HealthCore, Inc. – EU Privacy Policy

Last revised and effective as of: May 15, 2019

Browsing our websites at https://www.healthcore.com, https://www.rabranchstudy.com and/or any subdomains thereof (collectively, the “Website”) may not require you to register for an account or actively provide any personal information (as defined below) to us, but as indicated below, we and third parties may use cookies and action tags to passively collect information from visitors to our Website. For further information on cookies, action tags, and log files, please see our Website Privacy Policy

HealthCore, Inc. (“HealthCore”, “we”, “us”, or “our”) a provider of research services that leverage HealthCore’s integrated database in designing custom data-driven research solutions to guide HealthCore’s clients in the optimal use and interpretation of data by evaluating the impact of disease, treatment and medical care on outcomes. This EU Privacy Policy describes how HealthCore handles personal information (as defined below) that we collect on our Website and through other online and offline channels. HealthCore also has a Website Privacy Policy that applies only to information collected through the Website with respect to HealthCore’s operations in the United States.

As used in this EU Privacy Policy, the terms “using” and “processing” information include but are not limited to using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing, and transferring information within our organization or among our affiliates within the United States or internationally.

As used in this EU Privacy Policy, the terms “using” and “processing” information include but are not limited to using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing, and transferring information within our organization or among our affiliates within the United States or internationally.

Types of Personal Information Collected

As described above, personal information is information relating to an identified or identifiable natural person transferred to the United States from the EEA, the United Kingdom or Switzerland. While the types of personal information collected vary, the following types of information generally are collected from the following categories of individuals:

Website Visitors – The types of personal information collected from visitors to our Website may generally include name, title and specialty, email address, telephone number, company name and industry, physical address, questions and comments, IP addresses, browser types, unique device identifiers, device types, what type of Internet browsing device you are using, requested URL, information such as how you arrived at our Website (including referring URL), network name, the country, state, and city where your server is located, browser language, the pages you view, the date and time of your visit, domain names, and other statistical data involving use of the Website. Some of the personal information collected from website visitors is collected passively using cookies, action tags, and log files. For further information on such use of cookies, action tags, and log files, please see our Website Privacy Policy.

General Inquirers and Representatives of Our Business Partners and Clients – The types of personal information collected from individuals inquiring about our business, and from individuals who represent our business partners and clients, generally include name and contact information and queries.

Our Lawful Bases for Processing Personal Information

We will only use your personal information to the extent that the law allows us to do so. Under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) we are required to state our legal bases (our justifications) for processing your personal information. We will generally rely on the following legal bases:

  • where you have given us your consent to the processing, which consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to withdrawal;
  • where it is necessary to perform a contract we have entered into or are about to enter into with you; and/or
  • where it is necessary for the purposes of our legitimate interests (or those of a third party) in providing the Website, operating our business or providing other services and your interests or fundamental rights and freedoms do not override those legitimate interests.

If an organization with which you are associated purchases a HealthCore product or any of our services, we may receive personal information about you (either directly from you or from the organization with which you are associated). To the extent we process such information solely on behalf of the organization with which you are associated, such information will only be used for the purpose of providing our products and/or services to the organization with which you are associated. We will act as a “processor” on behalf of your organization in respect of that personal information. The “controller” is the entity which enters into the agreement with us for products and/or services and, in order to provide those products and/or services, we will process your personal information only on the instructions of the controller. The controller is responsible for obtaining all necessary consents and providing you with all requisite information as required by the applicable data protection laws. As used herein, the terms “controller” and “processor” have the meanings ascribed to them in the GDPR.

Purposes for Which Personal Information is Collected and Used

Purposes of Information Collected Through Website – In general, the personal information collected through our Website is used to process your transactions, to conduct and improve our business, to help us understand who uses the Website, to improve the Website, for internal operations and overall systems administration, to provide services to you through the Website and, if you request information or request that we contact you, to respond to your requests. We may also use the information gathered through the Website (including personal information) for statistical purposes, to perform statistical analysis of user behavior, and to evaluate and improve the Website and our business. Some of this information may be linked to personal information for internal purposes. If you opt in, we will use your personal information to send you HealthCore marketing materials (including newsletters) and/or marketing materials (including newsletters) from our Corporate Affiliates, including without limitation New England Research Institutes, Inc.

Purposes of Information Collected From General Inquirers and Representatives of Our Business Partners and Clients – Personal information generally is collected from inquirers and representatives of our business partners and clients, in order to respond to the relevant inquiry, to conduct and improve our business, to carry out our relationships with our business partners and clients and for internal operations.

Types of Third Parties to Which Personal Information Is Disclosed

In connection with the purposes described above, personal information may be shared with the following types of third parties:

Third Parties Generally

With respect to our Website, your information may be provided to third parties, including where such information is combined with similar information of other users of the Website. In addition to the above, when individuals use our Website, third parties (including without limitation third-party analytics and other service providers) may directly collect information about our Website visitors, including about our visitors’ online activities over time and across different websites. The third parties to which information may be provided, or who may directly collect information, may include analytics and other service providers, vendors and website tracking services, affiliates, actual or potential commercial partners, clients, licensees, researchers, and other similar parties.

