This privacy policy applies to CBCC Global Research. and its subsidiaries (collectively, “CBCC,” or “we“, “us“, “our“) and covers it’s corporate website – CBCCThis Privacy Policy describes how CBCC collects, uses, and discloses information and what choices you have with respect to the information.

1. Services

We provide comprehensive healthcare and clinical research services, including platforms to manage Clinical Trials.

It is our policy to respect your privacy regarding any information we may collect while using our services and websites, collectively called the Services.

For the purpose of the Data Protection Laws:

CBCC complies with the Digital Personal Data Protection Act of India (DPDPA), the UK and EU General Data Protection Regulation (GDPR), as well as the state-specific data privacy requirements in the USA, such as the CCPA California Consumer Privacy Act (CCPA).

CBCC is a data controller as an employer and when dealing with suppliers. CBCC is a data processor for its customers.

CBCC also complies with the Health Insurance Portability and Accountability Act (HIPAA) requirements in those instances where CBCC acts as a Business Associate with respect to HIPAA.

2. Information We Collect and How We Use It:

2.1 Employees/Contractors

CBCC collects information such as name, address, contact details, and bank details from the employees.

2.2 Website Visitors

Individuals who access its website (“Visitors”) and individuals who sign up for our software platforms (“Customers”).

When a visitor or customer requests additional information about CBCC, contacts CBCC via the website, or registers to use CBCC’s service, CBCC may require you to provide us with contact information such as name, company name, title, address, phone number, and email address.

CBCC may also collect information regarding your interaction with CBCC’s website and software service. For example, CBCC may use technologies, such as cookies (described below), to collect information about the pages you view, the links you click, and other actions you take on CBCC sites and services.

Additionally, CBCC also collects certain standard information that your browser sends to every website you visit, such as your IP address, access times and referring website addresses. This information is primarily used to help diagnose technical problems, for administrative purposes, to compile nonidentifying aggregate statistics about site usage and to improve the quality of CBCC’s website and services.

2.3 Customer’s Data

When purchasing our services, CBCC may also request financial qualification and billing information, such as billing name and address, credit card number, and the number of users within the organization expected to use the CBCC software platform.

CBCC uses the information that we collect to perform the services requested. For example, if you complete a web contact form, CBCC will use the information provided to contact you about your interest in our service.

CBCC may also use the information collected for marketing or other legitimate business purposes. For example, we may use the collected information to contact you to discuss your interest in CBCC, the services that CBCC provides, and to send information regarding CBCC or partners, such as promotions and events.

All financial and billing information CBCC collects is used solely to check the qualifications of prospective customers and to bill for services. This billing information is not used for marketing or promotional purposes.

2.4 Data Collected through our platforms

  • Information about Users of the CBCC platforms: For staff of Customers, trial sites or other partners that require access to clinical trial or research project information, we may collect name, username, employer name, email, phone, and other data required to operate the trial either directly or through the Customer, trial, site or Customer.
  • Information about participants in clinical trials: When you participate in a clinical trial or research project, we collect information requested by the Customer of that clinical trial or project.  This may include name, contact details, date of birth, gender, additional health information, demographic information, or other information for that study.

2.5 Other Data

We may automatically log information, such as a user’s IP address, domain name, browser type, date and time of access, and other log file data. This information may be used to analyze trends or administer our websites and applications.

We may collect statistical or non-personally-identifiable information about our users, such as which pages are visited, how long a visitor stays on a particular page, the website from which a user came to our site, or similar information. We also may collect aggregate information such as the total number of unique or returned visitors to our site, using our application, or visiting a particular page in a given timeframe. We may use this information to measure the use of our sites and applications and to improve our content.

2.6 Cookies

We collect data through cookies. Cookies are small text files placed on your computer by websites you visit. They are widely used to make websites work or work more efficiently, as well as to provide information about your actions to the owners of the website. We collect data through cookies from our Website visitors:

CBCC uses cookies to identify and track website visitors, their usage of the website, and their website access preferences. CBCC Website visitors can control cookies through the Cookies Settings tool provided on the website.

