Effective on: June 1, 2019
INTRODUCTION AND SCOPE
Patient Advertising Guru, Inc, d/b/a Research Study Rockstar, a New York corporation, with offices located at 1670 Old Country Road, Suite 206, Plainview, New York (“RSR”,” “we,” “us,” “our”), takes the protection of Personal Data very seriously. This Policy addresses data subjects whose Personal Data we may receive through subdomains of our website located at www.letsrockenroll.com.
In the context of this Policy, RSR acts as a data controller or data processor for the Personal Data we process, depending on our relationship with you and with our Clients. For example, when we process your Personal Data when you contact us through our website or if we return your inquiry by phone at your request, we act as a data controller. On the other hand, we generally act as a data processor in connection with services provided to our Clients.
CATEGORIES OF PERSONAL DATA
We may process the following types of Personal Data:
HOW WE RECEIVE PERSONAL DATA
You may provide us with personal data when you:
- Biographical information, such as your first and last name, age, and date of birth;
- Contact information, such as your email address and phone number;
- Location data and online identifiers, such as IP address;
- Web application usage data; and
- Health data (sensitive personal data), such as information about medical symptoms or prescribed medications, which you voluntarily provide in order to determine your eligibility.
- visit our website (by way of our cookies and other tracking technologies) or,
- speak to a research site by phone, who may input additional data into our secure system
After you enter your name and contact information into the form on our website, a participating research site from your area will call you at the phone number you provided. During this phone call, the study representative may ask you various of questions in order to determine your eligibility to participate in the research study in which you have responded about.
We do not collect your information for any other research study opportunity other than the study you’ve inquired about, nor will we ever contact you regarding any future study opportunities.
If we receive your Personal Data from a third party, we will notify you, where required by applicable laws, without undue delay.
BASIS OF PROCESSING
Where we act as a data controller within the scope of this Policy, we may rely on one or more of the following legal grounds for processing your Personal Data:
- your explicit consent;
- the processing is necessary for the performance of a contract with you, such as providing you with our services or to perform related pre-contractual steps at your request prior to entering into a contract;
- the need to pursue the legitimate interests of our Clients, such as finding qualified patients to participate in clinical trials;
- the need to comply with legal obligations; and
- any other ground, as required or permitted by law.
Where we rely on your consent as a legal ground for processing your Personal Data, you may withdraw your consent at any time. However, if you withdraw your consent, it will not affect the lawfulness of the processing that occurred based on your consent prior to your withdrawal..
Where we receive your Personal Data directly from you for the purpose of providing you with our services, we require your Personal Data in order to perform our contractual obligations owed to you. Without the necessary Personal Data, we will not be able to provide our services to you.
Where we act as a data processor within the scope of this Policy, we will process your Personal Data based on the documented instructions of the relevant data controllers.
PURPOSES OF PROCESSING
We process Personal Data for the purposes of:
- assisting our Clients in finding clinical trial participants;
- providing other services to our Clients;
- enabling the use of our website and the services we provide to potential participants in clinical trials;
- responding to inquiries, and/or other requests or questions;
- targeting our advertising.
DATA RETENTION PERIODS
Where we act as a data controller and when the purposes of processing are satisfied, we will retain your Personal Data for up to six months, unless you request that we delete your Personal Data sooner.
Where we act as a data processor, we will delete your Personal Data within six months of receiving an instruction to do so by the relevant data controller.
SHARING PERSONAL DATA WITH THIRD PARTIES
We may share your Personal Data with other entities. Such third parties may include:
- our Clients, in which case the transfers of your sensitive Personal Data are taking place only based on your explicit consent;
- those providing and managing IT systems and infrastructure for RSR;
- those providing communications software;
- e-mail service providers;
- customer relationship management (CRM) service providers;
- those providing cloud storage services;
- those providing enterprise resource planning software;
- social media services (in order to identify other potential participants for clinical trials).
We will require that these third parties maintain at least the same level of privacy and security that we maintain for such Personal Data. RSR remains liable for the protection of Personal Data that we transfer to our service providers.
OTHER DISCLOSURE OF YOUR PERSONAL DATA
We may disclose your Personal Data:
- to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
- if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or
- to our subsidiaries or affiliates only if necessary for business and operational purposes.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
DATA INTEGRITY & SECURITY
RSR has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
ACCESS & REVIEW
If you are a data subject about whom we store Personal Data, you may have the right to request access to, and the opportunity to update, correct, port, or delete such Personal Data. Under certain circumstances, you may have a right to restrict or object to the processing of your Personal Data. You may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent that you have previously provided for your Personal Data to be shared with third parties, except as required by law. You also have the right to opt out if your Personal Data is used for any purpose that is materially different from, but nevertheless compatible with, the purpose(s) for which it was originally collected or subsequently authorized by you.
Where we act as a data controller, to submit such requests or raise any other questions, please contact us using the information provided in the Contact Us section of this Policy.
Where we act as a data processor, you may exercise your rights under this section by contacting the data controller who has provided your Personal Data to us.
PRIVACY OF CHILDREN
We do not knowingly collect Personal Data from anyone under 18. In the event that we learn that we process Personal Data from a child under age 13, we will delete the information that we have stored as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us using the information provided in the Contact Us section of this Policy.
CHANGES TO THIS POLICY
If we make any material change to this Policy, we will post the revised Policy to this web page and update the “Effective” date above to reflect the date on which the new Policy became effective.
Where a privacy complaint or dispute cannot be resolved through RSR’s internal processes, RSR has agreed to participate in the
VeraSafe Privacy Shield Dispute Resolution Procedure.
Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here:
RSR is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
If you have any questions about this Policy or our processing of your Personal Data, please write to email@example.com or by postal mail at:
Patient Advertising Guru, Inc.
ATTN: Patient Privacy
1670 Old Country Road
Plainview, New York 11803