Privacy Policy

Effective Date: June 24, 2022

General

We are Gray Consulting, Inc. dba Clincierge® (“we,” “us,” “Clincierge,” or “Gray Consulting”). Clincierge provides travel and lodging assistance, expense management, administrative, and other specialized solutions to clinical trial (“Trial”) participants (including, as appropriate, their caregivers) (collectively, “Trial Participants”) on behalf of our clients, which include Trial sponsors, Contract Research Organizations (CROs), and Trial sites (e.g., a hospital or clinic) (collectively, “Clients”). The services that we provide through Clincierge are collectively referred to herein as our “Services.” This Privacy Policy applies to the information collected online at www.clincierge.com (our “Website”) as well as to information collected by us offline in connection with our Services.

We have taken efforts to distinguish between the categories of individuals whose information we collect – namely, Trial Participants, Client business contacts, and Website visitors (who may also be Trial Participants or Client business contacts). In some cases, however, our activities apply generally. Thus, use of the terms “you” or “your” herein refers to all persons whose information we collect, whether a Trial Participant, Client business contact, or other individual.  

Finally, note that our practices involving your information are subject to applicable laws in the places in which we operate. This means that we engage in the practices described in this Privacy Policy in a particular country or region to the extent permitted under the laws of those places.

Information We Collect

Identity and contact information. When you contact us through our Website or otherwise reach out to us, we collect contact and other information including first and last name, company name, mailing address, email address, phone number, job title, information relating to a Trial Participant’s travel plans to and from the Trial, any other information that a Trial Participant chooses to provide to us, such as health-related information needed for special accommodations or other aspects of our Services. When you apply for a job with us, we request your contact information and information about your employment and education history. We may also request information such as your social security number in order to perform a background check.

Financial and payment information. We may collect certain financial and payment information including your bank account number and other data necessary for processing payments, including credit/debit card numbers and other related billing information.

Business information. We may collect information provided in the course of a contractual relationship between you or your organization and Clincierge, or otherwise voluntarily provided by you or your organization.

Website usage data. We may collect information about how you use our website, including the services you viewed or searched for, page response times, download errors, length of visits and page interaction information (such as mouse movements and clicks). To learn more about our use of cookies or similar technology please see our Cookie Notice.

Technical data. We may collect information during your visits to our website such as the Internet Protocol (IP) address, device type, and location data.

How We Collect Your Information

The circumstances in which we collect personal data about you include:

  • when you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our personnel;
  • when you browse our website, complete a contact form on our website or otherwise interact with our website (for example, subscribe to marketing emails);
  • when you or your organization offer or provide services to us.

How We Use Your Information

We use the information that we collect from you to provide our Website and Services; to respond to general inquiries; to solicit feedback regarding our Website and Services; to provide relevant content on our Website; to send invoices and receive payments; to maintain and improve our Website and Services; and to communicate with you regarding the Trials for which Trial Participants have registered.

In addition to collecting your information for the purposes described above, we also use your information:

  • to protect our interests or the interests of third parties;
  • to maintain and enhance the security of our Services;
  • to prevent abuse of our Services;
  • to comply with our legal obligations;
  • to perform or enforce our agreements;
  • for any other purpose with your consent.

Transfers to Third Parties

We may share personal information related to Trial Participants with our Clients in connection with the administration of Trials. For some Clients, only deidentified/pseudonymized data is shared. With a Trial Participant’s prior approval, we may share personal information with such Trial Participant’s bank for reimbursement of Trial expenses, to the extent such function has been designated to us as part of our Services to the applicable Client.

We may disclose personal information to service providers to the extent needed to enable them to support our Services. For example, we may share a Trial Participant’s personal information with our travel assistance and logistics partners, so that they may book transportation or accommodation on such Trial Participant’s behalf in connection with a Trial. Other third parties that may receive your personal information include: direct marketing vendors, billing support, customer service, data storage and hosting services, sales support, and technical support vendors.

Cookies

Please see our Cookie Notice for more information.

Aggregated Data

In an ongoing effort to better understand the visitors to our Website and the recipients of our Services, we may analyze information in aggregate or in “de-identified” form, to operate, maintain, manage, and improve our Website and Services. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners, including, without limitation, our Clients. We may also disclose aggregated user statistics in order to describe the Website or the Services to current and prospective business partners and to other third parties for other lawful purposes.

Related Entities; Business Transfers

We may share your personal information with any companies under common control with us.

In the event of a merger, reorganization, dissolution, or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity.

Disclosure to Public Authorities

We may be required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation, including, but not limited to, in response to court orders and subpoenas.

Retention of Personal Information

We will only retain your personal information for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized, or as otherwise permitted by law. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally.

If you want to learn more about our specific retention periods for your personal information established in our retention policy you may contact us at compliance@clincierge.com.

