LIDO’s Approach to Information Privacy and Security
Effective June 1, 2021
To provide services through LynKTM, LIDO accesses, uses, and discloses personally identifiable information (PII) and health information, which may be protected health information (PHI). LIDO takes seriously the responsibility to respect the privacy and protect the security of the information entrusted to us in our systems. LIDO has implemented a risk-based approach detailed in policies, standard operating procedures, and training that support LIDO’s ongoing compliance with applicable laws and regulations. We want you to understand how we access, use, and disclose PII and health information.
Information Accessed and Used by LIDO
LIDO generally accesses and uses PII and health information, which may constitute PHI per the Health Information Portability and Accountability Act (HIPAA), as necessary or useful for us to conduct our business, so long as such access or use is permitted by law. Specifically, LIDO’s services implicate the following types of information.
Research Participant Clinical Trial Data
Integral to the service, LIDO accesses and uses PII and health information originating from participants in clinical trials. LIDO accesses, uses, and discloses this clinical trial data, which may include PHI, as stipulated by contract with the clinical trial site or the research sponsor that determines the purpose and means of the data processing by LIDO. This is the only PHI that LIDO may access, use, or disclose to provide our services.
System User Data
Integral to the service, LIDO accesses and uses PII from clinical trial site staff, research sponsor staff, home health agency staff, staff from contract research organizations, and other consultants engaged by clinical trial sites and research sponsors. This information, collected during account registration, includes name, phone number, email address, and gender.
LIDO also tracks user activity within the system to document training and ensure data security. This information is logged to administer our system, to constantly improve the quality of the service, and to help diagnose technical problems.
Customer Billing Information
LIDO accesses and uses PII to set up services for performance of the contract with our customers. LIDO collects financial information for payment of services. If there is trouble processing a payment, LIDO will use this information to contact you accordingly.
Business Development Information
To carry out business development and marketing functions, LIDO may access and use PII such as names and contact information, including email address and phone number, in the ordinary course of business.
Website Visitor Information
LIDO collects PII such as name and contact information, including email address and phone number, from visitors to the LIDO website who ask for further information regarding LIDO’s services. LIDO uses this contact information to deliver the requested information to these visitors.
Prospective Employee Information
LIDO accesses and uses employment related PII (including background checks) from applicants to LIDO positions. LIDO uses this information for the sole purpose of carrying out vital human resource functions.
Information Disclosed by LIDO
- LIDO does not sell PII, health information, or PHI.
- LIDO does not disclose PII, health information, or PHI to third parties for their marketing use.
- LIDO discloses PII and health information (including, where applicable, PHI) to those customers that contract with us for clinical trial services.
- LIDO discloses PII and/or health information (including, where applicable, PHI) to LIDO’s service providers and other third parties (such as cloud hosting providers, payment processors, email verification vendors, etc.) only as necessary to achieve contractually obligated business purposes.
- LIDO may be required to disclose PII and/or health information (including, where applicable, PHI) by actions of regulators or law enforcement or for judicial or administrative proceedings, for example, in response to a subpoena or court order.
- LIDO may disclose PII and/or health information (including, where applicable, PHI) to protect our rights, such as for the exercise or defense of legal claims.
- LIDO may disclose PII and/or health information (including, where applicable, PHI) in relation to potential or actual business transactions, such as a merger or sale of our business or assets.
- LIDO may disclose PII and/or health information (including, where applicable, PHI) for public health or health oversight activities or to avert a serious threat to health or safety.
- LIDO may disclose PII and/or health information (including, where applicable, PHI) as otherwise required by law.
Notice, Authorization, and Consent
For access, use, and disclosure of PII and health information associated with the data of clinical trial participants, LIDO’s customers, the clinical trial sites and research sponsors that determine the purposes and means of the data processing by LIDO, are responsible for applicable notice to and/or authorization and informed consent from those clinical trial participants.
Information Minimization, Purpose and Storage Limitation
Consistent with applicable laws, regulations, and contracts, LIDO accesses, uses, and discloses only that PII and PHI that is adequate, relevant, and limited to what is necessary to accomplish the purpose of that processing. The retention period for PII and PHI within LIDO’s systems, and any related documentation or records of communication, varies by category but is consistent with applicable legal, regulatory, and contractual requirements. The information that LIDO accesses, uses, and/or discloses is not kept for longer than necessary to accomplish the purpose of that processing.
Information of Minors
LIDO is committed to protecting the privacy of children. LIDO’s services are not intended for or marketed to children less than 13 years old.
However, LIDO may, on behalf of research sponsors and/or clinical trial sites, access, use, and/or disclose the PII and PHI of children who are participants in clinical trials.
International Transfers of Information
LIDO does not transfer PII, health information, or PHI outside the United States. However, LIDO may utilize service providers that operate internationally. LIDO takes appropriate safeguards to ensure that such vendors maintain the privacy and security of information.
LIDO has procedural safeguards in place designed to ensure the high quality of data within its systems, consistent with 21 CFR part 11, HIPAA, Good Clinical Practice, and other legal and regulatory requirements.
LIDO employs reasonable administrative, technical, and physical security measures designed to protect PII and health information (including, where applicable, PHI) against breach, defined as an impermissible use or disclosure that compromises the security of that information.
Such security measures, including encryption of data at rest and in transit, are designed to ensure the confidentiality, integrity, availability and resilience of LIDO’s processing systems and services. LIDO hosts its website at SOC 2 compliant data centers located in the United States.
LIDO’s service providers are required to sign agreements, in which they commit to equivalent confidentiality, privacy, and security measures.
No security system is impenetrable. LIDO has a comprehensive procedure in place for responding to any security breach of PII, health information, and/or PHI, including criteria for when notification of regulatory authorities and/or individuals whose information has been breached is required.
LIDO Website Considerations
LIDO does not control any websites linked to the LIDO website.
Individuals’ Rights Related to Information
LIDO takes reasonable steps to ensure that the information we use and disclose is accurate, complete, and current. Individuals can exercise all legal or contractually obligated rights with respect to their PII and PHI. These rights include, where applicable:
- the right to be provided with notice of LIDO’s privacy practices,
- the right of access to PII and/or PHI, and
- the right to correction (rectification) of erroneous or incomplete PII and/or PHI.
Clinical trial participants generally must contact the study site to initiate an access or correction request related to PII and PHI within LIDO’s systems.
LIDO is committed to providing choice. When asking for information, LIDO will tell our customers, or it will be apparent, what we need to know to provide the service and how the information will be used and disclosed. You can always choose not to provide PII when asked. However, you will not be able to access and use those portions of the service that require your PII.
You can update or remove your PII at any time by logging into your account and editing your information. You can view your updated information to confirm that your edits have been made.
LIDO may limit or deny access or correction requests where the burden or expense of providing access would be disproportionate to the privacy risks in the case in question, where the rights and freedoms of others would be adversely affected, or as otherwise permitted by law.
When you wish to exercise your opt out right for marketing activities conducted pursuant to LIDO’s legitimate business interest or to withdraw consent, you may contact us at any time at: privacy@LIDO.io You may also opt-out of marketing activities by following the unsubscribe instructions included in promotional email. Information accessed, used, or disclosed prior to opting out or withdrawal of consent may be retained as necessary to the extent permitted by law.
Questions, Complaints, and Request to Exercise Rights
Please direct such communications to LIDO’s Privacy Officer by sending an e-mail to privacy@LIDO.io
Additional Privacy Information for California Residents