Privacy Policy: UK/EEA/Austraila

Introduction

Lindus Health and its affiliates, subsidiaries and related entities (collectively referred to herein as “Lindus Health”, “we”, “our” or “us”), respects the privacy of our customers, partners and other website visitors (”you” or “your”). This Privacy Policy (“Policy”) describes how we collect, process, share, and safeguard personal data that is collected via our website (www.lindushealth.com) (“Website”) and when you engage with our services generally (collectively “Services”). It also tells you about your rights and choices with respect to your personal data, and how you can contact us if you have any questions or concerns.

Lindus Health Limited will be the controller of your personal data in accordance with data protection laws of the European Economic Area and the United Kingdom. If you have any questions or comments about this Policy, please submit a request to data@lindushealth.com. 

This Policy does not apply to personal data we process as a processor or service provider on behalf of our customers (for example, sponsors of clinical trials) when providing services to them. For example, if we process your personal data as part of the service we provide to our customers, such customer will act as the controller and its privacy policy will govern the processing of your personal data.

Personal data we collect

We collect personal data from you in the following ways: 

• Contact information and communications: when you engage with our services as a customer (such as a sponsor) representative or as a supplier representative, or if you have any enquiries, you may choose to provide us your full name, email address, phone number(s), and address(es), country, details about the clinical study you are engaged with when you communicate with us. When you contact us, you also provide us with the content of your communications. 
• Trial Volunteers: we may collect personal data about trial volunteers from the clinical studies we assist as a clinical research organisation (“CRO”), such as: full name, email address, phone number, age, gender. We may also collect sensitive data such as health and ethnicity data. Note, where we collect sensitive data relating to the trial volunteer’s identity, state of health and lifestyle, the data we collect will vary depending on the nature and requirements of the specific trial they have signed up to, so it is not possible to provide an exhaustive list of personal data collected in this Policy. Trial volunteers should refer to the patient information form provided for their specific trial for full details on the health data collected by the Sponsor. Some common examples of the sensitive data we might collect from trial volunteers are: ethnicity, underlying health conditions, allergies, previous medical treatment and procedures, medication taken, mental health, pregnancy, diet, smoking and alcohol consumption, and drug use. We may also collect data relating to religion, philosophical beliefs, political opinion, trade union membership, sexual orientation, biometric data and genetic samples. Please note that as a CRO we mainly act as a processor for this personal data and therefore this Policy will not apply (we refer you to privacy notice referenced in the patient information sheet) but to extent we process this personal data for our own purposes (such as product improvement purposes) this Policy will apply. 
• Medical staff: we will collect and process personal data about medical staff from the clinical trials we are engaged to facilitate the conduct of the clinical trial and to keep in contact with them, such as, full name, contact information (including email, phone number and address).
• Marketing information: we collect information about your marketing preferences, such as your preferences for receiving communications from Lindus Health via email.
• Careers: we may collect personal data from you when you apply for a vacancy with us, such as your name, contact information (including email, phone number and address), education, employment history and other details contained in your curriculum vitae.
  
  ‍

Automatic Data Collection

We and our service providers may automatically log information about you, your computer, or mobile device, and our communications with you, including through the use of cookies and other similar technologies. This information includes:

• Device Information: the manufacturer and model, operating system, IP address, and unique identifiers of the device, as well as the browser you use to access the Services. The information we collect may vary based on your device type and settings. We may also derive a rough estimate of your location from your IP address when you visit the Website.
• Usage Information: information about how you engage with our Website such as the types of content that you view or actions you take on our Website, and the time, frequency, and duration of your activities.

For more information on our use of cookies, please see our Cookie Policy.      

‍

Personal data we obtain from third parties

• Social media platforms. We maintain pages on social media platforms, such as      Facebook, Instagram, LinkedIn, and X (Twitter). You or the platform providers may provide us with information through the social media platform. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal data.

