Privacy Policy
We take patient privacy seriously. Feel free to contact us if you have questions regarding our privacy policy.
Purpose:
This procedure describes how Sanguine BioSciences. (“Sanguine”, “we”, “our” or “us”) collects, protects, uses, and shares your information. Please read this notice carefully to understand how your information may be used.
Scope:
This procedure covers Sanguine’s Data Privacy Policy, the data we collect, and what we do with that data.
Roles and Responsibilities:
The table below details the role responsible for the tasks within this document.
Role | Task |
---|---|
Data Privacy Officer and/or Sanguine Quality Lead | Review and update this policy based upon designated procedure review intervals, added or revised regulations, or additional regulations under Sanguine’s scope of work based upon product and business expansion. |
All Sanguine employees and other persons who may be subject to information sharing | Review and agree to this policy. Sanguine employees and other persons who supply data to Sanguine shall understand how Sanguine uses the data of those who provide it. |
References:
The table below lists the applicable Sanguine document references (Internal) as well as applicable regulations/standards (External).
Internal Reference(s) | Title |
---|---|
N/A | N/A |
External Reference(s) | Title |
---|---|
45 CFR 46 | US DHHS and Office of Human Research Protection guidelines |
21 CFR Part 11 | All parts – Electronic Records; Electronic Signatures – Scope and Application |
California Civil Code § 1798.83 | California Shine the Light Law |
Definitions and Abbreviations:
The table below lists the applicable Sanguine definitions to terms or abbreviations as noted within this document.
Term / Abbreviation | Definition |
---|---|
All abbreviations defined below | N/A |
Definitions and Materials, Supplies & Equipment:
Materials, Supplies, Equipment | Description |
---|---|
N/A | N/A |
Procedure:
The steps below describe the procedure needed to carry out this process.
1. Overview:
- If you reside or are located in the European Economic Area (“EEA”), Sanguine is the data controller of all Personally Identifiable Information (PII) collected through Sanguine services provided.
- Sanguine Bioscience’s policies and procedures protect the subjects from whom we collect specimens and medical data. These policies and procedures comply with current regulations and guidelines from the entities below.
- Office of Human Research Protections (OHRP) is an office within the U.S. Department of Health & Human Services (HHS) and provides guidance and leadership in the protection of the rights, welfare and wellbeing of human subjects involved in research. Sanguine operates according to HHS human subject’s protection regulations 45 CFR Part 46. All Sanguine employees who are directly involved in research are required to complete human subject’s protection certification.
- Sanguine research studies are reviewed by Quorum Review IRB, an internationally and AAHRPP accredited ethical review board. An Institutional Review Board (IRB) is a regulatory committee that provides review and oversight to study procedures ensuring all research is ethically sound and exposes participants to as little risk as possible. All divisions of Sanguine BioSciences operate under approved procedures in place to provide safety and privacy for all study participants.
- Sanguine removes all identifying information from participant samples and medical data, and uses a study code and participant identification (ID) to identify the participant, thereafter. This code cannot be used by third parties to connect participants with their health information. Therefore, all third parties (such as researchers) that receive samples with associated medical information from Sanguine's Partner Labs will receive coded data and are unable to associate the information with individual study participants. Each researcher requesting tissue from Sanguine's Partner Labs must use samples for research purposes only, and be able to provide such documentation upon request. Every Sanguine employee directly involved with patient samples and data has successfully completed privacy training and bound by law and company policy to protect participant privacy and confidentiality.
- FDA Code of Federal Regulations 21 Part 11 (21 CFR 11) provides regulations and oversight for electronic records and signatures to insure they are as trustworthy, reliable, and generally equivalent to paper records. To be environmentally cognizant and assure quality recordkeeping, Sanguine consents study participants electronically in accordance with the federal Electronic Signatures in National Commerce Act and collects and stores research data in a 21 CFR 11 compliant database.
- Your participation in a research study is voluntary. You can change your mind and decide not to be in a research study at any time. There will be no penalty to you, and you will not lose any benefits. If you decide to stop participating in a study or would like your name to be withdrawn from our contact list for future studies, please contact the study staff at 855-836-4759. If possible, please make your request in writing to .
- Sanguine might contact you in the future about other research studies for which you might qualify. You can choose to be contacted about other research studies at any time by speaking with Sanguine study staff at 855-836-4759.
