PRIVACY POLICYMay 29, 2025Welcome to BuildClinical LLC ("BuildClinical", also "we", "us", "our"). We assist research institutions and entities ("Clients") in identifying and managing potential research participants ("Services") for their ongoing research through the use of our website,
www.buildclinical.com ("Website")and related digital tools.
Protecting your privacy is our priority. We are providing this Privacy Policy to explain how your information is collected, used, and disclosed by BuildClinical in connection with our Website and Services that connects prospective participants to research studies and our Clients. This Privacy Policy applies to Personal Data that is processed by BuildClinical, including on our websites, mobile applications, and other online Services. For the purposes of this Privacy Policy, “Personal Data” refers to any information relating to an identified or identifiable individual, as defined by the General Data Protection Regulation (GDPR). Where applicable, it also includes “Protected Health Information” (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA).
This Privacy Policy also outlines your rights under the GDPR (if you are located in the European Economic Area or the United Kingdom) and explains our obligations as a Business Associate under HIPAA (if you are located in the United States and we handle your Protected Health Information).
For purposes of the GDPR, BuildClinical is the data controller of the Personal Data we collect directly through our Website and Services, based on the participant's consent. In cases where we work with Clients who are also controllers, we may act as a joint controller or processor, as applicable.
If you are located in the European Economic Area or UK, your Personal Data may be transferred to and processed in countries outside of these geographies, including the United States. In such cases, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or ICO, as applicable, to ensure adequate data protection.
Please read this Privacy Policy carefully as it will help you make informed decisions about sharing your Personal Data with us. By providing us Personal Data through our Submission Form, you have acknowledged that you have reviewed, understood, and consented to the collection, organization, use and disclosure of your Personal Data in accordance with applicable privacy laws, including HIPAA and GDPR as described in this Privacy Policy. If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our Website and our Services.
1. WHAT INFORMATION DO WE COLLECT?What Personal Data BuildClinical CollectsAs a part of our Services, we collect Personal Data from Prospective Participants to provide the Services.
We may collect:
- your name
- email address
- postal location
- telephone number
- data sent by your mobile devices
- IP address you access website from
- data on preferences/customization of our Website
- cookies
- web logs
- aggregated user data*
- GPS/location data
- health insurance status,
- gender identity
- racial or ethnic background
Where applicable, we may also collect health-related information that constitutes Protected Health Information (PHI) under HIPAA.
We will utilize this data to provide initial correspondence by means of telephone, email, or SMS/text message. In the event that you are a parent or legal guardian for a minor dependent or otherwise incapacitated individual, you may likewise share their Personal Data and complete a Submission Form on behalf of the represented individual ("Represented Individual"). Any recognizable data you submit in the interest of a Represented Individual will be regarded as Personal Data in regards to this Privacy Policy.
Should you decide not to provide us with all the requested Personal Data, as is entirely your right, please know that our Services may not work appropriately or fully.
You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You can exercise this right by contacting us at Support@BuildClinical.com.
How BuildClinical Collects Personal DataWhen you complete a Submission Form, we will gather certain Personal Data that can be utilized to contact you and determine whether we are able to connect you with our Clients and Services.
As you explore our Services and Website, certain non-descriptive data may be gathered about your visit and devices, including through Cookies and other technologies. BuildClinical uses standard web logs that record basic data about your visit to our Website, such as the date and time of the visit, the pages viewed during the visit and the domain name of your Internet service provider.
We collect and process your Personal Data only where we have a lawful basis to do so under GDPR, such as your consent, our legitimate interests, a legal obligation, or the performance of a contract. In cases where we collect special categories of data (such as health or racial/ethnic data), we will do so only with your explicit consent or as otherwise permitted by applicable law.
2. HOW DO WE USE YOUR INFORMATION?How BuildClinical Uses Personal DataWe collect, process, and utilize Personal Data according to all applicable regulations and laws, and for the genuine business purposes laid out in this Privacy Policy, including:
- To deliver our Services: BuildClinical may utilize Personal Data to share with our Clients for current, potential, or future Services. Unless you disclose to us that you no longer wish to continue utilizing our Services, we will consider the Personal Data you submit through the Submission Form for future studies, healthcare products, and Clients' services.
- To maintain and improve service quality: BuildClinical may utilize Personal Data about you for quality improvement measures of BuildClinical's Services.
- To Communicate relevant opportunities: With your prior consent where required, BuildClinical may utilize Personal Data to provide you with information about offers, products, and services that might be of interest. We may provide you with this information by telephone or email, as allowed by relevant law. The Personal Data is utilized to these offers, products, and Services to your perceived needs. Our utilization of cookies and related technologies as described in this Privacy Policy may allow Third-Parties to tailor advertising to you based on your Personal Data that we think may interest you.
