BLOCK CLINICAL INC. GDPR COMPLIANCE STATEMENT
Last updated: September, 2021
Block Clinical Inc., a Delaware corporation (“Company”, “we”, “us” or “our”), respects your privacy and is committed to protecting your privacy through our compliance with this GDPR Compliance Statement (“GDPR Statement”).
This GDPR Statement describes our practices in connection with information we collect through conduct of our Service and store in our software platform (“Platform”) on behalf of our Customers.
GDPR, stands for “General Data Protection Regulation”. It is one of the most important changes made to data privacy regulations in the last two decades. It establishes a new framework for handling and protecting the personal data of EU-based residents and is in effect since May 25, 2018. It provides the citizens of the EU greater control over their personal data and assures them that their information is protected.
Block Clinical Inc. has undertaken a Data Protection Agreement (“DPA”) with our Clients (“Clients”) to comply with all applicable regulations on Personal Data processing (“Data Privacy Laws”), including but not limited to; orders and authorizations of any Data Protection Authority, the national and international legislation on clinical trials, and the specific provisions applicable to studies, the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Regulation (EU) 2016/679 (“GDPR”).
Data Controller – the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. In this case, refers to the Client (and its authorized persons, which determine the purpose and means of processing of Personal Data).
Data Processor – any natural or legal person who processes the data on behalf of the Data Controller. In this case, is Block Clinical Inc. who processes Personal Data on behalf of the Data Controller and under its control.
Data Subject – any living individual who is using our Service and is the subject of Personal Data.
DOES GDPR AFFECT YOU?
Although GDPR is a data protection framework for the citizens residing in the EU, it also applies to all companies that handle personal data of individuals from the EU. This means that almost every major corporation in the world will need to be ready when GDPR comes into effect. If you or your organization stores and processes personal data in connection to services or goods offered in EU, then the laws applies to you as well. Also, in the the event of infringement of these laws, you can face fines and penalties from 10 million to 20 million dollars or 2% to 4% of the annual revenue of the organization depending upon whichever is higher.
This GDPR Statement applies to the following groups of individuals who interact with our Platform:
● Customers: “Customers” are individuals who are employees or associates of sponsors, contract research organizations, third party patient logistics companies, clinical research sites, hospitals, and similar organizations, including customer personnel who are assigned a login ID and are authorized to access and use our Platform pursuant to an active agreement.
● Customer Contacts: “Customer Contacts” are individuals who interact with our Customers or other Customer Contacts through our Platform, including Customer Contacts who are assigned a login ID and are authorized to access and use our Platform pursuant to an active agreement. Customer Contacts include our Customers’ clients, clinical site personnel, logistics supplier partners, other business contacts, and the patients and caregivers they support (for example, Customer Contacts include patients and caregivers that opt-in to our Customers’ service, clinical site coordinators, and logistics supplier partners who ultimately delivery services to patients) using our Platform.
● Block Clinical Inc. Employees and Contractors: “BCI” are individuals who support patients to deliver logistics and payment services and operate on behalf of Block Clinical and our Customers.
OUR COMMITMENT TO GDPR
Block Clinical is working towards full GDPR compliance, and making sure that we are aligned to the GDPR framework, and have built product features for greater privacy and data control.
PRINCIPLES FOR PROCESSING PERSONAL DATA
Our principles for processing personal data are:
WHAT PERSONAL DATA WE COLLECT AND PROCESS
In this section, we explain the information collected about Customer Contacts (collectively, “Customer Contact Data”).
Our Platform is flexible and allows our Customers to collect a variety of personal information from and about their Customer Contacts, including name, organization, title, address, e-mail address, telephone number, and other information including but not limited to gender, date of birth, passport number, travel dates, and other travel preferences (“Personal Information”).
We are the sole owners of the Customer Contact Data (which includes Personal Information) collected through our Platform. We only collect information that you voluntarily give our Customers permission to use. You may provide our Customers with information by phone, email, input directly into our Platform, or through applications that are integrated with our Platform.
We will not sell or rent Customer Contact Data to anyone.
HOW WE USE INFORMATION
We do not use Customer Contact Data for any purpose other than to provide services that our Customers have contracted us to provide through our Platform, as noted below, or as required by law.
Here are examples of situations in which we use Customer Contact Data:
●If a Customer uses our Platform to request and track delivery of logistics services through multiple logistics supplier partners.
●Transfer of Customer Contact Data to a logistics supplier partners for the sole purpose of booking travel on behalf of the patient and/or caregiver (for example, we may provide name, arrival and departure dates to a hotel for reservation purposes).
●When a Customer or Customer Contact uses our Platform to deliver logistics confirmation information related to travel and payments to other Customer Contacts including patients, caregivers, and/or coordinators.
●To deliver to a third party in the event of a merger, divestiture, restructuring, recapitalization, reorganization, dissolution or other sale or transfer of some or all of the Company’s assets, whether as a continuing operating business or as part of bankruptcy, liquidation or a similar proceeding, in which Customer Contact Data is among the assets transferred.
●As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to respond to requests from public and government authorities including public and government authorities outside your country of residence; and (c) to protect against or identify fraudulent transactions.
●For other purposes when Customers or Customer Contacts provide explicit consent.
●We aggregate and anonymize information about Customers and Customer Contacts, and the use of our Platform, in order to improve our Platform and create benchmark and other business intelligence products. None of the aggregated and anonymized information contain Personal Information (i.e., does not identify any individual).
LEGAL BASIS FOR COLLECTING AND PROCESSING PERSONAL DATA
Block Clinical’s legal basis for collecting and using the personal data depends on the personal data we collect and the specific context in which we collect the information:
RETENTION OF PERSONAL DATA
Block Clinical will retain your personal information only for as long as is necessary for the purposes set out in this GDPR Statement.
Block Clinical will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
DATA PROTECTION RIGHTS
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed about what personal data we hold about you and if you want it to be removed from our systems, please contact us at firstname.lastname@example.org.
In certain circumstances, you have the following data protection rights:
REVIEWING, UPDATING AND DELETING YOUR INFORMATION
All individuals have the right to access their Personal Information. We provide our Customers with the capability to review, update and delete your Personal Information. We require that our Customers receive your permission before any of your Personal Information is accessed, retrieved or made available to logistics supplier partners. In addition, we provide our Customers the ability to revoke permission to access your Personal Information. Contact your appropriate Customer representative to:
●See what data we have about you, if any.
●Change/correct any data we have about you.
●Have us delete any data we have about you.
●Express any concern you have about our use of your data.
Alternatively, you can reach us directly by emailing our Privacy Officer at the email listed in the Contact Information section below.
Block Clinical Inc
16787 Bernardo Center Dr
San Diego, CA 92128
REPRESENTATION FOR DATA SUBJECTS IN THE EU AND THE UK
We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/19348574538