This procedure describes how Sanguine BioSciences. (“Sanguine”, “we”, “our” or “us”) collects, protects, uses, and shares your information. Please read this notice carefully to understand how your information may be used.
Roles and Responsibilities:
The table below details the role responsible for the tasks within this document.
|Data Privacy Officer and/or Sanguine Quality Lead||Review and update this policy based upon designated procedure review intervals, added or revised regulations, or additional regulations under Sanguine’s scope of work based upon product and business expansion.|
|All Sanguine employees and other persons who may be subject to information sharing||Review and agree to this policy. Sanguine employees and other persons who supply data to Sanguine shall understand how Sanguine uses the data of those who provide it.|
The table below lists the applicable Sanguine document references (Internal) as well as applicable regulations/standards (External).
|45 CFR 46||US DHHS and Office of Human Research Protection guidelines|
|21 CFR Part 11||All parts – Electronic Records; Electronic Signatures – Scope and Application|
|California Civil Code § 1798.83||California Shine the Light Law|
Definitions and Abbreviations:
The table below lists the applicable Sanguine definitions to terms or abbreviations as noted within this document.
|Term / Abbreviation||Definition|
|All abbreviations defined below||N/A|
Definitions and Materials, Supplies & Equipment:
|Materials, Supplies, Equipment||Description|
The steps below describe the procedure needed to carry out this process.
- If you reside or are located in the European Economic Area (“EEA”), Sanguine is the data controller of all Personally Identifiable Information (PII) collected through Sanguine services provided.
- Sanguine Bioscience’s policies and procedures protect the subjects from whom we collect specimens and medical data. These policies and procedures comply with current regulations and guidelines from the entities below.
- Office of Human Research Protections (OHRP) is an office within the U.S. Department of Health & Human Services (HHS) and provides guidance and leadership in the protection of the rights, welfare and wellbeing of human subjects involved in research. Sanguine operates according to HHS human subject’s protection regulations 45 CFR Part 46. All Sanguine employees who are directly involved in research are required to complete human subject’s protection certification.
- Sanguine research studies are reviewed by Quorum Review IRB, an internationally and AAHRPP accredited ethical review board. An Institutional Review Board (IRB) is a regulatory committee that provides review and oversight to study procedures ensuring all research is ethically sound and exposes participants to as little risk as possible. All divisions of Sanguine BioSciences operate under approved procedures in place to provide safety and privacy for all study participants.
- Sanguine removes all identifying information from participant samples and medical data, and uses a study code and participant identification (ID) to identify the participant, thereafter. This code cannot be used by third parties to connect participants with their health information. Therefore, all third parties (such as researchers) that receive samples with associated medical information from Sanguine's Partner Labs will receive coded data and are unable to associate the information with individual study participants. Each researcher requesting tissue from Sanguine's Partner Labs must use samples for research purposes only, and be able to provide such documentation upon request. Every Sanguine employee directly involved with patient samples and data has successfully completed privacy training and bound by law and company policy to protect participant privacy and confidentiality.
- FDA Code of Federal Regulations 21 Part 11 (21 CFR 11) provides regulations and oversight for electronic records and signatures to insure they are as trustworthy, reliable, and generally equivalent to paper records. To be environmentally cognizant and assure quality recordkeeping, Sanguine consents study participants electronically in accordance with the federal Electronic Signatures in National Commerce Act and collects and stores research data in a 21 CFR 11 compliant database.
- Your participation in a research study is voluntary. You can change your mind and decide not to be in a research study at any time. There will be no penalty to you, and you will not lose any benefits. If you decide to stop participating in a study or would like your name to be withdrawn from our contact list for future studies, please contact the study staff at 855-836-4759. If possible, please make your request in writing to .
- Sanguine might contact you in the future about other research studies for which you might qualify. You can choose to be contacted about other research studies at any time by speaking with Sanguine study staff at 855-836-4759.
2. Information You Provide:
- When you register with Sanguine BioSciences, we require that you create an account with us. During that process, we will collect information about you such as:
- Health Information
- Phone Number
- Physical Address
- Email Address
- Once you have registered with us, and signed our authorization form, we will continue to collect additional information about you, as described in the authorization form, to help researchers evaluate potential research projects and to help us better identify research studies for which you might be eligible and interested.
- In addition to the Personal data we collect when you register and use our Services, we automatically collect and store other information about you such as:
- Information about the device you use to access our site, such as the type of device you are using to access our Site and Services and the type of browser you are using.
