Privacy Policy

EFFECTIVE JAN 2021

1.     Introduction

This policy applies to all information relating to any identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).

Peptilogics Inc. and its contract research organization (“CRO”) Medpace, Inc. (“Medpace”) respect the privacy of individuals of all nationalities in the processing of their Personal Data, recognizing the fundamental rights to lawfulness, fairness, and transparency. We adhere to the principles of data privacy by design and by default, including data minimization to the extent possible. We adhere to laws relating to data protection in all jurisdictions in which we conduct business, including but not limited to the Health Insurance Portability and Accountability Act (“HIPAA”), the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Protection Act (“CCPA”), and the United Kingdom Data Protection Act of 2018 and United Kingdom GDPR.

PERSONAL DATA OF CHILDREN UNDER THE AGE OF 18

This website is not intended for, or designed to attract, children under the age of 18. No Personal Data should be submitted to us through the website by visitors who are less than 18 years old.

CALIFORNIA RESIDENTS:

We adhere to the applicable provisions of the CCPA. If you are a resident of California, you may contact us pursuant to the "How to Contact Sponsor and Medpace" section below to enquire about the collection of your Personal Data, including any request to delete your Personal Data. We may collect, use, and disclose your Personal Data as required or permitted by applicable law, and this may override your CCPA rights. We are not obligated to comply with requests to the extent that doing so would infringe on our, or any other person’s, rights or conflict with other applicable law.

If you are a California resident, you have the right to send us a request, no more than twice in a twelve-month period, for any of the following. Our response will be limited to the twelve-month period prior to the request date:

  1. The categories of personal we have collected about you.
  2. The categories of sources from which we collected your personal data.
  3. The business or commercial purposes for our collecting or selling your personal data.
  4. The categories of third parties with whom we have shared your personal data.
  5. A list of the categories of personal data disclosed for a business purpose, in the prior twelve months, along with the categories of recipient for each category of personal data, or that no disclosure occurred.
  6. A list of the categories of personal data sold about you in the prior twelve months, along with the categories of recipient for each category of PI, or that no sale occurred.

We may disclose your personal data for the following purposes, which are not a sale: (i) if you direct us to share it; (ii) to comply with your requests under the CCPA; (iii) as part of a merger or asset sale; and (iv) as otherwise required or permitted by applicable law.

We do not sell, or offer for sale, any personal data as that term is defined in the CCPA.

2.     The Personal Data that we collect

2. 1     Website Visitors

2.1.1     If you use our website, we may collect information about you, such as your IP address and location. We also may collect Personal Data if you submit an inquiry on our website.

2.1.2     The purpose of collecting this Personal Data is for anonymous statistical analysis

2.1.3     If you choose to contact us and provide us with your Personal Data, we will collect and use your Personal Data to respond to you, to provide you with information that you have requested (which may relate to our products or services), or to communicate with you for other purposes which are requested by you in your inquiry. Such other purposes may include, from time to time, monitoring our regulatory compliance, and compiling profiles and personal information about you in order to identify suitable education/awareness programs or suitable opportunities to collaborate with you.

2.1.4     We will disclose your Personal Data within our company, and to our corporate affiliates who agree to treat it in accordance with this Privacy Policy. Personal Data also may be transferred to third parties who act for and on our behalf, for further processing in accordance with the purpose(s) for which the data were originally collected. These third parties have contracted with us to only use Personal Data for the agreed upon purposes and not to sell or disclose your Personal Data to third parties except as required by law, or as stated in this Privacy Policy.

2.2     Personal Data of Clinical Trial Subjects

2.2.1     If you are a participant in a clinical trial that is sponsored by Peptilogics and managed by Medpace, we will collect Personal Data from you. This data may include coded (“pseudonymized”) medical and health information which is collected by investigators and their staff at the study sites.

2.2.2     We may transmit this data from the jurisdiction in which it was collected and/or Medpace headquarters in the United States. When consent is required for the processing of Personal Data, the physician investigators overseeing the trial are responsible for ensuring that you understand and consent to the gathering of your Personal Data, including the transfer of such pseudonymized information to third parties who may be providing services for the clinical trial.

2.2.3     The purposes of collecting the Personal Data of clinical trial participants is to promote the global development of safe and effective medical therapeutics. We are committed to conducting clinical trials in a manner that strictly adheres to all national and international ethical requirements and clinical trial regulations. Effective adherence to clinical trial regulations requires the gathering, recording, processing, storing, and transmitting of personal data of clinical trial participants, clinical trial investigators, vendors, support staff, and employees.

