Summary of Our Privacy Policy

V1.0 02.Oct.2019

Sage Bionetworks is a nonprofit biomedical research organization. We partner with researchers, patients, and healthcare innovators to improve health.

Data We Collect From You

Who You Are (User Information)

Information collected​ during the account registration/authentication process, and any correspondence, you have with us. For example, this could be your name, email and any other contact information you shared with us.

Where you go on Bridge (Usage Data)

Technical data​ on the different pages you visit on the Bridge website. For example, we may collect the date and time when you visit Bridge’s homepage.

What you do on Bridge (Activity Data)

Data on how you use the tools​ on Bridge platform. For example, we may collect data on your use of the import and export features.

Why We Collect This Data

We collect this data to maintain and improve Bridge, and to be able to correspond with you. We also collect this data to adhere to state and federal laws and prevent and deal with cases of abuse or fraud.

To Whom/When We Disclose Data

We use the services of third-party vendors. We mandate that all service providers put measures in place to protect and secure your data. They are not allowed to use or share your personal information outside the scope of their work on Bridge. We may be required to share your personal information for legal purposes.

How Long We Keep This Data

User Information

Information retained for as long as the user’s account is active for authentication purposes. User may edit their information or remove their information by deactivating their account.

Usage and Activity Data

Data will be retained and archived indefinitely for auditing and compliance purposes.

Cross-Border Transfer of Data

The Bridge platform and its data may be accessed by users outside theUnited States.

What We Do Not Do

We do not use your personal information for advertising purposes. We do not sell or lease your information.

Your Rights and Choices

You may access, update, correct or ​deactivate​ your account. To comply with our contractual obligations, your usage and activity data are parts of our permanent records.

How to Contact Us

You can contact our Data Protection Officer (DPO) at privacyofficer@sagebionetworks.org​.

This is a summary of the Bridge privacy policy. Please read further for more detailed information.

Privacy Policy

Version: 1.0 02.Oct.2019

Sage Bionetworks (“Sage Bionetworks, “we,” or “us”) is a 501(c)(3) nonprofit biomedical research organization in the United States. We partner with researchers, patients, and healthcare innovators to drive collaborative data-driven science to improve health. We have built Bridge, a technology platform for conducting biomedical research studies primarily using the ResearchKit (iOS) and ResearchStack (Android) frameworks. Bridge is for research use only and should not be used to provide medical advice, diagnosis or treatment information.

This privacy policy explains how we protect personal information (“personal data”)received, used and disclosed by users. Personal information or personal data” means any direct information about you such as your name and contact information or indirect information that could be reasonably linked to you.

Please read this Privacy Policy carefully. By using Bridge, you agree to this Privacy Policy.

Information We Collect

When you use Bridge, you may provide to us and/or we may collect personal information about you and your activity on Bridge. “Personal information or personal data” means any direct information about you such as your name and contact information or indirect information that could be reasonably linked to you such as your device’s internet protocol address (IP Address).

We collect information about you in the following ways:

User Information

Sage Bionetworks requires user registration to access Bridge. We collect the following personal information during the registration and authentication process:

We also collect information when you update/change your account and when you contact us. If you send us an email or otherwise communicate with us, we may keep a copy of that communication.

Usage Data

Like most websites, we collect technical information on Bridge usage. We may use cookies and similar technologies to record information such as but not limited to: date, time, pages and tools you used, your browser/client type, IP addresses, how you navigate Bridge, how you have found Bridge on the internet, and other service usage patterns.

Activity Data

We collect information on how you use Bridge’s features and tools. This would include:

How We Use the Information We Collect

We will use your personal information only as we describe here.

User Information

We use user-reported information for any of the following:

Usage Data

We use usage data for the following purposes:

Activity Data

We will also use activity information for:

Sage Bionetworks may perform periodic audits to assess compliance with the Bridgegovernance process. The audits result may be shared with affected users, IRB/Ethics boards, legal counsel, and/or outside institutional authorities as applicable.