The categories of cookies used are:

  • Strictly necessary cookies – These cookies are needed to run our website, keep it secure, and comply with regulations that apply to us.
  • Performance/analytics cookies – We may use performance/analytics cookies on our website. These cookies collect information about how website visitors use our website and services, including which pages website visitors go to most often and if they receive error messages from certain pages. It is used to improve how our website functions and performs.

3. How We Use Your Data

We may use the information we collect through our site or mobile application for the following purposes:

  • Employees/Contractors
    • For employment purposes.
  • Website visitors
    • To respond to Website visitor’s queries
    • For B2B marketing
  • Customer’s data
    • For payment purposes, including billing and participant financial compensation when applicable.
  • Data collected through our platforms:
    • To screen and identify individuals for participation in clinical trials and research studies.
    • To enroll individuals in clinical trials and research studies.
    • To conduct clinical trials and research studies and assist Customers in conducting these activities.
    • To fulfill our obligations under our contracts with Customers, trial sites, or other partners.
    • To provide support services to Customers, trial sites, or other partners that use our software platform.
  • Other data
    • To improve and administer our websites, applications, and clinical trial services and capabilities.
    • To better understand the users’ needs of our software platform and create relevant features to our platform users.
    • For analytics purposes and to generate statistics, aggregate data, and de-identified data.
    • For individuals who submit a resume or otherwise provide information as part of a job application through our site, that information will be used for employment-related purposes.
    • To comply with law and legal process.

4. Lawful basis for processing

We process your personal data only when we have a lawful basis.

Presently, we use the following:

  • Consent – We process your data if you have given your consent freely for the same. Where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time. Please contact us using the details in the ‘Contact Information’ section of this notice.
  • Performance of contract – We process your data when it’s necessary for the performance of the contract. For example, if the processing is necessary to fulfil our commitments under the applicable terms of service.
  • Legal Obligation – We process your data if the use of your information is necessary for compliance with legal obligations.
  • Legitimate Interest – We may also process your data on the grounds of legitimate interest for a particular processing activity. For example, to safeguard our services, to understand our user preferences etc.

Where you have consented to a particular processing, you have a right to withdraw the consent at any time.

5. Your Rights

Data Subjects have certain rights in respect of their personal data. The rights given with respect to your personal data include:

  • The Right of Access: You have the right to access personal data and supplementary information. You can ask us for a copy of your personal information
  • The Right to Rectification: You can ask us to change, update or fix your data in certain cases, particularly if it is inaccurate.
  • The Right to Erasure: You can ask us to erase or delete all or some of your personal information (e.g., if it is no longer necessary to provide Services to you) without undue delay.
  • The Right to Restriction of Processing: You can ask us to stop using all or some of your personal information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if you think your personal information is inaccurate or unlawfully held).
  • The Right to Data Portability: You have the right to data portability which provides the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit the same to another controller.
  • The Right to Object: You have the right to object to the processing of personal data.
  • Automated individual decision-making, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you (data subject).
  • The right to withdraw consent: You have the right to withdraw your consent at any time with effect for the future. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • The right to lodge a complaint: You have the right to lodge a complaint with the supervisory authority if you are dissatisfied with the way we handle or process your personal data.

Whenever you use our services, we aim to provide you with easy means to access, modify, delete, object to or restrict the use of your personal information.

We strive to give you ways to access, update/modify your data quickly or delete it unless we must keep that information for legal purposes. These rights can be exercised by contacting us using the details set out in the “Contact Information” section below.

These rights are not necessarily absolute and may be limited in some jurisdictions by applicable law.  In addition, if you are participating in a clinical trial or research project, while you can choose to stop participating at any time, information collected before your withdrawal may not be subject to deletion or objections to continued processing.

If you would like to exercise any of these rights, please contact us at cbcc@compliance.com

Please note, if you are participating in a clinical trial or research study supported using the CBCC software platforms, it may be necessary for the Customer to address your requests with respect to clinical trial or research project data that they control.

