“Personal Data”, as used herein, refers to data created by or provided to Summit by or about an Information Provider, that can be used to identify or relate to you as an individual either directly or indirectly.

“Sensitive Personal Data”, as used herein, refers to Personal Data that can be considered to disclose sensitive information about an Information Provider’s race, gender, ethnic origin, religious affiliation, health data and criminal convictions, among other things.

At Summit, it is our goal to handle your Personal Data in accordance with applicable laws, and in line with the following principles:

• Process Personal Data lawfully, fairly and in a transparent manner.
• Collect Personal Data for a specified, explicit and legitimate purpose, and use it for the purposes for which it was originally collected.
• Limit collection of Personal Data to the extent necessary in relation to the purpose for which it is processed.
• Make reasonable efforts to ensure that your Personal Data are accurate and, where necessary, kept up to date.
• Store Personal Data for no longer than is necessary for the purpose for which the Personal Data are processed.

Process Personal Data in a manner that provides adequate security and confidentiality.

Our privacy practices are described in greater detail in the remainder of this Privacy Notice.

Summit may use, collect and/or disclose Personal Data and Sensitive Personal Data for its legitimate business purposes, based on your express consent, or for other purposes and pursuant to legal basis as outlined further in this notice in the section ‘Summit’s Use of Personal Data’.

You may visit our website without voluntarily providing any information about yourself. However, depending on your interactions when you visit our website or otherwise interact with Summit, we may collect the following details about you.  We may also collect information about you in the ordinary course of business in the context of an existing business relationship, from our customers or from third parties:

Information that we receive by your voluntary submission:

• Business & Contact details: such as your name, social media handle, job title and employer, email address, mailing address, phone number, and emergency contact information.
• Professional credentials: such as your professional title, specialty, educational and professional history, and institutional affiliations.
• Survey data: such as your responses to our online and offline surveys.
• Communicationsthat we exchange when you contact us.

Information we may receive from other sources:

• Job applicants’ details: when you review and apply for open positions listed on our ‘Careers’ page, you are redirected to the job posting on the recruitment websites we partner with. Any information you submit is collected and governed by the policies of these websites. This includes business and personal contact information, professional credentials and skills, educational and work history, and relevant information included as part of your Resume. We receive applicant details once shortlisted profiles have gone through mandated background checks, if required, in the form of prospective employee information. Personal Data relating to this employee information are retained for the period of your employment, and thereafter in accordance with our Data Retention Policy.

Transaction history: such as details about the programs and activities in which you have participated, including conferences, ad boards, speakers’ programs, dinners and other events.

• Publicly available information: including information that you or others publish on social media and in publications, such as tweets, comments, news articles, or video or audio content.

Information collected by Automated means:

• Usage information: such as information about how you use the services and interact with us.
• Device identifiers: including information about the device you are using to visit and connect to our websites or applications, such as your device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, and other device identifiers.
• Online activity data: including clickstream data and other information about your interactions with our services, websites, applications, social media pages, and email communications.  We, our service providers and business partners also collect this type of information over time and across third-party websites.

We may use the Personal Data we collect for the below listed purposes. Summit collects, processes and discloses Personal Data and Sensitive Personal Data from and about Information Providers –

• only as necessary in the exercise of Summit’s legitimate interests, functions and responsibilities as an integrated research organization.
• who are research subjects in the exercise of scientific, historical research, or statistical purposes.
• who are applicants for employment, in order to enter into or administer an employment relationship with Summit.
• to share it with internal and external parties to qualify or work with and other related Summit processes and functions.
• to conduct general demographic and statistical research to improve Summit’s programs.
• to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
• to protect our, your or others’ rights, privacy, safety or property;
• to audit our internal processes for compliance with legal and contractual requirements and internal policies;
• to enforce the terms and conditions that govern our services;
• to prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft;
• Additionally, Summit collects, processes and shares Personal Data from and about event patrons internally and with third parties for the purpose of management of your relationship and engagement with Summit.

Summit’s disclosure to third parties and the basis for doing so have been explained further in the following section.

