LifeData Privacy Policy
Updated: June 12, 2024
CONTENTS
- Using Our Applications to Create Content (“LifePaks”) for Mobile Users
- Interacting With and Responding Through Our Mobile Applications
- Privacy for LifePak Creators
- Privacy for Mobile App Users/Respondents
- Privacy for European Union (EU)/United Kingdom (UK)/Swiss Residents
1. USING OUR APPLICATIONS TO CREATE CONTENT (“LIFEPAKS”) FOR MOBILE USERS
- Your data is owned by you. LifeData keeps your content private. We don’t sell it to anyone and we don’t use the responses you collect for our own purposes, except in a limited set of circumstances (e.g. if we are compelled by a subpoena, or if you’ve made your responses public).
- We safeguard respondents’ email addresses. To make it easier for you to invite people to download your LifePaks via an email address, you may upload email addresses, in which case LifeData acts as a mere custodian of that data. We don’t sell these email addresses and we use them only as directed by you and in accordance with this policy. The same goes for any email addresses collected by your LifePaks.
- Data is stored on servers located in the United States. LifeData will process your data on your behalf and under your instructions (including the ones agreed to in this Privacy Policy).
2. INTERACTING WITH AND RESPONDING THROUGH OUR MOBILE APPLICATIONS
- LifePaks are administered by LifePak creators. LifePak creators may publish numerous LifePaks each day using our services. We host the LifePak content on our servers and collect the responses that you submit to the LifePak creator. If you have any questions about a LifePak you are interacting with, please contact the LifePak creator directly as LifeData is not responsible for the content of that LifePak or your responses to it. The LifePak creator may have their own Privacy Policy.
- Are your responses anonymous? This depends on how the LifePak creator has configured the LifePak. Contact them to find out, or contact us to know more about respondent anonymity.
- We don’t sell your responses to third parties. LifeData doesn’t sell or share your responses with third party advertisers or marketers (although the LifePak creator might, so check with them). LifeData merely acts as a custodian on behalf of the LifePak creator who controls your data.
- If you think a LifePak violates our Terms of Use or may be engaging in illegal activity, contact@lifedatacorp.com to report it.
LifeData Services are used by LifePak creators (people who create and conduct ecological momentary assessment & ecological momentary intervention experiences) and LifePak respondents (people who engage with and respond to those LifePaks). The information we receive from LifePak creators and LifePak respondents and how we handle it differs, so we have split this Privacy Policy into two parts.
3. PRIVACY FOR LIFEPAK CREATORS
1. What information does LifeData collect?
When you use LifeData web applications and websites, we collect information relating to you and your use of our services from a variety of sources. These are listed below. The sections afterward describe what we do with this information.
Information we collect directly from you
- Registration information. You need a LifeData account before you can create LifePaks in the LifePak Builder & Management System. When you register for an account, we collect your username, password, email address, street address, phone number.
- Billing information. If you make a payment to LifeData, we require you to provide your billing details, such as a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number). If you provide a billing address, we will regard that as the location of the account holder.
- EMA data. We store your LifePak and EMA data (prompts and responses) for you.
- Other data you intentionally share. We may collect your personal information or data if you submit it to us in other contexts. For example, if you provide us with a testimonial, or participate in a LifeData contest or survey.
- We safeguard your respondents’ email addresses. Rest assured, LifeData will not email your LifePak respondents except at your direction. We definitely don’t sell those email addresses to any third parties.
Information we collect about you from other sources
- Usage data. We collect usage data about you whenever you interact with our services. Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses.
- Device data. We collect data from the device and application you use to access our services, such as your IP address and browser type. We may also infer your geographic location based on your IP address.
- Referral data. If you arrive at a LifeData website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
- Information from third parties. We may collect your personal information or data from third parties if you give permission to those third parties to share your information with us.
- Information from page tags. We may use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics.
2. How does LifeData use the information we collect?
We treat your LifePak prompts and responses as information that is private to you. We know that, in many cases, you want to keep your LifePak prompts and responses (which we collectively refer to as “LifePak data”) private. Unless you decide to share your LifePak prompts and/or responses with the public, we do not use your LifePak data for our own purposes, except in the limited circumstances described in this Privacy Policy or unless we have your express consent. We do not sell your LifePak data to third parties.
Generally, we use the information we collect from you in connection with providing our services to you and, on your behalf, to your LifePak respondents. For example, specific ways we use this information are listed below. (See the next section of this Privacy Policy to see who we share your information with.)
