Summit’s Website Privacy Notice - Summit Clinical Research

Effective 9/13/2022

Who we are

Summit Clinical Research (“Summit”, “we”, “our”, or “us”) is an integrated research organization primarily servicing the biopharmaceutical industry and the parties engaged in that industry, and we are committed to safeguarding the privacy of information we collect, including compliance with applicable Data Privacy Laws, like the European Union’s General Data Protection Regulation (GDPR). Our website and other services are primarily provided on behalf of businesses. Our website and other services are not intended for individuals to use for personal or household purposes.

This Privacy Notice outlines the collection, use, and disclosure of Personal Data provided to Summit by individuals, (hereinafter “Information Providers”) including but not limited to:

applicants for employment
employees and members of their immediate family
retirees
event patrons and members of their immediate family
customers
contractors and vendors and their employees
research subjects
patients
clinical research sites and their employees
hospitals and their employees
medical offices and their employees
clinical trial sponsors and their employees

When Personal Data is submitted to Summit or you use Summit ‘s websites and other electronic data services, you consent to the collection, use, and disclosure of that information as described in this Privacy Notice.

Exclusions: This policy only addresses Personal Data collected through our websites, mobile pages, applications, and our call centers (collectively, “Services”). It does not describe the ways in which we may collect or use Personal Data obtained offline in other ways, and it does not address or control the privacy practices of other websites (including those we link to), which may have their own privacy notice(s). We encourage our website users to be aware when they leave our website and to read the privacy statements of each and every website they visit that collects Personal Data.

Personal Data We Collect

Summit may use, collect and/or disclose Personal Data and Sensitive Personal Data for its legitimate business purposes.

”Personal Data”, as used herein, refers to data created by or provided to Summit by or about an Information Provider, that can be used to identify or relate to you as an individual either directly or indirectly.

“Sensitive Personal Data”, as used herein, refers to Personal Data that can be considered to disclose sensitive information about an Information Provider’s race, gender, ethnic origin, religious affiliation, health data and criminal convictions, among other things.

You may visit our website without voluntarily providing any information about yourself. However, depending on your interactions when you visit our website or otherwise interact with Summit, we may collect the following details about you. We may also collect information about you in the ordinary course of business in the context of an existing business relationship, from our customers or from third parties:

Contact details: such as name, social media handle, job title and employer, email address, mailing address, phone number, and emergency contact information.
Transaction history: such as details about the programs and activities in which you have participated, including conferences, ad boards, speakers’ programs, dinners and other events.
Professional credentials: such as your specialty, educational and professional history, and institutional affiliations.
Usage information: such as information about how you use the services and interact with us.
Survey data: such as your responses to our online and offline surveys.
Communications that we exchange when you contact us.
Publicly available information: including information that you or others publish on social media and in publications, such as tweets, comments, news articles, or video or audio content.
Device Identifiers: including information about the device you are using to visit and connect to our websites or applications, such as your device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, and other device identifiers.
Online Activity Data: including browsing history, search history, clickstream data, and other information about your interactions with our services, websites, applications, social media pages, and email communications. We, our service providers and business partners also collect this type of information over time and across third-party websites.

Summit’s Use of Personal Data

We may use the Personal Data we collect for the below listed purposes. Summit collects, processes and discloses Personal Data and Sensitive Personal Data from and about Information Providers.

only as necessary in the exercise of Summit’s legitimate interests, functions and responsibilities as an integrated research organization.
who are research subjects in the exercise of scientific, historical research, or statistical purposes.
who are applicants for employment, employees and immediate family members in order to enter into or administer an employment relationship with Summit.
to share it with internal and external parties to qualify or work with and other related Summit processes and functions.
to conduct general demographic and statistical research to improve Summit’s programs.
to share internally and externally, as necessary, applicable and appropriate, to identify appropriate support services or activities, provide reasonable accommodations, enforce Summit policies or comply with applicable laws.
which may be shared by Summit with third parties who have entered into contracts with Summit to perform functions on behalf of Summit, subject to the obligation of confidentiality and safeguarding from unauthorized disclosure.
to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
to protect our, your or others’ rights, privacy, safety or property;
to audit our internal processes for compliance with legal and contractual requirements and internal policies;
to enforce the terms and conditions that govern our services;
to prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; and
Summit collects, processes and shares Personal Data from and about event patrons internally and with third parties for the purpose of management of your relationship and engagement with Summit.

