Lesion Area Mapping Assistant Logo

Privacy Policy

This Privacy Policy applies to your Personal Data when you use our Services through Thalocan’s Lesion Area Mapping Assistant (LAMA). Please, take time to read it carefully. We want you to be clear about how we use your information and the ways in which you can protect your privacy.

Thalocan stresses its privacy and security standards to guard against identity theft and provide security for your personal information. We regularly re-evaluate our privacy and data security policies and adapt them as necessary to deal with new challenges.

  1. Who uses your information

The company that processes your personal data is: Thalocan, LLC - a company incorporated under the law of Delaware, USA.

Contact person for privacy matters:

Name: Cyrus Mirakhor

Email: Cyrus@thalocan.com

  1. Personal Data (Personally Identifiable Information)

In the course of using the Services/PLATFORM, we collect some personal data relating to you.

We collect and process the following personal data:

  • age;
  • gender;
  • height;
  • weight;
  • medical condition;
  • medical history, notes, and other health information;
  • Photographs of Affected Regions
  • specific information required in a survey and/or interview.

Purposes of processing personal data:

  • We need these personal data points in relation to the Services we provide to you as a part of the clinical trial in which you are participating.
  • We shall not be using your contacts for any promotional, direct or indirect marketing reasons.

        

The information about your medical condition is treated with a high level of privacy and confidentiality by the applicable data protection legislation, so we need your explicit consent to receive and process this data, which you can withdraw at any time.

Immediately after you delete your profile or terminate using the Services in any other way, your health data collected will be erased or anonymized in accordance with the law within 30 days. The information about your medical condition will be collected only after obtaining your explicit consent.

By accepting this Privacy Policy you provide us with your explicit consent for processing your medical information.

When you have provided to us your consent to participate in surveys and/or interviews that will help this clinical trial, we shall use your contact information for these purposes until you withdraw your consent.

When you have provided us with personal data and information in the course of your participation in surveys and/or interviews, we and the third persons that have received them shall process such data and information until there is a necessity for their use or according to the requirements of the applicable law.

You may withdraw your consent at any time by sending an email to the Contact person for privacy matters listed above.

We will ask for your explicit consent before using personal data for a purpose other than those that are set out in this Privacy Policy.

  1. Collection of data

We collect personal data only from the person concerned. As entering personal data is personal and voluntary for everyone, each person shall be responsible for not providing a third person’s personal data. If you enter a third party data, you shall be personally responsible that we receive it and process it on valid legal grounds.

When you have provided to us your consent to participate in a clinical trial utilizing our platform, you will gain access to a list of specific questions regarding your medical condition, which you shall be requested to fill in or otherwise respond to.

We provide Services to collect personal data only to persons aged 18 and over. If aged under 18, please ask for the assistance of a person aged at least 18 in order to use our Services.  

If we obtain actual knowledge that we have collected personal data from a person under the age of 18 in violation of the legal requirement, we will promptly take appropriate measures and we may delete it, unless we are legally obligated to retain such data. Please, contact us, if you believe that we have mistakenly or unintentionally collected information from a person under the age of 18 in violation of the legal requirements.

If you would like to register and enter the personal data of your child aged under 18, we shall need your explicit consent, you will be asked to provide this via our clients site personnel, stating your name, the name of your child and a declaration that you are his/her parent as well as a declaration that you agree for us to process his/her data as described in this Privacy policy. Please, keep in mind that it shall be a substantial breach of data protection law if you provide us with untrue information, data, or declarations regarding a minor and you shall bear all responsibility for processing a third person’s personal data in violation of the applicable law.

  1. Retention and Deletion

Thalocan will retain your Personal data for as long as needed to provide you the Services; as needed for the purposes outlined in this Privacy policy; as necessary to comply with our legal obligations (e.g., to honor opt-outs), resolve disputes and enforce our agreements; or to the extent permitted by law.

After terminating your profile, we shall delete or anonymize all your personal data in accordance with the requirements of the applicable legislation in a manner designed to ensure that it cannot be reconstructed or associated with you. All profile data shall be clear of our systems within 30 days.

  1. Processing and Sub-processing

We take appropriate contractual, technical, and organizational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is only accessible by only those who need access to do their job, and that they are properly trained and authorized. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.

We might transfer data we collect from you to persons/legal entities (‘Recipients’) outside the European Economic Area (‘EEA’) and the UK. When we do such transfers to third countries, we do so in accordance with the terms of this Privacy Policy, the UK, and the EU data protection rules, in particular with the GDPR and the UK-GDPR. This may include (i) the transfer of data to Recipients located in countries, territories, or part of specified sectors within such countries that are recognized as ensuring an adequate level of protection of the natural persons concerned; (ii) transfers pursuant to data transfer agreements that incorporate the Standard Contractual Clauses approved by the EU Commission/Commissioner; or (iii) derogations for specific situations provided for in the UK and the EU data protection law, etc.

Here is a list of the third-party data processors we use:

  • Thalocan does not currently utilize third party processors.

