Logo
  • Solutions
    • EDC
    • ePRO
    • Professional Services
  • Industries
    • Academia
    • Animal Health
    • Biotech, Pharma & Medical Devices
    • CROs
    • Investigator-Initiated
  • Blog
  • Company
    • About
    • The New Prelude
    • Contact
  • Request a Demo

Privacy Policy

Effective January 19th, 2023

Prelude is committed to protecting the privacy and personal information of all individuals whose data is collected through our corporate website (PreludeEDC.com). This privacy policy addresses three primary topics:

  • Handling of data collected,
  • Compliance with the EU General Data Protection Regulation (GDPR), and
  • Compliance with the California Consumer Privacy Act (CCPA).

To view your personal data stored on PreludeEDC.com and request the alteration, anonymization or removal of said data, please visit Data Access Request.

This policy may be amended and updated from time to time in response to changes in the regulatory environment.

Definitions

Personal Information – Any information relating to a natural person that can be used to identify that individual.

Sensitive Personal Information – Data pertaining to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.

Data Controller – In the context of GDPR, a data controller determines the purposes and means of processing personal data.

Data Processor – In the context of GDPR, a data processor is responsible for processing personal data on behalf of a controller.

Handling of data collected through our corporate website PreludeEDC.com

Personal Information – When you request additional information about Prelude, contact us via our website, or elect to sign up to receive electronic newsletters, Prelude may require you to provide us with contact information such as your name, company name, phone number and email address.

Prelude uses this information solely for the purpose of distributing electronic newsletters and marketing materials. This information is not shared with or sold to any third party. Individuals may opt-out of any marketing communications by using the “Unsubscribe” feature which is available in each electronic communication.

When you request technical support, Prelude may require you to provide us with contact information such as your name, email, and other information that will help Prelude identify and resolve the issue. Prelude uses this information solely for the purpose of providing support. This information is not shared with or sold to any third party.

Browser Data – When you visit our website, your browser sends information such as your IP address, access times and referring website addresses. The browser does this for every website you visit. This data does not comprise personal information and is used only for gathering high-level statistics about site usage which will be used to improve the quality of our site. It is not disclosed to any third party.

Cookies – Cookies are small pieces of data stored in text files on your computer or other device when websites are loaded in a browser. They are widely used to “remember” you and your preferences, either for a single visit (through a “session cookie”) or for multiple repeat visits (using a “persistent cookie”). They ensure a consistent and efficient experience for visitors, and perform essential functions such as allowing users to register and remain logged in. Cookies may be set by the site that you are visiting (known as “first party cookies”), or by third parties, such as those who serve content or provide advertising or analytics services on the website (“third party cookies”).

Both websites and HTML emails may also contain other tracking technologies such as “web beacons” or “pixels.” These are typically small transparent images that provide us with statistics, for similar purposes as cookies. They are often used in conjunction with cookies, though they are not stored on your computer in the same way. As a result, if you disable cookies, web beacons may still load, but their functionality will be restricted.

Visitors may wish to restrict the use of cookies or completely prevent them from being set. Most browsers provide for ways to control cookie behavior such as the length of time they are stored – either through built-in functionality or by utilizing third party plugins. If you disable cookies, please be aware that some of the features of our website may not function correctly.

To find out more on how to manage and delete cookies, visit aboutcookies.org. For more details on your choices regarding use of your web browsing activity for interest-based advertising visit youronlinechoices.eu (EU based) or optout.aboutads.info (US based). On a mobile device, you may also be able to adjust your settings to limit ad tracking.

You can opt-out of Google Analytics by installing Google’s opt-out browser add-on.

You can view which marketing tags are running on the page you are viewing and what beacons are firing by installing InfoTrust’s Tag Explorer browser add-on.

Compliance with the EU General Data Protection Regulation (GDPR)

Prelude has policies and procedures in place that support the protection of personal information and sensitive personal information in accordance with the GDPR. Prelude provides the Electronic Data Capture (EDC) and related products that are used by our clients to capture data during the conduct of clinical trials. In the context of GDPR, Prelude is a data processor acting on the explicit contractual direction of our clients who are data controllers. The Prelude system can be used to collect personal information as well as sensitive personal information as required for the clinical trial being conducted.

On 16 July 2020 the court of Justice of the European Union declared as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield.  Prelude implements within its standard MSA, privacy protections that require compliance with local laws; however, our customers that have or anticipate having EU participants in their trials may execute Standard Contractual Clauses as well as Data Processing Agreements to further ensure compliance with GDPR.

Individual Rights – Our clients are primarily responsible for complying with the individual rights required by the GDPR, and Prelude assists in fulfilling those requests as required. All requests must be responded to within one calendar month.

