The Application is used to collect and store data for Clinical Trials.
- Clinical Trial: a particular trial of a medicine or medical application conducted on a group of human subjects (Clinical Trial Subjects).
- Clinical Trial Data: records relating to the subjects within a clinical trial, such as their allocated subject identifier and measurements, adverse event records, etc. captured and recorded during the trial. Clinical Trial Data is anonymized, and may be made available to all members of the Clinical Trial Team and extracted for statistical analysis.
- Clinical Trial Site: a location that has a contract with the Clinical Trial Sponsor to participate in the Clinical Trial (such as a hospital or a doctor’s surgery).
- Clinical Trial Sponsor: an organization that initiates and manages a Clinical Trial and determines the Clinical Trial Data to be collected and processed for the Clinical Trial.
- Clinical Trial Subject: an individual who volunteers to participate in the Clinical Trial.
- Clinical Trial Team: representatives of the Clinical Trial Sponsor, Cmed staff and subcontractors who have access to the Clinical Trial Data collected in the encapsia® Clinical Data Suite system or extracted from the system. This group may include Clinical Research Associates (CRAs) who monitor the progress of the Clinical Trial and its compliance with Good Clinical Practice Regulations who may have access to Site-only Data as well as Clinical Trial Data.
- Good Clinical Practice Regulations: local legislation implementing the Good Clinical Practice guidelines on the conduct of Clinical Trials in the location of the Clinical Trial Site.
- Personal Data: data which relate to a living individual who can be identified (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
- encapsia® Clinical Data Suite: a system developed by Cmed for collecting, storing and processing information in a Clinical Trial. The Application is one component of the system.
- Serious Adverse Event: any untoward medical occurrence that, at any dose, results in death, is life threatening, requires inpatient hospitalization or prolongation of existing hospitalization, results in persistent or significant disability/incapacity, or is a congenital anomaly/birth defect.
- Site-only Data: data including Subject Data collected by Site Staff using the Application during the Clinical Trial which is not part of the Clinical Trial Data. Site-only Data includes any multimedia attachments added to a Clinical Trial Subject’s data. Site-only Data may be made available to Clinical Trial Team members who are authorized to access Site-only Data.
- Site Staff: doctors, nurses and other staff at a Clinical Trial Site. Site Staff are the Users of the Application. They are the Data Controllers of the Subject Data and Site-only Data.
- Subject Data: Personal Data about the Clinical Trial Subjects collected by Site Staff using the Application, such as their names, dates of birth and photographs. Subject Data will not be available outside of the Application and the central server.
- User: Site Staff authorized to use the Application.
- User Data: Personal Data of the Users of the Application, including the Users’ names, email addresses, Clinical Trial Sites they are associated with and their roles. User Data may also include the User’s location and other information automatically captured by the Application. User Data is collected in order to create and administer User accounts and is processed by the Application.
If you have any questions regarding privacy while using the Application, or have questions about Cmed data protection practices, please contact us via email at firstname.lastname@example.org
What information does the Application obtain and how is it used?
The Application is only for use by Users at Clinical Trial Sites who have an existing contractual relationship with the Clinical Trial Sponsor.
You must have an existing, active account for the Application before you can use it. Cmed creates user accounts based on the User Data submitted by the Clinical Trial Sponsor or Site Staff.
Clinical Trial Data, Site-only Data and Subject Data
You will use the Application to collect, store and process Subject Data, Site-only Data and Clinical Trial Data.
All data entered in the Application will relate to Clinical Trial Subjects enrolled in the Clinical Trial who must, according to Good Clinical Practice Regulations, have confirmed their informed consent for the collection and processing of the information for the Clinical Trial in order to participate. The combination of Subject Data and Clinical Trial Data may contain personally identifiable and medical information about the Clinical Trial Subjects.
The information you enter in the Application will be available for processing by all Users at your Clinical Trial Site. Clinical Trial Data and Site-only Data collected and stored in the Application may be available for processing to other authorized users of the encapsia® Clinical Data Suite for your trial.
Cmed will only collect and store Clinical Trial Data, Site-only Data and Subject Data according to instructions from the Site Staff. Processing of the Clinical Trial Data and Subject Data entered using the Application will be according to instructions from the Site Staff and Clinical Trial Sponsor and in accordance with local data privacy legislation and Clinical Trial Regulations applicable to the site.
