BLOCK CLINICAL INC. PRIVACY POLICY

Last updated: February 15, 2023

GENERAL STATEMENT

Block Clinical Inc., a Delaware corporation (“Company”, “we”, “us” or “our”), respects your privacy and is committed to protecting your privacy through our compliance with this Privacy Policy (“Policy”).

Important information is included for individuals located in the European Economic Area, Switzerland, and United Kingdom (collectively, “Europe”) in the Notice to European Users.

This Policy describes our practices in connection with information we collect to deliver payment and logistical services that you may require you require. It will notify you of the following:

1. Who this Policy applies to.

2. What personally identifiable information is collected from you

3. How information is used and with whom it may be shared.

4. Information regarding Links and Advertising.

5. Information regarding our Children’s Policy.

6. Reviewing, updating, and deleting your information.

7. The security procedures to protect the misuse of your information.

8. Information regarding how this Policy is enforced.

9. Our compliance with GDPR

10. Representation for Data Subjects in the EU and the UK

11. Changes to our Policy.

12. How to get in contact with us.

If you do not agree with our Policy, you may choose not to use our Platform.

CUSTOMERS AND CUSTOMER CONTACTS

This Policy applies to the following groups of individuals who interact with our Platform:

● Customers: “Customers” are individuals who are employees or associates of sponsors, contract research organizations, third party patient logistics companies, clinical research sites, hospitals, and similar organizations, including customer personnel who are assigned a login ID and are authorized to access and use our Platform pursuant to an active agreement.

● Customer Contacts: “Customer Contacts” are individuals who interact with our Customers or other Customer Contacts through our Platform, including Customer Contacts who are assigned a login ID and are authorized to access and use our Platform pursuant to an active agreement. Customer Contacts include our Customers’ clients, clinical site personnel, logistics supplier partners, other business contacts, and the patients and caregivers they support (for example, Customer Contacts include patients and caregivers that opt-in to our Customers’ service, clinical site coordinators, and logistics supplier partners who ultimately delivery services to patients) using our Platform.

CUSTOMER CONTACT DATA

In this section, we explain the information collected about Customer Contacts (collectively, “Customer Contact Data”).

Our Platform is flexible and allows our Customers to collect a variety of personal information from and about their Customer Contacts, including name, organization, title, address, e-mail address, telephone number, and other information including but not limited to gender, date of birth, passport number, travel dates, and other travel preferences (“Personal Information”).

We are the sole owners of the Customer Contact Data (which includes Personal Information) collected through our Platform. We only collect information that you voluntarily give our Customers permission to use. You may provide our Customers with information by phone, email, input directly into our Platform, or through applications that are integrated with our Platform.

We will not sell or rent Customer Contact Data to anyone.

HOW WE USE INFORMATION

We do not use Customer Contact Data for any purpose other than to provide services that our Customers have contracted us to provide through our Platform, as noted below, or as required by law.

Here are examples of situations in which we use Customer Contact Data:

Types of 3rd parties we share Customer Contact Data with: logistics suppliers who our Customer Contacts have opted-in to receive logistics services from – airlines, hotels, ground transportation companies, payment remittance companies, etc… For a list of our sub processors and nature of processing can be found at: https://blockclinical.com/authorized-sub-processors/
● If a Customer uses our Platform to request and track delivery of logistics services through multiple logistics supplier partners.

● Transfer of Customer Contact Data to a Customer’s logistics supplier partner for the sole purpose of booking travel on behalf of the patient and/or caregiver (for example, we may provide name, arrival and departure dates to a hotel for reservation purposes).

● When a Customer or Customer Contact uses our Platform to deliver logistics confirmation information related to travel and payments to other Customer Contacts including patients, caregivers, and/or coordinators.

● To deliver to a third party in the event of a merger, divestiture, restructuring, recapitalization, reorganization, dissolution or other sale or transfer of some or all of the Company’s assets, whether as a continuing operating business or as part of bankruptcy, liquidation or a similar proceeding, in which Customer Contact Data is among the assets transferred.

● As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to respond to requests from public and government authorities including public and government authorities outside your country of residence; and (c) to protect against or identify fraudulent transactions.

● For other purposes when Customers or Customer Contacts provide explicit consent.

● We aggregate and anonymize information about Customers and Customer Contacts, and the use of our Platform, in order to improve our Platform and create benchmark and other business intelligence products. None of the aggregated and anonymized information contain Personal Information (i.e., does not identify any individual).