‍

How we use your personal data

We will use your personal data for one or more of the purposes set out below. 

• To operate and deliver our Services. We will use your personal data to perform our contractual obligations, when it is in our legitimate business interests or based on your consent, including to:
  • Provide, operate, maintain, and secure our Services;
  • Provide support assistance and troubleshooting;
  • Facilitating the conduct of clinical trials; 
  • To send you updates about administrative matters such as changes to our terms or policies; and
  • Provide user support, and respond to your requests, questions and feedback.
• To improve, monitor, personalise, and protect our Services. It is in our legitimate business interests to improve and keep our Services safe, which includes:
  • Enriching your user experience and customise your relationship with us; 
  • Creating and maintaining a database of medical staff regarding future clinical trials; 
  • Protecting the security of our Services;
  • Preventing and detecting security threats, fraud or other criminal or malicious activities; and
  • Administering content, surveys, voting polls and other Website features.
    
• Research and development. We will use personal data to develop, analyse and improve the Services and our business when it is in our legitimate interests, or where we have your consent (for example to process sensitive data such as health data). As part of these activities, we may process personal data and/or use aggregated, de-identified or other anonymised data from personal data we collect. We anonymise data by removing information that makes the data personally identifiable. We may use this anonymised data and share it with third parties for our lawful business purposes, including to analyse and improve the Services and promote our business.
• To comply with legal obligations and to defend Lindus Health against legal claims or disputes. We may use your personal data to comply with our legal obligations or when it is in our legitimate business interests, which includes to:
  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • For regulatory compliance and investigations and health and safety;
  • Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • Audit our compliance with legal and contractual requirements and internal policies; 
  • Enforce the terms and conditions that govern the Services; and
  • Protect the security of and manage access to our premises and prevent, identify, investigate and deter fraudulent, harmful, unauthorised, unethical or illegal activity, including cyberattacks and identity theft.
• For marketing and advertising. We, our service providers and our advertising partners may use your personal data for the following marketing and advertising purposes: 
  • Direct marketing, including to send subscribers direct marketing communications as permitted by law, such as sending you updates about our activities (such as providing information about forthcoming trials we believe may be of interest to you) via email and other channels. You may opt out of our marketing communications as described in the “Your rights” section below.
  • Interest-based advertising. We may engage third-party advertising companies, such as Google and Meta, to display our ads on their online services. We may also share information about our users with these companies to facilitate advertising for our services to them or similar users on other online platforms. For more information, or to understand your choices, please visit our Cookie Policy.

Except where consent is required, we undertake such marketing and advertising on the basis of our legitimate business interests. Where we seek your consent, you may withdraw your consent at any time

• To facilitate corporate acquisitions, mergers or transactions. We may use your personal data, when it is in our legitimate business interests, when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
• For recruitment when you apply for a job with us. We may use information collected throughout the recruitment process to review our equal opportunities profile in accordance with applicable legislation. We use this information to take steps to enter into a contract with you, to meet a legal obligation or for our legitimate interests in recruitment.

How we share your personal data

We may share your personal data with the following third parties: 

• Service providers: to assist us in meeting business operational needs and to perform certain services and functions, we may share personal data with our vendors and service providers, including providers of hosting services, cloud services, other information technology services providers, event management services, payment services, marketing services and customer support services. Pursuant to our instructions, these parties will access, process, or store personal data in the course of performing their duties for us.
• Advertising partners: third party advertising companies for the interest-based advertising purposes described above. The disclosure of this information may constitute a data “sale” under certain privacy laws.
• Professional advisors: we may share personal data with our professional advisors such as lawyers and accountants where doing so is necessary to facilitate the services they render to us. 
• Legal requirements: we do not volunteer your personal data to government authorities or regulators, but we may disclose your personal data where required to do so to comply with laws and regulations applicable to us as described above.
• Business transaction: if Lindus Health is involved in a merger, acquisition or asset sale, financing due diligence, reorganisation, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal data may be sold, transferred, or otherwise shared including as part of any due diligence process. 
• Affiliates: we may share your personal data with our affiliated companies.