All data collected by the Application is stored locally on the device and uploaded to the Application’s central server located in the EEA. No Application data stored locally is available to other applications on the device.
Automatically collected information
The Application may collect certain information automatically, such as the type of device you are using, your device’s unique identifier, IP address, operating system and regional settings as well as information about the way you use the Application. For information on how to manage the data automatically collected via the Application please see the section “Device Permissions” below.
The Application will automatically record your username against all the changes you make to the data in the Application.
What device permissions are required and what are they used for?
The Application may require the use of the following:
- Location: The Application will ask for your permission to capture your location. It is recorded in the user access logs that provide information about the users who have logged in to the Application, which may be used to detect potential fraud. We may share this location with the Clinical Trial Sponsor. If you do not want your location to be collected, you can deny permission or turn the Location services off in your device settings.
- Network: The Application uses your device’s network connection to upload data from the Application to the central server and to download data from the central server to the Application to ensure the copy of the trial data on your device is as up-to-date as possible. You can use the Application offline and it will synchronize with the server once a network connection is available.
- Camera: You can use the device’s camera within the Application to attach photos or video to Clinical Trial Subject records or their data. Such photos or videos are not stored in the device’s shared galleries and are not available to any other applications on the device. All attachments are considered, including those attached to Clinical Trial Data, Site-only Data. You are responsible for ensuring that attachments do not contain Personal Data.
Do third parties see and/or have access to information obtained by the Application?
We may disclose:
- Clinical Trial Data to the Clinical Trial Sponsor for processing and analysis.
- Clinical Trial Data to relevant regulatory bodies such as Medicines and Healthcare products Regulatory Agency (MHRA) in the UK or Food and Drug Administration (FDA) in the US, according to Good Clinical Practice Regulations, for example in cases of Serious Adverse Events or in the investigation of potential fraud.
- Clinical Trial Data and User Data where compelled by law or by regulatory or government body.
- Clinical Trial Data and User Data when we believe in good faith that disclosure is necessary to protect Cmed’s rights, protect your safety or the safety of others, investigate potential fraud, or respond to a government request.
- User Data with Cmed’s trusted services providers who work on our behalf for the purpose of administering and supporting the Application and Users, and who do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.
- If Cmed Technology Ltd is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or via a prominent notice on our Web site of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
- In addition, Cmed may use third parties to host the Clinical Trial Data, Subject Data, Site-only Data and User Data. Such third-party hosting providers do not have logical access to such data and Cmed has appropriate agreements in place to ensure the technical and organisation security of all such data hosted by third parties.
The Application does not use advertising or share data with any third-party advertisers.
The Application can only be used by authorized adult Users at Clinical Trial Sites who have an existing user account in the Application and who have an existing contractual relationship with the Clinical Trial Sponsor. It is not for use by any persons under the age of 18.
Depending on the Clinical Trial, the data collected, stored and processed in the Application may contain information about children and minors. Users are responsible for obtaining the consent of a parent or guardian to collect data relating to children in the Application. If you become aware that data relating to a child has been provided without the appropriate consent, you are responsible for contacting Site Staff and notifying the Clinical Trial Sponsor as appropriate in accordance with your agreement with the Clinical Trial Sponsor.
How to opt out?
It is the responsibility of the Site Staff to ensure that all Clinical Trial Subjects give consent to the use of their Subject Data in the Application. If the Clinical Trial Subject does not consent, or withdraws their consent, Site Staff can contact Cmed to arrange the deletion of the relevant Clinical Trial Subject’s Subject Data.
Data Retention Policy
Cmed will retain data in accordance with our data retention policy which is in accordance with applicable Good Clinical Practice Trial Regulations. Cmed can only delete Clinical Trial Data that you have provided with the consent of the Clinical Trial Sponsor. Cmed may be able to remove Site-only Data and Subject Data if requested by Site Staff. Users may request Cmed to remove their User Data.
Please note that some or all of the data may be required in order for the Application to function properly and may not be deleted.
Cmed is committed to safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate and administer the Application.
We use modern encryption for synchronizing data between the device and the central server.
When you start using the Application, you must authenticate with your username and password and create a PIN that only you know. You will be required to enter your PIN every time you log into the Application. It is your responsibility to keep your PIN safe and secure and not to share it with anyone.
Please be aware that although we are committed to safeguarding information we process and maintain, no security system can prevent all potential security breaches.
01Mar2017 Initial version