LIDO’s Approach to Information Privacy and Security

Effective June 1, 2021

To provide services through LynKTM, LIDO accesses, uses, and discloses personally identifiable information (PII) and health information, which may be protected health information (PHI). LIDO takes seriously the responsibility to respect the privacy and protect the security of the information entrusted to us in our systems. LIDO has implemented a risk-based approach detailed in policies, standard operating procedures, and training that support LIDO’s ongoing compliance with applicable laws and regulations.  We want you to understand how we access, use, and disclose PII and health information. 

Information Accessed and Used by LIDO

LIDO generally accesses and uses PII and health information, which may constitute PHI per the Health Information Portability and Accountability Act (HIPAA), as necessary or useful for us to conduct our business, so long as such access or use is permitted by law.  Specifically, LIDO’s services implicate the following types of information. 

Research Participant Clinical Trial Data 

Integral to the service, LIDO accesses and uses PII and health information originating from participants in clinical trials. LIDO accesses, uses, and discloses this clinical trial data, which may include PHI, as stipulated by contract with the clinical trial site or the research sponsor that determines the purpose and means of the data processing by LIDO.  This is the only PHI that LIDO may access, use, or disclose to provide our services.

System User Data

Integral to the service, LIDO accesses and uses PII from clinical trial site staff, research sponsor staff, home health agency staff, staff from contract research organizations, and other consultants engaged by clinical trial sites and research sponsors.  This information, collected during account registration, includes name, phone number, email address, and gender.  

LIDO also tracks user activity within the system to document training and ensure data security.  This information is logged to administer our system, to constantly improve the quality of the service, and to help diagnose technical problems.

Customer Billing Information

LIDO accesses and uses PII to set up services for performance of the contract with our customers. LIDO collects financial information for payment of services. If there is trouble processing a payment, LIDO will use this information to contact you accordingly. 

Business Development Information

To carry out business development and marketing functions, LIDO may access and use PII such as names and contact information, including email address and phone number, in the ordinary course of business.  

Website Visitor Information

LIDO collects PII such as name and contact information, including email address and phone number, from visitors to the LIDO website who ask for further information regarding LIDO’s services.  LIDO uses this contact information to deliver the requested information to these visitors.  

Prospective Employee Information

LIDO accesses and uses employment related PII (including background checks) from applicants to LIDO positions. LIDO uses this information for the sole purpose of carrying out vital human resource functions.

Information Disclosed by LIDO

Notice, Authorization, and Consent

For access, use, and disclosure of PII and health information associated with the data of clinical trial participants, LIDO’s customers, the clinical trial sites and research sponsors that determine the purposes and means of the data processing by LIDO, are responsible for applicable notice to and/or authorization and informed consent from those clinical trial participants.

Information Minimization, Purpose and Storage Limitation

Consistent with applicable laws, regulations, and contracts, LIDO accesses, uses, and discloses only that PII and PHI that is adequate, relevant, and limited to what is necessary to accomplish the purpose of that processing. The retention period for PII and PHI within LIDO’s systems, and any related documentation or records of communication, varies by category but is consistent with applicable legal, regulatory, and contractual requirements.  The information that LIDO accesses, uses, and/or discloses is not kept for longer than necessary to accomplish the purpose of that processing.

Information of Minors

LIDO is committed to protecting the privacy of children.  LIDO’s services are not intended for or marketed to children less than 13 years old. 

However, LIDO may, on behalf of research sponsors and/or clinical trial sites, access, use, and/or disclose the PII and PHI of children who are participants in clinical trials.

International Transfers of Information

LIDO does not transfer PII, health information, or PHI outside the United States.  However, LIDO may utilize service providers that operate internationally.  LIDO takes appropriate safeguards to ensure that such vendors maintain the privacy and security of information.

Information Quality

LIDO has procedural safeguards in place designed to ensure the high quality of data within its systems, consistent with 21 CFR part 11, HIPAA, Good Clinical Practice, and other legal and regulatory requirements.

Information Security

LIDO employs reasonable administrative, technical, and physical security measures designed to protect PII and health information (including, where applicable, PHI) against breach, defined as an impermissible use or disclosure that compromises the security of that information.

Such security measures, including encryption of data at rest and in transit, are designed to ensure the confidentiality, integrity, availability and resilience of LIDO’s processing systems and services. LIDO hosts its website at SOC 2 compliant data centers located in the United States. 

LIDO’s service providers are required to sign agreements, in which they commit to equivalent confidentiality, privacy, and security measures.

No security system is impenetrable.  LIDO has a comprehensive procedure in place for responding to any security breach of PII, health information, and/or PHI, including criteria for when notification of regulatory authorities and/or individuals whose information has been breached is required.

LIDO Website Considerations

LIDO does not use cookies on its website. 

LIDO does not control any websites linked to the LIDO website.

Individuals’ Rights Related to Information

LIDO takes reasonable steps to ensure that the information we use and disclose is accurate, complete, and current.  Individuals can exercise all legal or contractually obligated rights with respect to their PII and PHI.  These rights include, where applicable:

Clinical trial participants generally must contact the study site to initiate an access or correction request related to PII and PHI within LIDO’s systems.

LIDO is committed to providing choice.  When asking for information, LIDO will tell our customers, or it will be apparent, what we need to know to provide the service and how the information will be used and disclosed.  You can always choose not to provide PII when asked. However, you will not be able to access and use those portions of the service that require your PII.

You can update or remove your PII at any time by logging into your account and editing your information. You can view your updated information to confirm that your edits have been made.

LIDO may limit or deny access or correction requests where the burden or expense of providing access would be disproportionate to the privacy risks in the case in question, where the rights and freedoms of others would be adversely affected, or as otherwise permitted by law.

When you wish to exercise your opt out right for marketing activities conducted pursuant to LIDO’s legitimate business interest or to withdraw consent, you may contact us at any time at:  privacy@lido.io  You may also opt-out of marketing activities by following the unsubscribe instructions included in promotional email. Information accessed, used, or disclosed prior to opting out or withdrawal of consent may be retained as necessary to the extent permitted by law.  

Questions, Complaints, and Request to Exercise Rights

Please direct such communications to LIDO’s Privacy Officer by sending an e-mail to privacy@lido.io

Updates to this Privacy Policy

LIDO reserves the right to modify this privacy policy at any time. The new policy will be in effect from the time it is first publicly displayed.

Additional Privacy Information for California Residents

If you are a California resident, please click here to view an addendum to this privacy policy based on the California Consumer Privacy Act (CCPA).