Privacy Notice
THIS POLICY EXPLAINS HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
This HIPAA Privacy Policy is about Your Information, Your Rights, and Our Responsibility.
OUR PLEDGE REGARDING HEALTH INFORMATION:
We understand that health information about you is personal, and we are committed to doing our best to protect the privacy of the data that you or any others share with us. This information is called Protected Health Information (PHI), and it comes from you, your physicians, hospitals, and other healthcare service institutions involved in your care. We will only use and disclose the minimum necessary information for the intended purpose and consented by you or as required by law.
This Privacy Policy will tell you how we may use and disclose your health information with your consent or as required by law. It also describes your rights and certain obligations we have regarding the use and disclosure of health information.
We may share your information to:
- As directed by you or with your consent;
- To enforce any agreement, including any applicable terms of service;
- Third-party vendors, service providers, contractors, or collaborators(“third parties”) who perform services for us or on our behalf and require access to such information to do that work. We have contracts with our third parties, designed to help safeguard your personal information.
- To establish or exercise our right to defend against legal claims;
- To law enforcement and other government authorities such as legislatures, courts, agencies and litigants, if we reasonably believe that such action is necessary to: (a) comply with the law and the reasonable requests of governmental authorities; (b) comply with legal process; (c) respond to requests from public or government authorities, including public or government authorities outside your country of residence; (d) protect the security or integrity of the Services’s information systems; and/or (e) exercise or protect our rights, privacy, safety or those of affiliates, clients, you or others;
- If we reasonably believe disclosure is necessary or appropriate to protect the rights, property, or safety of Cohort Science or others; and
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about the users of the Site or the Service is among the assets transferred;
We may contact you:
- We may contact you by SMS or letter
- When we contact you, the conditions in Appendix 1 apply
We are required by law to:
- Maintain the privacy and security of your PHI under HIPAA ACT 1996.
- Comply with local regulations and legislation
- Enter into a Business Associate Agreement with third parties who may handle your PHI by association with us.
- Notify your HCI and/or legal entities promptly if we determine inappropriate use or disclosure of your PHI has occurred that compromises the privacy or security of your information.
- We will use and disclose your information, as described in this Policy unless you tell us we cannot or you opt out of a registry at some point. If you change your mind at any time, you must tell us in writing.
- Follow the duties and privacy practices described in this Policy and give you a copy of it.
Who will need to follow this Privacy Policy:
- All staff at Cohort Science.
- Any business associate working with Cohort Science that has access to PHI.
- Any researchers or collaborators of Cohort Science Registries.
YOUR RIGHTS REGARDING HEALTH INFORMATION ABOUT YOU:
This section describes your rights and our responsibilities to help you. Your rights include, but are not limited to, the following:
- Getting a copy of your health and claims records.
- Requesting correction of your health and claims records.
- Getting a list of those with whom we have shared your information.
- Asking us to limit the information we share.
- Requesting confidential communication.
- Requesting a copy of this Privacy Policy.
- Filing a complaint if you believe your privacy rights have been violated.
- Choosing someone to act on your behalf.
California Resident Privacy Rights
Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to privacy.officer@cohort.science with the subject heading “California Privacy Rights.” In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements, and only information on covered sharing will be included in our response.
What additional information do you need if you are located in the European Economic Area (EEA), Switzerland or the United Kingdom (UK)?
In addition to the disclosures made elsewhere in the Privacy Policy regarding our privacy registries, you have certain rights under applicable data protection laws in some regions, such as the UK. Our legal basis for collecting data in these regions can vary depending on the nature of the information and the purpose for which we collect it. This applies to the ‘personal data’, as defined under applicable data protection laws, of natural persons located in the EEA, Switzerland and the UK. Any terms not defined herein have the meaning ascribed to them elsewhere in the Privacy Policy or, if not defined in the Privacy Policy, in applicable data protection laws.