- To provide you with our services.
- This includes providing you with customer support, which requires us to access your information to assist you (such as with LifePak design and creation or technical troubleshooting).
- If you choose to link your LifeData account to a third party account (such as your Twitter or Facebook account), we may use the information you allow us to collect from those third parties to provide you with additional features, services, and personalized content.
- To manage our services. We internally use your information, including certain LifePak data, for the following limited purposes:
- To monitor and improve our services and features. We internally perform statistical and other analysis on information we collect (including usage data, device data, referral data, and information from page tags) to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services. However, we do not use the non-public content of LifePaks (i.e. the content of prompts and responses that you have not publicly shared) for these purposes.
- To assist the enforcement of our Terms of Use.
- To prevent potentially illegal activities.
- To screen for undesirable or abusive activity. For example, we have automated systems that screen content for phishing activities, spam, and fraud.
- To create new services, features or content (public data and metadata only). We may use public LifePak data and anonymized LifePak metadata (that is, data about the characteristics of a LifePak but not its non-public content), to create and provide new services, features or content. For example, we may look at statistics like response rates, prompt and answer word counts, and the average number of prompts in a LifePak and publish interesting observations about these for informational or marketing purposes. When we do this, neither individual LifePak creators nor LifePak respondents will be identified or identifiable unless we have obtained their permission.
- To facilitate account creation and the logon process. If you choose to link your LifeData account to a third party account (such as your Twitter or Facebook account), we use the information you allowed us to collect from those third parties to facilitate the account creation and login process.
- To contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, a welcome email when you first register). You can’t opt out of these communications since they are required to provide our services to you.
- To contact you for marketing purposes.
- To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
3. With whom do we share or disclose your information?
We don’t sell your LifePak data.
When might we disclose your LifePak data to third parties? Only for a limited number of reasons. Mostly commonly, we share your information with our service providers who help us to provide our services to you. For example, we use payment processors who help us to process credit card transactions. By using our services, you authorize LifeData to sub-contract in this manner on your behalf.
Rare circumstances include when we need to share information if required by law, or in a corporate restructuring or acquisition context (see below for more details).
Sharing your LifePaks with the public. You are able to control who can download and engage with your LifePak by changing LifePak distribution settings. For example, LifePaks can be made publicly available within the RealLife Exp mobile app, Semi-private (you create and distribute a code which allows download within the RealLife Exp mobile app), or private by restricting access to people based on the email address Real Life Exp mobile app users have given us for their account.
We recognize that you have entrusted us with safeguarding the privacy of your information. Because that trust is very important to us, the only time we will disclose or share your personal information or LifePak data with a third party is when we have done one of three things, in accordance with applicable law: (a) given you notice, such as in this Privacy Policy; (b) obtained your express consent, such as through an opt-in checkbox; or (c) anonymized the information so that individuals cannot be identified by it. Where required by law, we will obtain your express consent prior to disclosing or sharing any personal information.
We may disclose:
- Your information to our service providers. We use service providers who help us to provide you with our services. We give relevant persons working for some of these providers access to your information, but only to the extent necessary for them to perform their services for us. We also implement reasonable contractual and technical protections to ensure the confidentiality of your personal information and data is maintained, used only for the provision of their services to us, and handled in accordance with this Privacy Policy. Examples of service providers include payment processors, email service providers, and web traffic analytics tools.
- Your account details to your billing contact. If your details (as the account holder) are different to the billing contact listed for your account, we may disclose your identity and account details to the billing contact upon their request (we also will usually attempt to notify you of such requests). By using our services and agreeing to this Privacy Policy, you consent to this disclosure.
- Aggregated information to third parties to improve or promote our services. No individuals can be identified or linked to any part of the information we share with third parties to improve or promote our services.
- Your information if required or permitted by law. We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us.
- Your information if there’s a change in business ownership or structure. If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization (including a merger or consolidation) or any other action or transfer between LifeData entities, you expressly consent to LifeData transferring your information to the new owner or successor entity so that we can continue providing our services.
- Information you expressly consent to be shared. For example, we may expressly request your permission to provide your contact details to third parties for various purposes, including to allow those third parties to contact you for marketing purposes. (You may later revoke your permission, but if you wish to stop receiving communications from a third party to which we provided your information with your permission, you will need to contact that third party directly.)
4. What are your rights to your information?
You can:
- Update your account details. You can update your registration and other account information on your Profile page. Information is updated immediately.