How we keep your personal data secure

We use reasonable organisational, technical and administrative measures designed to protect against unauthorised access, misuse, loss, disclosure, alteration, and destruction of personal data we process. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal data, we cannot guarantee its security.

‍

Where we store your personal data

Some of the third parties we contract with to provide our services are based outside the United Kingdom, European Economic Area and Switzerland. Please note these third countries (such as the United States) may not provide the same protections as the data protection laws where you are based. We will ensure that relevant safeguards are in place to afford adequate protection for your personal data (for example, if you reside in the European Economic Area or the UK, we may rely on an EU Commission or UK government adequacy decision or contractual protections for the transfer of your personal data). For more information about how we transfer personal data internationally, please contact us as set out in the “Contact us” section below.

‍

How long we keep your personal data

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention procedures, and in accordance with applicable laws.

To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

‍

Your rights

Depending on where you are based, and as provided under applicable law and subject to any limitations in such law, you may have the right to:

• access your personal data
• correct incomplete or inaccurate data we hold about you
• ask us to erase the personal data we hold about you
• ask us to restrict our handling of your personal data
• receive any personal data we hold about you in a structured and commonly used machine readable format or have such personal data transmitted to another company
• object to how we are using your personal data
• withdraw your consent to us handling your personal data 

Requests can be made to: data@lindushealth.com. You may update or correct information about yourself by emailing us at data@lindushealth.com. 

Please note that, prior to any response to the exercise of such rights, we may require you to verify your identity. 

Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights.

Opt out of direct marketing. You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions contained in the marketing communications we send you. Note that you will continue to receive non-marketing emails (e.g., communications regarding updates to this Policy). 

For more information on your rights, please contact us using the details in the “Contact us” section below.

How we protect your personal data

Lindus Health maintains administrative, technical and physical safeguards designed to protect your personal data against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. We implement appropriate technical and organisational measures to ensure an adequate level of security, while taking into account the technological reality, cost, scope, context and purposes of processing weighted against the severity and likelihood that processing could threaten individual rights and freedoms.

While we take steps designed to protect your personal data, please be advised that no security system or means of transmitting data over the Internet can be guaranteed to be entirely secure, including concerns with respect to computer viruses, malicious software, and hacker attacks. We cannot and do not guarantee or warrant the security of your personal data or any information you disclose or transmit to us. 

‍

Links to other websites

Our Website may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every website you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.

‍

Changes and updates to this policy

We will update this Policy from time to time. Please review this Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page.

‍

If we make material changes, we will let you know.

‍

Children

We do not intend for children to use our Website. We do not intentionally gather personal data about visitors who are under the age of 18 or who are considered a minor in the jurisdiction in which you are accessing our Website or Services. If a child has provided us with personal data, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe we may have any information from a child under age 18 or an individual considered a minor in the applicable jurisdiction, please contact us at data@lindushealth.com. If we learn that we have inadvertently collected the personal data of a child under 18 or the equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.

‍

Complaints

If you wish to lodge a complaint about how we process your personal data, please contact us at: data@lindushealth.com. We will endeavor to respond to your complaint as soon as possible. Depending on where you reside, such as if you reside in the European Economic Area or United Kingdom, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred. Click here to find your local supervisory authority. If you are based in the United Kingdom, your regulator will be the Information Commissioner’s Office.

‍

Contact us

If you have any specific questions about this Policy, you can contact us via email, by writing to us at the address below or by filling in the webform.

Send an email to data@lindushealth.com.

Send mail to our address:

‍

Lindus Health 

2^nd Floor, 90 Union Street

London, 

SE1 0NW

United Kingdom

We have also appointed a Data protection Officer (“DPO”) Evalian Limited, who can be contacted using the above email or postal address. Please send your communication clearly indicating ‘FAO the ‘Data Protection Officer’, and your message will be passed directly to Evalian Limited for attention.