- Information about your account activity, such as number of times you have logged into your account, your Internet Protocol address (“IP address”), the date and time of your access.
- Information related to your location.
- Information about you and your device through cookies, web beacons, and similar technologies. If you access our Site through a web browser, a “cookie” is a small data file sent from a website and stored on your device to identify your device in the future and allow for an enhanced personalized user experience. A “session cookie” disappears after you close your web browser or may expire after a fixed period of time. A “persistent cookie” remains after you close your web browser and may be accessed every time you use our website. We may use both session and persistent cookies. You should consult your web browser to modify your cookie settings. Please note that if you delete or choose not to accept cookies from us, you may not be able to use certain features of our Site. A web beacon is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites or when emails are opened.
- Information you provide to us when you ask a question or provide us with a comment about our Site or Services.
- If you agree, we may collect information about you from other sources, such as wearable devices that you own or wear.
- If you agree, and sign our authorization form, we may collect your medical records from your health care providers on your behalf.
3. User Communication
- When you send email or other communication to Sanguine, we may retain those communications to process your inquiries, respond to your requests and improve our services.
- Sanguine will not collect or use confidential information for purposes other than those described in this Policy unless we have obtained your prior consent.
- You can decline to submit information, in which case Sanguine may not be able to provide services to you through electronic channels.
4. Information Sharing
- Sanguine only shares confidential information with other companies in the following limited circumstances:
- We have your consent.
- We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to:
- Satisfy any applicable law, regulation, legal process or enforceable governmental request
- Enforce applicable Terms of Service, including investigation of potential violations thereof
- Detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Sanguine as required or permitted by law.
- Please contact us for any additional questions about the management or use of confidential data.
5. Information Security
- Sanguine uses appropriate physical, managerial, and technical controls that are designed to protect the confidentiality, integrity, and security of personal data that we collect and maintain against accidental or unlawful loss, theft and misuse and unauthorized access, disclosure, alteration destruction, or any other type of unlawful processing. Unfortunately, no web site, server or database is completely secure. Sanguine cannot guarantee that your Personal data will not be disclosed, misused, or lost by accident or by the unauthorized acts of others.
- We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store data. We restrict access to confidential information to Sanguine employees, contractors and agents who need to know that information to perform and deliver services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
6. Storage and Retention of Personally Identifiable Information
- Information may be stored or processed in locations other than the jurisdiction in which you live or work. In such cases we will work to ensure that any vendor we use in that location has the appropriate protections in place. By using our Site and Services, you agree to the collection, storage, and processing of your information to any country in which we may conduct our business operations.
- If you reside or are located in the EEA, we keep your Personally Identifiable Information for no longer than necessary for the purposes for which the Personally Identifiable Information is processed. The length of time we retain this data depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.
7. Data Integrity
- Sanguine may process confidential information only for the purposes for which it was collected and in accordance with this Policy. We review our data collection, storage, and processing practices to ensure that we only collect, store, and process the information needed to provide services. We take reasonable steps to ensure that the information we process is accurate, complete, and current, but we depend on our users to update or correct their information whenever necessary. You can access your Personally Identifiable Information and confirm that it remains correct and up-to date and choose whether or not you wish to receive email notifications from us by contacting us at firstname.lastname@example.org or by calling 818-462-8290.
- You have the right to request access to any Personally Identifiable Information about you in our possession, update any incorrect information, restrict, or delete information about yourself or prevent the processing or sharing of Personally Identifiable Information.
- Sanguine regularly reviews its compliance with this Policy. Please feel free to direct any questions or concerns regarding this Policy by contacting us through this web site, emailing or writing to us at Sanguine BioSciences, 400 West Cummings Park Suite 3050 Woburn, MA 01801. When we receive written inquiries, it is Sanguine’s policy to contact you regarding your concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any issues regarding the transfer of confidential data that cannot be resolved between Sanguine Bioscience’s and a client.
9. California Privacy Rights (U.S. Only)
- Under Section 1798.83 of the California Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Data the business shares with third parties for those third parties’ direct marketing purposes, and the identities of the third parties with whom the business has shared such data during the immediately preceding calendar year.
10. Exercising Access, Data Portability, and Deletion Rights
- To exercise the access, data portability, and deletion right described above, please submit a verifiable request to us by:
- Calling 818-462-8290
- Emailing email@example.com
- For California consumers, only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf on your minor child.