Kodiak Clinical Trials Mobile Application Privacy policy

Effective as of January 01, 2023.

General Data Protection

Kodiak Sciences Inc. (“Kodiak”, “We”, “Us” or “Our”), takes great care in processing personal data in strict compliance with all applicable Data Protection laws, including the EU n°2016/679 General Data Protection Regulation. Kodiak is also committed to protecting the privacy and security of your personal data. Your personal data will be treated in accordance with this Privacy Notice at all times.

This Privacy Notice aims at informing Kodiak Clinical Trials Mobile Application app users how we process your personal data. Kodiak only collects and uses the information necessary to achieve the purposes described below.

Who is responsible for processing the data?

In processing your personal data, Kodiak acts as the Data Controller. This means that Kodiak is responsible for deciding how we hold and use personal data about you.

Contact Details of Controller

Kodiak Sciences Inc.
1200 Page Mill Road, Palo Alto, CA 94304 – U.S.A

Kodiak has appointed a Data Protection Officer whose role includes informing and advising Kodiak of its obligations under applicable Data Protection Laws.

Data Protection Officer Contact details:

MyData-Trust SA
Postal Address: Boulevard Initialis 7/3, 7000 Mons, BELGIUM
Email Address: kodiak.dpo@mydata-trust.info

Kodiak also appointed a Data Protection Representative, whose role includes representing Kodiak in the EU territory towards the Data Protection authorities and Data subjects.

Data Protection Representative Contact details:

MyData-Trust France
Postal Address: Valpark, Rue Louis Duvant, 1, 59220 Rouvignies (FRANCE)
Email Address: kodiak.dpr@mydata-trust.info

Who does this Notice relate to?

This Privacy Notice concerns information about clinical trials staff members whose personal data is processed in the context of the conduct of clinical trials sponsored by Kodiak.

How is your data collected?

The data is collected by Kodiak when Kodiak undertakes the recruitment of Investigation site staff. The data is also collected during your use of the Mobile App.

Duration of the collection (Article 5, 1° (e) GDPR )

All data can be kept for the duration of the clinical trial. The data will be erased or anonymized when the clinical trial(s) in which you participate ends.

Type of general Data collected

The following categories of personal data will be collected, stored, and used:
Profile data, such as the username, email address, phone number and password that you may set to establish an account on the Mobile App.

Purposes of use and Legal basis

Purpose of use

App delivery, we provide, and operate the App; we establish and maintain your user profile on the App: we enable security features of the App, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in; communicate with you about the App, including sending announcements, updates and upgrades, security alerts, and support and administrative messaging.

Legal basis

Consent, your data is collected and used because you provide your consent for said collection and use

Your Rights

You have the following rights in relation to your personal data:

• The right to access your personal data (art. 15.1 GDPR);
• The right to request the rectification of your personal data, if you believe that any information relating to you is inaccurate or incomplete; (art. 16 GDPR);
• The right to have certain personal data erased; (art. 17 GDPR);
• The right to restrict specific categories of processing, for example when you contest the accuracy of the personal data; (art. 18 GDPR);
• The right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal; (art. 7.3 GDPR)
• The right to object, in whole or in part, to the processing of your personal data that is based on our legitimate interests; (art. 21 GDPR)
• The right to request its portability, (art. 20 GDPR) i.e. that the personal data you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable

To exercise one of those rights, please contact the Kodiak Data Protection Officer at kodiak.dpo@mydata-trust.info

Note that some of the GDPR rights are not absolute and are subject to a case-by-case analysis by Kodiak and the Data Protection Officer. To obtain more information about your rights, please contact the Data Protection Officer.

If you are not satisfied with the result or handling of your request by Kodiak, you may contact the national Data Protection Authority of your country; contact details can be found here : https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-at

Recipients of your personal data

We only share your personal data with third parties where it is necessary for the purposes described in this Policy and when we are required to share data by applicable law. Your data might be sent to:

Authentication service – Auth0
Analytics service – Google Analytics

International transfer

If Kodiak were to share your data with bodies outside a country not part of the European Economic Area (EEA), the lawfulness of the transfer will be ensured, and appropriate security measures will be taken by Kodiak :

• The third party offers an adequate level of protection through the Adequacy decision
Appropriate safeguards, enforceable rights and effective legal remedies are available for the individuals.

• Consent was given by the individuals after having been provided with all necessary information
User data is transferred to the USA.

Security

All data are saved in a secured system that complies with the standard security requirements in order to take account of the risks of unauthorized access to accidental loss of, destruction of, or damage to employment records. We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect.  However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Mobile App or other appropriate means.  Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Mobile App after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.