What information do we collect and when do we collect it?
The personal information we collect and how we collect it depends on the context of your interactions with us.
We will collect certain personal information that you provide directly to us when inquiring, ordering, or registering for services on our website, subscribing to a newsletter, filling out an online form, applying to participate in a clinical research study as a study volunteer, or when participating in an online survey or entering a drawing. Depending on the type of interaction with us you may be asked to enter your name, email address, mailing address, phone number, credit card information, medical conditions, or other details to help you with your experience. You may choose not to provide personal information, but in not doing so, we may be unable to complete your request, or you may not be able to participate in a particular online feature or service.
We may also collect certain information automatically when you visit our website, online services or participate in a survey, including (i) anonymized IP address of the enquiring computer; (ii) data and time of access; (iii) browser used and your computer’s operating system; and (iv) name and URL from the retrieved file. The temporary storage of this information by the system is necessary to enable the website to be delivered to your computer as well as to ensure the functionality and optimization of our website and to ensure the security of the information technology systems. The information is deleted as soon as it is no longer necessary for achieving the purpose of its collection.
Cookies can only identify the workstation computer used, but not your personal identity.
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
You can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
How do we use the information we collect?
We may use the information we collect from you for a variety of purposes, including:
- To process your transactions with us or to maintain or administer any online services
- To send you newsletters or other communications and mailings that you have requested (via email, text or mail)
- To respond to your inquiries (via live chat, email or phone)
- To contact you if you won a drawing that you voluntarily entered following completion of a survey
- To customize and personalize your use of the website or online services
- As otherwise described to you at the point of collection or pursuant to your consent
In addition, we may also use aggregated information to help us understand the preferences and experiences of users of our website or online services and to enhance our services and the website.
You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.
How Do We Protect the Information We Collect?
We are committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. All transactions are processed through a gateway provider and are not stored or processed on our servers.
In addition, our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our website as safe as possible. We also use regular malware scanning.
Despite our efforts to protect your personal information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your personal information over the Internet may be intercepted. Your use of the website constitutes an acceptance of such risk.
How do we share the information we collect with third parties?
Information about you is an important part of our business, and we are not in the business of selling it to others. We do not sell or casually share personal information gathered in the course of our business operations to third parties. However, we may share your personal information under the following conditions:
- We may share your personal information with third-party service providers or vendors that provide certain functions or services on our behalf, such as processing of credit card transactions, sending communications for us or performing transcription services. We will only provide those third-party service providers and vendors with the minimum information they need to deliver the requested services.
- We may share or transfer your information in connection with, and during negotiations of, a sale of all or substantially all of our assets or ownership interests, a merger, financing or other business combinations or reorganizations.
If our sharing practices change at any time in the future, we will post the policy changes to the website so that you may opt out of the new sharing practices. We suggest that you check the website periodically if you are concerned about how your information is shared.
We do not include or offer third-party products or services on our website.
Children Online Privacy Protection Act (COPPA)
California Online Privacy Protection Act (CalOPPA)
If you are a California resident you have certain additional rights regarding your personal information.
According to CalOPPA, we agree to the following:
You can visit our website anonymously.
You can change your personal information by emailing us at the email address set forth below.
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
It’s also important to note that we do not allow third-party behavioral tracking.
General Data Protection Regulation (GDPR) and other regulations concerning personal information collection
We appreciate the privacy concerns of our international user-base and we strive to respect and protect your privacy of those who submit personal information to us. With regard to the General Data Protection Regulation (GDPR) recently adopted by the European Union (EU), the federal Personal Information Protection and Electronic Documents Act (PIPEDA) adopted by Canada and other such privacy and data protection regulations, we will make a good-faith attempt to understand and comply with such regulations with respect to our international user-base, when and where possible.
However, it should be understood that we must collect and maintain your personal information in order to conduct normal business operations and that by participating in or requesting or purchasing services from us, you are agreeing to that collection and storage of personal information.
According to the GDPR you have the following additional rights regarding your personal information:
You have the right:
- to request information about your personal information processed by us. Notably you may request information about the processing purposes, the category of personal information, the categories of recipients to whom your personal information has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your personal information if it have not been collected by us and the existence of automated decision-making, including profiling and, if applicable, meaningful information on their details.
- to immediately request the correction of incorrect or complete personal information stored by us.
- to request the deletion of your personal information stored by us unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
- to restrict the processing of your personal information if you dispute the accuracy of the information, if the processing is unlawful but you refuse the deletion of the information and we no longer need the information, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing.
- to receive your personal information that you have provided to us in a structured, current and machine-readable format or to request its transfer to another controller. If you request the direct transfer of the information to another controller, this will only take place if it is technically feasible.
- to revoke the consent given to us at any time. As a result, this means that we will no longer be allowed to continue processing information based on this consent in the future.
- to complain to a regulatory authority. You can usually contact the regulatory authority at your usual place of residence or workplace.
Revoking your consent to data processing
Many data processing procedures are only possible with your explicit consent. You can revoke your consent at any time. All you need to do is send an informal message by email to the email address set forth below. The legality of data processing until revocation remains unaffected by the revocation.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal information that is stored as well as its origin, the recipient, and the purpose for which it has been processed. You also have the right to have this information corrected, blocked, or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal information.
Data protection officer
We have appointed a data protection officer for CISCRP. You can contact the data protection officer using the contact information set forth below.
Legal basis for processing personal information
We may process your personal information for the following reasons:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests and it’s not overridden by your rights
- For payment processing purposes
- For the secure provision and functionality of our website and a user-friendly Internet presence
- To comply with the law
Duration for which the personal information is stored
Personal Information shall be processed and stored for as long as required by the purpose they have been collected for. Therefore:
- Personal Information collected for purposes related to the participation in a research study or survey shall be retained until such research study or survey has been fully performed.
We may be allowed to retain Personal Information for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain Personal Information for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to Information portability cannot be enforced after expiration of the retention period.
How to exercise these rights
Any requests to exercise your rights can be directed to the data protection officer through the contact details set forth below. These requests can be exercised free of charge and will be addressed by the data protection officer as early as possible and always within one month.
- You are entitled to see the information we hold about you. You can also request changes to be made to incorrect information. You can ask for information to be deleted or blocked if you think that we shouldn’t be processing that information, or are processing it incorrectly. It is your responsibility to keep your personal information up to date so that accurate records can be maintained.
- We will limit the personal information we collect to that which is necessary to deliver the products and services that we have outlined above.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions
- Process orders and to send information and updates pertaining to orders
- Send you additional information related to your product and/or service
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred
To be in accordance with CANSPAM, we agree to the following:
- Not use false or misleading subjects or email addresses
- Identify the message as an advertisement in some reasonable way
- Include the physical address of our business or site headquarters
- Monitor third-party email marketing services for compliance, if one is used
- Honor opt-out/unsubscribe requests quickly
- Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Transfer of data
Your personal information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Our website is controlled and operating by us from the United States and is not intended to subject us to the laws or jurisdiction of any state country or territory other than that of the United States.
Attn: Data Protection Officer
One Liberty Square, Suite 1100
Boston, Massachusetts 02109 US