LINKS AND ADVERTISING

We do not advertise on or through our Platform and do not provide any Customer Contact Data to advertisers or otherwise to third parties for the purpose of advertising or marketing. From time to time, our Platform may contain hyperlinks (“Links”) to third parties, including third party providers of certain programs. Such Links are for your reference only, and we neither control the privacy policies of such linked websites nor are we liable or responsible in any way for the use of any personally identifiable information that you may provide such sites. We recommend that you remain aware when you leave our Platform and review the terms of use and privacy policies of each and every linked website.

You should also be aware that if you voluntarily disclose personally identifiable information in an email or other communications with any third party listed on our Platform or in other materials, such information, along with any other information disclosed in your communication, can be collected and correlated and used by such third parties and may cause you to receive unsolicited messages from other sources. Such collection, correlation, use and messages are beyond our control.

CHILDREN’S POLICY

Our Platform is for general audiences and is not directed toward those under 18 years of age. We do not knowingly collect Personal Information from children under 13 without parental consent. If you become aware that a child has provided us with Personal Information, please contact our Privacy Officer at the email address in the Contact Information section below. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to remove such information.

REVIEWING, UPDATING AND DELETING YOUR INFORMATION

All individuals have the right to access their Personal Information. We provide our Customers with the capability to review, update and delete your Personal Information. We require that our Customers receive your permission before any of your Personal Information is accessed, retrieved or made available to logistics supplier partners. In addition, we provide our Customers the ability to revoke permission to access your Personal Information. Contact your appropriate Customer representative to:

● See what data we have about you, if any.

● Change/correct any data we have about you.

● Have us delete any data we have about you.

● Express any concern you have about our use of your data.

Alternatively, you can reach us directly by emailing our Privacy Officer at the email listed in the Contact Information section below.

SECURITY

Steps we take to keep your information secure. The security of Customer Contact Data is important to us. We have put in place commercially reasonable physical, electronic, and managerial procedures to protect Customer Contact Data from unauthorized access.

Risks inherent in sharing information. Notwithstanding our commitment to protect Customer Contact Data, you should be aware that there is always some risk involved in transmitting information over the Internet. In addition to the risk that Customers’ employees, contractors and others subject to our agreements may fail to follow required procedures, there is also some risk that networks and/or security systems could be circumvented or breached, including by third parties who use our Platform in order to do so. As a result, while we strive to use commercially reasonable means to protect Customer Contact Data, we cannot ensure or warrant the security and privacy of your Customer Contact Data or any other information you transmit to us, or of any networks and/or security systems. If you have any questions regarding the security of our Platform you can contact our Privacy Officer at the email address set forth below.

ENFORCEMENT

We regularly review our compliance with this Policy. Please let us know of any questions or concerns you have regarding this Policy or our compliance with this Policy by contacting our Privacy Officer at the email address in the Contact Information section below. When we receive formal written complaints, it is our policy to contact the complaining party regarding his/her concerns. We will cooperate with the appropriate regulatory authorities to resolve any complaints regarding the transfer of Personal Information that cannot be resolved between the Company and any individual or entity.

Block Clinical commits to resolve complaints about your privacy and our collection or use of your Personal Information. European Union and Swiss individuals with inquiries or complaints regarding this Policy should first contact the Company at:

Block Clinical Inc
Privacy Officer
16787 Bernardo Center Dr, Ste 7
San Diego, 92128
privacy@blockclinical.com

YOUR CALIFORNIA PRIVACY RIGHTS
We do not monitor, recognize, or honor any “Do Not Track” signals or similar signals.

GENERAL DATA PROTECTION REGULATION (GDPR)
Natural persons located in the European Economic Area (“EEA”) should review the GDPR Privacy Notice here: https://blockclinical.com/gdpr/

REPRESENTATION FOR DATA SUBJECTS IN THE EU AND THE UK

We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/19348574538

CHANGES TO THIS POLICY

We may revise this Policy from time to time. When we do so, we will revise the “updated” date at the top of this Policy. Any such revision will be effective immediately upon posting at www.blockclinical.com/privacy-policy/. You are responsible for checking this Policy for revisions.

CONTACT INFORMATION

If you have questions or comments regarding this Policy or our practices, please contact us at:

Block Clinical Inc
Privacy Officer
16787 Bernardo Center Dr, Ste 7
San Diego, 92128
privacy@blockclinical.com