Privacy Policy

Privacy Policy as of 19 January 2022

Neucruit (registered number 12075347) (“the Company”), whose registered office is at: Neucruit Ltd, 5 Dartmouth Road, NW24ET, knows that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly. We will make every effort to protect your privacy by adopting a high level of information security alongside our strict company policies that govern how we store and use personal data.

This Privacy Notice outlines our practices regarding the collection, use, and processing of certain information, including your personal information, by the Company. It also explains your rights and how to contact us if you have an inquiry. This Privacy Policy has been developed in accordance with legislation including the General Data Protection Regulation in force from May 2018. For more information on the General Data Protection Regulation, you may wish to visit: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules/eu-data-protection-rules_en  

1.  Scope of this Policy

1.1  What personal data we hold and why we process it

1.2  Legal bases which allow us to process your personal data

1.3  Where the data comes from and what we do with it

1.4  How to access your personal data and other rights;

1.5  How to contact us

 

2. Introduction 

2.1  We control and process your data in accordance with the data protection regulations of Regulation (EU) 2016/679 (General Data Protection Regulation) – “GDPR”) in the version valid from 25 May 2018.

2.2   By using the Neucruit.com website or web portal (“Web Portal”) you are accepting and consenting to the practices described in this Privacy Policy.

 

3. Confidentiality

 

3.1  All personal data collected by the Company will be treated with confidentiality and will not be disclosed to anyone without prior consent. Furthermore, the data we do keep will be anonymized in order to protect our users. 

4. Use of Personal Data

4.1  In this section we have outlined:

  1. The various types of personal data that may be collected, used, stored and transferred for the purpose of providing our service. This has been categorised on the basis of the classes of individuals to whom it may relate;
  2. The purposes for which we may process personal data;
  3. Our legal bases of the processing of personal information. The legal basis denotes one of the agreed bases for data processing set out in Article 6 of the GDPR. 

4.2  We receive and store information such as: 

  1. Information relating to almost everyone we deal with, including users, commercial partners and correspondents:
    1. We may process usage data from our web portal and services (“usage data”), which we obtain by means of our analytics tracking systems. This includes but is not limited to your geographical location, device type and version, operating system, length of visit, navigation paths, in addition to data about the timing, frequency and pattern of use. This data is processed for analysing the use of our services.

    2. Additional information encompassed in or relating to any communication that you send to us or is sent to you by us (“correspondence data”). The correspondence data, including the content and associated metadata, as well as any information you may provide us such as emails, questionnaires and feedback surveys, will be processed for purposes including, but not limited to, service communications, service optimisation (i.e. improving our products and services and assessing user experience) and support queries.

  2. Information relating to participants (“users” or “user”): 
    1. We collect information about you when you use our services, with the central tenet that your privacy is of the utmost importance to the Company. On registration, we do require you to provide a valid phone number and email address, name, age, gender, and broad health condition category (“Participant Registration Data”). The user data may be processed for purposes including but not limited to the operation of our web portal, providing our services, ensuring data security and communicating with you. Your responses will be used for demographic screening to establish your eligibility for studies and may contain special categories of data. It is not possible to use the Company’s services without providing this necessary information. Your account and all data associated can be deleted by contacting privacy@neucruit.com.

    2. We will not share your email address or any of your personal information with anyone else without your permission first. If you have agreed to find out about new, relevant studies in your area, we will use this email address to notify you of studies with similar requirements. You can unsubscribe from our email and notifications by emailing us at privacy@Neucruit.com or clicking the ‘unsubscribe’ button at the bottom of any email.

  3. Information relating to researchers (“Researchers” or “Researcher”):
    1. As a researcher, you are required to provide us with a valid email address to confirm your position as an academic researcher or approved partner. In addition, we collect information about your lab, including the lab name and location (“Lab Data”), for verification purposes. Your account can be deleted by contacting us at privacy@Neucruit.com.
    2. The web portal also collects information on individual researchers within the lab, specifically their name, academic email address, and contact number (“Researcher Profile”), which is processed for the purposes of operating the web portal and our service. Researcher profiles can be removed by contacting us at privacy@Neucruit.com.
    3. We may also process information provided by you for study listings (“Listing Data”). This might include study name, study description, study site locations, eligibility criteria (inclusion/exclusion criteria), screening questions and recruitment targets. This data is processed to display study listings to potential participants in your study.