Third Party Use of Personal Data

We may also disclose your Personal Data to other parties as follows:

Consent: We may disclose your Personal Data if we have your consent to do so.
Emergency Circumstances: We may share your Information, and Sensitive Information when necessary to protect your interests and you are physically or legally incapable of providing consent.
Employment Necessity: We may share your Sensitive Information when necessary for administering employment or social security benefits in accordance with applicable law, subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
Public Information: We may share your Information and Sensitive Information if you have manifestly made it public.
Archiving. We may share your Information and Sensitive Information for archiving purposes in the public interest, and for historical research, and statistical purposes.
Performance of a Contract: We may share your Information when necessary to administer a contract you have with Summit.
Legal Obligation: We may share your Information when the disclosure is required or permitted by international, federal, and state laws and regulations.
Service Providers: We use third parties who have entered into a contract with Summit to support the administration of Summit operations and policies. In such cases, we share your Information with such third parties subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
Summit Affiliations: With your consent, we may share your Information with parties that are affiliated with Summit for the purpose of contacting you about goods, services, or experiences that may be of interest to you.
De-Identified and Aggregate Information: We may use and disclose Information in de-identified or aggregate form without limitation and for any purpose.

Children’s Privacy

We are committed to protecting the privacy of children. This website’s content and services are not intended for, or designed to attract, children under the age of 13 (or, in certain jurisdictions, 16). Accordingly, we do not knowingly collect or maintain personally identifiable information from any person we actually know is under the age of 13. If it comes to our attention that a user of our website is under the age of 13 (or 16, as applicable) and has volunteered Personal Data and/or health-related Personal Data, or that a healthcare professional has volunteered Personal Data about a patient who is identified as younger than 13 (or 16, as applicable), without the given or authorized consent of the guardian of such child, we will promptly, upon relevant notification or request, endeavor to delete such Personal Data.

Security

Summit uses commercially reasonable administrative, technical, personnel-related, and physical security measures designed to safeguard the Personal Data that you provide us and is in our possession against loss, theft and unauthorized use, disclosure, or modification. Of course, despite these measures, we cannot guarantee perfect security of the networks, servers, and databases we operate or that are operated on our behalf. In particular, email sent to or from the website may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to us via the website.

Cookies and Similar Technologies

Our website may employ cookies and similar technologies for website functionality and tracking user engagement. “Cookies” are small files that the website places on your hard drive for identification purposes. These files are used for website registration and for customization of your next time visit to our website. For example, cookies will remember your preferred language and display. Cookies cannot read data off of your hard drive.

We use the following cookies on our website:

Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Analytical cookies: We use the Google Analytics platform to collect certain analytical information to help us better understand activity on our website and improve our services and the quality of our website. This information includes the IP address, page requests, referring websites or ads, operating system and browser, and time spent on our website. We receive this data in an aggregated form. We use this information to help us understand how visitors engage with our website, measure the effectiveness of our advertising on third-party websites, and to improve our visitors’ experience. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/.

Functionality cookies: These are used to recognize you when you return to our website and to embed functionality from third party services. This enables us to personalize our content for you, remember your preferences (for example, your choice of language) and to integrate useful services provided by third party providers into our website.You can refuse or accept cookies from this website at any time by activating the cookie settings in your browser. The “help” menu on most internet browsers contains information on how to disable cookies, or you can visit http://www.aboutcookies.org/how-to-control-cookies/. By not accepting cookies, some features on our website may not fully function, and you may not be able to access certain information on this website.