2. Information You Provide:
- When you register with Sanguine BioSciences, we require that you create an account with us. During that process, we will collect information about you such as:
- Name
- Age
- Gender
- Health Information
- Phone Number
- Physical Address
- Email Address
- Once you have registered with us, and signed our authorization form, we will continue to collect additional information about you, as described in the authorization form, to help researchers evaluate potential research projects and to help us better identify research studies for which you might be eligible and interested. In addition, we collect and keep your medical information through the personal health record and sync your medical record information from your healthcare provider or another third-party source.
- In addition to the Personal data we collect when you register and use our Services, we automatically collect and store other information about you such as:
- Information about the device you use to access our site, such as the type of device you are using to access our Site and Services and the type of browser you are using.
- Information about your account activity, such as number of times you have logged into your account, your Internet Protocol address (“IP address”), the date and time of your access.
- Information related to your location.
- Information about you and your device through cookies, web beacons, and similar technologies. If you access our Site through a web browser, a “cookie” is a small data file sent from a website and stored on your device to identify your device in the future and allow for an enhanced personalized user experience. A “session cookie” disappears after you close your web browser or may expire after a fixed period of time. A “persistent cookie” remains after you close your web browser and may be accessed every time you use our website. We may use both session and persistent cookies. You should consult your web browser to modify your cookie settings. Please note that if you delete or choose not to accept cookies from us, you may not be able to use certain features of our Site. A web beacon is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites or when emails are opened.
- Information you provide to us when you ask a question or provide us with a comment about our Site or Services.
- If you agree, we may collect information about you from other sources, such as wearable devices that you own or wear.
- If you agree, and sign our authorization form, we may collect your medical records from your health care providers on your behalf.
3. User Communication
- When you send email or other communication to Sanguine, we may retain those communications to process your inquiries, respond to your requests and improve our services.
- This Privacy Policy applies to all digital assets that are owned and operated by Sanguine. Sanguine only processes confidential information for the purposes described in this Privacy Policy.
- Sanguine will not collect or use confidential information for purposes other than those described in this Policy unless we have obtained your prior consent.
- You can decline to submit information, in which case Sanguine may not be able to provide services to you through electronic channels.
4. Information Sharing
- Sanguine only shares confidential information with other companies in the following limited circumstances:
- We have your consent.
- We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to:
- Satisfy any applicable law, regulation, legal process or enforceable governmental request
- Enforce applicable Terms of Service, including investigation of potential violations thereof
- Detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Sanguine as required or permitted by law.
- Please contact us for any additional questions about the management or use of confidential data.
5. Use & Sharing of Personal Information:
- We will not sell, rent, license, or trade your personal information with third parties for their own direct marketing use unless you expressly tell us it is okay to do so. Unless you give us your permission, we will not share your personal information other than as stated in this Privacy Policy.
- We may use the information we collect from you when you sign up, register, respond to a survey or marketing communication, surf our website, or use certain other features of the Services in the following ways:
- To personalize your experience on the website and to allow us to deliver content and product offerings that interest you.
- To allow us to better respond to your customer service requests.
- To quickly process your requested transactions.
- To administer a promotion, survey or other feature of our website.
- You Control How Your Medical Information Is Shared
- When you use our personal health record, you can decide whom you want to be able to see your medical information (spouse, family members, etc.) by using the data sharing options in your Account Settings
- Registration Information, Portal Information and Portal Credentials
- Certain areas and features of our website are available to you without registration. However, other features of our website or the Services may require registration, which involves giving us your email address, a password and a username (the "Registration Information"). In order to fully benefit from our Services, you also must provide your third-party health portal credentials ("Portal Credentials") to allow us to access your health data at those other healthcare providers' organizations ("Portal Information") for your use.
- From time to time we may request other personal information to provide you with other benefits of the Services. In those instances, you will be given the opportunity to provide or not provide that information, and it will be used only for that purpose. Sanguine may create anonymous or aggregate personal information and share that data only in a non-personally identifiable manner to:
- Organizations approved by us that conduct research into health; and
- Users of the Services for purposes of comparison of their personal health situations relative to others.
- That information does not identify you individually. Access to your Registration Information, Portal Credentials, Portal Information and any other personal information you provide is protected by our specific internal procedures and safeguards restricting access to that information, so that we can ensure it is only used to operate, develop or improve the Services.
- Information Shared with Third Parties Assisting in Our Operations
- We may share your personal information under confidentiality agreements with other companies that provide products and services on our behalf, such as those:
- providing research,
- providing marketing services,
- delivering goods or services,
- providing cloud hosting services,
- administering promotions,
- analyzing data and usage of the Services,
- processing payments,
- operating our website, mobile application or personal health record, or
- providing support and maintenance services for the Services, as well as legal, regulatory, audit and other professional advisors.
