Effective as of January 01, 2023.
General Data Protection
Kodiak Sciences Inc. (“Kodiak”, “We”, “Us” or “Our”), takes great care in processing personal data in strict compliance with all applicable Data Protection laws, including the EU n°2016/679 General Data Protection Regulation. Kodiak is also committed to protecting the privacy and security of your personal data. Your personal data will be treated in accordance with this Privacy Notice at all times.
This Privacy Notice aims at informing Kodiak Clinical Trials Mobile Application app users how we process your personal data. Kodiak only collects and uses the information necessary to achieve the purposes described below.
Who is responsible for processing the data?
In processing your personal data, Kodiak acts as the Data Controller. This means that Kodiak is responsible for deciding how we hold and use personal data about you.
Contact Details of Controller
Kodiak Sciences Inc.
1200 Page Mill Road, Palo Alto, CA 94304 – U.S.A
Kodiak has appointed a Data Protection Officer whose role includes informing and advising Kodiak of its obligations under applicable Data Protection Laws.
Postal Address: Boulevard Initialis 7/3, 7000 Mons, BELGIUM
Email Address: firstname.lastname@example.org
Kodiak also appointed a Data Protection Representative whose includes representing Kodiak in the EU territory towards the Data Protection authorities and Data subjects.
Postal Address: Valpark, Rue Louis Duvant, 1, 59220 Rouvignies (FRANCE)
Email Address: email@example.com
Who does this Notice relate to?
This Privacy Notice concerns information about clinical trials staff members whose personal data is processed in the context of the conduct of clinical trials sponsored by Kodiak.
How is your data collected?
The data is collected by Kodiak when Kodiak undertakes the recruitment of Investigation site staff. The data is also collected during your use of the Mobile App.
Duration of the collection (Article 5, 1° (e) GDPR )
All data can be kept for the duration of the clinical trial. The data will be erased or anonymized when the clinical trial(s) in which you participate ends.
Type of general Data collected
The following categories of personal data will be collected, stored, and used:
- Profile data, such as the username, email address, phone number and password that you may set to establish an account on the Mobile App.
- Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area. This is technically necessary information; it is automatically collected when you use the application
Purposes of use and Legal basis
Purpose of use
- App delivery, we provide, and operate the App; we establish and maintain your user profile on the App: we enable security features of the App, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in; communicate with you about the App, including sending announcements, updates and upgrades, security alerts, and support and administrative messaging.
- Consent, your data is collected and used because you provide your consent for said collection and use
You have the following rights in relation to your personal data:
- The right to access your personal data (art. 15.1 GDPR);
- The right to request the rectification of your personal data, if you believe that any information relating to you is inaccurate or incomplete; (art. 16 GDPR);
- The right to have certain personal data erased; (art. 17 GDPR);
- The right to restrict specific categories of processing, for example when you contest the accuracy of the personal data; (art. 18 GDPR);
- The right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal; (art. 7.3 GDPR)
- The right to object, in whole or in part, to the processing of your personal data that is based on our legitimate interests; (art. 21 GDPR)
- The right to request its portability, (art. 20 GDPR) i.e. that the personal data you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable
To exercise one of those rights, please contact the Kodiak Data Protection Officer at firstname.lastname@example.org
Note that some of the GDPR rights are not absolute and are subject to a case-by-case analysis by Kodiak and the Data Protection Officer. To obtain more information about your rights, please contact the Data Protection Officer.
If you are not satisfied with the result or handling of your request by Kodiak, you may contact the national Data Protection Authority of you country; contact details can be found here : https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-at
Recipients of your personal data
We only share your personal data with third parties where it is necessary for the purposes described in this Policy and when we are required to share data by applicable law. Your data mightbe sent to:
Authentication service – Auth0
Analytics service – Google Analytics
If Kodiak were to share your data with bodies outside a country not part of the European Economic Area (EEA), the lawfulness of the transfer will be ensured, and appropriate security measures will be taken by Kodiak :
- The third party offers an adequate level of protection through the Adequacy decision
- Appropriate safeguards, enforceable rights and effective legal remedies are available for the individuals.
- Consent was given by the individuals after having been provided with all necessary information
- User data is transferred to the USA.
All data are saved in a secured system that complies with the standard security requirements in order to take account of the risks of unauthorized access to accidental loss of, destruction of, or damage to employment records. We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.