6. Your Information Shared with Others

CBCC may share the data we collect or receive about you as described in this Policy as follows:

  • In the case of customer, trial site, or other partner staff accessing our website or platform, we may share the personal data that we collect and process with the relevant Customer(s), trial site(s) or partner(s).
  • Please note, in the case of personal data collected during your participation in a clinical trial or research study supported by our website or mobile application, our ability to disclose your personal information is governed by our agreement with the Customer and we may disclose information to additional parties as the Customer may direct. For example, we may share information with clinical trial or research sites, clinical research organizations working with the Customer or shipping or other partners working with the Customer.
  • Service Providers- We may share personal information we collect about you with our third-party service providers. The categories of service providers to whom we entrust personal information include: IT and related services such as cloud-based data centers, security monitoring providers; application development service providers.
  • We also may disclose personal data to the Food and Drug Administration, the European Medical Agency, institutional review boards, ethics boards, or other regulators when required to do so in connection with clinical trials or research studies in which you choose to participate.
  • Disclosures to Protect Us or Other- We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
  • Disclosures in the Event of Merger, Sale, or Other Asset Transfers- If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

7. Cross-Border Data Transfers

Please note that CBCC is based in the United States and personal data provided by individuals in the EU, EEA, UK and Switzerland may be transferred to the United States and, possibly to other countries depending on the location of the Customer of a clinical trial or research study and its agents.

These jurisdictions may provide a lesser level of data protection that the law in your country. By providing personal data to CBCC you consent to the transfer of the personal data you provide to the United States and other third countries relevant to the particular clinical trial or research study in which you choose to participate.

8. Security Measures to Protect your Data:

We implement security controls to prevent breaches and unauthorized access to your data.

We maintain reasonable and appropriate security measures to protect your data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

Examples of security measures include physical access controls, restricted access to data, monitoring for threats and vulnerabilities, etc.

We retain personal data as long as reasonably necessary to carry out the purposes for which it was collected and to meet our legal obligations and if applicable, our contractual obligations to Customers or clinical trials or research studies.  Please note that data collected during your participation in a clinical trial or research study supported by CBCC through our software platform will be subject to retention by the Customer of that clinical trial or research project for the period described in the informed consent for that clinical trial or project, which may differ.

Refer to Annexure A of this document for our jurisdiction-specific policies:

9. Contact Information

You can contact us about this privacy policy or use of our services.

If you have questions or complaints regarding this Policy, you may contact us through email at cbcc@compliance.com. You may contact us at our mailing address below:

6th Floor, Turquoise IV, Sardar Patel Ring Road, Near Shantipura Circle, Ahmedabad, Gujarat 382210

If you are a resident of the European Economic Area and we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you have additional rights. If you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.

10. ANNEXURE A: Jurisdiction-specific provision:

California Privacy Rights Act (CPRA)

Categories of Personal data Data Processed through our applications Other Data (Data processed through our Websites)

Identifiers

Name and email id of the platform users

Data collected for creation of user accounts and subscriptions of blogs & newsletters from our Websites:

Name, Business email and address, phone number

Data received from B2B contact databases: We may receive your data, such as name, business email, and contact number from GDPR-compliant B2B contact databases we have subscribed to.

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

N/A

Name, signature, tax identification number (i.e. National Insurance Number), Government ID number etc. for individual who are signing up as our partners and customers.

Financial Information

N/A

Bank details, payment information etc. for our partners and customers.

Commercial Information

Not collected

Not collected

Protected Classification characteristics under California or federal law.

Gender, Age – However, the identifier is pseudonymised.

N/A. We do not collect information such as Gender, Age, national origin, marital status etc.

Biometric information

N/A – N/A – We do not collect Biometric information.

N/A – N/A – We do not collect Biometric information.

Internet or other similar network activity.

Log data, session information, Cookie Id.

Log data, session information, Cookie Id for Website visitors

Geolocation data

The address, However, the identifier is pseudonymized.

N/A

Sensory data.

N/A – We do not collect any Sensory data.

N/A – We do not collect any Sensory data.

Professional or employment-related information.

N/A

Employment status, previous employment details, salary details etc only for job applicants.

Inferences drawn from other personal information.

N/A

Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

N/A

Only from job applicants – educational details, history, degree.

This CPRA Privacy Policy describes CBCC practices regarding the collection, use, and disclosure of the personal information of California residents, describes the rights of California residents under the California Privacy Rights Act (“CPRA”), and explains how California residents may contact CBCC to exercise those rights. This CPRA Privacy Policy only applies to the personal information of California residents.

