This Policy explains how and why Critical Path Institute (C-Path) collects and processes personal information about people who visit our website, users who log on to our systems to access our SharePoint Online Collaboration Portals or data repositories, and any other individuals from whom we may collect information, directly or indirectly. This Policy also provides a summary of the conditions under which we may disclose your information to others, your rights regarding the information we collect about you, and the measures we take to secure that information.
The C-Path SharePoint Online Collaboration Portals, the C-Path Online Data Repository (CODR) and the C-Path Relational Sequencing Platform for TB (ReSeqTB) may collect information about you when you apply for access or utilize the services they provide. C‑Path uses the information collected to keep C‑Path consortia members aware of C‑Path activities and events, and to notify data repository users about events and important information pertaining to their use of the repository.
C-Path may collect personal information such as your name, mailing address, email address, education, employer and internet protocol (IP) address. If you make a donation online, your credit card information is not held by C-Path. It is collected by our third-party payment processors, who specialize in the secure online capture and processing of credit/debit card transactions.
In all cases, C‑Path will only collect information in accordance with legitimate interests. We collect personal data from individuals in the course of their participation in C‑Path activities and events and will only use it in a manner that is consistent with their expectation as C‑Path consortia members, participants, repository users or stakeholders.
Note that anonymized clinical data related to research individuals collected by others and shared with C-Path is accepted into the C‑Path data repositories. For the purposes of this data collection, C-Path does not process any identifiable personal data of those research individuals and there is no ability for C-Path to provide access to personal data collected in this manner since there is no method of identifying an individual through the data.
Cookies and Tracking Technologies
How information may be used
C-Path may use personal information that it collects to:
- Process a donation that you have made through its website;
- Carry out our obligations arising from any contracts for services entered into by you and us;
- Notify you about C-Path activities and events;
- Notify you of changes to our website or services;
- Support clinical data research where anonymized human-individual-level data is collected.
Links to third-party websites from the C-Path website are provided solely as a convenience to you. Using these links will direct you away from the C-Path website. We have not reviewed these third-party sites and do not assume responsibility or control for any of these sites, their content, or their privacy policies. C-Path does not endorse or make any representations about them or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third-party sites linked to a C-Path site, you do so at your own risk.
Commitment to Data Security
C-Path is committed to maintaining the security of your information. To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use of information, we have put in place reasonable procedures to safeguard and secure the information we collect and store online. We use encryption technology when collecting or transferring sensitive data. C-Path will not resell or distribute your confidential information to any third party.
How to Contact Us
C-Path strives to comply with applicable policy regulations and to maintain current and accurate data. If you have any comments, questions or concerns about any of the information in this Policy, corrections, or any other issues or requests relating to the Processing of User Information carried out by us, or on our behalf, please contact:
Critical Path Institute
Attention: Data Privacy Officer
1730 E River Road, Suite 100
Tucson, AZ 85718-5893
Data Subjects Whose Personal Information May Be Collected in or from the EEA
Critical Path is committed to treating all information received from European Union (EU) member countries, the U.K. and Switzerland, in accordance with the EU General Data Protection Regulation’s applicable Principles. Information provided below is applicable to personal data collected from individuals within the European Economic Areas (“EEA”). To facilitate the services we provide to individuals located in the EEA, we request explicit consent for the transfer of personal information from the EEA to the U.S. If you are an individual located in the EEA and you decline to consent to such transfer, you will no longer be able to use C-Path services.
Rights of the Individual
Access and Rectification
Upon the request of an individual, C-Path will confirm whether personal information is held, processed, and for what purpose. Additionally, upon request, C-Path will provide a copy of the individual’s personal information, free of charge, in an electronic format. Requests should be sent to [email protected].
Right to be Forgotten
Personal information held by C-Path that is no longer relevant to original purposes will be erased upon request. Additionally, if applicable and relevant GDPR requirements for data erasure are present, C-Path will erase personal information if an individual withdraws consent to process such information. Requests should be sent to [email protected].
Upon the request of an individual, and where possible, C-Path will provide the personal information previously provided by the individual in machine readable format or transmit such data to another entity. Requests should be sent to [email protected].
Recourse, Enforcement and Liability
If you are located in the EEA or Switzerland and you have concerns about the privacy or processing of your data by C-Path, please email your concern to [email protected] to have your concern reviewed and addressed promptly, if confirmed. If, as a resident of the EEA, you believe that we have not adequately resolved any such issues, you have the right contact the EU Supervisory Authority.
We do not engage in automated decision-making.
Non-Disclosure of Personal Information
Our employees are prohibited, either during or after their employment, from disclosing personal information to any person or entity outside of our company, including family members, except under the circumstances described above. An employee is only permitted to disclose the personal information of a user to such other employees who need access to such information in order to deliver our services to that user.
To learn more about the EU GDPR, visit http://www.eugdpr.org/
Last updated: June 2018