- Download/backup your LifePak and response data. We provide you with the ability to export your EMA data in a variety of formats. This allows you to create your own backups or conduct offline data analysis.
5. How can personal information be deleted?
- LifePak creators may cancel their account, or allow their subscription to lapse. Any data collected prior to account cancellation or subscription end date will be permanently deleted in 180 days. (Prior to that date, any data collected may be retrieved by writing to support@lifedatacorp.com.)
- You may delete your LifePaks and associated participant data at any time through the LifeData web application once you have logged into your account. Once this action is taken by you, LifeData retains a copy for no longer than 30 days after which it will be permanently deleted.
- LifePak creators may also contact LifeData directly with specific requests to delete personal data. Send requests to support@lifedatacorp.com.
6. Security, cookies and other important information:
- Changes to this Privacy Policy. We may modify this Privacy Policy at any time, but if we do so, we will notify you by publishing the changes on this website www.lifedatacorp.com. For any changes to this Privacy Policy for which you are required to provide prior consent, we will provide you with reasonable notice of such changes before they become effective and provide you with the opportunity to consent to those changes. If you disagree with the terms of this Privacy Policy or any updated Privacy Policy, you may close your account at any time.
- Security. We are committed to handling your personal information and data with integrity and care. However, regardless of the security protections and precautions we undertake, there is always a risk that your personal data may be viewed and used by unauthorized third parties as a result of collecting and transmitting your data through the internet.
- Cookies. We use cookies on our websites. Cookies are small bits of data we store on the device you use to access our services so we can recognize repeat users. Each cookie expires after a certain period of time, depending on what we use it for. We use cookies for several reasons:
- To make our site easier to use. If you use the “Remember me” feature when you sign into your account, we may store your username in a cookie to make it quicker for you to sign in whenever you return to LifeData.
- For security reasons. We use cookies to authenticate your identity, such as confirming whether you are currently logged into LifeData.
- To provide you with personalized content. We may store user preferences in cookies to personalize the content you see.
- To improve our services. We use cookies to measure your usage of our websites and track referral data, as well as to occasionally display different versions of content to you. This information helps us to develop and improve our services and optimize the content we display to users.
We don’t believe cookies are disturbing, but you can still choose to remove or disable cookies via your browser. Refer to your web browser’s configuration documentation to learn how to do this. Please note that doing this may adversely impact your ability to use our services. Enabling cookies ensures a smoother experience when using our websites. By using our websites and agreeing to this Privacy Policy, you expressly consent to the use of cookies as described in this policy.
- Blogs and Forums. Our website may offer publicly accessible blogs and community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We’re not responsible for any personal information you choose to submit in these areas of our site. To request removal of your personal information from our blog or community forum, contact us at support@lifedatacorp.com. In some cases, we may not be able to fulfill your request and we will let you know why.
- Online Tracking. We currently do not process or comply with any web browser’s “do not track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who visit our websites or use our services (unless otherwise stated in a service-specific privacy statement).
- Safety of Minors and COPPA. Our services are not intended for and may not be used by minors. “Minors” are individuals under the age of majority in their place of residence (or under 13 in the United States). LifeData does not knowingly collect personal data from minors or allow them to register. If it comes to our attention that we have collected personal data from a minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact us at support@lifedatacorp.com
4. PRIVACY FOR MOBILE APP USERS/RESPONDENTS
1. What information does LifeData collect?
When you respond to LifePaks hosted by LifeData, we collect, on behalf and upon instructions (including the ones provided in this Privacy Policy) of LifePak creators, information relating to you and your use of our services from a variety of sources. These are listed below. The sections afterward describe what we do with this information.
Information we collect directly from you
LifePak responses. We collect and store the LifePak responses that you submit. The LifePak creator is responsible for this data and manages it. A LifePak may ask you to provide personal information or data. If you have any questions about a LifePak you are taking, please contact the LifePak creator directly as LifeData is not responsible for the content of that LifePak. The LifePak creator may have invited you to download the LifePak and sometimes they have their own Privacy Policy.
Are your LifePak responses anonymous? This depends on how the LifePak creator has chosen to make their LifePak available to mobile users and what personally identifiable information they may ask in the LifePak they have created. We provide instructions on how a LifePak can be delivered to specific known users or available to anyone who has the RealLife mobile application installed on their device.
Information we collect about you from other sources
- Usage data. We collect usage data about you whenever you interact with our services. Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access and error logs to assist in servicing our applications. LifeData does not gather originating IP addresses from the mobile device.