The General Data Protection Regulation (GDPR) requires us to explain the valid legal basis we rely on in order to process your personal information. As such, we may rely on the following legal basis to process your personal information: We may process your information if you have given us permission (i.e. consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you. We may process your information where we believe it is necessary to comply with our legal obligations, such as cooperating with a law enforcement body or regulatory agency, exercising or defending our legal rights, or disclosing your information as evidence in litigation in which we are involved. We may process your information where it is necessary to protect your vital interests or the vital interests of a third party, such as in situations involving potential threats to the safety of any person. In addition, we may process your personal information for the purpose of the legitimate interests pursued by us, or by a third party, as per the provisions of the applicable data protection law, ensuring your interests and fundamental rights are always protected.
You have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv), if applicable, to data portability. In certain circumstances, you may also have the right to object to processing your personal information. You can make such a request by contacting us by using the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.
If you believe we are unlawfully processing your personal information, you also have the right to complain to the UK Data Protection Authority-ICO.
In the case of processing special categories of personal information, as per the definition in applicable data protection law, your consent is our lawful basis for processing. If we rely on your consent to process your personal information, you can withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided below. However, please note that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
To contact Cohort Science Ltd DPO, please contact dpo@cohort.science
Appendix One: Contact by SMS terms and conditions
SMS Terms & Conditions
These terms and conditions apply to anyone who agrees to receive informational text messages from or on behalf of Cohort Science. By consenting to participate in the cohort programs sponsored by Cohort Science as part of an application or other form, by telephone, or by texting Cohort Science, you agree to receive text messages from Cohort Science periodically.
Text messages may have information about:
- Information related to the program(s) you consented to participate in.
- Health questionnaires.
- Opportunities to participate in additional sub-studies.
Your Mobile Phone Number
By agreeing to receive text messages, you agree that the mobile phone number is yours and that you have permission to use that mobile phone number.
You must let us know right away if:
- You change your mobile phone number.
- You no longer have permission to send or receive text messages using your mobile phone number.
Security
Text messages between you and Cohort Science may not be encrypted. This means they may not be secure and others could read them. To protect your privacy, you must comply with the following obligations:
- You must always keep your mobile phone and its information secure, including password-protecting your phone.
- You understand that Cohort Science is not responsible for releasing personal information once you agree to receive text messages.
Privacy:
If you have any questions regarding privacy, please read our privacy policy at https://cohortscience.org
Message Frequency and Rates
This text program is a standard SMS/MMS program. Message frequency may vary, and message and data rates may apply. If you have any questions about your text or data plan, please contact your wireless provider.
Opt-out
You have the right to opt-out and cancel the SMS service at any time. Reply STOP to the message or call or email patient services. After you send the SMS message STOP to us, we will send you a confirmation SMS message that you have been unsubscribed. After this, you will no longer receive SMS messages from us. If you want to join again, reply START to the message or call or email the patient services team. We will start sending you SMS messages again.
- If you opt-out of text messages and then opt-in again, you may get more than one text message to your mobile phone number. This is to tell you that we received your message; you have been unsubscribed, and/or you have been resubscribed. It may also have information about other ways you can get help.
Carrier Terms of Service and Interruption
Service is subject to carrier terms of service. Carriers are not liable for delayed or undelivered messages.
If you do not agree to these terms and conditions, you must immediately opt-out as described above.
Changes to this Policy. We have the right to change this Policy. All changes to the Policy will apply to the information we already have about you and any information we receive in the future. We will post a copy of the current Policy on our website accesspd.org
The effective date and version control of the current Policy will be posted in the Policy’s footer. If we make material changes to this Policy, we will provide you with the updated Policy within further communications.
For more information, see also: http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html
How to contact us. If you have any questions about this Policy or if you need to make a request to the Privacy Officer, please contact us at Cohort Science Ltd c/o Privacy Officer, please email us at privacy.officer@cohort.science or call +1888-454-5580.
A copy of this Privacy Policy will be available upon request.
v3.0 of 12-Apr-2024