PRIVACY NOTICE FOR STUDY PARTICIPATION INTEREST
Splicebio, S.L.
Splicebio is committed to respect and protect your privacy, and it provides you this privacy notice which outlines how we safeguard your personal data, how we will use your personal data, and informs you about your privacy rights. If you do not agree to the terms of this privacy notice, you should not access or apply for Splicebio’s studies and/or activities.
Applicable laws and jurisdictions. In the United States, the Federal Trade Commission oversees our compliance regarding personal data, but elsewhere in the world different laws may apply. Specifically, we will manage and protect personal data in line with the regulations of the European Economic Area (“EEA”), which follows the General Data Protection Regulation (“GDPR”). Within the EEA, the appropriate national supervisory authority will oversee our compliance in each EEA country.
1. PURPOSES FOR PROCESSING
We intend to use your personal data only for the following purposes:
• Eligibility Assessment. We intend to use your personal data to consider whether you are eligible or suitable for participating in a specific clinical trial, related clinical investigation, or clinical support program carried out by SpliceBio.
• Relationship Management. We will use your data to manage our relationship with you, which includes (i.e. notifying you about changes to our terms or privacy notice).
• Business Administration and Protection. We use your data to administer and protect our business and website. This includes troubleshooting, data analysis, testing, system maintenance, support, reporting, and data hosting.
• Data Analytics. We use data analytics to improve our website, products and services, marketing, customer relationships, and user experiences.
• Consent Audit Records. We maintain audit records of your consent.
• Legal Compliance. We use your personal data to comply with legal obligations, including proper government investigations, subpoenas, or other legal processes, and as necessary to prevent physical or financial harm or to prevent crime and fraud.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the rules specified in this privacy notice, where this is required or permitted by law.
2. DATA CONTROLLER
SpliceBio is the controller of your personal data, that is to say, the entity which determines the purposes for which and the means by which personal data is processed.
Entity details:
Full name of legal entity: SpliceBio, S.L. (“SpliceBio”)
CIF: B65915167
Email address: info@splice.bio
Telephone number: 0034 934020456
Address: Baldiri Reixac 10-12, Parc Cientific de Barcelona, Barcelona (Spain)
Web: SpliceBio – Developing Next Generation Gene Therapies
3. COMPLAINTS
If you have any concerns about our use of your personal data, you can contact us directly. Additionally, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where the alleged infringement took place. In the UK, this is the Information Commissioner’s Office (ICO). In the US, you may contact the Federal Trade Commission (FTC).
4. CHANGES TO THE PRIVACY NOTICE
We may update this privacy notice from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes and update the effective date at the top of this notice.
5. CATEGORIES OF DATA
Personal data, or personal information, means any information related to an identified or identifiable natural person. It does not, however, include data where the identity has been removed (anonymized data).
When you log your interest in participating in our studies, we will collect and process the following personal data:
• Full Name. We collect your full name to identify you accurately and to personalize our communications with you.
• Email Address. Your email address is collected to enable us to contact you regarding study opportunities, provide updates about the studies you have expressed interest in, and to send any relevant information or materials related to study participation.
• Location (City/Region). We collect information about your city or region of residence to match you with appropriate local study sites. This helps us ensure that any study opportunities we inform you about are geographically relevant and accessible to you.
• Additional Voluntary Information. Occasionally, we may ask for additional information that you can choose to provide voluntarily. This might include details such as your age, gender, or specific health conditions relevant to certain studies. Providing this information is optional, and it will only be used to better match you with suitable study opportunities.
We ensure that all the personal data we collect is kept to a minimum necessary for the purposes outlined in this privacy notice. Your data will be handled securely and in accordance with applicable data protection laws. We may also collect, use and share Aggregated Data such as general statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
6. HOW YOUR PERSONAL DATA IS COLLECTED
We collect your personal data through the following methods:
• Direct Interactions. You provide us with your personal data by filling out forms on our website. This includes logging your interest in study participation and any additional information you choose to provide.
• Email Communications. If you contact us via email with inquiries or to express your interest in participating in studies, we will collect the personal data included in your email.
• Online Surveys or Questionnaires. Occasionally, we may ask you to complete surveys or questionnaires related to specific studies. Your responses will be used to gather additional information that helps us match you with relevant study opportunities.
