BLOCK CLINICAL INC. GDPR COMPLIANCE STATEMENT
Last updated: September, 2019.
Block Clinical Inc., a Delaware corporation (“Company”, “we”, “us” or “our”), respects your privacy and is committed to protecting your privacy through our compliance with this GDPR Compliance Statement (“GDPR Statement”).
This GDPR Statement describes our practices in connection with information we collect through our LaaS (logistics-as-a-service) software platform (“Platform”) on behalf of our Customers.
GDPR, stands for “General Data Protection Regulation”. It is one of the most important changes made to data privacy regulations in the last two decades. It establishes a new framework for handling and protecting the personal data of EU-based residents and is in effect since May 25, 2018. It provides the citizens of the EU greater control over their personal data and assures them that their information is protected.
Data Controller – the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.
Data Processor – any natural or legal person who processes the data on behalf of the Data Controller.
Data Subject – any living individual who is using our Service and is the subject of Personal Data.
DOES GDPR AFFECT YOU?
Although GDPR is a data protection framework for the citizens residing in the EU, it also applies to all companies that handle personal data of individuals from the EU. This means that almost every major corporation in the world will need to be ready when GDPR comes into effect. If you or your organization stores and processes personal data in connection to services or goods offered in EU, then the laws applies to you as well. Also, in the the event of infringement of these laws, you can face fines and penalties from 10 million to 20 million dollars or 2% to 4% of the annual revenue of the organization depending upon whichever is higher.
This GDPR Statement applies to the following groups of individuals who interact with our Platform:
● Customers: “Customers” are individuals who are employees or associates of sponsors, contract research organizations, third party patient logistics companies, clinical research sites, hospitals, and similar organizations, including customer personnel who are assigned a login ID and are authorized to access and use our Platform pursuant to an active agreement.
● Customer Contacts: “Customer Contacts” are individuals who interact with our Customers or other Customer Contacts through our Platform, including Customer Contacts who are assigned a login ID and are authorized to access and use our Platform pursuant to an active agreement. Customer Contacts include our Customers’ clients, clinical site personnel, logistics supplier partners, other business contacts, and the patients and caregivers they support (for example, Customer Contacts include patients and caregivers that opt-in to our Customers’ service, clinical site coordinators, and logistics supplier partners who ultimately delivery services to patients) using our Platform.
OUR COMMITMENT TO GDPR
Block Clinical is working towards full GDPR compliance, and making sure that we are aligned to the GDPR framework, and have built product features for greater privacy and data control.
PRINCIPLES FOR PROCESSING PERSONAL DATA
Our principles for processing personal data are:
Fairness and lawfulness. When we process personal data, the individual rights of the Data Subjects must be protected. All personal data must be collected and processed in a legal and fair manner.
Restricted to a specific purpose. The personal data of Data Subject must be processed only for specific purposes.
Transparency. The Data Subject must be informed of how his/her data is being collected, processed and used.
WHAT PERSONAL DATA WE COLLECT AND PROCESS
In this section, we explain the information collected about Customer Contacts (collectively, “Customer Contact Data”).
Our Platform is flexible and allows our Customers to collect a variety of personal information from and about their Customer Contacts, including name, organization, title, address, e-mail address, telephone number, and other information including but not limited to gender, date of birth, passport number, travel dates, and other travel preferences (“Personal Information”).
We are the sole owners of the Customer Contact Data (which includes Personal Information) collected through our Platform. We only collect information that you voluntarily give our Customers permission to use. You may provide our Customers with information by phone, email, input directly into our Platform, or through applications that are integrated with our Platform.
We will not sell or rent Customer Contact Data to anyone.
HOW WE USE INFORMATION
We do not use Customer Contact Data for any purpose other than to provide services that our Customers have contracted us to provide through our Platform, as noted below, or as required by law.
Here are examples of situations in which we use Customer Contact Data:
Types of 3rd parties we share Customer Contact Data with: logistics suppliers who our Customer Contacts have opted-in to receive logistics services from – airlines, hotels, ground transportation companies, payment remittance companies, etc…
● If a Customer uses our Platform to request and track delivery of logistics services through multiple logistics supplier partners.
● Transfer of Customer Contact Data to a Customer’s logistics supplier partner for the sole purpose of booking travel on behalf of the patient and/or caregiver (for example, we may provide name, arrival and departure dates to a hotel for reservation purposes).
● When a Customer or Customer Contact uses our Platform to deliver logistics confirmation information related to travel and payments to other Customer Contacts including patients, caregivers, and/or coordinators.
● To deliver to a third party in the event of a merger, divestiture, restructuring, recapitalization, reorganization, dissolution or other sale or transfer of some or all of the Company’s assets, whether as a continuing operating business or as part of bankruptcy, liquidation or a similar proceeding, in which Customer Contact Data is among the assets transferred.
● As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to respond to requests from public and government authorities including public and government authorities outside your country of residence; and (c) to protect against or identify fraudulent transactions.
● For other purposes when Customers or Customer Contacts provide explicit consent.
● We aggregate and anonymize information about Customers and Customer Contacts, and the use of our Platform, in order to improve our Platform and create benchmark and other business intelligence products. None of the aggregated and anonymized information contain Personal Information (i.e., does not identify any individual).
LEGAL BASIS FOR COLLECTING AND PROCESSING PERSONAL DATA
Block Clinical’s legal basis for collecting and using the personal data depends on the personal data we collect and the specific context in which we collect the information:
Block Clinical needs to perform a contract for you
You have given Block Clinical permission to do so
Processing your personal data is in Block Clinical’s legitimate interests
Block Clinical needs to comply with the law
RETENTION OF PERSONAL DATA
Block Clinical will retain your personal information only for as long as is necessary for the purposes set out in this GDPR Statement.
Block Clinical will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.
DATA PROTECTION RIGHTS
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed about what personal data we hold about you and if you want it to be removed from our systems, please contact us at firstname.lastname@example.org.
In certain circumstances, you have the following data protection rights:
The right to access, update or to delete the information we have on you
The right of rectification
The right to object
The right of restriction
The right to data portability
The right to withdraw consent
REVIEWING, UPDATING AND DELETING YOUR INFORMATION
All individuals have the right to access their Personal Information. We provide our Customers with the capability to review, update and delete your Personal Information. We require that our Customers receive your permission before any of your Personal Information is accessed, retrieved or made available to logistics supplier partners. In addition, we provide our Customers the ability to revoke permission to access your Personal Information. Contact your appropriate Customer representative to:
● See what data we have about you, if any.
● Change/correct any data we have about you.
● Have us delete any data we have about you.
● Express any concern you have about our use of your data.
Alternatively, you can reach us directly by emailing our Privacy Officer at the email listed in the Contact Information section below.
Block Clinical Inc
1100 Moraga Way
Moraga, CA 94556