- We may share your personal information under confidentiality agreements with other companies that provide products and services on our behalf, such as those:
- These companies (described above) may use your personal information to assist us in our operations. However, these companies do not have any independent right to share your information.
- Information Shared Under Special Circumstances
- We may provide information about you:
- to respond to subpoenas, court orders, legal processes or governmental regulations,
- to establish or use our legal rights or defend against legal claims,
- to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person, or
- as otherwise required by law.
- Business Transfers
- We may share your personal information with other businesses in connection with the sale, assignment, merger or other transfer of all or a portion of our business to those businesses. We will require those businesses to honor the rules of this Privacy Policy.
- Dormant, Closed or Terminated Accounts
- If your account is unused for an extended period, we may suspend or “lockdown” your account in order to better safeguard your personal information, and we will notify you when that occurs. If your account is suspended because it is unused, we will retain the personal information in your account for two years. At the end of that two-year period, we will delete the personal information in your account in order to better protect your privacy. Prior to deletion of your personal information, we will attempt to notify you.
- If your account is closed by you or terminated by us in accordance with our Terms of Service, we will promptly delete the personal information in your account, with the exception of a disclosure log that records how you shared the information in your account with third parties. The disclosure log will be maintained only for so long as is necessary for our business purposes and will be deleted as soon as practicable, in accordance with our record retention policies. You may close your account and request deletion of your data at any time by contacting us at .
- We may provide information about you:
6. Information Security
- Sanguine uses appropriate physical, managerial, and technical controls that are designed to protect the confidentiality, integrity, and security of personal data that we collect and maintain against accidental or unlawful loss, theft and misuse and unauthorized access, disclosure, alteration destruction, or any other type of unlawful processing. Unfortunately, no web site, server or database is completely secure. Sanguine cannot guarantee that your Personal data will not be disclosed, misused, or lost by accident or by the unauthorized acts of others.
- We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store data. We restrict access to confidential information to Sanguine employees, contractors and agents who need to know that information to perform and deliver services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
7. Storage and Retention of Personally Identifiable Information
- Information may be stored or processed in locations other than the jurisdiction in which you live or work. In such cases we will work to ensure that any vendor we use in that location has the appropriate protections in place. By using our Site and Services, you agree to the collection, storage, and processing of your information to any country in which we may conduct our business operations.
- If you reside or are located in the EEA, we keep your Personally Identifiable Information for no longer than necessary for the purposes for which the Personally Identifiable Information is processed. The length of time we retain this data depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
8. Data Integrity
- Sanguine may process confidential information only for the purposes for which it was collected and in accordance with this Policy. We review our data collection, storage, and processing practices to ensure that we only collect, store, and process the information needed to provide services. We take reasonable steps to ensure that the information we process is accurate, complete, and current, but we depend on our users to update or correct their information whenever necessary. You can access your Personally Identifiable Information and confirm that it remains correct and up-to date and choose whether or not you wish to receive email notifications from us by contacting us at study@sangiunebio.com or by calling 818-462-8290.
- You have the right to request access to any Personally Identifiable Information about you in our possession, update any incorrect information, restrict, or delete information about yourself or prevent the processing or sharing of Personally Identifiable Information.
9. Enforcement
- Sanguine regularly reviews its compliance with this Policy. Please feel free to direct any questions or concerns regarding this Policy by contacting us through this web site, emailing or writing to us at Sanguine BioSciences, 400 West Cummings Park Suite 3050 Woburn, MA 01801. When we receive written inquiries, it is Sanguine’s policy to contact you regarding your concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any issues regarding the transfer of confidential data that cannot be resolved between Sanguine Bioscience’s and a client.
10. California Privacy Rights (U.S. Only)
- Under Section 1798.83 of the California Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Data the business shares with third parties for those third parties’ direct marketing purposes, and the identities of the third parties with whom the business has shared such data during the immediately preceding calendar year.
11. Exercising Access, Data Portability, and Deletion Rights
- To exercise the access, data portability, and deletion right described above, please submit a verifiable request to us by:
- Calling 818-462-8290
- Emailing privacy@sanguinebio.com
- For California consumers, only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf on your minor child.
12. Contact
- If you have any questions, comments or requests regarding this Privacy Policy or our processing of your information, please contact privacy@sanguinebio.com or by calling 818-462-8290.