How We Protect Your Personal Information

We will implement reasonable and appropriate security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in processing, the nature of such data, and applicable laws and regulations.

Children

We do not knowingly collect any personal information from children, as defined under applicable law, through our Website or Services. If you have reason to believe that your child has provided personal information to us, please contact us at compliance@clincierge.com so that we can delete that information from our databases.

Links to External Websites

Our Website may contain links to third-party websites, including, without limitation, those of Clients (“External Sites”). We have no control over the privacy practices of these External Sites and are not responsible for their privacy policies or practices. You should check the applicable third party’s privacy policy and terms of use when visiting any External Sites, and before providing any personal information to such External Sites.

Important Notice to Non-US Residents

Our servers are located in the US. If you are located outside of the US, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the US. Your decision to provide such data to us, or to allow us to collect such data through our Website or through the provision of our Services, constitutes your consent to this data transfer to the extent permitted under applicable law.

Changes to this Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time, and will post any changes on our Website as soon as they go into effect. Where changes to this Privacy Policy are material, we will notify you in accordance with applicable law.

California Residents

The following disclosures are made pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). These disclosures apply to individuals who reside in the State of California and supplement any other privacy notice provided by us. Any terms defined in the CCPA have the same meaning in this notice.

The below chart reflects the categories of personal information we have collected from California residents both online and offline during the past twelve months, the categories of sources from which the information was collected, the business or commercial purpose for which the information was collected, and the categories of third parties with whom we shared that information.

Categories of Personal Information Collected Categories of Sources of Collection Business/Commercial Purpose for Collection Categories of Third Parties Receiving Personal Information

Identifiers such as real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

You; Clients; Third-party sources; Our Website; Publicly available information, Devices you use to access the Website or our Services.
Provide our Services to you; Respond to questions; Provide you with information about our Services; Enhance customer experience; Detect security incidents and protect against fraud or illegal activity; Conduct hiring and/or other human resources activities; For research, analysis, and development; To evaluate or process a commercial transaction; As required by applicable law or government regulation.
Affiliates; Data analytics providers; Marketing platforms; Recruitment platforms; Technology services; Background check providers.

Personal information categories listed in Cal. Civ. Code § 1798.80 such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

You; Clients Third-party sources; Our Website; Publicly available information, Devices you use to access the Website or our Service.
Provide our Services to you; Respond to questions; Provide you with information about our Services; Enhance customer experience; Detect security incidents and protect against fraud or illegal activity; Conduct hiring and/or other human resources activities; To evaluate or process a commercial transaction; As required by applicable law or government regulation.
Affiliates; Data analytics providers; Marketing platforms; Recruitment platforms; Social networks; Technology services; Background check providers.

Protected classification characteristics under California or federal law such as age, race, national origin, citizenship, marital status, sex, gender identity, sexual orientation, medical conditions (including pregnancy or childbirth, physical or mental disability or related medical conditions), parental status, veteran or military status.

You; Clients; background check providers.
To provide you with our services and respond to your questions; To understand the products and services considered by our customers and to make improvements to our offerings; To provide advertising/marketing services, analytic services, or similar services; To collect and process applications for employment.
Background check providers; Affiliates.
Commercial information such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
We do not collect.
N/A
N/A

Biometric information

We do not collect.
N/A
N/A

Internet or other similar network activity such as browsing history, search history, information on interactions with an internet website, application, or advertisement.

You; Devices you use to access the Website or our Services.
To provide you with our Services and respond to your questions; To make improvements to our offerings; To provide advertising/marketing services, analytic services, or similar services; To identify and repair errors that impair existing or intended functionality; To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; To collect and process applications for employment.
Advertising networks. Affiliates; Data analytics providers; Marketing platforms; Recruitment platforms; Social networks; Technology services.

Geolocation data such as physical location or movements

We do not collect.
N/A
N/A

Sensory data such as audio, electronic, visual, thermal, olfactory, or similar information.

We do not collect.
N/A
N/A

Professional or employment-related information such as current and prior employment, performance evaluations, and results of background checks

You; Background check providers; Publicly available information.
Conduct hiring and/or other human resources activities.
Affiliates; Recruitment platforms; Technology services.

Non-public education information as defined in 20 U.S.C. Section 1232g, 34 C.F.R. Part 99 such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

We do not collect.
N/A
N/A

Inferences drawn from other Personal Information to create a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitude, intelligence, ability, aptitude, and any other inferences drawn from your personal information.

