Effective Date: 24th February 2025

This Data Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you engage in our research activities. It applies to all individuals whose personal data we process as participants in our studies. By participating in our research, you agree to the terms of this Policy. You may withdraw your consent at any time. To learn more about how we and our clients use your data or about your rights, please refer to our Privacy Policy for Market Research Participant below.

1. Definition of Personal Data

“Personal data” refers to any information relating to an identified or identifiable individual, including:

• Basic Identifiers: Name, contact information, age, gender, and demographic details.
• Health and Sensitive Data: Health records, genetic information, ethnicity, sexual activity, or other sensitive data provided explicitly for research purposes.
• Research-Specific Data: Screening responses, study enrollment details, and recordings or transcripts of research interactions.

2. Data Collection

• Viscadia collects and processes personal data when you submit responses to screening questions or participate in research studies for our clients.
• If you are a Patient or Caregiver: This may include information regarding your (or your care receiver’s) health, how it impacts your personal life, and details relevant to eligibility such as ethnicity, age, nationality, and availability for further research.
• If you are a Health Care Professional (HCP): We typically collect information about your role, background, and practice. This data may be provided to us by other healthcare professionals, clients, or publicly available sources.
• Viscadia may also receive your information from paid recruiters, who provide your contact details and any relevant information to verify your eligibility (e.g., health data, ethnicity, or sexual activity for patient participants).

3. Use of Your Data

• Viscadia uses your personal data to assess your eligibility for research studies. If accepted, your data will be used for the research.
• Your data is processed in compliance with applicable data protection laws. If you reside in the United Kingdom (the UK), we comply with the UK General Data Protection Regulation (UK GDPR), as well as our clients' country-specific requirements.
• Viscadia takes reasonable steps to safeguard the confidentiality and security of your data. We ensure that the data we process is de-identified by the client, but there may be cases where identifiable information is required for verification purposes only.
• We may use your data to contact you regarding research opportunities for which you have consented.
• Your personal data may also be used for verifying information, confirming eligibility, and for research-specific reporting. We do not sell or commercialize your personal data.

4. Legal Bases for Processing

• Recruitment: Verifying the identity of research participants.
• Conducting Research: Creating deidentified research products for our clients.
• Adverse Event Reporting: If you report an adverse event, our client may contact you, but only if you have consented to be re-contacted.

We may also share your data with clients or service providers to fulfill legal obligations.

5. Data Sharing and Disclosure

• Internal Use: Your data may be shared with authorized personnel within our global offices to support operations and research activities.
• Third-Party Collaborators: Data may be shared with trusted service providers, research partners, or recruiters under confidentiality agreements. Any external sharing includes anonymization.
• Legal Disclosures: We may disclose personal data when required by law or in response to legitimate requests from regulatory authorities.

Viscadia does not sell your personal data.

6. International Data Transfers

As a global organization, your data may be transferred across our offices worldwide. Headquartered in the United States, we store and process your data in compliance with the OECD Privacy Guidelines. Data transfers follow strict protocols including Standard Contractual Clauses (EU Regulation 2016/679) and cross-border data requirements under Japan’s Act No. 57 of 2003.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected or to meet legal obligations. Once no longer needed, data is securely deleted or anonymized.

8. Data Security and Confidentiality

We implement robust safeguards to protect your data. Access is restricted to authorized personnel, and all data is processed under strict confidentiality protocols.

9. Legal Bases for Processing

• Recruitment: Verifying the identity of research participants.
• Conducting Research: Creating deidentified research products for our clients.
• Adverse Event Reporting: If you report an adverse event, our client may contact you, but only if you have consented to be re-contacted.

We may also share your data with clients or service providers to fulfill legal obligations.

5. Data Sharing and Disclosure

• Internal Use: Your data may be shared with authorized personnel within our global offices to support operations and research activities.
• Third-Party Collaborators: Data may be shared with trusted service providers, research partners, or recruiters under confidentiality agreements. Any external sharing includes anonymization.
• Legal Disclosures: We may disclose personal data when required by law or in response to legitimate requests from regulatory authorities.

Viscadia does not sell your personal data.

6. International Data Transfers

As a global organization, your data may be transferred across our offices worldwide. Headquartered in the United States, we store and process your data in compliance with the OECD Privacy Guidelines. Data transfers are conducted in accordance with our intergroup data transfer agreement, based on the Standard Contractual Clauses (EU 2016/679), and meeting the cross-border data transfer requirements under Japan’s Act No. 57 of 2003, as amended.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to meet legal obligations. Once no longer needed, data is securely deleted.

8. Data Security and Confidentiality

We implement robust safeguards to protect your data. Access is restricted to authorized personnel, and all data is processed under strict confidentiality protocols.

9. Children’s Privacy

We do not knowingly collect personal data from children under the age of 13. If you believe that data from a minor has been inadvertently collected, please contact us immediately.

10. Amendments to This Policy

We may update this Policy periodically. Any amendments will be posted on our website with the updated effective date.

11. Contact Information

For questions or requests regarding this Policy or the processing of your personal data, please contact us at privacypolicy@viscadia.com