2.3     Use of Cookies

Cookies are small text files that are stored on browsers or devices by websites, apps, online media, and advertisements. We use cookies and similar technologies for purposes such as:

Your web browser may be programmed to notify you when you are receiving a cookie, giving you the choice to accept it or not. You can also refuse all cookies by turning them off in your browser.

3.     How we use your Personal Data

3.1     Website visitors: We may use information gathered from our website for a variety of purposes related to anonymous statistical analysis. This may include:

3.1.1     To enhance the user experience of our website, including internal operations necessary to provide our services, such as troubleshooting software bugs and operational problems; conducting website traffic data analysis, testing, and research; and to monitor and analyze usage and activity trends.

3.1.2     To respond to inquiries regarding our business or service

3.1.3     We may use your Personal Data to investigate or address claims or disputes relating to our business, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries. Medpace may share your Personal Data if we believe it is required by applicable law, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing Personal Data with law enforcement officials, public health officials, other government authorities, or other third parties as necessary to enforce our Code of Conduct or other policies; to protect our rights or property; or the rights, safety, or property of others; or in the event of a claim or dispute relating to our business operations.

3.2     Clinical Trial Participants

3.2.1     Personal Data collected from you during a clinical trial is used to test the safety and efficacy of experimental drugs and medical devices. If you are a participant in a clinical trial sponsored by Peptilogics and managed by Medpace, please review the informed consent form that you received from your study doctor for more information about how your Personal Data will be used and protected.

3.2.2     We retain user Personal Data for as long as necessary for the anonymous statistical analysis described above. We will retain different categories of Personal Data for different periods of time depending on the category of user to whom the Personal Data relates, the type of Personal Data, and the purposes for which we collected the Personal Data.
3.2.3     We do not sell or share user Personal Data with third parties for their direct marketing.
3.2.4     We do not engage in automated decision-making using Personal Data.

4.     How we protect your Personal Data

4.1     We use physical, electronic and organizational procedures to safeguard and secure your Personal Data. This includes encryption, firewalls, access controls, and other procedures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

4.2     Personal Data is restricted to authorized individuals, who only can access it on a "need to know" basis.

4.3     We may store some business records or clinical trial documents in hard copy (paper or disk) format, as required by law or regulation, or pursuant to the fulfilment of a legitimate business purpose. In this case, documents are retained for the minimum time necessary, and then securely destroyed. Long-term storage of hard copy documents may be carried out by a qualified third-party vendor.

5.     Where we may transfer your Personal Data

5.1     Transfer to Third Parties

Your Personal Data may be shared with third parties to fulfill the purposes for which it was originally collected. Personal Data is transferred to third parties pursuant to contractual obligations consistent with Article 28(4) of GDPR when applicable, and with this Privacy Policy. Recipients of Personal Data may be regulatory authorities, ethical committees, and third parties associated with the study, the Institution where the study takes place, or the CRO and its Affiliated companies.

6.     Your rights to access and choice

6.1     We are committed to cooperating to the full extent of applicable law in the exercise of the rights of data subjects. If you would like to exercise your rights under applicable data privacy law, or to inquire about the processing of your Personal Data by Peptilogics or Medpace, contact us pursuant to the "How to Contact Sponsor and Medpace" section of this Privacy Policy.

6.2     If you are a clinical trial participant, you should first contact the study site at which you participated, or the Principal Investigator of the study, to enquire about your choices and the means available for limiting the use and disclosure of your Personal Data under applicable data privacy laws. The rights available to you as a clinical trial participant may be limited pursuant to an exception to the applicable data privacy law to preserve the integrity or scientific value of the clinical trial data that was collected.

7.     Your rights to enforcement and recourse

7.1     Residents of California may have a private right of action in the event of a data breach. Pursuant to California law, affected individuals must first notify us of the alleged violation and provide us 30 days to cure the violation.

8.     How to Contact Sponsor and Medpace

8.1     For more information about our commitment to protecting data privacy, or to exercise any rights you may have under applicable data privacy laws, please contact Peptilogics at 412-643-4924 or patients@peptilogics.com, and Medpace at privacy@medpace.com, by telephone at +1 (513) 579-9911 (Cincinnati local), +1 (800) 730-5779 (USA toll free) or by mail at 5375 Medpace Way, Cincinnati, Ohio 45227 United States of America, Attn: Data Protection Officer.

8.2     We may occasionally update this notice. If we make significant changes, we will notify users of the changes on our website, or through other means, such as email. We encourage users to periodically review this notice for the latest information on our privacy practices. After such notice, use of our services by users in countries outside the European Union will be understood as consent to the updates to the extent permitted by law.