  • The right to be informed (ref. Article 13 of the GDPR). Individuals have the right to be informed of the purpose for which information is being collected, the retention period, how to contact the data controller or their representative and how to object to processing. This information must be received by the individual prior to collection of any personal information.
  • The right of access (ref. Article 15 of the GDPR). Individuals have the right to access their personal data and can request access either verbally or in writing. A fee may not be charged for this access.
  • The right to rectification (ref. Article 16 of the GDPR). Individuals have the right to request that incorrect data be corrected, and incomplete data be completed.
  • The right to erasure (ref. Article 17 of the GDPR). This right does not apply to information that has already been collected during the conduct of a clinical trial since it is necessary for scientific purposes. Individuals can, however, ask that no further information be collected (see the right to object below).
  • The right to restrict processing (ref. Article 18 of the GDPR). The individual’s right to ask a data controller to stop processing personal information is not applicable to data that has already been collected for clinical trials. Individuals can, however, ask that no further information be collected.
  • The right to portability (ref. Article 20 of the GDPR). Individuals have the right to obtain and reuse a copy of their data. This copy will be provided in a portable, electronic format.
  • The right to object (ref. Article 21 of the GDPR). Individuals have the right to object to the processing of their data. In the context of a clinical trial, this is equivalent to withdrawal of consent.
  • The right not to be subject to automated decision-making including profiling (ref. Article 22 of the GDPR). Prelude does not support any automated decision-making capabilities.

Prelude also serves the PreludeEDC.com website, accessible to anyone with a connection to the world wide web. These policies and procedures also apply to PreludeEDC.com and its elements, affording you the same level of protection of personal information.

Data Breaches – Every precaution is taken to safeguard the security of the data collected by Prelude. In the unlikely event that a data breach does occur, we will notify our clients within 72 hours. It is the responsibility of our clients to subsequently notify individuals of this breach.

Data Protection Requests – To report a concern about privacy or to exercise your individual rights under the GDPR, the first step is to contact the Sponsor of the clinical trial. In the event that this cannot be done, please contact our Data Protection Officer.

Prelude
Attn: Data Protection Officer
5725 West Highway 290
Suite 201
Austin, Texas 78735

512-476-5100
privacy@PreludeEDC.com

California Privacy Rights

Applicability

This section applies only to California consumers. It describes how we collect, use, and share California consumers’ Personal Information in our role as a business, and the rights applicable to such residents. For purposes of this section “Personal Information” has the meaning given in the California Consumer Privacy Act (“CCPA”). The California Consumer Privacy Act (“CCPA”), effective January 1, 2023, requires businesses to disclose whether they sell Personal Information. Prelude is a business and does not sell Personal Information. We may share Personal Information with third parties if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Information.

If you are unable to access this Privacy Policy due to a disability or any physical or mental impairment, please contact us and we will arrange to supply you with the information you need in an alternative format that you can access.

How we collect, use, and share your Personal Information

We have collected the following statutory categories of Personal Information in the past twelve (12) months:

  • Identifiers, such as name, email address and phone number. We collect this information directly from you or from third party sources.
  • Internet or network information, such as browsing and search history within PreludeEDC.com. We collect this information directly from your device.
  • Geolocation data, such as IP address. We collect this information from your device.
  • Other Personal Information, in instances when you interact with us online, by phone or mail in the context of receiving help through our help desks or other support channels; participation in customer surveys or contests.

The business and commercial purposes for which we collect this information are described in Handling of data collected through our corporate website PreludeEDC.com section of this Privacy Policy.

Your California Rights

You have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.

  • The right of access: You have the right to request that we disclose what Personal Information we have collected, used and disclosed about you in the past 12 months.
  • The right of deletion: This right does not apply to information that has already been collected during the conduct of a clinical trial since it is necessary for scientific purposes. Individuals can, however, ask that no further information be collected
  • The right to non-discrimination: You will not receive any discriminatory treatment when you exercise one of your privacy rights.

Prelude does not sell Personal Information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).

How to Exercise your California Rights

You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your Personal Information.

Please use the contact details below, if you would like to:

  • Access this policy in an alternative format;
  • Exercise your rights;
  • Learn more about your rights or our privacy practices; or
  • Designate an authorized agent to make a request on your behalf.

Prelude
Attn: Data Protection Officer
5725 West Highway 290
Suite 201
Austin, Texas 78735

512-476-5100
privacy@PreludeEDC.com

Logo

Prelude is a life science software company looking to raise the bar on the clinical research experience, thus making the world safer and healthier by accelerating new product development of life-saving medicine and devices.

© 2023 • Prelude, LLC

Prelude, LLC

5725 West Highway 290
Suite 201
Austin, Texas 78735

(512) 476-5100

Contact Us

Subscribe to Our Newsletter

Name(Required)
Privacy Policy(Required)
  • Privacy Policy