We may also disclose your Personal Data to other parties as follows:

• Consent: We may disclose your Personal Data if we have your consent to do so.
• Emergency Circumstances: We may share your Information, and Sensitive Information when necessary to protect your interests and you are physically or legally incapable of providing consent.
• Employment Necessity: We may share your Sensitive Information when necessary for administering employment or social security benefits in accordance with applicable law, subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
• Public Information: We may share your Information and Sensitive Information if you have manifestly made it public.
• Archiving: We may share your Information and Sensitive Information for archiving purposes in the public interest, and for historical research, and statistical purposes.
• Performance of a Contract: We may share your Information when necessary to administer a contract you have with Summit.
• Legal Obligation: We may share your Information when the disclosure is required or permitted by international, federal, and state laws and regulations.
• Service Providers: We use third parties who have entered into a contract with Summit to support the administration of Summit operations and policies. In such cases, we share your Information with such third parties subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
• Summit Affiliations: With your consent, we may share your Information with parties that are affiliated with Summit for the purpose of contacting you about goods, services, or experiences that may be of interest to you.
• De-Identified and Aggregate Information: We may use and disclose Information in de-identified or aggregate form without limitation and for any purpose.

We are committed to protecting the privacy of children. This website’s content and services are not intended for, or designed to attract, children under the age of 13 (or, in certain jurisdictions, 16). Accordingly, we do not knowingly collect or maintain personally identifiable information from any person we actually know is under the age of 13. If it comes to our attention that a user of our website is under the age of 13 (or 16, as applicable) and has volunteered Personal Data and/or health-related Personal Data, or that a healthcare professional has volunteered Personal Data about a patient who is identified as younger than 13 (or 16, as applicable), without the given or authorized consent of the guardian of such child, we will promptly, upon relevant notification or request, endeavor to delete such Personal Data.

Summit uses commercially reasonable administrative, technical, personnel-related, and physical security measures designed to safeguard the Personal Data that you provide us and is in our possession against loss, theft and unauthorized use, disclosure, or modification. Of course, despite these measures, we cannot guarantee perfect security of the networks, servers, and databases we operate or that are operated on our behalf. In particular, email sent to or from the website may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to us via the website.

Our website may employ cookies and similar technologies for website functionality and tracking user engagement. “Cookies” are small files that the website places on your hard drive for identification purposes. These files are used for website registration and for customization of your next time visit to our website. For example, cookies will remember your preferred language and display. Cookies cannot read data off of your hard drive.

We use the following cookies on our website:

• Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
• Analytical cookies: We use the Google Analytics platform to collect certain analytical information to help us better understand activity on our website and improve our services and the quality of our website. This information includes the IP address, page requests, referring websites or ads, operating system and browser, and time spent on our website. We receive this data in an aggregated form. We use this information to help us understand how visitors engage with our website, measure the effectiveness of our advertising on third-party websites, and to improve our visitors’ experience. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/.
• Functionality cookies: These are used to recognize you when you return to our website and to embed functionality from third party services. This enables us to personalize our content for you, remember your preferences (for example, your choice of language) and to integrate useful services provided by third party providers into our website.

When you visit the Summit website for the first time, you will be given information about the technologies and cookies in use and will have the opportunity to set your consent preferences using a third-party WordPress plug-in. Thereafter, you can manage your cookie settings on our website by clicking on ‘Manage consent’ at the bottom right of the homepage.  You may reject the use of tracking technologies in part or in full. By not accepting cookies, some features on our website may not fully function, and you may not be able to access certain information on this website.

Your Personal Data will be retained by Summit in accordance with applicable federal and state laws and regulations, and the applicable retention periods in the Summit Records Retention Policy. Your Personal Data will be destroyed upon your request, unless applicable laws require destruction after the expiration of an applicable retention period. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of your Personal Data given the level of sensitivity, value and criticality to Summit.

This website is operated in the United States. If you are located anywhere outside of the United States, please be aware that information we collect, including Personal Data, will be transferred to, processed in, and stored in the United States or any other country in which we or our affiliates or processors maintain facilities. The data protection laws in the United States differ from those of the country in which you are located, and your Personal Data can be subject to access requests from governments, courts, or law enforcement in the United States according to the laws of the United States. By using our website or providing us with any information, you explicitly consent to the transfer, processing, and storage of your information in the United States. You further acknowledge that you have been informed of the possible risks of such transfers due to the absence of an adequacy decision by the European Commission with respect to transfers of Personal Data to the United States.