‍

EU Representative 

Lindus Health is based outside the EU and under the EU GDPR, we are required to appoint an EU representative. The purpose of an EU representative is to make it easy for people in the EU to contact us should they wish to exercise their rights or make a complaint or enquiry in relation to how we are processing their Personal Data. It is also a contact point for the supervisory authorities located in the EU.

More information about our EU representative can be found here along with the details for making contact.

‍

Australia Privacy Notice Addendum

If you are based in Australia, when Lindus Health process personal information about you, we may be subject to additional legislation including the Privacy Act 1988 (the Privacy Act). Lindus Health has adopted the Australian Privacy Principles (APPs) contained within the Privacy Act, and you will find below the additional provisions applicable to you as a resident or data subject in Australia.

‍

A. Personal information

• The personal information (personal data) that Lindus Health processes as part of its business activities is listed within section 2 of the main privacy notice.
  

• Lindus Health may also process information about you which is defined as ‘sensitive’ under the Privacy Act. This sensitive information may need to be collected and/or used to provide you with a specific product or service for example.  Under the Privacy Act, sensitive information includes information about an individual’s racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, trade union membership or associations, sexual orientation or practices, criminal record, health or genetic information, and some aspects of biometric information.
  

• Generally, sensitive information has a higher level of privacy protection than other personal information.
  

• Lindus Health will only process your sensitive information where you have provided it to us directly, you have authorised us to obtain it from a third party, or where the processing is required or authorised by or under an Australian law or a Court/Tribunal order, or otherwise where the processing is not prohibited under the Privacy Act. Lindus Health will only ever use sensitive information in accordance with the Privacy Act and for the original purpose for which it is provided.

B. Disclosure of personal information overseas

• Lindus Health may disclose your personal information to third-party service providers and/or business partners located outside Australia for the purposes indicated in this privacy notice. Some of these third-party service providers may include cloud-based storage providers who may store and process personal information in the cloud within or outside Australia. 
  

• Where Lindus Health makes such disclosures, we have taken reasonable steps to ensure any overseas recipients do not breach the Australian Privacy Principles in relation to any personal information. Lindus Health have carried out a thorough due diligence process and have imposed relevant contractual obligations on any offshore recipients to ensure compliance with the Australian Privacy Principles.

‍

C. Your rights

Under certain circumstances, and as provided under applicable law and subject to any limitations in such law, you may have the right to:

• Request access to your personal information. You can reach out to us by email and request access to your personal information.
  

• Request correction of your personal information. You may request amendments or corrections, if your personal information is inaccurate, irrelevant or outdated, or incomplete.
  

• Data portability. This enables you to ask us, in certain circumstances, to provide you with the personal information you have provided to us in a structured, commonly used and machine-readable format or to transmit the personal information that you have provided to us to another party. We will give access to the personal information in the manner requested by you if it is reasonable and practical to do so.
  

• Object/Opt-out. You can request not to receive direct marketing and to not have your personal information disclosed or used for direct marketing.
  

If you exercise one of the above rights, we may need to request some additional information from you to help us confirm your identity and/or that you are entitled to make such a request. This confirmation is required to avoid personal information about one individual being sent to another, either accidentally or because of deception.
‍
Once we are satisfied with the above, in most cases, we will process any rights requests received straight away. However, in certain circumstances there may be a legal requirement or administrative reason to deny your request. In these circumstances, we will ensure that we advise you fully and explain our reason(s) for the refusal.

‍

D. Enquiries and complaints

If you want to exercise one of the above rights in connection to your personal information or if you have any queries or complaints about our privacy notice or how we handle your personal information, please contact us by writing to us at data@lindushealth.com.

You also have the right to lodge a complaint with the OAIC who can be contacted here.

‍