• Website Usage. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns. This data is collected through cookies and other similar technologies. Please refer to our Cookie Policy for more details.
We ensure that all methods of data collection are conducted securely and in compliance with applicable data protection laws to protect your privacy and personal information.
7. HOW WE USE AND DISCLOSE YOUR PERSONAL DATA
We will only use your personal data when permitted by law. Typically, we will use your personal data under the following circumstances:
• Consent. by providing your personal data, you consent to its use for the purposes outlined in this privacy notice.
• Contract Performance. when it is necessary to perform a contract, we are about to enter into or have already entered into with you, or to fulfil other legal obligations.
• Legitimate Interests. when it is necessary for our legitimate interests (or those of a third party), provided that your interests and fundamental rights do not override these interests (this applies within the EEA).
• Legal or Regulatory Obligation: when we need to comply with a legal or regulatory obligation.
8. DISCLOSING INFORMATION TO THIRD-PARTIES
We may share your personal data with third parties in the following circumstances:
• Local Study Sites. to facilitate your participation in relevant studies, we may transfer your personal data to local study sites that are geographically convenient for you. These sites will use your data to contact you about study opportunities and manage your involvement in the studies.
• Service Providers. We may engage third-party service providers to perform certain business operations on our behalf, such as IT services, email communications, and data analytics. These service providers are contractually obligated to protect your personal data and use it solely for the purposes specified by us.
• Business Transfers. In the event of a merger, acquisition, restructuring, or sale of some or all of our assets, your personal data may be transferred to the acquiring entity. We will ensure that such transfers are conducted in compliance with applicable data protection laws and that your data remains protected.
• Legal and Regulatory Compliance. We may disclose your personal data to regulatory bodies, law enforcement agencies, or other authorities if required by law, regulation, or legal process. This includes situations where disclosure is necessary to protect our rights, property, or safety, or those of our participants, employees, or the public.
• Third-Party Links. Our website may contain links to third-party websites. Please note that Splicebio is not responsible for the privacy practices or the content of these external sites. When you follow a link to any of these websites, please review their privacy policies to understand how they collect, use, and share your personal data. We encourage you to be aware when you leave our site and to read the privacy statements of each website that collects personal information.
• International Transfers. We regularly transfer personal data to our service providers and/or study sites outside the European Economic Area (EEA), always ensuring that appropriate safeguards are in place to protect your data. In such cases, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe or, when based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to that afforded in the EEA to personal data shared between the Europe and the US.
Our use and disclosure of Personal Identifiable Health Information (“PIHI”) is limited to the minimum amount of personal data needed to accomplish the intended purpose of the specific clinical investigation or clinical trial and is used in relation to pre-screening activities for such clinical research projects. This includes using study questionnaires that only ask health and medical related questions that are directly associated with the relevant clinical research project as specified in approved protocols. PIHI will generally not be used by us or disclosed by us to any third parties unless we have clear consent from you to do so.
Exceptionally, PIHI may be disclosed by us where we are required to do so by a relevant law or regulation. In particular, this includes, but is not limited to, situations where we are required to disclose such PIHI in relation to requests by public authorities to meet national security or law enforcement requirements. This will include use and/or disclosure in order to:
• prevent or control disease, injury or disability;
• report disease, injury or disability;
• assist public health surveillance, investigations or interventions;
• report child abuse or neglect or domestic violence;
• avert a serious threat to individual(s) or public health or safety;
• to coroners and/or medical examiners or for tissue donation;
• in response to legal proceedings and relevant court orders or subpoenas;
• for specialized government functions and worker’s compensation;
• by workforce members who are whistle-blowers or victims of a criminal act;
• when we believe in good faith that disclosure is necessary to protect our rights or to protect your safety, the safety of others or investigate fraud.
9. DATA SECURITY
We take the security of your personal data very seriously and implement appropriate measures to protect it from unauthorized access, alteration, disclosure, or destruction. Our data security practices include:
• Technical Measures. We employ advanced security technologies, such as encryption or firewalls, to protect your data during transmission and storage. Our systems are regularly monitored for vulnerabilities and breaches.