- Device data. We collect data from the device and application you use to access our services, such as device type and app version. We may also gather your geographic location if you opt in when you download the mobile application.
- Referral data. If you arrive at a LifeData website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
- Information from page tags. We may use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics.
Providing LifePak responses is voluntary. Remember, you can always choose not to provide an answer to any given LifePak question (especially those requesting your personal information or data). However, sometimes this will prevent you from completing a LifePak if the LifePak creator has marked that question as requiring an answer.
2. How does LifeData use the information we collect?
Your LifePak responses are owned and managed by the LifePak creator, and we treat that information as private to the LifePak creator. Please contact the LifePak creator directly to understand how they will use your LifePak responses. Some LifePak creators may provide you with a Privacy Policy or notice at the time you download their LifePak and we encourage you to review that to understand how the LifePak creator will handle your responses.
Please see the LifePak Creator version of this Privacy Policy to understand how LifeData handles LifePak responses. LifeData does not sell LifePak responses to third parties and we do not use any contact details collected in our customers’ LifePaks to contact LifePak respondents.
We also use the information we collect from you (including usage data, device data, referral data and information from page tags) to manage and improve our services.
3. With whom do we share or disclose your information?
LifeData does not sell your LifePak responses! We disclose your LifePak responses to LifePak creators. We host LifePaks for LifePak creators, but they are really the primary curator of LifePak data. Anything you expressly disclose in your LifePak responses will, naturally, be provided to them. Please contact the LifePak creator directly to understand how they might share your LifePak responses. Please see the LifePak Creator version of this Privacy Policy to understand what LifeData tells LifePak creators about how we handle LifePak responses.
4. What are my rights to my personal data?
- LifePak mobile app users / data respondents may delete a LifePak and the associated data set from their mobile devices at any time. This removes any data from the mobile device which the LifePak has collected. This will not delete data from LifeData servers.
- LifePak mobile app users / data respondents may also make a request to delete personal information from LifeData servers directly to the Data Controller who created and administers the LifePak. Data deletion requests that originate in this way are completed within 30 days after request is made by Data Controller to LifeData.
- For requests to access, update, or delete anything in your responses, contact the LifePak creator or administrator.
- For questions about your personal information, contact the LifePak creator or administrator.
5. Security, cookies and other important information
Changes to this Privacy Policy. We may modify this Privacy Policy at any time, but if we do so, we will notify you by publishing the changes on this website. If we determine the changes are material, we will provide you with additional, prominent notice as is appropriate under the circumstances, such as via email.
For any changes to this Privacy Policy for which you are required to provide prior consent, we will provide you with reasonable notice of such changes before they become effective and provide you with the opportunity to consent to those changes. If you disagree with the terms of this Privacy Policy or any updated Privacy Policy, you may close your account (if you have one) at any time or not respond to a LifePak.
- Security. We are committed to handling your personal information and data with integrity and care. However, regardless of the security protections and precautions we undertake, there is always a risk that your personal data may be viewed and used by unauthorized third parties as a result of collecting and transmitting your data through the internet.
- Cookies. We use cookies on our websites. Cookies are small bits of data we store on the device you use to access our services so we can recognize repeat users. Each cookie expires after a certain period of time, depending on what we use it for. We use cookies for several reasons:
- To make our site easier to use. If you use the “Remember me” feature when you sign into your account, we may store your username in a cookie to make it quicker for you to sign in whenever you return to LifeData.
- For security reasons. We use cookies to authenticate your identity, such as confirming whether you are currently logged into LifeData.
- To provide you with personalized content. We may store user preferences in cookies to personalize the content you see.
- To improve our services. We use cookies to measure your usage of our websites and track referral data, as well as to occasionally display different versions of content to you. This information helps us to develop and improve our services and optimize the content we display to users.
We don’t believe cookies are disturbing, but you can still choose to remove or disable cookies via your browser. Refer to your web browser’s configuration documentation to learn how to do this. Please note that doing this may adversely impact your ability to use our services. Enabling cookies ensures a smoother experience when using our websites. By using our websites and agreeing to this Privacy Policy, you expressly consent to the use of cookies as described in this policy.
- Blogs and Forums. Our website offers publicly accessible blogs and community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We’re not responsible for any personal information you choose to submit in these areas of our site. To request removal of your personal information from our blog or community forum, contact us at support@lifedatacorp.com. In some cases, we may not be able to fulfill your request and we will let you know why.