  1. Other processing:
    We may also process any of the aforementioned data:
  1. for the purposes of record-keeping and hosting, back-up and restoration of our systems;

  2. to protect your vital interests or those of another individual; or

  3. in accordance with law in connection with legal claims.
     

4.3 Our legal basis of processing

Data will be processed only on lawful bases, specifically those identified in Article 6 of the GDPR, in conjunction with Article 9 (2) (a) GDPR . Our legal basis for collecting and using information as outlined in this Privacy Notice will depend on the personal information in question and the specific context in which we collect and use it. 

We will normally collect personal information from you: 

  1. where we need that personal information for the performance of, or in preparation of, a contract with you (Article 6(1)(b) GDPR), for example, to provide our services to you, where:

    1. the processing is in our legitimate interests;

    2. is not overridden by your data protection interests or fundamental rights and freedoms, or;

  2. where we have your express consent to the processing (such as your participation in specific feedback surveys).

  3. In certain cases, we may also have a legal obligation to collect your personal data or may need the personal data to protect yours, or another persons’, vital interests (for example, to confirm your identity).

5. Third Party Disclosure

5.1  Disclosure to suppliers

We may disclose your personal information to suppliers and contractors in connection with the uses outlined in this Privacy Notice. For example, we may disclose any personal data to the suppliers which host the servers on which our data is stored. However, reasonable steps will be taken to ensure that such third party recipients of your personal data are subject to similar confidentiality obligations as those in clause 3.

5.2  Disclosures to Researchers

  1. We will not disclose personal information between Users and Researchers without your express consent requested when entering a study. As a User, upon agreement to participate in any study, any personal information you disclose to the Researcher will be processed by the Researcher as a data controller in its own right, and we are not responsible for any such processing.

  2. If you are a Researcher, it is your responsibility to ensure that you have performed your legal obligations as a data controller in relation to any personal information you receive, and in particular to ensure that you have communicated all legally required information in regards to your data collection practices, and ensure that any transfer of such personal information outside the EEA is compliant with the GDPR.

5.2  Functional Disclosure

  1. We use mailgun for email correspondence. We use this service to send updates about study and booking information as well as other updates to our users. Mailgun securely retains some email information in line with applicable regulations for monitoring and operating the service. You can read about Mailgun’s privacy policy at: https://www.mailgun.com/privacy-policy/

  2. We use Twilio for sending SMS messages to our users for verifying mobile number authority for security purposes. Their privacy policy can be found at: https://www.twilio.com/legal/privacy

  1. We use Mailchimp for the distribution of online newsletters and other marketing services. Their privacy policy can be found at: https://mailchimp.com/about/security/

 5.3  Other disclosures

  1. In certain cases, we may have an obligation to disclose your personal information as necessary to comply with the law (for example, to Government or law enforcement) to protect yours, or other persons, vital interests. This may also be the case where it is necessary for us to exercise or defend legal claims. However, we will disclose your personal information only to the extent necessary to ensure compliance with such aforementioned legal obligations.

  2. If any part of our operations are sold to, transferred to, or integrated with another business, your personal information may be disclosed to that entity.

 

6. Consent

6.1  Users can apply to participate in a study on its associated web page by submitting the screening form (“Screening”).

  1. In order to apply for a study, express consent must be given to the processing of data connected to the study application (Article 6 (1) (a) GDPR in combination with Article 9 (2) (a) GDPR).

  2. Consent must be given for each individual study. If you apply for more than one study consent must be given for each individual study separately. 

 

6.2  The User is asked to provide personal data when applying for a study to the extent that this data is relevant to the suitability of a user for a specific study.