We do not collect.
N/A
N/A
In the past twelve months we have disclosed personal information to third parties for business purposes. The categories of personal information we have disclosed to third parties for business purposes are identified in the “Categories of Personal Information Collected” column above. We have disclosed those categories of personal information to the categories of third parties identified in the “Categories of Third Parties Receiving Personal Information” column above. While we do not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA. The CCPA broadly defines “sale” in a way that may include actives such as the delivery of targeted advertising on websites or allowing third parties to receive certain information, such as cookies, IP address, and/or browsing behavior. In the past twelve months, we have shared the following categories of information with advertising networks, data analytics providers, social media networks, and web mapping platforms, which could be considered a “sale” under California law:
  • Personal identifiers, such as unique personal identifier, online identifier, internet protocol address, device information and identifiers, and unique advertising identifiers and cookies; Internet and other electronic network activity information, including browsing history, search history, and information about individual interactions with an Internet website, application, or advertisement.
If you are a California resident and would like to opt out of our use of your information for such purposes (to the extent this is considered a sale), you may modify your cookie settings. You may also turn on Global Privacy Control (“GPC”) in participating browser systems to opt out of the “sale” of your personal information in that browser. To learn more about the GPC, visit globalprivacycontrol.org. An authorized agent can submit a request to opt out on your behalf if you provide the authorized agent your signed written permission to do so and if the authorized agent utilizes your browser to modify your cookie or GPC settings. We have no actual knowledge of selling the personal information of minors under 16 years of age. California residents have the right to request that we disclose the categories and specific pieces of personal information we collected, used, and disclosed during the past twelve months, the categories of sources from which their personal information was collected, our business or commercial purposes for collecting their personal information, and the categories of third parties with whom we shared their personal information. California residents have the right to request deletion of the personal information we have collected from them. California residents have the right to not receive discriminatory treatment for exercising their CCPA privacy rights. We do not discriminate against California residents who exercise these rights. California residents or their authorized agent can submit a request by calling 1-888-458-8579 or by contacting us as set forth below in the “How to Contact Us” section. Requestors will need to provide us with personal information for us to match with the information we have on file in order to verify their identity and residency, including name, email address, state of residence, and request details. The personal information that we use to verify identity and residency will not be used for any other purpose.

Nevada Residents

Nevada consumers may opt-out of the “sale” of “covered information” as such terms are defined under Nevada law. We do not currently sell data triggering that statute’s opt-out requirements, but if you have questions about this you can email us at compliance@clincierge.com.

GDPR Privacy Notice

General

This General Data Protection Regulation (GDPR) privacy notice (this “GDPR Notice”) is included in and supplements our Privacy Policy and applies to the “personal data”, as defined in the GDPR, of natural persons located in the United Kingdom or European Economic Area processed by Clincierge (collectively, “European Individuals,” “you,” or “your”). Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them elsewhere in the Privacy Policy or, if not defined herein or elsewhere in the Privacy Policy, the GDPR. To the extent of any conflict between this GDPR Notice and any other provision of the Privacy Policy, this GDPR Notice shall control only with respect to European Individuals and their personal data.

Processor Disclosure

We typically serve as a data processor (a “processor”) when providing our administrative and logistics support in connection with Trials on behalf of our Clients, such as transportation and expense management services to Trial Participants, Trial Participant caregivers, or medical staff. When serving as a processor, we have certain obligations under the GDPR including only processing personal data at our Clients’ documented instructions, providing assistance with fulfilment of rights requests, and implementing appropriate security for personal data. Our Clients are responsible for obtaining any required consents or authorizations for a European Individual’s use of our Services; in many cases, Clincierge will provide a draft “consent form” to our Clients, as reviewed and approved by such Clients, and provide such consent form to Trial Participants who are European Individuals on such Clients’ behalf. We will forward any inquiries, complaints, or requests received from European Individuals with respect to our Services to the appropriate Clients and await instructions before taking any action.

Controller Disclosure and Details

We are a data controller of personal data for the purposes and under the legal bases described in the table below regarding the following categories of European Individuals:

  • Business contacts for European-based Clients, vendors and contractors (collectively, “Business Contacts”);
  • Trial Participants, when Clients ask us to determine the purpose and means of processing of their personal data;
  • Visitors to our website.

When acting as a data controller we decide why and how personal data relating to Business Contacts, Trial Participants, and website visitors is processed.  

Business Contacts. The personal data described below is provided to us either in the course of your performance of contractual duties for the organization for whom you work or on a voluntary basis in the course of your general business dealings with us (or your colleagues within your organization, such as those that provide your contact details as appropriate for the dealings in question or from third parties who may recommend you).  Depending on the applicable legal basis, if this data is not provided to us, then we may be unable to perform certain contractual obligations or communicate effectively.

Trial Participants. We process Trial Participants’ personal data in order to facilitate their housing, travel arrangements, and reimbursements as further described in the study-specific Data Protection Notice provided to each Trial Participant.

Website visitors. When visiting our website users are generally in control of the personal data shared with us. We may capture limited personal data automatically via the use of cookies on our website. Please see our Cookie Notice for more information.