- Online Tracking. We currently do not process or comply with any web browser’s “do not track” signal or other similar mechanism that indicates a request to disable online tracking of individual users who visit our websites or use our services (unless otherwise stated in a service-specific privacy statement).
- Social Media Features. Our websites (not our mobile apps) may include social media features or widgets, such as the Facebook Like button. Use of these features may allow them to collect your IP address, detect which page you are visiting on our site, and set a cookie to enable the feature to function properly. Your interactions with these features are governed by the Privacy Policy of the third party providing it.
- Safety of Minors and COPPA. Our services are not intended for and may not be used by minors. “Minors” are individuals under the age of majority in their place of residence (or under 13 in the United States). LifeData does not knowingly collect personal data from minors or allow them to register. If it comes to our attention that we have collected personal data from a minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact us at support@lifedatacorp.com
Geolocation information: LifeData mobile applications collect geolocation information. You will have the option of allowing or disallowing this information to be collected along with your responses. This information can be valuable for understanding by researchers and others engaged with providing your services that benefit you.
5. PRIVACY FOR EUROPEAN (EU/UK/SWISS) RESIDENTS
-
-
- PERSONAL DATA OF EUROPEAN UNION (EU)/UNITED KINGDOM (UK)/SWISS CITIZENS
- LIFEDATA and GDPR
- LIFEDATA and DATA PRIVACY FRAMEWORK PRINCIPLES – NOTICE
- CONSENT, ACCESS and DISCLOSURE
- DATA SECURITY and SAFEGUARDS
- COMPLAINTS, INQUIRIES, and DISPUTES
- RECOURSE FOR DISPUTE RESOLUTION
- ONWARD TRANSFERS of PERSONAL DATA
- VERIFICATION and SELF ASSESSMENT
-
1. Personal Data Of European Union (EU) Citizens
LifeData products and services (e.g. LifePaks) are used by organizations that may collect the personal data of citizens of the European Union (EU), including Switzerland. Personal data of EU citizens is governed by the General Data Privacy Regulation, or GDPR. Where LifeData products or services are used to collect or process personal data of EU residents, LifeData is subject to GDPR, and complies with all requirements.
2. LifeData and GDPR
Under GDPR, LifeData operates as a data Processor. In this limited role, LifeData acts under the authority and instruction of Data Controllers who define the purpose and control the use of personal data. Data Controllers, or study sponsors, are usually LifeData customers who develop LifePaks to collect, manage, and transfer personal data for research purposes.
LifeData enters into a Terms of Use (ToU) with Data Controllers in order to process personal data of EU residents. Under the ToU, LifeData
-
-
- processes personal data only in agreement with the Controller;
- provides appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alternation, unauthorized disclosure or access, and
- assists the Controller in responding to individuals exercising access rights
-
3. LifeData And Data Privacy Framework Principles – Notice
LifeData complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. LifeData has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. LifeData has certified to the U.S. Department of Commerce that it adhere to the UK extension to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the United Kingdom in reliance on the UK extension to the EU-U.S. DPF. LifeData has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or UK Extension to the EU-U.S DPF and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, LifeData commits to resolve DPF Principles-related complaints about our collection and use of your personal information or human resources information. EU individuals, UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, UK Extension to the EU-US DPF, and the Swiss-U.S. DPF should first contact LifeData at: contact@lifedatacorp.com. LifeData subjects all personal data and human resources data received from the EU and/or UK and/or Switzerland to Data Privacy Framework Principles.
In compliance with the EU-U.S. DPF, UK Extension to the EU-US DPF, and the Swiss-U.S. DPF, LifeData commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF.
In compliance with the EU-U.S. DPF, UK Extension to the EU-US DPF, and the Swiss-U.S. DPF, LifeData commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, UK Extension to the EU-US DPF and the Swiss-U.S DPF in the context of the employment relationship.
Finally, the U.S. Federal Trade Commission (FTC) has jurisdiction over LifeData’s compliance with the Data Privacy Framework Principles. LifeData recognizes the investigative and enforcement authority of the FTC.
4. Consent, Access, and Disclosure
When LifeData products and services are used to collect personal data from EU citizens, express consent is obtained by Data Controllers. Under GDPR, Controllers must provide a description of the use and specific purpose of any personal data, as well as a date or time period when the use of personal data ends. Consent is always optional and voluntary, and may be withdrawn at any time. This consent forms the legal foundation for processing personal data. In addition, LifeData as a Data Processor supports additional consent mechanisms used by Controllers or Study Sponsors.
