1. WHAT INFORMATION DO WE COLLECT?

Information You Voluntarily Provide to Us

We collect personal information that you voluntarily provide when you register for the Services, express an interest in a clinical trial, or participate in one.

• Personal Identifiers: Name, email address, phone number, mailing address, date of birth.
• Demographic Information: Age, gender, race, and ethnicity, as required for specific trial eligibility criteria.
• Sensitive Health and Medical Information (with your explicit consent): This is central to our Services and may include your medical history, diagnoses, treatments, medications, test results, genetic information, biometric data, and other health-related information you provide as a trial participant.

Information We Receive from Third Parties

To facilitate the clinical trials, we may receive personal information, including health data, from our partners, such as:

• Clinical Trial Sponsors:The pharmaceutical or medical device companies sponsoring the research.
• Hospitals, Clinics, and Healthcare Providers:Your existing doctors or research sites involved in the trial.
• Contract Research Organizations (CROs):Partners who help manage the clinical trial.

Information Automatically Collected

When you use our website or platform, we automatically collect certain technical information.

• Log and Usage Data:IP address, browser type, operating system, pages visited, and timestamps. This information is used for security, analytics, and to ensure our Services are working correctly.

2. How Do We Process Your Information?

We process your information for the following specific purposes:

• To Operate and Manage Decentralized Clinical Trials: This includes enrolling you in a study, providing you with trial-related materials, collecting data as per the trial protocol, and monitoring your progress.
• To Ensure Patient Safety: To monitor for adverse events and protect the vital interests of our participants.
• To Fulfill Regulatory and Legal Obligations:To comply with laws and regulations governing clinical trials, such as reporting to the U.S. Food and Drug Administration (FDA), the European Medicines Agency (EMA), and other global regulatory bodies.
• For Scientific Research:To analyze trial data to evaluate the safety and efficacy of the treatment or device being studied. Data used for research is often de-identified or pseudonymized to protect your identity.
• To Communicate With You: To send you important information about the trial, respond to your inquiries, and provide support.
• For Security and Fraud Prevention:To protect our Services and the integrity of the clinical trial data.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION? (GDPR/UK GDPR)

If you are located in the European Economic Area (EEA) or the UK, we rely on the following legal bases:

• Consent:For most of our processing activities, especially collecting and using your health data for a clinical trial, we will rely on your explicit consent. You can withdraw your consent at any time, though this may affect your ability to continue participating in a trial.
• Legal Obligation:We may process your information to comply with our legal obligations, such as regulatory reporting or responding to lawful requests from authorities.
• Vital Interests:We may process your information to protect your life or the life of another person, for example, in the case of a medical emergency or serious adverse event.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

Your trust is paramount. We only share your information in the following specific situations and with the following parties under strict confidentiality agreements:

• Clinical Trial Sponsors & Partners: We share information with the sponsor of the clinical trial you are participating in, as necessary for them to conduct the research and seek regulatory approval.
• Contract Research Organizations (CROs): We may share data with CROs who help us manage the trial operations.
• Regulatory and Government Bodies: We are legally required to report certain information to bodies like the FDA, EMA, and other health authorities.
• Independent Ethics Committees / Institutional Review Boards (IRBs): These committees oversee the trial to protect participants' rights and may review data to ensure compliance.
• Service Providers: We use third-party companies for services like secure cloud hosting (e.g., AWS, Google Cloud), data analysis, and security. They are contractually forbidden from using your data for any other purpose.
• De-identified Data for Research: We may share de-identified or aggregated data (from which you cannot be personally identified) with the broader scientific community for research purposes.
• Business Transfers: In the event of a merger or acquisition of our company, your information may be transferred to the new owner under the same privacy commitments.

5. DATA SECURITY & DE-IDENTIFICATION

We have implemented robust technical and organizational security measures designed to protect the security of any personal information we process. These include:

• Encryption: Data is encrypted both in transit (when it moves over the internet) and at rest (when it is stored on our servers).
• Access Controls: Access to sensitive personal information is strictly limited to authorized personnel who need it to perform their jobs.
• De-identification and Pseudonymization: Whenever possible, we remove direct identifiers (like your name and contact info) from your health data and replace them with a code. This allows for data analysis while minimizing privacy risks.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

We retain personal information only for as long as necessary for the purposes set out in this policy and to comply with our legal obligations.

• Clinical Trial Data: Data related to clinical trials is subject to strict regulatory requirements. We are legally obligated to retain this data for a very long period, which can be 15 to 25 years or more after a trial is completed, depending on the jurisdiction and type of product studied.
• Account Information: If you have an account with us not directly tied to a long-term trial, we will retain your information for as long as your account is active or as needed to provide you Services.

7. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly market to or solicit data from children under 18 years of age without verifiable parental or guardian consent. Clinical trials may sometimes include participants under 18. In such cases, we will obtain explicit, informed consent from the parent or legal guardian in accordance with applicable laws and trial protocols before collecting any personal information.

8. WHAT ARE YOUR PRIVACY RIGHTS?

You have rights regarding your personal information. These rights vary by location but generally include:

• The right to access a copy of your personal information.
• The right to rectify inaccurate information.
• The right to erase your personal information (this right is limited for clinical trial data due to regulatory retention requirements).
• The right to restrict processing of your personal information.
• The right to data portability (where applicable).
• The right to object to processing.
• The right to withdraw consent at any time.

To exercise any of these rights, please contact us at privacy@decentrialz.com

9. SPECIFIC INFORMATION FOR UNITED STATES RESIDENTS (HIPAA & STATE LAWS)

A. Health Insurance Portability and Accountability Act (HIPAA)

When we process health information as part of a clinical trial in the US, that information may be considered “Protected Health Information” (PHI) subject to HIPAA. We are committed to protecting your PHI.

• Our Role: We typically act as a “Business Associate” to the clinical trial sponsor or healthcare provider (“Covered Entity”). We are required by law to protect your PHI through a formal Business Associate Agreement.
• Your Rights under HIPAA: You have specific rights regarding your PHI, including the right to access, amend, and request an accounting of disclosures of your PHI.

B. State-Specific Privacy Rights (e.g., California's CCPA/CPRA)

Residents of certain US states (like California, Virginia, etc.) have additional rights. It is important to note that information subject to HIPAA is often exempt from these state laws. To the extent your data is not covered by HIPAA, you may have the right to know what personal information we collect, to delete it, and to opt-out of the “sale” or “sharing” of your data (for the record, we do not sell your personal health information without your consent).

10. YOUR RIGHTS AND HOW TO ADDRESS CONCERNS (EEA, UK, SWITZERLAND)

If you have questions or concerns about how we handle your personal data, you have several rights:

• Take control of your databy contacting us to access, correct, delete, or restrict it. You can reach us at privacy@decentrialz.com.
• Lodge a complaint with your local data protection authority if you feel we have not adequately addressed your concerns. You can find their contact details here: [EU authorities], [UK authority], [Swiss authority].
• Withdraw consent at any time for any data processing that is based on your permission by contacting us.

11. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may use cookies and similar technologies on our website to help it function, for analytics, and to improve your experience. For detailed information, please see our Cookie Notice.

12. DO WE MAKE UPDATES TO THIS NOTICE?

Yes, we will update this policy as necessary to stay compliant with relevant laws and to reflect any changes in our practices. The “Last Updated” date at the top of this policy will indicate the latest version.

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this policy, or if you wish to exercise your privacy rights, you may contact our Data Protection Officer by email or post:

• Email: privacy@decentrialz.com
• Contact Person: Data Protection Officer