Please note in particular that the Website uses Google Analytics, including its data reporting features. Information collected by Google Analytics includes but is not limited to web metrics. For information on how Google Analytics collects and processes data, please see the site “How Google uses data when you use our partners’ sites or apps”, currently located at www.google.com/policies/privacy/partners/. For information on opting out of Google Analytics, we encourage you to visit Google’s website, including its list of currently available opt-out options presently located at https://tools.google.com/dlpage/gaoptout.

Laws and Legal Rights

Your personal information may be disclosed upon a good faith belief that disclosure is required in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process. Personal information may be disclosed in special circumstances upon a reasonable belief that disclosing this information is necessary to identify, contact, or bring legal action against someone, to detect fraud, or to protect our rights or property or the safety and/or security of our Website, our business or the general public.

Outside Contractors

We may employ independent contractors, vendors, and suppliers (collectively, “Outside Contractors”) to provide specific services and products related to the Website and/or our business, including hosting, maintenance, auditing, monitoring, and other services. In the course of providing products or services to us, these Outside Contractors may have access to your personal information. We use reasonable efforts to ascertain that these Outside Contractors are capable of protecting the privacy of your personal information.

Sale of Business or Bankruptcy

Your personal information may be transferred to a third party in connection with a sale, merger or other transfer of all or substantially all of the assets of HealthCore or any of its Corporate Affiliates (as defined below), or any portion of HealthCore or any of its Corporate Affiliates, or in the event that we discontinue our business, or in the event that we file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding, provided that the third party agrees to adhere to the terms of this EU Privacy Policy.

Affiliates

Your information (including personal information) may be disclosed to our Corporate Affiliates. For purposes of this EU Privacy Policy, “Corporate Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with HealthCore, whether by ownership or otherwise; and “control” means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies or operations of an entity, whether through ownership of fifty percent (50%) or more of the voting securities, by contract or otherwise. Any information identifying you that is provided to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this EU Privacy Policy.

Choice

If you no longer wish to have your personal information disclosed to third parties, you may choose to “opt out” by notifying us. To do so, send an email to [email protected] Please be aware that your personal information may have been previously disclosed to third parties.

HealthCore will provide you with notice before using your personal information for a purpose other than that for which it was originally collected or subsequently authorized by you, and you may choose to “opt out” of such use by following the directions provided in the notice. However, even after any “opt-out”, your personal information may be used and disclosed to a third party upon a good faith belief that such disclosure is required in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process. Without limitation of any other provision contained in this EU Privacy Policy, following your “opt-out”, your information that already has been gathered may continue to be used and to be disclosed to third parties, provided that such information will be anonymized in order to ensure that you cannot be identified anymore.

Under certain circumstances and in compliance with the GDPR, you may have the right to:

Request access to your personal information (commonly known as “subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;

Request erasure of your personal information. This enables you to ask us to delete or remove your personal information where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove all of your personal information in certain circumstances;

Object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;

Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing it;

Request the transfer of your personal information to another party; and

Lodge a complaint with the relevant supervisory authority (as defined in the GDPR). If you have any complaints about the way we process your personal information, please do contact us. Alternatively, you may lodge a complaint with the supervisory authority which is established in your country.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact [email protected]

Such updates, corrections, changes and deletions will have no effect on other information that we maintain or information that we have provided to third parties in accordance with this EU Privacy Policy prior to such update, correction, change or deletion. To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.

You should be aware that it may not be technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your personal information may exist in a nonerasable form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, all personal information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.

Transfers Outside of the EEA, the United Kingdom and Switzerland

Personal information collected by HealthCore may be transferred from time to time to our offices or personnel, or to third parties, located throughout the world, and the Website may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such information. By accessing the Website and submitting such information on it, or by otherwise submitting personal information to HealthCore, you voluntarily consent to the trans-border transfer and hosting of such information. Without limitation of the foregoing, you hereby expressly grant consent to the HealthCore to: (a) process and disclose such information in accordance with this EU Privacy Policy; (b) transfer such information throughout the world, including to the United States or other countries that do not ensure adequate protection for personal information (as determined by the European Commission); and (c) disclose such information to comply with lawful requests by public authorities, including to meet national security or law enforcement requirements

Retention of Personal Information

We will only retain your personal information for as long as reasonably necessary within the current regulatory requirements as applied through the HealthCore standard operating procedures (SOP) to fulfill the purposes for which we collected that personal information. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of that personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

WHO DO I CONTACT IF I HAVE ANY PRIVACY QUESTIONS?

If you have any questions or comments about this EU Privacy Policy or feel that we are not abiding by the terms of this EU Privacy Policy, please contact us in either of the following way

By email:
[email protected]

By postal mail or courier:
HealthCore, Inc.
Attention: Regulatory Compliance Manager
123 Justison Street
Suite 200
Wilmington, DE 19801