Types of data processed by LifeData include name, email, and other personal information as defined by Data Controllers. LifeData also processes technical information such as usage statistics, browser type, or referral information.
LifeData supports Data Controller obligations to respond to data access requests, including requests to
-
-
- Withdraw consent
- Correct or delete personal data
- Receive a copy of personal data in a machine-readable format
- Be informed of any transfer of personal data outside the EU
-
Data access requests such as these should be addressed to Data Controllers or Study Sponsors.
LifeData may disclose personal information in order to carry out lawful processing activities. Usually, this involves disclosure of information to a web hosting service such as Microsoft. LifeData may also share your information with payment processors who help us to process credit card transactions. Users may submit requests to limit any disclosure at any time through Data Controllers. LifeData maintains contracts with these third parties restricting their access, use and disclosure of Personal Data in compliance with the Data Privacy Framework Principles.
5. Data Security and Safeguards
LifeData employs reasonable and appropriate security measures to safeguard all personal data under its control. These measures are based on a periodic risk assessment that LifeData conducts on all processing activities, including all software, hardware, networks, devices, security practices, and business activities.
Specific safeguards include the following technologies:
-
-
- Authentication to manage access
- Encryption to prevent unauthorized access
- Network protection technologies, such as firewalls and malware detection
- Back-up and restore procedures to protect against data corruption, loss, and other contingencies
-
6. COMPLAINTS, INQUIRIES, and DISPUTES
In general, individuals should contact the Study Sponsor or Data Controller for questions regarding access to personal data. The Sponsor or Data Controller determines the use and purpose of any personal data collected or retained, and is in the best position to respond to specific inquiries under GDPR. LifeData supports Data Controllers responding to data access requests, and supports the rights of individuals to access their data.
If you are unsure about your Study Sponsor or Data Controller, you may contact the LifeData Privacy Officer contact@lifedatacorp.com
Questions, inquiries, or complaints about LifeData processing activities under GDPR may be sent to LifeData Privacy Officer at support@lifedatacorp.com
LifeData supports the rights of individuals to limit or restrict the use and disclosure of their personal data. Requests to restrict the use or disclosure may be sent to the LifeData Privacy Officer at support@lifedatacorp.com
LifeData will disclose personal information under its control in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
7. Recourse for Dispute Resolution
For unresolved disputes or outstanding complaints, Individuals may seek recourse free of charge with a dispute resolution provider, namely the European Data Protection Authority (DPA) for each member nation. LifeData will cooperate with DPAs in the investigation and resolution of complaints brought under the Data Privacy Framework Principles, and will comply with any advice given by the DPAs where LifeData must take specific action to comply with the Data Privacy Framework Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance. LifeData will provide the DPAs with written confirmation that such action has been taken.
Individuals with complaints about LifeData’s compliance with Data Privacy Framework Principles, may invoke binding arbitration under the Data Privacy Framework Principles in some circumstances.
In compliance with the Data Privacy Framework Principles, LifeData commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework Principles policy should first contact LifeData at: support@lifedatacorp.com.
LifeData has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Data Privacy Framework Principles complaints concerning human resources data transferred from the EU, UK, and Switzerland in the context of the employment relationship.
8. Onward Transfers of Personal Data
LifeData may transfer personal data to a third party outside the European Union or United Kingdom, for example a secure data hosting company such as Microsoft Azure. In such cases of onward transfer, LifeData has responsibility for the processing of personal data it receives and subsequently transfers to a third party acting as an agent on its behalf. LifeData remains liable under the Data Privacy Framework Principles if its agent processes such personal data in a manner inconsistent with the Principles, unless LifeData proves that it is not responsible for the event giving rise to the damage.
9. Verification and Self-Assessment
LifeData verifies through self-assessment that Data Privacy Framework Principles privacy practices have been implemented in accordance with the Data Privacy Framework Principles.
LifeData further verifies that its Privacy Policy regarding personal information received from the EU is accurate, comprehensive, prominently displayed, completely implemented and accessible.
LifeData also has in place procedures for training employees in the implementation of Data Privacy Framework Principles, and disciplining them for failure to follow it. LifeData also follows internal procedures for periodically conducting objective reviews of compliance with the above.
LifeData completes a Statement verifying self-assessment annually, it is signed by a LifeData officer and is available upon request by individuals, or in the context of an investigation or a complaint about non-compliance.
Questions?
Contact contact@lifedatacorp.com if you have any questions about this privacy statement.