-party verification service provider to verify a user’s identity. Moreover, if you apply to become a research study participant, we may obtain personal information about you from the researcher conducting the study, such as whether your application was accepted, whether the study was conducted, and whether you actually participated in the study.

We may combine information that we collect online with information we receive about you from offline sources.

Our Use of Cookies and Other Technology to Collect Information

  1. Cookies, Web Beacons and Embedded Scripts

    When you use or access our Services, we may send one or more “cookies” to your computer or other device. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that website to recognize your browser. We also may use “web beacons,” which are small graphic files that allow us to monitor the use of our Services. A web beacon is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies. We also may use “embedded scripts,” programming code that is designed to collect information about your interactions with the Services, such as the links on which you click. The code is temporarily downloaded onto your computer or mobile device from our web server or a third-party service provider, is active only while you are connected to the Services, and is deactivated or deleted thereafter.

    Cookies may store unique identifiers, user preferences and other information. A web beacon can collect information such as the IP (Internet Protocol) address of the computer that downloaded the page on which the tag appears, the URL of the page on which the web beacon appears, the time the page containing the web beacon was viewed, the type of browser that fetched the web beacon and the identification number of any cookie on the computer previously placed by that server. Our use of cookies and web beacons includes login verification, session management, load balancing and personalization to enhance your user experience. We also use these tools to estimate the number of visitors to our website and mobile app, track visits to and transaction with the sites referenced by our Services, and analyze our users’ visiting patterns.

    We do not use cookies to store any of your personal, financial, or health-related information on your computer. Also, we do not use cookies to retrieve information from your computer that was not originally provided to us by you directly, or by your browser when you are using the Services. Once you visit or click on links to third-party websites, their sites may use cookies. We do not control what information those websites collect or their use of cookies, and they are not participant to our Privacy Policy, including the use of cookies.

    You can set your browser to refuse all cookies or to indicate when a cookie is being sent. To learn more about cookies and interest-based advertising, or to opt out of cookies, visit the opt-out services of the National Advertising Initiative or visit the Digital Advertising Alliance's Self Regulatory Program and follow the simple opt-out process. However, if you decline cookies, some features of the Services may not function properly.

  2. Google Analytics

    Some of the information we collect automatically is collected through our use of Google Analytics to help analyze how users use the Services. The Google Analytics tool uses cookies, as described above, to collect standard Internet log information and visitor behavior information in an anonymous form. The information generated by the cookie about your use of the Services (including IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the Services and to compile statistical reports on Services activity for us. For more information regarding Google Analytics, please visit Google’s website and pages that describe Google Analytics.

  3. Other Third Party Technologies

    The Services may include social media features, such as widgets. These features may collect your IP address, which page you are visiting on that Services, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Services. Your interactions with these features are governed by the privacy policy of the company providing it.

    We also may work with other third parties, including advertising companies and other website analysis firms, who also use cookies and web beacons to collect non-personally identifiable information when you use our Services or visit other third-party websites. This non-personally identifiable information is typically used by these third party advertising companies (i.e., advertising networks) to serve you with advertisements tailored to meet your interests and needs while on third party websites.

How Information Is Used

We may use the information we collect, in an aggregated or individualized manner, for any of the following purposes:

  1. To customize and provide the Services to you;
  2. To check and verify personal information with third parties as necessary;
  3. To process payments to and from users;
  4. To operate, improve and personalize the products and services we offer, and to give each user a more consistent and personalized experience when interacting with us online and offline;
  5. For customer service, security, to detect fraud or illegal activities, and/or for archival and backup purposes in connection with the provision of the Services;
  6. To send marketing materials and communications to you about products and services we think may be of interest to you;
  7. To communicate with you, including through email;
  8. To administer and improve the Services;
  9. For research and analysis;
  10. To enforce our Terms of Service or other applicable policies;
  11. To permit potential research participants to search for and identify research studies in which they might want to participate; and
  12. To otherwise conduct business, as described when the information is collected.

Sharing of Information

We may share and disclose information as described at the time information is collected or as follows:

  1. To Perform the Services

    • Researcher and Research Study Information

      We may disclose personal information to third parties in order to perform the Services attendant to publicizing a research study and determining whether a potential participant meets a study’s eligibility requirements. Certain personal information will be used to verify the identity of each Researcher who creates an account for our Services. At the direction of a researcher, we will publicly post the information provided regarding a research study that is scheduled to be conducted and is in need of additional participants.

