Privacy Policy

We take patient privacy seriously. Feel free to contact us if you have questions regarding our privacy policy.

Last updated: June 2024

Purpose:

Scope:

Sanguine's Data Privacy Policy:

Roles and Responsibilities:

Role Task
Data Privacy Officer and/or Sanguine Quality Lead Review and update this policy based upon designated procedure review intervals, added or revised regulations, or additional regulations under Sanguine’s scope of work based upon product and business expansion.
All Sanguine employees and other persons who may be subject to information sharing Review and agree to this policy. Sanguine employees and other persons who supply data to Sanguine shall understand how Sanguine uses the data of those who provide it.

References:

Internal Reference(s) Title
N/A N/A
External Reference(s) Title
45 CFR 46 US DHHS and Office of Human Research Protection guidelines
21 CFR Part 11 All parts – Electronic Records; Electronic Signatures – Scope and Application
California Civil Code § 1798.83 California Shine the Light Law

Definitions and Abbreviations:

Term / Abbreviation Definition
Personally Identifiable Information (PII) or Personal Data Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Excludes certain de-identified or aggregated information, publicly available government records, or other exclusions as per Data Privacy Laws.
Sensitive Personal Information Type of personal information depending on applicable Data Privacy Law, including personal identification numbers; account or debit/credit card numbers with access codes; precise geolocation; racial or ethnic origin; religious beliefs; union membership; medical history or conditions; sex life or sexual orientation; citizenship or immigration status; mail, email, or text message content (unless intentionally sent to the business); genetic or biometric data; criminal history, and personal data from a known child under 13 years old (specifically for consumers in CO, CT, VA). This also encompasses Special Categories of Data as defined under GDPR.
Processing Any operations performed on personal information, including collecting, storing, retrieving, consulting, analyzing, disclosing or sharing with someone else, erasing, or destroying personal data.
Customer / Patient / Participant External customers, patients, or individuals with whom we contract and provide our services.
User Individuals with access to the platforms we offer our clients. Users may be individual clients or the staff, employees, or representatives of our corporate clients.

Materials, Supplies & Equipment:

Materials, Supplies, Equipment Description
N/A N/A

Procedure:

1. Sanguine’s Commitment to Privacy

Law Scope Effective
“GDPR” General Data Protection Regulation Imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. May 25, 2018
“PIPEDA” Personal Information Protection and Electronic Documents Act Applies to private sector organizations engaged in commercial activity or operating in Canada. January 1, 2001
“CCPA” The California Consumer Privacy Act California state law that addresses the privacy rights of California consumers. It was updated, amended and expanded by California Privacy Rights Act (CPRA). In this Privacy Policy, CCPA means CCPA as amended by CPRA. CCPA: January 1, 2020 CPRA: January 1, 2023
“CPA” Colorado Privacy Act of 2021 Applies to legal entities conducting business in Colorado or delivering products or services targeted to Colorado residents. July 1, 2023
“CTDPA” Connecticut Data Privacy Act of 2022 The act applies to those who conduct business in the state or who produce products or services targeted to Connecticut residents. July 1, 2023
“FDBR” Florida Digital Bill of Rights Applies to for-profit entities that conduct business in Florida and collect personal data about Florida consumers (or are the entity on behalf of which such information is collected). July 1, 2024
“MCDPA” Montana Consumer Data Privacy Act Companies that conduct business in Montana or persons that produce products or services that are targeted to residents of Montana. October 1, 2024
“OCPA” Oregon Consumer Privacy Act Applies to any person that conducts business in Oregon or provides products / services to Oregon residents. July 1, 2024
“TDPSA” Texas Data Privacy and Security Act Applies to for-profit businesses or persons that does business in Texas or produces a product or service consumed by a Texas resident. July 1, 2024
“UCDPA” Utah Consumer Privacy Act of 2022 The Act regulates company that conducts business in Utah or produces a product or service that is targeted to consumers in Utah. December 31, 2023
“VCPDA” The Virginia Consumer Data Protection Act of 2021 Provides Virginia consumers with specific rights regarding their personal information that took effect on. January 1, 2023

2. Information we collect

Category Identifiers
Job Candidates - Date of Birth
- Immigration Status
- Contacts
- Biological Sex
- Estimated/Actual Income
Patient/ Participant - Address
- Biological Sex
- Country
- Date of Birth
- Email Address
- Full Name
- Phone Number
- State
- Zip Code
- Contact(s) Data
Employees - Address
- Country
- Country
- Date of Birth
- Email Address
- Full Name
- Occupation
- Phone Number
- State
- Zip Code
- Contact(s) Data
- Estimated/ Annual Income
- Immigration Status
Perspective Patient/ Participant - Address
- Country
- Date of Birth
- Email Address
- Full Name
- Occupation
- Phone Number
- State
- Zip Code
- Contacts
- Contact(s) Data

3. How we collect your information

4. How We Use and Share Personal Information

5. Information Security

6. Storage and Retention of Personally Identifiable Information

7. Data Integrity

8. Enforcement

9. Your Privacy Rights

10. Use of an Authorized Agent

11. Changes to this Privacy Policy

12. California Privacy Rights

13. Exercising Access, Data Portability, and Deletion Rights

14. Contact