How We Disclose Information

We do not sell, lease or otherwise disclose the information we collect about you, except as described here. We share user’s information in the following ways:

Service Providers

We may rely on third-party service providers to provide the necessary hardware,software, networking, storage, and related technology required to operate, support and maintain Bridge. We required that all service providers agree to put in place reasonable security to keep users information confidential and secure, and to process information only for performing tasks on Sage Bionetwork’s behalf. We do not permit service providers to use or disclose users’ information, except as necessary to their work on Bridge.

The Bridge platform uses the following third-party service providers:

Statistical and Aggregate Information

In accordance with applicable law, we may share aggregate and statistical information derived from users’ information with third parties for analysis.

Compliance with Laws

We may be required by law to give your user information in the case of any civil, criminal,administrative, legislative, or other proceedings. We will protect your privacy as much as possible.

Business Transfers

If Sage Bionetworks goes through a management or business transition such as a merger,closure, sale, joint venture, assignment, transfer, management reorganization, or other disposition of all or any portion of Sage Bionetworks’ business, assets, or stock,information or data may be transferred to a third party. In such cases, we will take reasonable steps to direct the transferee to use the information and data in a manner consistent with this Privacy Policy.

Your Rights

You may request to ​access, update, correct, restrict or delete​ the personal information you provide to us. You also have the right to object to the processing of your personal information under certain conditions. For all such inquiries, we can be reached at the following:

Sage Bionetworks
2901 Third Avenue, Suite 330
Seattle, WA 98121
United States of America
privacyofficer@sagebionetworks.org

Upon request, we will provide you with reasonable access to the personal information about you that we hold. If your personal account information is deleted, your account becomes deactivated.

You may ​opt-out of receiving marketing communications​ from us by clicking on the“unsubscribe” link included in each such communication or by notifying us by email atprivacypolicy@sagebionetworks.org​ with the word “remove” in the subject header, and we will remove your contact details from our mailing list.

If you are a research participant, please address any queries related to the use of data pertaining to you to the person or organization responsible for collecting, de-identifying,and uploading the data to the Bridge Platform (e.g., doctor, researcher, hospital, lab, research center, or similar organization).

Information/Data Security

Sage Bionetworks maintains industry standard physical, organizational, technical, and administrative measures to protect the personal identifiable information we collect, store,or otherwise process in connection to Bridge against accidental, unlawful, or unauthorized access, destruction, disclosure, misuse, alteration, or loss. The data security measures are a combination of Privacy-Enhancing Technologies (PET) options and policies/processes for data handling. Still, no environment is 100% secure. There is some risk that an unauthorized third party may find a way to circumvent our security systems. Users are responsible for protecting the security of their Bridge login information.

User Information Retention

We keep the information, including personal information, for as long as necessary to provide our services and to fulfill any other purposes for which the information was initially collected, unless otherwise required by applicable law. For instance, we will keep personally identifiable information related to authentication of user identity only for as long as is necessary for authentication. Users may choose to deactivate their accounts which will make their profile information invisible to other Bridge users. We will retain and archive a record of user’s activities performed while the account was active to use for audit purposes, legitimate business purposes, to keep with our legal obligations, resolve disputes, and enforce our agreements and policies.

Cross-Border Transfer of Your Information

Although you may access Bridge from a location outside of the United States, Bridge is primarily operated and managed within the United States. Personal information on Bridge may be transferred to, processed, and stored in the United States or other countries that may not have the same data protection framework as the country from which you may be using Bridge. When we transfer information and data, we will protect the information and data as described in this Privacy Policy.

Changes to Our Privacy Policy

We may change this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. In the event that any changes to this privacy policy materially alter your rights or obligations under this privacy policy, we will make reasonable efforts to notify you.

Contact

Sage Bionetworks is the controller of your information when it is collected and processed in the context of our sites and services. Our Data Protection Officer (DPO) is responsible for overseeing what we do with your information and ensuring we comply with applicable data protection laws. Our Data Protection Officer may be contacted by emailingprivacyofficer@sagebionetworks.or​g​ or by writing to Sage Bionetworks, Attention: Data Protection Officer, 2901 Third Avenue, Suite 330, Seattle, WA 98121, United States ofAmerica.

Updates

We may update our Privacy Policy from time to time to clarify how we collect, process,store, use and disclose information. We want to be as transparent as possible about the changes we make to our Privacy Policy.