Effective date: March 2, 2021
|OUR CONTACT INFORMATION|
|Caerus Marketing Group LLC, d/b/a StudyKIK
Address: 17875 Von Karman Ave #200, Irvine, CA 92614, USA
Phone number: +1 (877) 627-2509
Email address: email@example.comContact details of our Data Protection Officer:
+1 (888) 376-1079
firstname.lastname@example.orgIdentity and contact details of our Representative in the EU:
|VeraSafe Czech Republic s.r.o.
Prague 1, 11002
|VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
|Do we collect Personal Data?||YES. Categories include biographical information, contact information, and payment information, among others. Click here to know which categories of Personal Data we collect and how we obtain them.|
|Do we process special categories of data, such as health data?||YES. StudyKIK processes Health Data.|
|Do we sell Personal Data?||NO. StudyKIK does not sell Personal Data.|
|Can you request to receive a copy of the Personal Data we have collected about you?||YES. Click here to learn how.|
|Can you withdraw your consent to our processing of your Personal Data?||YES. Click here to learn how.|
|Can you request to have your data deleted?||YES. Click here to learn how.|
|Can you request not to have your data sold?||NO. StudyKIK does not sell your Personal Data.|
|Do we discriminate you for exercising your privacy rights?||NO. Click here to learn more about your right not to be discriminated.|
|Do we protect your Personal Data?||YES. Click here to learn more about how we protect your Personal Data.|
Caerus Marketing Group LLC, d/b/a StudyKIK, a California limited liability company (as well as our affiliate entity, StudyKIK, LLC), with offices located at 17875 Von Karman Ave, Suite #200, Irvine, CA 92614 (“StudyKIK,” “we,” “us,” “our”), takes the protection of Personal Data very seriously.
Please read this Policy to learn what we’re doing with your Personal Data, how we protect it, and the privacy rights you may have under the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”).
This Policy addresses data subjects whose Personal Data we may receive (1) through our social media pages and communities and our website located at www.studykik.com, (2) through any social media the StudyKIK mobile applications, (3) over the phone (if we call them at their request), or (4) from clinical study sites (“Sites”), pharmaceutical companies (“Sponsors”), and clinical research organizations (“CROs”, and collectively, with Sites and Sponsors, our “Clients”) in connection with clinical trials in which our Clients are involved.
In the context of this Policy, StudyKIK acts either as a data controller or data processor for the Personal Data we process, depending on our relationship with you and with our Clients. For example, when we process your Personal Data when you contact us through our website or if we call you at your request, we act as a data controller. On the other hand, we generally act as a data processor in connection with the services we provide to our Clients.
The table below describes the categories of Personal Data we have collected about you in the last twelve months and how we obtained that Personal Data.
The CCPA requires us to categorize the Personal Data we collect into a few groups, which are contained below. Many of the categories are not collected in every instance, and some would only be collected at the direction of our Clients in order to determine whether you qualify for a specific study or not.
|Categories of Personal Data We Collect, Process, or Store||How We Obtain It|
A real name, alias, zip code, Internet Protocol address, email address, account name, or other similar identifiers.
|*You may provide this directly to StudyKIK when you complete an online form, speak with us over the phone, or visit our website.
We may also receive this from our Clients or vendors if they ask us to screen potential participants for clinical trials.
If we receive your Personal Data from a third party, we will notify you, where required by applicable laws, without undue delay.
Special categories of Personal Data:
Physical characteristics or description, zip code, telephone number, as well as general medical information, such as information about medical symptoms or prescribed medications. (Some Personal Data included in this category may overlap with other categories)
Age, race, ancestry, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), or sexual orientation.
Internet or Other Similar Network Activity:
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
*After you enter your name and contact information into the form on our website, a StudyKIK representative will call you at the phone number you provided. During this initial phone call, the StudyKIK representative will ask you a series of questions in order to determine your eligibility to participate in a variety of applicable clinical trials. Our representative will obtain your explicit consent before asking you any questions about your health.
Where we act as a data controller within the scope of this Policy, we may rely on one or more of the following legal grounds for processing your Personal Data:
When we rely on the legitimate interests of our Clients as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided here.
Where we rely on your consent as a legal ground for processing your Personal Data, you may withdraw your consent at any time. However, if you withdraw your consent, it will not affect the lawfulness of the processing that occurred based on your consent prior to your withdrawal. It will also not affect the lawfulness of our processing of Personal Data performed on other lawful grounds.