If you are a California resident, please read our ‘California Consumer Privacy Notice’ for additional information that we are required by the California Consumer Privacy Act of 2018 (CCPA) to provide to you.

In certain circumstances, we may transfer the Personal Data of residents of the European Economic Area (EEA), the UK, and Switzerland. In such circumstances, we will ensure to have adequate transfer mechanisms and contracts in place, including the use of Standard Contractual Clauses, as mandated.

As an EEA, UK or Switzerland resident, you are entitled to the rights under Chapter III of the EU General Data Protection Regulation, and the UK GDPR, or Section 2 of the Swiss Federal Act on Data Protection with respect to the processing of your Personal Data, which include the right to access and rectify and to request erasure of Personal Data. In order to verify your identity, we may require you to provide us with the necessary details prior to accessing any records containing information about you.

You may have certain rights as a data subject under applicable laws. For example, you may have the right to object to or request restriction of processing of your Personal Data and to request access to, rectification, erasure and portability of the Personal Data we hold about you, subject to certain exceptions prescribed by law.

For instance, if you are a resident of the European Economic Area (EEA) or the UK – the GDPR, and similarly the UK GDPR, provides you the following rights in relation to your Personal Data for which Summit is the Data Controller:

• Right to be Informed

The right to be informed allows individuals to know what Personal Data are collected about them, for what purpose, who is collecting it, how long will it be retained, with whom will this data be shared, and how you can file a complaint.

• Right to Access

Individuals have a right to submit Data Subject Access Requests (DSARs) and obtain Personal Data an organization has about them.

• Right to Rectification

The right to rectification allows the individuals to ask the organization to update any inaccurate or incomplete Personal Data the organization holds about them.

• Right to Erasure

Also known informally as the ‘Right to be Forgotten’, this right allows individuals to ask for their Personal Data to be deleted if:

• the Personal Data are no longer deemed necessary for the original purpose for which it was collected
• an individual withdraws consent
• the Personal Data have been unlawfully processed
• Individual objects to the processing and the Data Controller has no reason to continue processing
• data erasure is necessary for compliance with a legal obligation
• Right to Restrict Processing

Individuals can request that an organization limits the way it uses their Personal Data.

• Right to Data Portability

Individuals can also request for their data to be transferred directly to them or another organization.

• Right to Object to Processing

Individuals can object to the processing of their Personal Data at any time or under certain circumstances (e.g., for marketing purposes).

• Rights in relation to Automated decision making and Profiling

Individuals have the right to not be subjected to automated decision-making if it is producing a legal effect that significantly affects them. Please note that Summit does not engage in activities involving profiling and automated decision making and does not control or process Personal Data for this purpose.

Similarly, if you reside in California and have provided your Personal Data to us, you may exercise your rights under the California Consumer Privacy Act (“CCPA”). California residents can find more information by reading our ‘California Consumer Privacy Notice’.

If you would like to receive further information regarding our use of your Personal Data, or if you would like to exercise your rights, please contact us at [email protected], or in writing to us:

Data Protection Officer

Summit Clinical Research
300 E. Sonterra Blvd., Bldg. 1, Suite 1220

We may change or update this Privacy Notice from time to time by publishing a new version on this website. When we do update this Notice, we will revise the “Effective” date at the top of this page. Your continued use of Summit’s website and third-party applications after any such change indicates your acceptance of these changes.

The following section highlights the categories of Personal Data related to residents of California that Summit –

a) may have collected in the past 12 months, and

b) may have shared for business purposes in the past 12 months.

For more detailed information on how your Personal Data may be shared, please refer to the ‘Summit’s Use of Personal Data’ section in Summit’s Privacy Notice.