• Access Controls. Access to your personal data is restricted to authorized personnel who need it to perform their job duties. We implement strict access controls and authentication procedures to ensure that only those with the necessary permissions can access your data.
• Data Minimization. We only collect and retain the minimum amount of personal data necessary for the purposes outlined in this privacy notice. This reduces the risk of unauthorized access and potential misuse of your data.
• Training and Awareness. All employees and contractors who handle personal data receive regular training on data protection principles and our privacy policies. This ensures that they understand the importance of protecting your personal data and are aware of the best practices for data security.
• Regular Audits and Assessments. We conduct regular audits and security assessments to evaluate the effectiveness of our data protection measures. This helps us identify and address potential vulnerabilities and ensures continuous improvement in our data security practices.
• Incident Response. In the event of a data breach, we have a comprehensive incident response plan in place. This includes promptly notifying affected individuals and relevant authorities, as well as taking steps to mitigate the impact of the breach and prevent future occurrences.
We are committed to maintaining the highest standards of data security to ensure that your personal data is protected at all times. If you have any questions or concerns about our data security practices, please do not hesitate to contact us.
10. DATA RETENTION
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, and to comply with legal, regulatory, or administrative requirements. Specifically, we retain your data for the duration of your interest in participating in our studies. If you withdraw your interest or consent, we will delete your data unless we are required to retain it for legal reasons. We periodically review our data retention practices to ensure data is not kept longer than needed. When data is no longer necessary, we securely dispose of it by deleting electronic records, shredding physical documents, and ensuring data cannot be recovered. You have the right to request deletion of your personal data at any time. We will promptly delete your data upon request unless there are legal or legitimate reasons to retain it. For any questions about our data retention practices, please contact us.
11. YOUR DATA PRIVACY RIGHTS
Under data protection laws, you have several rights regarding your personal data. These rights include:
• Right to Access. You have the right to request access to the personal data we hold about you. This enables you to receive a copy of the data and check that we are processing it lawfully.
• Right to Rectification. You have the right to request correction of any inaccurate or incomplete personal data we hold about you. This ensures that your data is accurate and up to date.
• Right to Erasure. You have the right to request the deletion of your personal data when there is no longer a compelling reason for its continued processing. This is also known as the “right to be forgotten.”
• Right to Restriction of Processing. You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to its processing.
• Right to Data Portability. You have the right to request the transfer of your personal data to another organization or directly to you, in a structured, commonly used, and machine-readable format. This applies to data that you have provided to us and is processed by automated means based on your consent or the performance of a contract.
• Right to Object. You have the right to object to the processing of your personal data when we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object if we are processing your personal data for direct marketing purposes.
• Right to Withdraw Consent. If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
To exercise any of these rights, please contact us at the details provided in this privacy notice. We may need to request specific information from you to help us confirm your identity and ensure your right to access your data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We are committed to protecting your rights and ensuring that your personal data is handled with the utmost care and respect. If you have any questions or concerns about your data rights, please do not hesitate to contact us.
You will not have to pay a fee to access your personal data or to exercise any of the other rights. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
12. CONTACT US
If you have any questions, concerns, or requests regarding this privacy notice or our data protection practices, please do not hesitate to contact us. We are committed to addressing your inquiries and ensuring your personal data is handled responsibly.
Contact Details:
SpliceBio, S.L.
Carrer Baldiri Reixac 10-12, Parc Cientific de Barcelona, Barcelona (Spain)
08028
Email: info@splice.bio
Phone: 0034 934020456
Feedback and Complaints:
We value your feedback and are dedicated to improving our services. If you have any suggestions or complaints about how we handle your personal data, please contact us. We take all complaints seriously and will work with you to resolve any issues promptly.
If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). In the EU, you can contact the supervisory authority in your country of residence. For the US, you can reach out to the Federal Trade Commission (FTC).
Information Commissioner’s Office (ICO):
ICO Office Address
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
Phone: 0303 123 1113
Website: Information Commissioner’s Office (ICO)
Federal Trade Commission (FTC):
FTC Office Address
600 Pennsylvania Avenue, NW
Washington, DC 20580
Phone: (202) 326-2222
Website:
We are here to help and ensure your privacy is protected. Thank you for trusting SpliceBio with your personal data.
