SUVODA BYOD PRODUCT PRIVACY POLICY AND TERMS OF USE

Suvoda LLC, a U.S. company organized under the laws of Pennsylvania, USA, and its subsidiaries (hereinafter collectively referred to as “Suvoda”, “We”, “Our”) provides clinical trial software products and related services (collectively, “Services”) including, without limitation:

  • interactive response technology (IRT);
  • Drug Inventory Management System (DIMS);
  • electronic informed consent (eConsent);
  • electronic clinical outcomes assessment (eCOA); and
  • electronic patient portal (ePatient)

to pharmaceutical, biotechnology and medical device companies conducting clinical trials as well as contract research organizations and other companies involved in servicing clinical trials (collectively, “Suvoda’s Customers”). Suvoda’s Customers are the sponsors of clinical trials (each a “Sponsor” and collectively, “Sponsors”) or provide services on behalf of Sponsors.

Privacy Statement

This BYOD Privacy Policy and Terms of Use applies to clinical trial participants and their caregivers who use Suvoda’s application containing eCOA and ePatient functionality (the “Suvoda Application”) on their own devices (and not on devices provided by Suvoda). You should review the privacy policy of the Sponsor and/or the consent document that you sign in connection with participating in the applicable clinical study (the “Study”) for further information on how Suvoda processes your Personal Information in connection with Suvoda’s Services other than providing the Suvoda Application.

In the course of making the Suvoda Application available, Suvoda collects and processes information about users of the Suvoda Application. Some of such information is personal information that could be related to an identified or identifiable natural person (the "Personal Information"). Suvoda processes Personal Information pursuant to instructions provided by Suvoda’s Customers to facilitate the clinical trial and as needed to provide the Services. We may also use this information in an aggregated manner to improve the Services.

This privacy policy and terms of use (the "Terms") explains how and what Personal Information Suvoda collects about you, as a user of the Suvoda Application, and how we use, share and protect such information. It also explains the terms and conditions to which you agree if you access or use the Suvoda Application. We encourage you to read the Terms carefully.

You should stop using the Suvoda Application if you are not a clinical trial participant or the caregiver of a clinical trial participant, in either case, who is authorized to use the Suvoda Application by a Suvoda Customer.

By accessing or using the Suvoda Application, you agree to be bound by these Terms. If you do not agree, please immediately discontinue accessing the Suvoda Application.

If you have questions about the Personal Information that Suvoda processes in connection with the Services or would like to update, correct, delete or exercise your rights in connection with the Personal Information we may have collected about you, please contact the Sponsor of the applicable clinical trial.

User Conduct

In using the Suvoda Application, you agree:

  • Not to attempt to access any part of the Suvoda Application which you are not authorized to access or to circumvent any use restrictions put into place to prevent certain uses of the Suvoda Application or the device you use to access the Suvoda Application (“Hardware”);
  • Not to disrupt or interfere with the security of, or otherwise abuse, the Suvoda Application, system resources, accounts, servers, or networks connected to or accessible through the Suvoda Application;
  • Not to use or attempt to use or access another person’s account or Personal Information, or create or use a false identity on the Suvoda Application;
  • To keep your credentials confidential and not to allow any unauthorized user to access the Suvoda Application using your credentials;
  • Not to upload, post, or otherwise transmit through or on the Suvoda Application any viruses or other harmful, disruptive, or destructive files;
  • Not to decompile, reverse engineer, reverse assemble, decipher, or otherwise attempt to discover any programming code or any source code used in or with the Suvoda Application or otherwise distribute in any way any content in the Suvoda Application;
  • Not to modify, store, copy, distribute, transmit, display, perform, reproduce, publish, license, transfer, post, translate or scrape any content without our prior written permission.
  • To observe and comply with all Applicable Laws and any instructions or conditions notified to you by Suvoda or Suvoda’s Customer. “Applicable Laws” means local, national and international legislation, enactment, subordinate legislation, rule, regulation, order, directive or other provision, or requirement of a regulatory authority (or persons authorized on their behalf) and any judicial or administrative interpretation or application thereof, which has, in each case, the force of law in the jurisdictions in which the Services are provided and/or utilized.
  • Not to act or omit to act in any way in connection with your use of the Suvoda Application which will or may place Suvoda or any other third party in breach of any provisions of Applicable Law, or any licenses or authorizations, and to cooperate fully with Suvoda and its third party providers to enable them to comply with all of the same.
  • Not to use the Suvoda Application for any improper or unlawful purpose.
  • Not act or omit to act in any way which will or may injure or damage any persons or the property of any persons or howsoever cause the quality of the Suvoda Application to be impaired.
  • To contact your clinical trial site (e.g. the hospital or clinician’s office where you enrolled in the clinical trial) for support with the Suvoda Application, rather than Suvoda.
  • Suvoda may restrict or remove your access to the Suvoda Application at any time.