Retention and Destruction of Your Personal Data

Your Personal Data will be retained by Summit in accordance with applicable federal and state laws and regulations, and the applicable retention periods in the Summit Records Retention Policy. Your data will be destroyed upon your request, unless applicable laws require destruction after the expiration of an applicable retention period. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of your data given the level of sensitivity, value and criticality to Summit.

Privacy Policies of Other Websites

Summit’s website contains links to other websites. Our Privacy Notice only applies to our website, so if you clink on a link to another website, you should read their privacy policy.

Location-Specific Disclosure: Users in California, the European Economic Area (EEA) and Switzerland and Consent to Transfer of Personal Data to the United States

This website is operated in the United States. If you are located anywhere outside of the United States, please be aware that information we collect, including Personal Data, will be transferred to, processed in, and stored in the United States or any other country in which we or our affiliates or processors maintain facilities. The data protection laws in the United States differ from those of the country in which you are located, and your Personal Data can be subject to access requests from governments, courts, or law enforcement in the United States according to the laws of the United States. By using our website or providing us with any information, you explicitly consent to the transfer, processing, and storage of your information in the United States. You further acknowledge that you have been informed of the possible risks of such transfers due to the absence of an adequacy decision by the European Commission with respect to transfers of Personal Data to the United States. You are also consenting to the application of United States federal and Texas state law in all matters concerning this website and our Privacy Notice.

If you are a California resident, please read our Notice to California Residents for additional information that we are required by the California Consumer Privacy Act of 2018 (CCPA) to provide to you.

In certain circumstances, we may transfer the Personal Data of residents of the European Economic Area (EEA) and Switzerland. In those circumstances, we will enter into appropriate agreements with such parties, including the use of Standard Contractual Clauses.

As an EEA or Switzerland resident, you are entitled to the rights under Chapter III of the EU General Data Protection Regulation or Section 2 of the Swiss Federal Act on Data Protection with respect to the processing of your Personal Data, which include the right to access and rectify and to request erasure of Personal Data. In order to verify your identity, we may require you to provide us with the necessary details prior to accessing any records containing information about you.

Your Privacy Rights

You may have certain rights as a data subject under applicable laws. For example, you may have the right to object to or request restriction of processing of your Personal Data and to request access to, rectification, erasure and portability of the Personal Data we hold about you, subject to certain exceptions prescribed by law. If you would like to receive further information regarding our use of your Personal Data, or if you would like to exercise your rights, please contact us at:

Summit Clinical Research
300 East Sonterra Boulevard
Building 1, Suite 1220
San Antonio, Texas 78258
[email protected]

We will attempt to fulfill your request to the extent required by and permissible under applicable privacy laws and other laws and regulations. In any event, we will endeavor to respond to you promptly and to advise you of the outcome of your request.

Please be aware that prior to processing or providing any information we will verify and may request further proof of your identity. Additionally, if you are acting on behalf of the data subject, written authorization along with proof of the data subject’s identity will be required. Summit may not be able to comply with your request if we are unable to confirm your identity or connect the information you provide with Personal Data in our possession.

In certain jurisdictions, you may have the right to file a complaint with the relevant regulator or supervisory authority. Contact details can be found below:

EU Supervisory Authorities: Should you have any concerns regarding the processing of your Personal Data, you may contact the national data protection authority in the EU jurisdiction in which you normally access our sites at EU – Data Protection Authorities.
The Supervisory Authority in the UK is the Information Commissioner’s Office, whose contact details are available at ico.org.uk.

Updates to this Privacy Notice

We may change or update this Privacy Notice from time to time by publishing a new version on this website. When we do update this Notice, we will revise the “Effective” date at the top of this page. Your continued use of Summit’s website and third-party applications after any such change indicates your acceptance of these changes.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-functionality	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Functionality".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_06BRXNKHXJ	2 years	This cookie is installed by Google Analytics.
_ga_1BTQP2JTPG	2 years	This cookie is installed by Google Analytics.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
ugid	1 year	This cookie is set by the provider Unsplash. This cookie is used for enabling the video content on the website.