This policy applies to all information relating to any identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).
Athersys, Inc. and its contract research organization (“CRO”) Medpace, Inc. (“Medpace”) respect the privacy of individuals of all nationalities in the processing of their Personal Data, recognizing the fundamental rights to lawfulness, fairness, and transparency. We adhere to the principles of data privacy by design and by default, including data minimization to the extent possible. We adhere to laws relating to data protection in all jurisdictions in which we conduct business, including but not limited to the Health Insurance Portability and Accountability Act (“HIPAA”), the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Protection Act (“CCPA”), and the United Kingdom Data Protection Act of 2018 and United Kingdom GDPR.
This website is not intended for, or designed to attract, children under the age of 16. No Personal Data should be submitted to us through the website by visitors who are less than 16 years old.
We adhere to the applicable provisions of the CCPA. If you are a resident of California, you may contact us pursuant to Section 8 below to enquire about the collection of your Personal Data, including any request to delete your Personal Data. We may collect, use, and disclose your Personal Data as required or permitted by applicable law, and this may override your CCPA rights. We are not obligated to comply with requests to the extent that doing so would infringe on our, or any other person’s, rights or conflict with other applicable law.
If you are a California resident, you have the right to send us a request, no more than twice in a twelve-month period, for any of the following. Our response will be limited to the twelve-month period prior to the request date:
1. The categories of personal data we have collected about you.
2. The categories of sources from which we collected your personal data.
3. The business or commercial purposes for our collecting or selling your personal data.
4. The categories of third parties with whom we have shared your personal data.
5. A list of the categories of personal data disclosed for a business purpose, in the prior twelve months, along with the categories of recipient for each category of personal data, or that no disclosure occurred.
6. A list of the categories of personal data sold about you in the prior twelve months, along with the categories of recipient for each category of PI, or that no sale occurred.
We may disclose your personal data for the following purposes, which are not a sale: (i) if you direct us to share it; (ii) to comply with your requests under the CCPA; (iii) as part of a merger or asset sale; and (iv) as otherwise required or permitted by applicable law.
We do not sell, or offer for sale, any personal data as that term is defined in the CCPA.
If you use our website, we may collect information about you, such as your IP address and location. We also may collect Personal Data if you submit an inquiry on our website.
The purpose of collecting this Personal Data is our legitimate interest.
If you choose to contact us and provide us with your Personal Data, we will collect and use your Personal Data to respond to you, to provide you with information that you have requested (which may relate to our products or services), or to communicate with you for other purposes which are requested by you in your inquiry. Such other purposes may include, from time to time, monitoring our regulatory compliance, and compiling profiles and personal information about you in order to identify suitable education/awareness programs or suitable opportunities to collaborate with you.
If you are a participant in a clinical trial that is sponsored by Athersys and managed by Medpace, we will collect Personal Data from you. This data may include coded (“pseudonymized”) medical and health information which is collected by investigators and their staff at the study sites.
We may transmit this data from the jurisdiction in which it was collected to Athersys headquarters located in Cleveland, OH and/or Medpace headquarters in the United States. When consent is required for the processing of Personal Data, the physician investigators overseeing the trial are responsible for ensuring that you understand and consent to the gathering of your Personal Data, including the transfer of such pseudonymized information to third parties who may be providing services for the clinical trial.
The purposes of collecting the Personal Data of clinical trial participants is to promote the global development of safe and effective medical therapeutics. We are committed to conducting clinical trials in a manner that strictly adheres to all national and international ethical requirements and clinical trial regulations. Effective adherence to clinical trial regulations requires the gathering, recording, processing, storing, and transmitting of personal data of clinical trial participants, clinical trial investigators, vendors, support staff, and employees.
Pursuant to Opinion 03/2019 of the European Data Protection Board, the processing of Personal Data of EU citizens participating in a clinical trial is necessary for the performance of a task carried out in the public interest. Specifically, the processing of sensitive categories of data is carried out for reasons of public interest in the area of public health, and/or archiving for scientific purposes in accordance with Article 89(1) of the GDPR.
• Authenticating users
• Remembering user preferences and settings
• Determining the popularity of content
• Analyzing site traffic and trends, and generally understanding the online behaviors and interests of people who interact with our services
Your web browser may be programmed to notify you when you are receiving a cookie, giving you the choice to accept it or not. You can also refuse all cookies by turning them off in your browser.
To enhance the user experience of our website, including internal operations necessary to provide our services, such as troubleshooting software bugs and operational problems; conducting website traffic data analysis, testing, and research; and to monitor and analyze usage and activity trends.
To respond to inquiries regarding our business or service
We may use your Personal Data to investigate or address claims or disputes relating to our business, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries. Medpace may share your Personal Data if we believe it is required by applicable law, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing Personal Data with law enforcement officials, public health officials, other government authorities, or other third parties as necessary to enforce our Code of Conduct or other policies; to protect our rights or property; or the rights, safety, or property of others; or in the event of a claim or dispute relating to our business operations.
Personal Data collected from you during a clinical trial is used to test the safety and efficacy of experimental drugs and medical devices. If you are a participant in a clinical trial sponsored by Athersys and managed by Medpace, please review the informed consent form that you received from your study doctor for more information about how your Personal Data will be used and protected.
We retain user Personal Data for as long as necessary for the purposes described above. We will retain different categories of Personal Data for different periods of time depending on the category of user to whom the Personal Data relates, the type of Personal Data, and the purposes for which we collected the Personal Data.
We do not sell or share user Personal Data with third parties for their direct marketing.
We do not engage in automated decision-making using Personal Data.
We use physical, electronic and organizational procedures to safeguard and secure your Personal Data. This includes encryption, firewalls, access controls, and other procedures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Personal Data is restricted to authorized individuals, who only can access it on a "need to know" basis.
We may store some business records or clinical trial documents in hard copy (paper or disk) format, as required by law or regulation, or pursuant to the fulfilment of a legitimate business purpose. In this case, documents are retained for the minimum time necessary, and then securely destroyed. Long-term storage of hard copy documents may be carried out by a qualified third-party vendor.
If you are a clinical trial participant, you should first contact the study site at which you participated, or the Principal Investigator of the study, to enquire about your choices and the means available for limiting the use and disclosure of your Personal Data under applicable data privacy laws. The rights available to you as a clinical trial participant may be limited pursuant to an exception to the applicable data privacy law to preserve the integrity or scientific value of the clinical trial data that was collected.
If you are an EU resident, you have a right to lodge a complaint with the appropriate EU supervisory authority, and also a right to an effective judicial remedy against data controllers and processors.
Residents of California may have a private right of action in the event of a data breach. Pursuant to California law, affected individuals must first notify us of the alleged violation and provide us 30 days to cure the violation.
For more information about our commitment to protecting data privacy, or to exercise any rights you may have under applicable data privacy laws, please contact Athersys at (216) 431-9900, and Medpace at firstname.lastname@example.org, by telephone at +1 (513) 579-9911 (Cincinnati local), +1 (800) 730-5779 (USA toll free) or by mail at 5375 Medpace Way, Cincinnati, Ohio 45227 United States of America, Attn: Data Protection Officer.
We may occasionally update this notice. If we make significant changes, we will notify users of the changes on our website, or through other means, such as email. We encourage users to periodically review this notice for the latest information on our privacy practices. After such notice, use of our services by users in countries outside the European Union will be understood as consent to the updates to the extent permitted by law.