This Privacy Policy, together with our Terms of Use, applies to your Personal Data when you visit findmecure.com or use our Services through this website. Please, take time to read it carefully. We want you to be clear about how we use your information and the ways in which you can protect your privacy while remaining compliant with all applicable regulations, including, but not limited to, GDPR, HIPAA, and the California Consumer Privacy Act.
We collect and process the following personal data:
-
We need your name and e-mail address, and telephone number, in order to create your profile on the website, identify you and communicate with you in relation to the Services we provide to you, whether those Services are helping you to find a clinical trial or you are a caregiver seeking information for a loved one. We may use your information to assist in finding a clinical trial for the person with the need, provide possible connections to healthcare providers with experience in those clinical trial treatments, link you to patient advocacy groups, and generally assist with resources around the indicated health condition. If you opt in, you may also subscribe to our Newsletter.
- We need an indication of your country and/or city of residence, medical condition and history in order to identify any suitable program or another initiative as part of the Service which you have opted to use. Without this information, we cannot provide you with personalized recommendations designed only for you in view of the specifics of your condition.
- We shall not be using your contacts for any promotional, direct or indirect marketing reasons. We shall only send you useful materials about your condition and clinical trials, as we have engaged to do as part of our Services.
-
When you have provided to us your consent to participate in more surveys and/or interviews that will help medicine advance, we shall use your contact information, including email address and telephone number, to contact you and to offer participation in surveys and/or interviews.
-
Information that your browser sends when you visit a website or online service (“Log Data”). This Log Data may include, but is not limited to, your location, browser type, the web page you were visiting before you access the Service and information you search for using the Service.
-
Like many services, our site uses “cookies” to collect information. We use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor web traffic routing and aggregate usage of the Service. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit.
- We may use automated devices and applications, such as Google Analytics, to evaluate usage of the Service. We use these tools to help us improve the Service, performance and user experience. We may also engage third parties to track and analyze Service data or provide other services on our behalf. This Policy does not cover such third parties’ use of the data.
The information about your medical condition is treated with a high level of privacy and confidentiality by the applicable data protection legislation, so we need your explicit consent to receive and process this data, which you can withdraw at any time. You may withdraw your consent at any time by sending an email to the contact person for privacy matters listed below.
Data Protection Officer: Ivaylo Yosifov
Email: data.privacy@findmecure.com
When you have provided to us your consent to participate in a survey, we shall send you a list of specific questions regarding your medical condition which you shall be requested to fill in. When you have provided to us your consent to participate in an interview, we shall organize an interview and we shall request additional consents for the recording and the use of the interview.
Processing and Sub-processing
We take appropriate contractual, technical, and organisational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is only accessible by only those who need access to do their job, and that they are properly trained and authorised. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.
Who uses your information
The company that processes your personal data as a data controller is: FINDMECURE LTD. - a company incorporated under the law of England and Wales, registered into the Registrar of Companies for England and Wales under company number 10821379. We do so under the legal basis of your explicit consent.
For providing quality Services we engage third-party service providers - processors, carefully selected according to their capacity for personal data protection and processing in compliance with our obligations under the applicable data protection legislation. We provide personal data to our processors to process it for us only based on our instructions and only in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. We do not sell or disperse your personal data otherwise.
Here is a list of the third-party data processors we use:
- Microsoft, EU (Ireland)
- Google, EU (Ireland)
- Freshworks, USA (California)
- Typeform, EU (Spain)
- Intercom, USA (California)
- SendGrid, USA (Colorado)
Global Transfer of Your Data
We might transfer data we collect from you to persons/legal entities (‘Recipients’) outside the European Economic Area (‘EEA’) and the UK. When we do such transfers to third countries, we do so in accordance with the terms of this Privacy Policy, the UK, and the EU data protection rules, in particular with the GDPR and the UK-GDPR, and the EU-US Data Privacy Framework. Please contact our Data Protection Officer for more details.
Retention and Deletion
FindMeCure will retain your Personal data for as long as your profile is active; as needed to provide you the Services; as needed for the purposes outlined in this Privacy Policy; as necessary to comply with our legal obligations (e.g., to honor opt-outs), resolve disputes and enforce our agreements; or to the extent permitted by law.
What We Share
Personalized Information which includes your identification details, including any surveys and/or interview recordings, will be shared with third parties only with your explicit consent. Anonymized information which does not include your identification details will be shared with third parties for the purposes of advancing medicine.