Where we receive your Personal Data directly from you for the purpose of providing you with our services, we require your Personal Data in order to perform our contractual obligations owed to you. Without the necessary Personal Data, we will not be able to provide our services to you.
Where we act as a data processor within the scope of this Policy, we will process your Personal Data based on the documented instructions of the relevant data controllers (i.e. our Clients).
The table below explains why we process your Personal Data:
|Category of Personal Data||The Businesses and Commercial Purposes for which we Process Personal|
|Special Categories of Personal Data||
|Internet or Other Similar Network Activity||
Where we act as a data controller and when the purposes of processing are satisfied, we will retain your Personal Data for up to four years, unless you request that we delete your Personal Data sooner.
Where we act as a data processor, we will delete your Personal Data within six months of receiving an instruction to do so from the relevant data controller.
Please refer to the table below to see the categories of Personal Data that we have disclosed, in the last twelve months, to third parties for our own operational business purposes and the categories of recipients of that Personal Data.
|Category of Personal Data||Categories of Third Parties to Which We Disclosed Personal Data for Business Purposes|
|Special Categories of Personal Data||
|Internet or Other Similar Network Activity||
Some of the abovementioned third parties may be located outside of the United States. However, when your Personal Data is protected by the GDPR, before transferring your Personal Data to these third parties, we will require that these third parties maintain at least the same level of privacy and security that we maintain for such Personal Data. StudyKIK remains liable for the protection of Personal Data that we transfer to our service providers within the scope of our Privacy Shield certification, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Our Clients and service providers who receive your Personal Data may be located in countries outside of the European Union or the European Economic Area. In some cases, the European Commission may not have determined that the legal environment in those countries provides a level of data protection that is essentially equivalent to the level of protection provided under European Union law. When transferring Data that is protected by the GDPR, transfers of your Personal Data to such parties will typically be subject to appropriate safeguards, such as the standard contractual clauses for the transfer of Personal Data to third countries, as approved by, and available directly from, the European Commission.
We may disclose your Personal Data:
We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data, about individuals within the scope of this Policy as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.
StudyKIK has implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.
You have specific rights regarding your Personal Data collected and processed by us. Please note that you can only exercise these rights with respect to Personal Data that we process about you when we act as a data controller or as a “business” under the CCPA. This is when StudyKIK decides why and how your Personal Data will be processed, rather than our Clients making those decisions.
We may need to confirm your identity in order to process your request. A request can also be made on behalf of your child or ward (who is under the age of 18 years).
In this section, we first describe your privacy rights and then we explain how you can exercise those rights.
This is called the “right to be informed”. It means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things.
This is called the “right of access”. This right allows you to ask for full details of the Personal Data we hold on you.
You have the right to obtain from us confirmation as to whether or not we process Personal Data concerning you, and, where that is the case, a copy of or access to your Personal Data and certain related information.
Please know that the CCPA does not allow us to disclose social security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers.
This is called the “right to rectification”. It gives you the right to ask us to correct, without undue delay, anything that you think is wrong with the Personal Data we have on file about you, and to complete any incomplete Personal Data.
If your account settings do not allow you change it, please contact us and we will do our best to change the Personal Data for you.
This is called the “right to erasure”, “right to deletion” or the “right to be forgotten”. This right means you can ask for your Personal Data to be deleted.
We will always strive to fulfill your request. However, please note that there are occasions when doing so may not be possible, like when the law tells us we cannot do that. If that’s the case, we will consider if we can limit how we use your Personal Data.
Occasions Where We Cannot Fulfill A Deletion Request Under the GDPR or the CCPA
The GDPR and the CCPA allow for requests to erase your Personal Data to be denied if we or our service providers need to retain the Personal Data to:
This is called the “right to restrict processing”. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain occasions, such as where you believe the data is inaccurate or the processing activity is unlawful. This right enables you to ask us to suspend the usage of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
This is called the “right to object”. This is your right to tell us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party, such as our Clients). Also, you have the right to object at any time to the processing of your Personal Data for direct marketing purposes.
We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.
If we have received your Personal Data in reliance on the Privacy Shield, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized.
This is known as the “right to data portability” and enables you to ask for and download Personal Data about you that you have given us or that you have generated by virtue of the use of our services, so that you can:
We will provide your Personal Data in a structured, commonly used and machine-readable format. When you request electronically to know what data we have about you, we will provide you a copy in electronic format.