Personal Information We Collect:

These Terms apply to Personal Information that We collect and process from you when you use the Suvoda Application, including the following information:

In order to use our Suvoda Application, you will need to open an account. To do this you will need to choose login credentials. You may also need to provide your email address, phone number, first and last name, address, time zone, health related information and, for Suvoda’s ePatient, your Social Security Number or other government identification number, banking information, and answers to security questions. In providing Suvoda’s ePatient, we may also process your clinical trial subject identification number, initials, home address, gender, date of birth and, for scheduling appointments, your calendar information.

Usage Information:

We collect and maintain information about your usage of the Suvoda Application, including any actions you take in connection with the Studies to which you have access. For example:

  • Entering your credentials and other Personal Information
  • Completing eCOA assessments
  • Submitting reimbursement requests and information related thereto
  • Scheduling appointments

Additionally, through your use of the Suvoda Application, Suvoda may receive information regarding your general geographic location (e.g. country), a de-identified device number, device battery level, time zone, local date and time, log-in attempts and other activity in the Suvoda Application and may share this information with the Suvoda Customer or Sponsor.

How We Use and Share the Information Collected:

We share certain of your Personal Information with Suvoda’s Customer. We may use the email address and/or phone number that you provided in order to supply you with information regarding our Services and communicate with you with respect to the Study or your use of the Services, including any maintenance issues and notifications with respect to our Terms, as well as to solicit feedback about our Services. We may also use information about your use of the Services to improve the Services.

We also share your Personal Information with third parties as needed to provide the Services including, with third parties whose software is integrated with Suvoda’s. You may be required to accept a privacy policy from one or more of these third parties to use the Services and in certain cases, you may be required to provide Personal Information directly to those third parties. In such cases, the privacy policies of those third parties will apply.

Purpose of the Use of Information:

In addition to the above, Suvoda may use the information it collects, including Personal Information, for the following purposes:

  • To provide the Services to you and our Customers, to fulfill our contractual responsibilities, and to comply with legal and regulatory requirements;
  • To contact you regarding the Services;
  • For the specific purpose for which the information was provided;
  • To diagnose a problem related to our Services or to help manage the Suvoda Application;
  • To help improve the Services;
  • To prevent or detect fraud;
  • To fulfill the Terms of Use set forth herein, including protecting the rights, assets, and safety of Suvoda, its users, and others as well as protecting the content of the Services protected by copyrights;
  • To comply with laws and regulations or to meet the requirements of government authorities; and
  • To analyze use of the Services.

Audit Trail

Your activities in the Suvoda Application will be labeled with your user identifier and will be associated with you to track certain of your activities in the Suvoda Application (the "Audit Trail"). This information will be retained by us even after your account is deleted or the Study in which you participated has been completed (please see the "Changing or Deleting your Information" section below). This information may be shared, along with other information in connection with the Study, with the Suvoda Customer, Sponsor and/or other third parties, including regulatory authorities, as may be instructed by the Sponsor or Suvoda Customer, to fulfill our contractual obligations and/or pursuant to a regulatory requirement.

Other Sharing

In addition to the uses described above, We may also share your information, including Personal Information, with third parties for the following purposes:

  • When you consent to the disclosure of such information
  • In conjunction with an audit by the FDA or other regulatory agency
  • To a parent company, subsidiary, joint venture, or other company under common control with us for the provision of the Services
  • To a service provider/contractor to perform functions and process your data, consistent with these Terms, in order to help us provide the Services
  • In connection with a merger, acquisition, consolidation, change of control or sale of all or a portion of our assets or if We undergo bankruptcy or liquidation
  • Where We are legally required to do so, such as in response to court orders or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands, or to comply with requirements of Applicable Law
  • If We believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, situations involving potential threats to the rights, property, or personal safety of any person or to address technical issues
  • In an emergency or to protect the safety of any person
  • If We believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of the Services infrastructure or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of the website infrastructure or the Services generally)
  • To enforce these Terms and any other terms that you have agreed to, including to protect the rights, property, or safety of Suvoda, its users, or any other person, or the Services

 

Please see our Cookies Policy at https://www.suvoda.com/cookie-policy for information about the technologies that We and third parties use to collect information and to learn about options in connection with cookies.

Suvoda will not sell or rent your Personal Information.

Security and Information Protection

We take reasonable precautions to protect all information, including your Personal Information, applying a variety of technical and organizational measures. For example, all information, including Personal Information, entered into the Suvoda Application collected by us is transferred over https, and kept on a server in a secure environment within an ISO/IEC 27001 certified data center unless and until We need to share it with third parties as set forth above. We limit access to all information, including Personal Information, entered into the Suvoda Application only to those who need it to perform a specific function in connection with the Services and as set forth herein. Please remember that the Internet is not a 100% secure medium for communication, and We cannot guarantee that your information, including Personal Information, will always remain private when you use the Suvoda Application.