 

  1. This generally also includes information about the user’s health (“special categories of personal data” in terms of Article 9 (1) GDPR). The user provides the corresponding data to the Company on the basis of voluntarily given consent and in acknowledgement of this Privacy Notice. In certain circumstances the Company may not be able to provide certain services or not provide them in full without the answers to these questions.

  2. The Company will only retain prescreen data and general demographic data that is collected upon user registration. These are anonymized and retained as described in 7.4.

 

6.3 The user has the right to withdraw their consent to the processing of their personal data at any time with future effect without affecting the lawfulness of processing based on consent before its withdrawal. A corresponding declaration may be sent by email to privacy@Neucruit.com. The withdrawal of consent may result in the user’s inability to use our services.

 

6.4  If consent has been withdrawn the data provided by the user is erased, unless a longer period of storage is prescribed by law. If the user restricted their withdrawal to certain data only that data affected by the withdrawal of consent will be erased. 

6.5  If consent is not withdrawn, the data will be processed for the duration stated in the declaration of consent and then erased. The duration of the study, if there is a specified one, will be made clear upon signing up for the study.

 

7. Retention of personal information

 

7.1  the Company will ensure that we do not keep personal information that we process for longer than necessary and only do so for the purposes outlined in this Notice.

 

7.2  The personal information that shall be retained is as follows: 

  1. Data associated with an account on our Web Portal (including user data, lab data, researcher data and correspondence data) will be kept as long as the account remains active, and will be deleted within twelve (12) months after account closure, except under provisions detailed in 7.3. 

  2. Contact information such as names, physical and email addresses and phone numbers (“Correspondence data”) will be retained for the duration of the enquiry or chain of correspondence and then deleted after twelve (12) months

  3. Correspondence data relating to any client with whom we have a business relationship, can be retained for approximately six (6) years after the end of the relationship, in accordance with the application limit periods prescribed by law

  4. Encrypted phone numbers may be stored for up to seven (7) years for the purposes of fraud prevention

  5. Usage data will be deleted within twelve (12) months of generation.

 

7.3  We may retain your personal data longer to:

  1. comply with any legal obligation that may be imposed upon the Company from time to time, or in connection with any legal claims; or

  2. to protect your vital interests or those of other persons.

 

7.4  We may also create anonymized reports, infographics or presentations relating to demography or use of our Web Portal and services. In all cases, reasonable skill and care will be taken to ensure all identifying information is removed, such that these records no longer represent personal data. These may be kept indefinitely and disclosed at the discretion of the Company.

8. Security of Personal Data

 

8.1  We have appropriate technical and organisational measures in place to secure your personal data and to prevent the loss, misuse or alteration of such data

8.2 Personal data will be stored on secure servers , personal computers and mobile devices.

8.3 If you are a Researcher, it is your responsibility to ensure that your password is strong, secure and kept confidential. We will never ask for you for your password in any form of correspondence or otherwise (except when you log in to our Web Portal)

9. Cross border transfer of information 

9.1 Your personal data is stored in our databases and is only available to our agents on a password-protected basis.

9.2 We will take all necessary steps to prevent the data that we collect from you (or which you supply to us by e-mail or otherwise) from being transferred to or stored at a destination outside of the EEA. 

9.3 Where your data must be processed by third-parties operating outside of the EEA, the Company will take all necessary steps to ensure that personal information is protected and that destinations are GDPR compliant. For example:

  1. All user information collected by Google Analytics under 14.3  is stored on the Google Cloud Platform in secure data centers based in the United Kingdom. User information may, however, pass through different geographical locations during transmission. Their privacy notice can be found at: https://cloud.google.com/security/privacy

10. Amendments

 

This Notice may be updated from time to time by publishing a new version on our website (www.Neucruit.com) without notice. We strongly recommend that you check the relevant pages regularly to ensure you are happy with any changes. We reserve the right to contact you regarding changes to this Notice by email. 