As described in the ‘Personal Data We Collect’ section in Summit’s Privacy Notice, your Personal Data may be collected from other sources such as public databases, social medial platforms, and other third parties which share the information with Summit. This data may be used to serve you by:

• Confirming contact or financial information
• Verify licensure of healthcare professionals
• Understand your interests by associating demographic information in conjunction with other information you provide
• Connecting you with relevant third parties
• Validating your ability to have access to and/or use our products and services
• Improve our products and services
• Protect consumers

Summit may use, collect and/or disclose Personal Data and Sensitive Personal Data for its legitimate business purposes, based on your express consent, or for other purposes and pursuant to legal basis as outlined further in this notice in the section ‘Summit’s Use of Personal Data’.

You may visit our website without voluntarily providing any information about yourself. However, depending on your interactions when you visit our website or otherwise interact with Summit, we may collect the following details about you.  We may also collect information about you in the ordinary course of business in the context of an existing business relationship, from our customers or from third parties:

Information that we receive by your voluntary submission:

• Business & Contact details: such as your name, social media handle, job title and employer, email address, mailing address, phone number, and emergency contact information.
• Professional credentials: such as your professional title, specialty, educational and professional history, and institutional affiliations.
• Survey data: such as your responses to our online and offline surveys.
• Communicationsthat we exchange when you contact us.

Information we may receive from other sources:

• Job applicants’ details: when you review and apply for open positions listed on our ‘Careers’ page, you are redirected to the job posting on the recruitment websites we partner with. Any information you submit is collected and governed by the policies of these websites. This includes business and personal contact information, professional credentials and skills, educational and work history, and relevant information included as part of your Resume. We receive applicant details once shortlisted profiles have gone through mandated background checks, if required, in the form of prospective employee information. Personal Data relating to this employee information are retained for the period of your employment, and thereafter in accordance with our Data Retention Policy.

Transaction history: such as details about the programs and activities in which you have participated, including conferences, ad boards, speakers’ programs, dinners and other events.

• Publicly available information: including information that you or others publish on social media and in publications, such as tweets, comments, news articles, or video or audio content.

Information collected by Automated means:

• Usage information: such as information about how you use the services and interact with us.
• Device identifiers: including information about the device you are using to visit and connect to our websites or applications, such as your device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, and other device identifiers.
• Online activity data: including clickstream data and other information about your interactions with our services, websites, applications, social media pages, and email communications.  We, our service providers and business partners also collect this type of information over time and across third-party websites.

Residents of California are afforded the following rights in relation to their Personal Data:

• Right to know and access your Personal Data, along with how Summit has handled your Personal Data in the last 12 months, to include:
  • categories of Personal Data collected;
  • categories of sources of Personal Data;
  • business and/or commercial purposes for collecting your Personal Data;
  • categories of third parties/with whom we have disclosed or shared your Personal Data; and
  • categories of Personal Data that we have disclosed or shared with a third party for a business purpose;
• Right to deletion of your Personal Data collected by Summit;
• Right to opt out of sale: Summit uses third party Cookies for advertising and website analytics which may be considered selling within the context of CCPA. For more information about Summit’s use of Cookies and how to manage your cookie preferences, see the section on ‘Cookies and Other Technology’ in Summit’s Privacy Notice. Summit does not otherwise sell Personal Data as defined by the CCPA.

Additionally, you have the Right to be free from unlawful discrimination for exercising these rights under the CCPA.

You may submit requests to delete, access a copy and/or know Personal Data we have collected about you by contacting us at [email protected] or calling toll-free at 1-888-462-5715. You will be asked to provide certain information when submitting your request including your full name, contact information, relationship with Summit, and relationship to an individual you may be filing a request on behalf of. This information will be used to determine if your Personal Data are in our systems. These requests will be verified and responded to in a timely manner, and consistent with applicable laws and regulations.

We do not track our website users over time and across third-party websites and therefore do not respond to Do Not Track (DNT) signals. Summit does not authorize third parties to collect Personal Data directly from our users on our website, such as through the use of third-party advertisements.

If you have any questions about this notice, please contact us at [email protected]

You may also contact us by postal mail at the following address:

Data Protection Officer

Summit Clinical Research

300 E. Sonterra Blvd., Bldg. 1, Suite 1220

San Antonio, TX 78258