CPRA Categories of Personal Data

Selling of Personal or Personally Identifiable Information
Any personal information collected, whether it is part of a category identified above or any unknown category of information, is not sold to a third party. Personal information is not sold, traded, or given away in any manner that would result in a direct violation of the laws and regulations to which CBCC complies.

Sensitive data:

We do not generally seek to collect sensitive data through this Website.

To provide our product and services, where we do seek to collect such data, we will do this in accordance with California Privacy Rights Act(“CPRA”) requirements. If in case, CBCC ever chooses to use Sensitive Personal Data, you would have the right to limit the use of your sensitive personal Data.

The term “sensitive data” refers to the various categories of personal data identified by CPRA as requiring special treatment, including in some circumstances the need to obtain explicit consent from you. These categories include racial or ethnic origin, political opinions, religious, philosophical, or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).

Disclosures of Personal Data for a Business Purpose:

In the preceding twelve (12) months, CBCC has not disclosed Personal Data for business purposes.

Your Rights:

The CPRA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CPRA rights and explains how to exercise those rights.

  • Access to Specific Information
    You have the right to request that CBCC disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

    • The categories of personal information we collected about you.
    • The categories of sources for the personal information we collected about you.
    • Our business or commercial purpose for collecting or selling that personal information.
    • The categories of third parties with whom we share that personal information.
    • The specific pieces of personal information we collected about you (also called a data portability request).
    • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    • Sales, identifying the personal information categories that each category of recipient purchased; and
    • Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • Deletion Request Rights
    You have the right to request CBCC delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records unless an exception applies.
    We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

    • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
    • Exercise free speech, ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
    • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
    • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
    • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
    • Comply with a legal obligation.
    • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
  • Right to Correct Inaccurate Personal Information
    You have a right to request for correction of Inaccurate personal information. We shall use commercially reasonable efforts to correct the inaccurate personal information as directed by the consumer.
  • Right to Know What Personal Information is Sold or Shared and to Whom
    You have a right to request information about what personal information is sold or shared by us and with whom. Once the request received, we shall disclose the following:

    • The category or categories of consumers’ personal information it has sold or shared, or if we have not sold or shared consumers’ personal information, it shall disclose that fact.
    • The category or categories of consumers’ personal information it has disclosed for a business purpose, or if we have not disclosed consumers’ personal information for a business purpose, it shall disclose that fact.
  • Right to Opt-Out of Sale or Sharing of Personal Information
    You have a right to opt out of selling or sharing personal information if we sell or share such information. We shall prohibit from selling or sharing the consumer’s personal information after receiving the consumer’s direction, unless the consumer subsequently provides consent, for the sale or sharing of the consumer’s personal information.
  • Right to Limit Use and Disclosure of Sensitive Personal Information
    You have a right to request us to limit Use and Disclosure of Sensitive Personal Information. Upon such request we shall prohibit, from using or disclosing the consumer’s sensitive personal information for any other purpose after its receipt of the consumer’s direction unless the consumer subsequently provides consent for the use or disclosure of the consumer’s sensitive personal information for additional purposes.
  • Right of No Retaliation Following Opt Out or Exercise of Other Rights – Non-Discrimination
    We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA, we will not:

    • Deny you goods or services.
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
    • Provide you a different level or quality of goods or services.
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

    Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
    You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

    • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
    • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

    We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

  • Response Timing and Format
    We endeavour to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

11. Contact for more information

If you have any questions or concerns about CBCC’s privacy policy and practices, please contact us by email at cbcc@compliance.com, or by mail at: 6th Floor, Turquoise IV, Sardar Patel Ring Road, Near Shantipura Circle, Ahmedabad, Gujarat 382210

12. Privacy policy change

We will review and update this CPRA Privacy Policy periodically and note the date of its most recent revision at the top of this CPRA Privacy Policy. If we make material changes to this Policy, we will post the revised Policy on our website and may take additional measures to inform you about such changes before such changes take effect, if required by applicable data protection laws. We encourage you to review this Policy frequently to be informed of how CBCC is protecting your information.