- Time of issue:2023-07-24 13:59:19
(Last Updated on 10 March, 2023)
Harvest Integrated Research Organization, together with all its affiliates and subsidiaries (“HiRO”) is committed to maintaining your trust by protecting your personal data. Personal data is any information relating to an identified or identifiable natural person. Your name, address, phone number, bank account number, or any other detail(s) that is specific to you are examples of personal data.
HiRO may change this policy from time to time by updating this page.
2. Types of Personal Data We Process and Purposes
2.1 If you register to HiRO websites (including www.harvestiro.com) and provide information about your preferences we will use such information to personalise your user experience. HiRO websites may also collect information about your computer hardware and software. This information may include your IP address, browser type, operating system, domain name, access times and referring website addresses. This information is used for the operation of the service, to maintain and monitor quality of the service and to provide general statistics regarding use of websites.
2.3 If you send us a resume or curriculum vitae (CV) to apply online for a position with HiRO, we will use the information that you provide to match you with available HiRO job opportunities.
2.4 If you would like to register to receive customised information. This information is generally collected on “Contact Us” forms where you may choose to be contacted by HiRO. The personal data collected usually includes your name, contact details and email address.
2.5 If you are clinical trial investigators, study researchers, data safety monitoring board members, and other healthcare professionals (HCPs) and when you register through our websites an interest to participate in a clinical trial through our websites, we will collect names, contact details, and professional information of for the purpose of identifying and assessing suitability to assist in clinical trials and to provide services. We collect your personal data when you provide it to us directly. If you subsequently participate in a trial or study HiRO manages or provides services for, we will also collect information relating to the involvement and performance of HCPs.
2.6 If you are potential clinical trial subjects and are interested in participating a clinical trial through our websites, we may process your personal data on behalf of our clients-sponsors (“Sponsors”) and in accordance with contracts and instructions from them. HiRO may also process personal data relating to clinical trial participants’ spouses, partners, care givers, and relatives if they are involved in their participation in a clinical trial, for example, parents of children, or spouses involved in the care of an incapacitated partner.
In relation to HiRO’s delivery of services to Sponsors, the Sponsor is in control of how and why your personal data is processed and as such is the “controller,” HiRO is a “data processor”. HiRO’s role as processor may include the transfer of such personal data to the applicable Sponsor and/or its affiliates, business partners and third-party vendors performing services related to the clinical trial.
2.7 HiRO only collects "sensitive" personal data when you voluntarily provide us with such data or where such data are required or permitted to be collected by law or professional standards. Sensitive personal data include personal information regarding a person's race, ethnicity, political beliefs, trade union membership, religious or similar beliefs, physical or mental health, criminal record, biometric identification, medical health, financial account and whereabouts and tracks. Please use your discretion when providing sensitive personal data to HiRO. Under any circumstances, you should not provide yours or any third parties’ sensitive personal data to HiRO unless we shall separately notify you (and these third parties) and you (and these third parties) have given us your (and these third parties’) explicit consent for HiRO to use or process your (and these third parties’) sensitive personal data for legitimate and necessary business purposes and you (and these third parties) have also consented for us to the transfer and store such sensitive personal data in HiRO databases.
3. Lawfulness of Processing
Processing will always be based on legitimate grounds.
3.1 Consent. In cases where we need your consent to process your personal data, we will ask you to make a positive indication (for example, to tick a box, sign a document, provide confirmation) that you agree to the processing. By providing consent, you are stating that you have been informed as to the nature, purpose, scope and duration of our processing. Where we may rely on consent to process your information, you have the right to withdraw that consent for that activity at any time. You can always revoke your consent by sending an email to firstname.lastname@example.org.
3.2 Performance of A Contract. In such cases, we process your personal data because it is necessary to deliver a service you have requested, you are employed by us, you provide a service to us or you will participate in a paid clinical trial or other medical research project.
3.3 Legitimate Interest. HiRO may process your personal data on the basis of its legitimate interests in using your personal data for the purposes described herein. Examples of our legitimate interests include the following:
- • Processing in relation to employment opportunities with HiRO;
- • Processing in relation to investigator opportunities with HiRO;
- • To improve our services;
- • To protect the security of HiRO websites;
- • To protect HiRO property or rights or obligations and/or the property, rights or obligations of third parties;
- • To take precautions against potential liability on the part of HiRO;
- • To analyse therapeutic trends and gather anonymized geographic statistics; and
- • To correct technical errors and to technically process your personal data.
You can object to us relying on our legitimate interest to use your personal data in these ways at any time as described under Section 9 “Data Subject Rights” below.
3.4 Legal Obligation. We may need to use your personal data to comply with legal obligations, applicable laws and regulations and judicial process. For example, we are required by applicable law to keep certain records for specific periods of time. The laws vary around the countries or regions and we respect the local laws and adhere to the rules around the processing of personal data.
We will not use your personal data for decisions based solely on automated processing if the decision produces legal effects concerning you or significantly affects you, unless otherwise you gave your explicit consent for this processing.
We may use profiling procedures to optimize and personalize our customer relationship management and our advertising measures. To optimize and personalize our advertising measures, we create customer profiles and assign customers to specific customer segments based on these customer profiles. On the basis of this segmentation, we can manage the type, content and frequency of specific advertising measures for specific target groups. For profiling purposes and based on our legitimate interest, we use personal data that we receive from you as part of our business relationship. This includes personal data, like your purchasing behaviour and browsing behaviour. Profiling may also be related to usage data that we create by measuring and evaluating the customer's interaction with electronic advertising, and in particular by measuring and evaluating the opening and click rate in email newsletters.