Changing or Deleting Your Information; Privacy Rights

If you want to exercise your privacy rights as a data subject including, without limitation, to access and/or request an update, correction or deletion of the Personal Information We may have collected from you, you may write to us at privacy@suvoda.com. Please identify yourself in such communication and provide sufficient information so that We can properly verify your identity as needed. If you make such a request, We will contact Suvoda’s Customer and will work with Suvoda’s Customer to provide a response to you either directly or through Suvoda’s Customer within a reasonable time and within a period of one (1) month where reasonably feasible. In particular you may exercise the following rights:

  • access your Personal Information together with information about how and on what basis it is processed (to the extent that information is not set out in this notice)
  • rectify inaccurate Personal Information (including to have incomplete data completed)
  • erase your Personal Information in those circumstances where it is no longer necessary in relation to the purposes for which it was collected and there is no legal basis for Suvoda to retain it
  • restrict processing of your Personal Information
  • object to processing which has "legitimate interests" as its legal basis
  • object to "automated decision making"
  • obtain a portable copy of your Personal Information

If you wish to delete your Personal Information in your account, please contact the Sponsor of the Study. Upon instruction from Suvoda’s Customer, and subject to the paragraph below, We will proceed to delete Personal Information you have provided. If We delete such Personal Information, you will no longer be able to access the Suvoda Application.

We may retain your information, including Personal Information, in an identifiable manner for as long as necessary to provide the Services, for as long as required by Applicable Laws and/or for as long as We reasonably believe that retaining the information is necessary to protect our legal rights or legitimate business interests or those of Suvoda’s Customer. We will retain the Audit Trail as necessary to fulfill our legal, regulatory or contractual obligations. In those cases, the Personal Information will be segregated to limit data processing and the Personal Information will be stored and retained to comply with the corresponding applicable legal, regulatory or contractual obligations.

Even if you have requested that We delete your Personal Information, keep in mind that the deletion of Personal Information by our third party providers may be performed in accordance with their internal policies and practices.

For any privacy or data protection related questions, please write to privacy@suvoda.com.

California Privacy Rights

Under California laws, California residents have certain rights with respect to their Personal Information. They can request access to or deletion of their Personal Information by contacting the Sponsor. Suvoda will not discriminate against you for exercising your legal rights.

Cross Border Transfer

Suvoda transfers, processes, and stores information about you on servers located in a number of countries, including the United States, which countries do not offer an equivalent level of protection on privacy matters that is offered in other territories such as the European Union. We may also subcontract processing to, or share your information with, third parties located in countries other than your home country.

Transfers of Information from the EEA

Suvoda complies with the EU-U.S. Data Privacy Framework program (“EU-U.S. DPF)”, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (“Swiss-U.S. DPF” and together with the EU-U.S. DPF, the “DPF”) as set forth by the U.S. Department of Commerce. Suvoda has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Suvoda has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program principles (“Swiss-U.S. DPF Principles” and together with the EU-U.S. DPF Principles, the “DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the applicable DPF Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, please visit https://www.dataprivacyframework.gov/. When We receive Personal Information under the DPF and then transfer it to third party service providers, We are liable for any processing of Personal Information by such third parties that is inconsistent with the DPF Principles unless We are not responsible for the event giving rise to any alleged damage.

Under the DPF you are entitled to access, correct, amend, or delete Personal Information about you that We hold where it is inaccurate, or has been processed in violation of the DPF Principles. You may access, amend, correct or delete your registration information by accessing your account on the Services. You may also exercise this right by contacting us at privacy@suvoda.com.

With respect to Personal Information received or transferred pursuant to the DPF, Suvoda is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

In certain situations, Suvoda may be required to disclose Personal Information in response to lawful requests by public authorities, including in order to meet national security or law enforcement requirements. For more information, please see the " How We Use and Share the Information Collected " section above.

In compliance with the EU-US DPF Principles, Suvoda commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact Suvoda at privacy@suvoda.com or as set forth under the section titled “Complaints, Questions or Comments below.

Suvoda has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Other Cross Border Transfers

In connection with the cross-border transfer of your Personal Information, including to the United States, your Personal Information may be subject to privacy laws that may not provide the same protection as your country of residence. For example, government entities in the United States and other countries may have certain rights to access your Personal Information. By using the Services you are consenting to this transfer of your Personal Information.

Changes to These Terms

These Terms are subject to revisions from time to time, in our sole discretion. When We make changes We deem material We will provide you with prominent notice as appropriate under the circumstances, and you will be notified of such changes on your next log in to the system. Your continued use of the Suvoda Application after the changes have been made will constitute your acceptance of the changes. Please therefore make sure you read any such notice carefully. If you do not wish to continue using the Suvoda Application under the new version of these Terms, please cease using the Suvoda Application.

Complaints, Questions or Comments

We welcome questions and comments about these Terms. Questions or comments should be directed to:

Suvoda LLC
181 Washington Street, Suite 100
Conshohocken, PA 19428
ATTN: Privacy Officer
Phone: 1-855-788-6321
Email: privacy@suvoda.com

Suvoda SRL
10 Bld I.C. Bratianu, Floor 3, District 3
Bucharest, Romania, 011413
ATTN: Privacy Officer
Phone: +40 (31) 2265529
Toll Free: 0800-896-362
Email: privacy@suvoda.com

Last updated: 28-March-2024