We sometimes use computers to study your Personal Data. We might use this Personal Data, so we know how you use our services. For decisions that may seriously impact you, you have the “right not to be subject to automatic decision-making, including profiling”. But in those cases, we will always explain to you when we might do this, why it is happening, and the effect.
To turn off personalized advertising, please change your cookie settings by clicking here.
Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful.
If you have given consent for your details to be shared with a third party, and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.
We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:
If the GDPR applies to the processing of your Personal Data with us, the GDPR may grant you the right to lodge a complaint with a supervisory authority if you’re not satisfied with how we process your Personal Data.
In particular, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work or of an alleged violation of the GDPR.
To exercise any of the rights described above, please submit a request by either:
You may appoint an authorized agent to exercise your rights on your behalf. You should appoint such agent via written permission or a power of attorney pursuant to Probate Code sections 4000 to 4465 (if you are reside in the State of California) or the applicable rules for authorizing somebody else to exercise your rights in your country of residence.
To verify that your authorized agent acts on your behalf, we will ask for this written permission from your agent or for the power of attorney. In case you provided your authorized agent with a written permission, we will require that you also verify your identity.
Bear in mind that to evaluate your privacy rights requests, we need to be sure it was you who made the request. We will verify your identity via the following methods:
To carry out the verification, we may ask you for information you provided to us previously, such as your contact number, email address, date of birth, your zip code, or the date that you last received a call/communication from us.
Please note that you may only make a consumer request to know or a data portability request twice within a 12-month period.
We will confirm the receipt of your request within ten (10) days and, in that communication, we will also describe our identity verification process and when you should expect a response, except when we have already granted or denied the request.
Please allow us up to 30 days to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will send our written response by mail or electronically, at your option.
Consider that we will only cover the twelve-month period preceding the moment we receive the request in any disclosures we provide you with.
If we cannot satisfy your request, we will also explain why in our response. For data portability requests, we will choose a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without difficulty.
In most cases, we will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination, and we will provide you with a cost estimate before completing your request.
We do not knowingly collect Personal Data from anyone under 18, unless a Client instructs us to do so. No part of our online presence is directed to or intended for use by anyone under the age of 18. If a clinical trial is specifically designed for children under the age of 18, we will first obtain verifiable parental consent for the processing of the child’s Personal Data before undertaking any processing. In the event that we learn that we process Personal Data from a child under age 18, without the necessary verifiable parental consent, we will delete the information that we have stored as quickly as possible. If you believe that we might have any information from or about a child under 18, please contact us using the information provided in the Contact Us section of this Policy.
If we make any material change to this Policy, we will post the revised Policy to this web page and update the “Effective” date above to reflect the date on which the new Policy became effective.
StudyKIK complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”), as adopted and set forth by the U.S. Department of Commerce, regarding the processing of Personal Data transferred from the European Union, the European Economic Area, the United Kingdom, and Switzerland to the United States or otherwise receives in reliance on Privacy Shield. StudyKIK commits to adhere to and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to all Personal Data that StudyKIK receives in reliance on the Privacy Shield. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
StudyKIK is a member of the VeraSafe Privacy Program, meaning that with respect to Personal Data processed in the scope of this Policy, VeraSafe has assessed StudyKIK’s data governance and data security programs for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to Policy, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Where a privacy complaint or dispute cannot be resolved through StudyKIK’s internal processes, StudyKIK has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here:
If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
StudyKIK is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.
You may exercise your privacy rights by submitting a request using the online form located at https://www.studykik.com/privacy-request/. If you have any questions about this Policy or our processing of your Personal Data, please write to us at email@example.com or by postal mail at:
17875 Von Karman Ave, Suite #200
Irvine, CA 92614
Please allow up to 30 days for us to reply.
VeraSafe has been appointed as StudyKIK’s representative in the European Union for Personal Data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. On matters related to the processing of Personal Data, VeraSafe can be contacted in addition to StudyKIK. To make such an inquiry, please contact VeraSafe using this contact form:
Alternatively, VeraSafe can be contacted at:
VeraSafe Czech Republic s.r.o.
Prague 1, 11002
VeraSafe Ireland Ltd
Unit 3D North Point House
North Point Business Park
New Mallow Road
VeraSafe has been appointed as StudyKIK’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to StudyKIK, only on matters related to the processing of your personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at +44 (20) 4532 2003.
Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
We have appointed Jim Cormier of VeraSafe as our data protection officer. He may be contacted as follows:
+1 (888) 376-1079
22 Essex Way #8203
Essex, VT 05451, USA