Purposes of Collection and Use / Legal Bases for Processing

Purpose Legal Basis
Establishment and management of our relationship with Business Contacts and Trial Participants
We process your personal data based on our contractual relationship or our legitimate interest. When processing based on legitimate interest, we shall make a balance between our legitimate interest and your rights and interests. Depending on the applicable legal basis, if this data is not provided to us, then we may be unable to perform certain contractual obligations or enter in a contract with you.
Compliance with legal or regulatory obligations (e.g. maintaining records)
We process your personal data as it is necessary for compliance with a legal obligation to which we are subject.
Communicating with you when receiving an information request via the contact form on our website or other channels
We process your data based on your consent.
Communicating with you in order to keep you up-to-date on the latest developments, and other information about our services (including marketing emails and newsletters), events and initiatives
We process your personal data based on your consent or in certain cases on our legitimate interest (when we have a previous contractual or a business relationship with you and send you marketing communications about similar services). In cases where processing is based on our legitimate interest, we shall make a balance between our legitimate interest and your rights and interests.
Website UX design optimization
We collect information about the website usage based on your consent.
Serving ads
We process your personal data gained via cookies based on your consent.

The contact for our data protection officer and our representative in the European Union is:

CRANIUM International Holding NV
Excelsiorlaan 43, 1930 Zaventem,Belgium
Phone: +32 2 310 39 63
Email: be-info@cranium.eu
Website: https://www.cranium.eu/

Recipients

Clincierge personnel shall receive and process your personal data for the purposes described herein. Such personal data may be disclosed to the following recipients in connection with these purposes:

  • third parties that perform services for us (e.g. companies that assist us in marketing activities or IT operations);
  • internal and external auditors and our legal and other professional services providers;
  • cloud hosting providers;
  • public authorities or third parties pursuant to an order from public authorities;
  • analytics companies may access anonymous data (such as your IP address or device ID) to help us understand how our services are used;
  • potential acquirers of the company: in case (a part of) our business is sold to a third party, your data may be shared with the acquirer.

Retention

The length of time for which we retain your personal data is determined by several factors including the purposes for which we use that information and our obligations under applicable laws.

We may need your personal data to establish, bring, or defend legal claims. In general, given this purpose, we typically retain your personal information for seven (7) years from the end of the year in which we receive it. The exceptions to this are where:

  • the law (including a court, regulator, or other authority) requires us to hold your personal information for a longer period or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
  • we bring or defend such legal claim or other proceedings during the period we retain your personal data, in which case we will retain your personal data until those proceedings have concluded and no further appeals are possible; or
  • the personal data is no longer reasonably necessary, in our discretion, for the purposes discussed herein (in which case we may delete such information).

Your GDPR Rights

As a European Individual you have a right to, where applicable and in accordance with the GDPR,: (i) request access to, rectification and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data, (iv) data portability (v) withdraw your consent without affecting the lawfulness of the processing abased on consent before its withdrawal. You may exercise these rights by contacting: compliance@clincierge.com with the subject line “GDPR Notice.” We will reply to your request to exercise your right in accordance with the GDPR.

You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under Clincierge’s Standard Contractual Clauses.

Contact details for the EU data protection authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en and for the UK data protection authority can be found at https://ico.org.uk/global/contact-us/.

Objecting to Legitimate Interest/Direct Marketing

You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims.

We will only provide you with marketing-related information when we have a previous contractual relationship or a business relationship with you and provided you do not opt-out to receive those communications. You may object at any time to the processing of your personal data for direct marketing purposes (including profiling related to such direct marketing) by clicking “Unsubscribe” within an automated marketing email or by submitting your request to privacy@clincierge.com with the subject line “GDPR Notice” (the latter for instances where, for example, you would not like to receive follow-ups from our sales team). We do not engage in direct marketing to Trial Participants.

If you have provided your consent to the collection, processing, and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.

To opt-out of receiving our marketing communications please click “Unsubscribe” within an automated marketing email or by submitting your request to compliance@clincierge.com with the subject line “GDPR Notice”.

Transfer of Personal Data Outside the UK or EEA

Clincierge may transfer personal data to recipients outside of the EEA and the UK, in particular to the US. In addition, Clincierge may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

For international data transfers, we rely on appropriate Standard Contractual Clauses to ensure adequate protection for your personal data or a derogation under Article 49 of the GDPR (such as when you give us your explicit consent). For more information or a copy of these safeguards please contact us at compliance@clincierge.com.

Updates to this GDPR Notice

If in the future, we make any material changes to this GDPR Notice relating to our controller obligations, we will provide you with the relevant information at a reasonable time prior to those changes taking effect and the “Effective Date” at the top of this page will be updated accordingly

How to Contact Us 

Clincierge is located at 190 N. Independence Mall West, Suite 201 Philadelphia, PA 19106. Please use this address or email compliance@clincierge.com regarding any questions, complaints, or requests regarding our privacy practices or this policy.