    • Research Participant Information

      We may disclose personal information to third parties in order to perform the Services available for potential and actual research study participants. Certain personal information may be used to verify the identity of a potential research participant who creates an account for our Services. At the direction of a potential or actual research study participant, we will disclose information to the researcher conducting a research study.

  2. With Third Party Service Providers Performing Services on Our Behalf

    We share information, including personal information, with our service providers to perform the functions for which we engage them (such as hosting and data analyses). We may share information as needed to operate other related services.

  3. For Legal Purposes

    We also may share information that we collect from users, as needed, to enforce our rights, protect our property or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. We will disclose information, including personal information, as we deem necessary to respond to a subpoena, regulation, binding order of a data protection agency, legal process, governmental request or other legal or regulatory process. We may also share information as required to pursue available remedies or limit damages we may sustain.

  4. Corporate Changes

    We may transfer information, including personal information, in connection with a merger, sale, acquisition or other change of ownership or control by or of us or any affiliated company (in each case whether in whole or in part).

  5. To Users of the Services

    We will make available to you, and anyone who you explicitly give us permission to share your information with, all of the personal information that you share with us directly when you use the Services. You can delete, revise, or otherwise manage that information by logging into your account.

The Security of Your Information.

The security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our Services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.

Special Provisions.

  1. Children

    We do not knowingly collect or maintain personal information from any person under the age of thirteen. No parts of our Services are directed to or designed to attract anyone under the age of thirteen.

  2. Your California Privacy Rights

    Under California’s “Shine the Light” law, California residents who provide personal information to us in obtaining products or services for personal, family or household use are entitled to request and obtain from us once a calendar year information about certain types of information we may share with other businesses for their own direct marketing uses. To make such a request, please send an email to [email protected] and include the phrase “California Privacy Request” in the participant line, and provide us with your name, address and email address. We will respond to you within 30 days of receiving such a request. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.

  3. Do Not Track

    We do not support Do Not Track with respect to the Services at this time. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For all the details, including how to turn on Do Not Track, visit Do Not Track.

Accountability for Onward Transfers

This Policy and the Privacy Policy describe how Clara Health shares Personal Data.

Except as permitted or required by applicable law and in accordance with Clara Health’s role as a controller or processor, Clara Health provides EEA users with an opportunity to opt out of sharing their Personal Data with third-party controllers. Clara Health requires third-party controllers to whom it discloses the Personal Data of EEA users to contractually agree to (a) only process the Personal Data for limited and specified purposes consistent with the consent provided by the relevant EEA user, (b) provide the same level of protection for Personal Data as is required by the Privacy Shield Principles, and (c) notify Clara Health and cease processing Personal Data (or take other reasonable and appropriate remedial steps) if the third-party controller determines that it cannot meet its obligation to provide the same level of protection for Personal Data as is required by the Privacy Shield Principles.

Clara Health may disclose Personal Data to trusted third parties as indicated in the Privacy Policy without offering an opportunity to opt out. Clara Health requires that its agents and service providers that have access to Personal Data within the scope of this Privacy Shield Policy provide the same level of protection as required by the Privacy Shield Principles. Clara Health has liability for onward transfers to third parties unless we can prove we were not a party to the events giving rise to the damages.

We may also need to disclose Personal Data in response to lawful requests by public authorities, for law enforcement or national security reasons, or when such action is necessary to comply with a judicial proceeding or court order, or when otherwise required by law. We do not offer an opportunity to opt out from this category of disclosure.

Recourse, Enforcement and Dispute Resolution

If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Privacy Shield Principles. In the event we are unable to resolve your concern, you may contact The EU data protection authorities, which provides an independent third-party dispute resolution body, and they will investigate and assist you free of charge. A binding arbitration option may also be available to you in order to address residual complaints not resolved by any other means. Clara Health is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).

Notices

Please send all questions, comments and notices regarding this Privacy Policy to:

[email protected]

or

M&B Sciences 4445 Eastgate Mall, Suite 200 San Diego, CA 92121