Minors
We provide Services to, allow registration and collect personal data only to persons aged 18 and over. If we obtain actual knowledge that we have collected personal data from a person under the age of 18 in violation of the legal requirement, we will promptly take appropriate measures and we may delete it, unless we are legally obligated to retain such data.
If you would like to register and enter the personal data of your child aged under 18, we shall need your explicit consent, so please send us an email to the email address of our contact person above, stating your name, the name of your child and a declaration that you are his/her parent as well as a declaration that you agree for us to process his/her data as described in this Privacy Policy.
Personal Security
The security of your personal data is very important to FindMeCure. We use commercially reasonable physical, electronic and administrative safeguards that are designed to protect your personal data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Our data is encrypted both - at rest and in motion and our partners are worldwide leaders in their respective domains and have taken top security measures.
In the event that your personal data is acquired, or is reasonably believed to have been acquired, by an unauthorized person and applicable law requires notification, FindMeCure will notify you by e-mail. FindMeCure will give you notice promptly, consistent with the reasonable needs of law enforcement and/or the needs of FindMeCure to determine the scope of the breach and to investigate and restore the integrity of the data system.
Your Rights
You have the following rights regarding the processing of personal data:
- Right of information. This Policy aims to inform you in detail about the processing of your personal data by FindMeCure Ltd.
-
Right of access. You are entitled to receive confirmation of whether your personal data are being processed, to receive access to such data, as well as information about the processing and your rights.
- Right of rectification. You are entitled to have your data rectified in case it is incomplete or inaccurate. Your data may be rectified by us upon your request.
-
Right of erasure. You have the right to ask for your data to be erased where one of the respective grounds provided by the GDPR/UK-GDPR applies. Please note that after deleting your data, you shall not be able to use the Services adequately. You have the right to delete data in a manner consistent with the functionality of the Services if such deletion is in accordance with the GDPR/UK-GDPR. We will comply with this instruction as soon as reasonably practicable and within a maximum period of 30 days unless the applicable data protection legislation requires storage. Please note that we may keep some of the personal data for legitimate business or legal purposes or be required (including by contract or law) to keep certain information and not delete it (or to keep this information for a certain time, in which case we will comply with the deletion request only after we have fulfilled such requirements).
-
Right of restriction of the processing. The GDPR and the UK-GDPR provide for the possibility of restricting your personal data processing in case there are grounds for this as set forth therein.
-
Right of data portability. You have the right to receive the personal data you have provided, and which are related to you in a structured, commonly used, machine-readable format, and to use such data with another controller at your discretion, if the conditions provided for in the GDPR and the UK-GDPR are present.
-
The right not to be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning you or similarly significantly affects you unless there are grounds provided for in the applicable data protection legislation, as well as appropriate safeguards to protect your rights, freedoms and legitimate interests.
-
Right to withdraw consent. You have the right to withdraw at any time your consent for personal data processing that is based on prior given consent. Such withdrawal shall not affect the lawfulness of the processing based on consent before its withdrawal.
- Right to object. You have the right to object, with respect to data processed, based on legitimate interest. In the event of such an objection, we will examine your request and, if justified, we will comply with it. If we believe there are enough legal grounds for the processing or where necessary for establishing, exercising, or defending legal claims we will inform you accordingly. You have an absolute right to object to personal data processing for marketing purposes.
If you wish to access, delete (when applicable) or correct your personal information please contact the Data Protection Officer. Please state clearly in the subject that your request concerns a privacy matter, and more specifically whether it is a request for access, rectification, or deletion. If you file a privacy-related complaint, we will collect your name, the name of a complaint-related person, email, country location, and details that gave rise to your complaint. We will use the information you provide to investigate your complaint and send you an answer once your complaint is reviewed. Bear in mind that we may ask for additional information to determine your identity.
Immediately after you delete your profile, terminate using the Services in any other way, or cease to use services and/or login to your profile for five consecutive years, your profile data will be deleted entirely. Your collected health data will be anonymized to provide continued insight into the patient experience and kept no longer than needed to accomplish the business purpose and/or after ten years. If you wish to have your collected health data deleted at the time you terminate Services, you will need to request this of our Data Protection Officer (details above).
If you think we have infringed your privacy rights, you can lodge a complaint with the respective supervisory authority: The Bulgarian Commission for Personal Data Protection (www.cpdp.bg) or the UK Information Commissioner’s Office (https://ico.org.uk/).
You can also lodge your complaint in particular in the country where you live, your place of work, or the place where you believe we infringed your right(s).