 

11. Your rights

 

11.1 We have summarized below the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. You can read guidance from the Information Commissioner’s Office at www.ico.com.uk for a fuller explanation of your rights. In particular, you have:

  1. the right to access: if requested, we will confirm what personal data of yours we process, and will provide you with access to that data and further information about our processing;

  2. the right to rectification: if requested, we will correct or complete any inaccurate or incomplete personal data of yours;

  3. the right to erasure: you can request that we erase your personal data in limited circumstances (for example, if we use it for marketing or no longer need it for our other purposes). This is not an absolute right and we may be entitled to retain your data where necessary (for example, to comply with law);

  4. the right to restrict processing: you can request that we restrict the processing of your personal data in limited circumstances. Where processing has been restricted, we may continue to store your personal data and will observe the restrictions on processing except in the case of processing permitted by applicable law (for example, in connection with legal claims or for reasons of public interest);

  5. the right to object to processing: you can object to our processing of your personal data on the basis of our legitimate interests. We may be entitled to continue processing in certain circumstances (for example, if we have compelling grounds to do so, or to comply with law);

  6. the right to data portability: you have a right to receive your data from us in an easily portable format in limited circumstances: that is, if we process that data on the basis of a contract with you and by automated means. This is unlikely to apply in most circumstances; and

  7. the right to complain: if you believe we are in breach of applicable law, you can complain to the Information Commissioner’s Office (in the UK) or, if you live or work in an EU member state, a supervisory authority responsible for data protection in that member state.

 

11.2 You may exercise any of your rights in relation to your personal data by notifying us using the details provided in the section 15 (‘Contacting Us’).

 

12. Personal data of children

 

12.1 Our Web Portal is targeted at individuals over the age of eighteen (18), as described in our Researcher and User Terms & Conditions. 

 

12.2 If we find that we hold personal data of a person under that age in our databases, that data will be deleted immediately. 

 

13. Updating information

           

In most circumstances, you should be able to update your personal information through our Web Portal. Otherwise, please contact privacy@Neucruit.com and let us know if your personal information in our possession requires correction or updating. 

 

14. Cookies

14.1 When you use our Web Portal, it will store data on your device through the use of cookies.  Cookies are small text files that a website may put on your computer or mobile device when you first visit a website and are widely used to remember small amounts of information and give you a better experience using the website. You can read more about cookies at http://aboutcookies.com

Most cookies will not collect information that personally identifies you, but collect more general information to help us analyse how well our website is performing overall so we can improve it.

14.2 We use cookies for the following purposes :

  1. authentication – we use cookies to identify you when you visit our Web Portal and as you navigate through it;
  2. login status – we make use of cookies on the Web Portal to manage user login information; this is necessary to keep the site and user information secure; and
  3. cookie consent – we use cookies to store your preferences in relation to the use of cookies more generally.

14.3 Our service providers use cookies which may be stored on your computer when you visit our Web Portal, such as:

  1. When we use Google Analytics on our website to collect usage and behaviour information about people using our services. Google Analytics makes use of cookies and unique devices to identify individual users and may link this information with other data collected from other sites and interactions with Google services. Google’s privacy notice can be found at: https://policies.google.com/privacy. The use of these cookies allows us to monitor the use of the Web Portal and improve our service offering.

14.4 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links: 

  1. https://support.google.com/chrome/answer/95647?hl=en (Chrome);

  2. https://support.mozilla.com/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);

  3. http://www.opera.com/help/tutorials/security/cookies/ (Opera);

  4. https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-deletemanage-cookies (Internet Explorer);

  5. https://support.apple.com/kb/PH21411 (Safari); and

  6. https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

 

15. Contacting Us

 

For any information about your account or how to contact customer service, please contact privacy@Neucruit.com. For questions relating to the use of your data and other matters related to this notice, please contact our Data Protection Officer/Privacy Representative at privacy@Neucruit.com

We are registered as a data controller with the UK Information Commissioner’s Office (ICO: A8504440)

img
Optimising
clinical trials
with AI

Optimising clinical trials with AI whitepaper

Download our "Optimising Clinical trials with AI" whitepaper to see how our data-driven patient recruitment strategies can optimise the clinical research process

Whitepaper Download