5. Data Sharing with Third Parties
We will not sell, distribute or lease your personal data to third parties unless we have your permission or are required by law to do so.
We may disclose your personal data without your permission to the extent that it is required to do so by European Union or local applicable laws, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights, which include:
- • If we are reorganised or sold to another organisation: HiRO may also disclose personal data in connection with the sale, assignment, or other transfer of the business of the site to which the data relates;
- • Courts, tribunals, law enforcement or regulatory bodies: HiRO may, to the extent permitted by the local laws or subject to the fulfilment of the regulatory requirements of the applicable laws, disclose personal data in order to respond to requests of courts, tribunals, government or law enforcement agencies or where it is necessary or prudent to comply with applicable laws, court or tribunal orders or rules, or government regulations.
- • Audits: disclosures of personal data may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.
To the extent permitted by applicable law, we share information including personal data you provided with other affiliates of HiRO as part of international engagements, and with HiRO affiliates where required or desirable to meet our legal and regulatory obligations around the world.
We are committed to ensuring that your personal data is secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate technical and organisational measures to safeguard and secure the personal data we process. Despite HiRO's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal data is limited to those who have a need to know. Those individuals who have access to the data are required to maintain the confidentiality of such information. If, despite all our efforts, a data breach does occur, we shall do everything in our power to limit the damage. In case of a data breach which is likely to result in a high risk, and depending on the circumstances, we will inform you about remedial actions to prevent any further damage. We always inform the relevant supervisory authority or authorities without undue delay.
7. Worldwide Transfer of Your Personal Data
Your personal data may be transferred to, stored, and processed in a country other than the one in which it was provided (i.e., a ‘Recipient’ country). When HiRO does so, it transfers the personal data in compliance with applicable data protection laws. HiRO will follow the applicable laws to use such lawful mechanisms for the transfer as are approved by the applicable data protection authority of your jurisdiction prior to transferring any of your personal data (e.g., the Standard Contractual Clauses for transfers from the European Economic Area (EEA), the United Kingdom’s International Data Transfer Agreement, Switzerland’s Transborder Data Flow Agreement as applicable).
8. Data Retention
HiRO retains personal data for as long as is necessary in accordance with its business, contractual, legal and regulatory requirements. We will not store your personal data longer than necessary for the purpose for which we have processed your data. For example, we retain personal data from clinical trials in accordance with the local laws of the country/region where the trial has taken place for legal and legislative reasons. Records of payments made and received will, likewise, have a statutory period in the country/region where we must store it for any inspection from the authorities or regulators.
When we collect information that is not personal data or convert personal data into information which can no longer be used to identify you (such as through aggregation or anonymization), we may use and disclose that information for any purpose, as unidentifiable data is not covered under data protection laws.
9. Data Subject Rights
You have rights in respect of your personal data. HiRO’s policy is to extend the rights listed below to all our data subjects worldwide, unless the local law states otherwise.
- • The right to be informed – if we are processing your personal data, we must inform you that who, why, what of the processing including who else may view it or use it, how long we will retain it for, and if we are transferring the data to another country or region.
- • The right to withdraw consent – if we are processing your personal data based on your consent, you are entitled to withdraw your consent to that processing at any time by sending email to email@example.com. However, the withdrawal of your consent will not invalidate any processing we carried out prior to the withdrawal of your consent.
- • The right of access to your personal data – you can request a copy of the personal data we hold about you.
- • The right to corrections or supplements – you have the right to request that we make corrections or supplements to your personal data we hold about you to make such data accurate and complete.
- • The right to erase your personal data – You have the right to request the deletion of your personal data in certain circumstances including, for example, where the personal data are no longer needed for the purpose for which they were collected, it is impossible to achieve such purpose, or it is no longer necessary to achieve such purpose. However, this right does not apply where, for example, processing is necessary to comply with a legal obligation, or for the establishment, exercise, or defence of legal claims.
- • The right to restrict the processing of your personal data – You have the right to ask us to restrict certain processing activities in some circumstances, including, for example, where the accuracy of the data in question is contested. Where processing has been restricted, we can only process it for limited purposes such as, for example, the establishment, exercise or defence of legal claims.
- • The right of data portability - You have the right to have your data returned to you or to a third party in certain cases.
- • The right to object – You have a right to object to the processing of your personal data in certain cases. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interest.
- • The right in relation to automated decision making and profiling – You have the right to not be the subject of automated decision-making where the decision has a significant effect on you, and can insist on human intervention where appropriate.
To exercise any of the above rights, please notify us at the address provided in Section 12 “Further Information”, unless you are a patient in a trial site in which case please notify the relevant site you are/were attending. We may request proof of identification to verify your identity. Where HiRO is the data controller, we will assess your request and, subject to applicable laws and exceptions, respond within the relevant legal time limits.
10. Links to Other Websites
12. Further Information
Data Protection Officer (DPO)
- Address: 33C2, Zhongyi Building, No. 580 Nanjing West Road, Shanghai, China
- Email: firstname.lastname@example.org
- Phone: +86 21 62191220
Service hours:9:00 — 18:00