Effective Date: 10 October 2020
The following additional terms are incorporated into this Policy as if fully set forth herein:
Who we are
We are Data Cubed, LLC d/b/a Datacubed Health. We can be reached at firstname.lastname@example.org.
Datacubed Health is a pioneering technology company making better science and healthier communities a reality. We apply individualized solutions for the capture of data, including smartphone apps, wearable, in-home, and environmental sensors, for remote engagement with patients and for virtual clinical studies.
References to “we,” “us” and “our” mean Datacubed Health. References to “third-party” mean someone who is not you or us.
We are a Processor of the personal information Client Participants provide to us. We are a Controller of the personal information Datacubed Health Participants provide to us.
Who you are
In the Policy, you means you as a:
- Client – an employee or a representative of a business that uses Datacubed Health
- Client Participant – an individual solicited by a business who participates in a study conducted by Datacubed Health on behalf of the business
- Datacubed Health Participant – an individual who participates in a study conducted by Datacubed Health on its own behalf
You as a Client are a Controller of the Client Participant personal information you provide to us.
What legal basis we have for processing personal information
We process your personal information based on:
- Consent you provide. You have the right to withdraw your consent at any time.
- Performance of your contract with use or to enter into a contract with you or to take action on your requests.
- To the extent not outweighed by your rights under applicable law, our legitimate business interests.
What personal information we collect
As a Client Participant or a Datacubed Health Participant, we may collect the following information:
- Date of birth
- Place of birth
- Email address
- Information from your activities on the Services
- Biometric data (e.g. audio/video recordings)
- Phone device information
- Bluetooth device information
- Phone contacts
- Cell metadata
- SMS message metadata
- IP addresses
- Social media metadata
We are a Controller of the Datacubed Health Participant personal information, and Client is a Controller of the Client Participant personal information.
As a Client, we may collect the following information:
- Business address
- Business telephone number
- Business email address
- Any messages you send us
- Billing information
- Other details necessary to provide our services to you
You as the Client is the Controller of this information, and we are a Processor of this information.
How we may use personal information
We use the information we collect from you as a Client Participant or a Datacubed Health Participant to provide the Services to you. We may also use this information to help us develop and improve our Services, fulfill your requests, send materials to you, inform you about our offers and those of others, tailor our Services to meet your interests and for other purposes permitted by law.
If you are a Client Participant, our processing of your information is restricted to what is agreed to in a contract with the Client.
We use the information we collect from Clients to answer your inquiries and to provide the Services to you.
How we may share personal information
We may share personal information with our business associates, consultants, service providers, advisors and affiliates on a confidential basis in order for them to provide services to us, to you, and to enable us to provide the Services. For example, our host and internet service provider may have access to this information.
We may share personal information with government and/or law enforcement agencies to the extent we believe it necessary to comply with the law, such as in response to a subpoena or court order, to defend a legal claim or establish or protect our legal rights or otherwise as permitted by applicable law. We may disclose personal information in our possession in the event we believe it necessary or appropriate to prevent criminal activity, personal injury, property damage or bodily harm.
We may transfer your information to a successor in interest, which may include but may not be limited to a third-party in the event of an acquisition, sale, asset sale, merger or bankruptcy. The policies applicable to your information thereafter may be determined by the transferee, unless otherwise prohibited by law.
Where we store and process personal data
We store the information we collect from you on servers provided by Amazon Web Services in the United States and Europe. For testing purposes, the information we collect from you may also be stored on desktop and laptop computers used by our employees in the United States. The information we collect from you in the EU may be transferred from and kept outside the EU because our operations and some of our servers are located in the United States. We enter into Standard Contractual Clauses in order to transfer your information outside the EU and Switzerland. We continue to protect information transferred under the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks according to the Privacy Shield principles.
How long we may keep your personal data
We may keep your information for as long as we have to by law. If there is no contradictory legal requirement, we will only keep it for as long as we need it to perform the Services. We may also keep your information for a reasonable period of time. Where U.S. law applies, and where required by U.S. law, we retain covered protected health information for 7.5 years or as otherwise required or permitted by law.
Where to find us on social media and Cookies
Your rights regarding your information
You have the right:
- To know if we are collecting, using or sharing your information and to request access to this information
- To request that we correct your information if it is inaccurate or incomplete
- To ask us to erase your information if
- Your information is no longer necessary for the purposes for which it was collected, used or shared
- You withdraw the consent on which the collection, use or sharing is based
- You object to the collection, use or sharing and there is no overriding legitimate interest for continuing the collection, use or sharing
- You object to the collection, use or sharing of your information for direct marketing purposes
- Your information was unlawfully collected, used or shared
- Your information has to be erased in order to comply with a legal obligation
- Your information was collected in order to offer online services to children
- To obtain from us a restriction on the collection, use or sharing of your information if
- You contest the accuracy of your information
- You have objected to the collection, use or sharing based on legitimate interest and we are considering whether our or a third-party’s legitimate interest ground overrides your interest
- The collection, use or sharing is unlawful, and you oppose erasure and request that use be restricted instead
- We no longer need your information, but you require your information to establish, exercise or defend a legal claim
- To be able to take with you the information you provided to us and to transmit that information to another organization where our collection, use or sharing of that information is carried out by automated means and is based on your consent or the performance of a contract
- To object to collection, use or sharing based on the purposes of legitimate interest or performance of a legal task, direct marketing and scientific/historical research and statistics
- Not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning you or similarly significantly affects you
- To lodge a complaint with a supervisory authority
How you exercise your rights
You may access, correct or delete your account information or cancel your account at anytime by emailing us at email@example.com. Please note that in some cases we may retain certain information about you as required by law.