  1. What We Share

We do not share personal information with companies, organizations and individuals. Anonymized information which does not include your identification details will be shared with third parties for the purposes of participating in this clinical trial(s). Personalized Information which includes your identification details, including any surveys, will be shared with third parties only with your explicit consent.

We may share personal data in case one of the following circumstances applies:

  1. With your consent - we will share personal information with companies, organizations or individuals when you have provided your consent for us to do so.
  2. For legal reasons - we will share personal information with companies, organizations or individuals, if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
  1. meet any applicable law, regulation, legal process or enforceable governmental request.
  2. detect, prevent, or otherwise address fraud, security or technical issues.
  3. protect against harm to the rights, property or safety of our company, our users or the public as required or permitted by law.

  1. Non Personally Identifiable Information

Personal content that does not personally identify you (“Non-Personally Identifiable Information”), may be collected in the following ways:

  • Information that your browser sends when you visit a website or online service (“Log Data”). This Log Data may include, but is not limited to, your location, browser type, the web page you were visiting before you access the Service and information you search for using the Service.
  • Like many services, our site uses “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor web traffic routing and aggregate usage of the Service. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit. If you do not accept cookies, however, you may not be able to use all portions or all functionality of the Service.  
  • We may use automated devices and applications to evaluate usage of the Service. We use these tools to help us improve the Service, performance and user experience. We may also engage third parties to track and analyze Service data or provide other services on our behalf. Such third parties may combine the information that we provide about you with other information that they have collected. This Policy does not cover such third parties’ use of the data.

  1. Personal Security

The security of your personal data is very important to Thalocan. We use commercially reasonable physical, electronic and administrative safeguards that are designed to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Our data is encrypted both - at rest and in motion and our partners are world wide leaders in their respective domain and have taken top security measures.

In the event that your personal data is acquired, or is reasonably believed to have been acquired, by an unauthorized person and applicable law requires notification, Thalocan Sponsor Customer will notify you via your email address or Study Site Personnel. Thalocan’s Sponsor Customer will provide notice promptly, consistent with the reasonable needs of law enforcement and/or the needs of Thalocan to determine the scope of the breach and to investigate and restore the integrity of the data system.

  1. Your Rights

You have the following rights regarding the processing of personal data:

  • Right of information. This Policy aims to inform you in detail about the processing of your personal data by Thalocan.
  • Right of access. You are entitled to receive confirmation of whether your personal data are being processed, to receive access to such data, as well as information about the processing and your rights.
  • Right of rectification. You are entitled to have your data rectified in case it is incomplete or inaccurate. Your data may be rectified by us upon your request.
  • Right of erasure. You have the right to ask for your data to be erased where one of the respective grounds provided by the GDPR/UK-GDPR applies. Please note that after deleting your data, you shall not be able to use the Services adequately. You have the right to delete data in a manner consistent with the functionality of the Services if such deletion is in accordance with the GDPR/UK-GDPR. We will comply with this instruction as soon as reasonably practicable and within a maximum period of 30 days unless the applicable data protection legislation requires storage. Please note that we may keep some of the personal data for legitimate business or legal purposes or be required (including by contract or law) to keep certain information and not delete it (or to keep this information for a certain time, in which case we will comply with the deletion request only after we have fulfilled such requirements).
  • Right of restriction of the processing. The GDPR and the UK-GDPR provide for the possibility of restricting your personal data processing in case there are grounds for this as set forth therein.
  • Right of data portability. You have the right to receive the personal data you have provided, and which are related to you in a structured, commonly used, machine-readable format, and to use such data with another controller at your discretion, if the conditions provided for in the GDPR and the UK-GDPR are present.
  • The right not to be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning you or similarly significantly affects you unless there are grounds provided for in the applicable data protection legislation, as well as appropriate safeguards to protect your rights, freedoms and legitimate interests.
  • Right to withdraw consent. You have the right to withdraw at any time your consent for personal data processing that is based on prior given consent. Such withdrawal shall not affect the lawfulness of the processing based on consent before its withdrawal.
  • Right to object. You have the right to object, with respect to data processed, based on legitimate interest. In the event of such an objection, we will examine your request and, if justified, we will comply with it. If we believe there are enough legal grounds for the processing or where necessary for establishing, exercising, or defending legal claims we will inform you accordingly. You have an absolute right to object to personal data processing for marketing purposes.

If you wish to access, delete (when applicable) or correct your personal information please use the contacts listed on top. Please state clearly in the subject that your request concerns a privacy matter, and more specifically whether it is a request for access, rectification, or deletion. Bear in mind that we may ask for additional information to determine your identity.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems). Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.

Your complaints can be addressed to the contact person specified on the top. If you file a privacy-related complaint, we will collect your name, the name of a complaint-related person, email, country location, and details that gave rise to your complaint. We will use the information you provide to investigate your complaint and send you an answer once your complaint is reviewed.

  1. Supervisory authority

If you think we have infringed your privacy rights, you can lodge a complaint with the respective supervisory authority: Eric Zudak

You can also lodge your complaint in particular in the country where you live, your place of work, or the place where you believe we infringed your right(s).