Privacy Policy

Critical Path Institute Privacy Policy

This Policy explains how and why Critical Path Institute (C-Path) collects and processes personal information about people who visit our website, users who log on to our systems to access our online collaboration portals or data repositories, and any other individuals from whom we may collect information, directly or indirectly. This Policy also provides a summary of the conditions under which we may disclose your information to others, your rights regarding the information we collect about you, and the measures we take to secure that information.

Information collected

The C-Path website, online collaboration portals and cloud-based data repositories may collect information about you when you apply for access or utilize the services they provide. C-Path may collect personal information such as your name, mailing address, email address, education, employer and internet protocol (IP) address. C-Path uses the information collected to communicate with stakeholders, control access to restricted research data, and to notify users about important information and events.

If you make a donation online, your credit card information is not held by C-Path. It is collected by our third-party payment processors, who specialize in the secure online capture and processing of credit/debit card transactions.

In all cases, C-Path will only collect information in accordance with legitimate interests. We collect personal data from individuals in the course of their participation in C-Path activities and events and will only use it in a manner that is consistent with their expectation as C-Path consortia members, participants, repository users or stakeholders.

Note that anonymized clinical data related to research individuals collected by others and shared with C-Path is accepted into the C-Path data repositories. For the purposes of this data collection, C-Path does not process any identifiable personal data of those research individuals and there is no ability for C-Path to provide access to personal data collected in this manner since there is no method of identifying an individual through the data.

Cookies and Tracking Technologies

Like many websites, we may use “cookies.” Cookies are text files placed in your computer’s browser to store your preferences and provide you with a better website experience. Cookies do not contain personal information; however, once you choose to furnish a website with personal information, such personal information may be linked to the data stored in the cookie. We use services like Google Analytics for our website, online collaboration portals and data repositories to help us analyze how our visitors use the site.

We do not use session cookies or persistent cookies to collect PII and we do not share any data collected from cookies.

How to Opt-Out or Disable Cookies

Cookies pertaining to our website, online collaboration portals and cloud-based data repositories are enabled by default because of their integration with those sites. If you do not wish to have cookies placed on your computer, you can disable them using your Web browser.

Note: If you disable cookies in your browser, it may cause problems with searching and displaying information.

How information may be used

C-Path may use personal information that it collects to:

  • Process a donation that you have made through its website;
  • Control access to information
  • Carry out our obligations arising from any contracts for services entered into by you and us;
  • Notify you about C-Path activities and events;
  • Notify you of changes to our website or services;
  • Support clinical data research where anonymized human-individual-level data is collected.

External Links

Links to third-party websites from the C-Path website are provided solely as a convenience to you. Using these links will direct you away from the C-Path website. We have not reviewed these third-party sites and do not assume responsibility or control for any of these sites, their content, or their privacy policies. C-Path does not endorse or make any representations about them or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third-party sites linked to a C-Path site, you do so at your own risk.

Commitment to Data Security

C-Path is committed to maintaining the security of your information. To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use of information, we have put in place reasonable procedures to safeguard and secure the information we collect and store online. We use encryption technology when collecting or transferring sensitive data. C-Path will not resell or distribute your confidential information to any third party.

Acceptance of Privacy Policy

If you use the C-Path website, online collaboration portals or data repositories, you are accepting the terms and conditions of this Privacy Policy, and we will have the right to use your information as described in this Privacy Policy. If you do not agree to have your information used in any of the ways described in this Privacy Policy, you can choose to not access or use our services and to discontinue use of C-Path websites, online collaboration portals, data repositories or other resources.

Data Subjects Whose Personal Information May Be Collected in or from the EEA, UK and other Judications

Critical Path is committed to treating all information received from European Union (EU) member countries, the U.K. and Switzerland, in accordance with the EU General Data Protection Regulation’s and the UK General Data Protection Regulation’s applicable Principles. Information provided below is applicable to personal data collected from individuals within the European Economic Areas (“EEA”), UK and Switzerland.

Rights of the Individual

Access and Rectification

Upon the request of an individual, C-Path will confirm whether personal information is held, processed, and for what purpose. Additionally, upon request, C-Path will provide a copy of the individual’s personal information, free of charge, in an electronic format. Requests should be sent to

Right to be Forgotten

Personal information held by C-Path that is no longer relevant to original purposes will be erased upon request. Additionally, if applicable and relevant GDPR requirements for data erasure are present, C-Path will erase personal information if an individual withdraws consent to process such information. Requests should be sent to

Data Portability

Upon the request of an individual, and where possible, C-Path will provide the personal information previously provided by the individual in machine readable format or transmit such data to another entity. Requests should be sent to

Recourse, Enforcement and Liability

If you are located in the EEA, UK or Switzerland and you have concerns about the privacy or processing of your data by C-Path, please email your concern to to have your concern reviewed and addressed promptly, if confirmed. If, as a resident of the EEA, you believe that we have not adequately resolved any such issues, you have the right contact the EU Supervisory Authority. A list of Supervisory Authorities is available here:

Automated Decision-Making

We do not engage in automated decision-making.

Non-Disclosure of Personal Information

Our employees are prohibited, either during or after their employment, from disclosing personal information to any person or entity outside of our company, including family members, except under the circumstances described above. An employee is only permitted to disclose the personal information of a user to such other employees who need access to such information in order to deliver our services to that user.

Changes to Privacy Policy

C-Path reserves the right to modify this Privacy Policy at any time. Your continued use of the website, SharePoint Online Collaboration Portals or data repositories after we either personally notify you or generally post such changes on the site will constitute your acceptance of those changes. Please note that the C-Path Privacy Policy was last reviewed and approved on January 31, 2023.

How to Contact Us

C-Path strives to comply with applicable policy regulations and to maintain current and accurate data. If you have any comments, questions or concerns about any of the information in this Policy, corrections, or any other issues or requests relating to the Processing of User Information carried out by us, or on our behalf, please contact:

Critical Path InstituteAttention: Data Privacy Officer
1840 E River Rd, Suite 100
Tucson, AZ 85718-5893
Critical Path InstituteAttention: Chief Information Security Office
1840 E River Rd, Suite 100
Tucson, AZ 85718-5893

Critical Path Institute Privacy Policy