- To support operational, legal and compliance purposes: BuildClinical utilizes a variety of web technologies to process Personal Data that is retained for the legitimate interest of monitoring and improving our Services.
You may get in touch with us whenever to stop the utilization of your Personal Data for any purposes by emailing Support@BuildClinical.com.
We do not normally seek to identify individuals from Web Logs. However, we may use web logs to identify an individual whom we suspect tried to damage our websites or use them in an unauthorized way. We may share our web logs with law enforcement agencies if we believe there has been a violation of computer security or related laws or as otherwise required in order to comply with applicable law or legal process. In addition, we may share our web logs (which do not contain any Personal Data) with third parties to assist them in better designing their websites for clinical research studies.
*Aggregate Data
We may combine the information you provide with information from other visitors to our Site to create Aggregate Data which does not contain any uniquely identifying information. We may analyze this Aggregate Data and use what we learn to make improvements to our websites. We may share this Aggregate Data such as "traffic statistics" and "response rates" with third parties and our service providers help us make the Website more useful to visitors and for other business purposes.
3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?Personal Data Shared with Our ClientsBuildClinical may share the Personal Data you submit through our website submission forms with the Clients who have contracted with us specifically to obtain that data. Our Clients only utilize this data to select Prospective Participants that qualify for their research studies, and only have access to the specifically relevant Personal Data applicable to the Client engagement only.
We require all Clients to agree to protect the privacy and security of the Personal Data they receive from us, and to use such data only in accordance with applicable privacy laws including HIPAA and GDPR.
We have entered into Data Processing Agreements (DPAs) with all third-party service providers and subprocessors that process Personal Data on our behalf, as required under GDPR.
If any automated decision-making or profiling is used in the process of determining participant eligibility for research studies, we will provide information about the logic involved and offer you the ability to request human review or object to the decision.
Data RetentionPersonal Data that we process is not retained longer than necessary for the purposes for which it was collected, or as otherwise required by applicable law.
Data Disclosed for Our Protection and the Protection of OthersWe may share your information with public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties.
We may be required to disclose Personal Data to comply with a law or regulation, or in response to a search warrant, subpoena, court order, law or regulation. In the event that we are legally compelled to disclose your Personal Data to a third party, we will attempt to notify you, unless doing so would violate the law or court order.
Additionally, the Personal Data that we gather from Clients and Prospective Participants is considered a business resource that can be transferred in the event of a merger, acquisition, or reorganization.
De-identified and Aggregate DataWe may share de-identified data with third parties for quality improvement and marketing purposes only. We do not sell, rent, or share Personal Data to anyone except as described in this Privacy Policy and as permitted by HIPAA and other applicable laws.
4. HOW DO WE KEEP YOUR INFORMATION SAFE?Security of Your Personal DataWe utilize administrative, technical and physical safeguards intended to protect the data that we gather from or about you (Personal Data) in line with the requirements of HIPAA and GDPR from unapproved access, use or dissemination. We use Secure Socket Layer (SSL) for authentication and encrypted communications to ensure users' trust and confidence in our Website and Services.
Security Measures Include:
- Encryption of Personal Data in transit and at rest
- Restricted access to data on a need-to-know basis
- Ongoing monitoring and logging of access to systems containing Personal Data
- Staff training and confidentiality agreements
In accordance with HIPAA, BuildClinical implements procedures to detect and respond to potential breaches of Protected Health Information. We use monitoring systems and maintain an incident response plan to investigate, mitigate, and notify our Clients of any confirmed breaches within the legally mandated timeframes.
We follow HIPAA's Minimum Necessary Standard, ensuring that access to Personal Data and PHI is limited to those who need it for specific job functions.
Internet SafetyThe BuildClinical Website may contain links to different sites for your benefit. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of websites operated by others. This Privacy Policy does not apply to any other website, including any other BuildClinical or OpenClinica website. BuildClinical does not control third-party sites or their security measures, which may contrast from those set out in this Privacy Policy. Any Personal Data you decide to provide to third parties is subject to their privacy policies, and is not covered under this Privacy Policy.
BuildClinical recommends that you review the Privacy Policy on the third-party site to decide if you would like to proceed with sharing Personal Data.
It is your responsibility to ensure that the computer you use to access our Website is adequately secured and protected against malicious software, Trojan horses, computer viruses and worm programs. Without adequate security measures on a computer, there is a risk that the Personal Data you share on our Website could be unknowingly disclosed to unauthorized third parties. Similarly, despite BuildClinical's best efforts to protect your Personal Data, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your information over the internet may be intercepted. Please only visit sites that you trust and take all possible precautions to protect yourself and your Personal Data.
5. DO WE COLLECT INFORMATION FROM MINORS?Our Services are not directed to individuals under the age of 13 (or under 16 in jurisdictions with stricter protections under applicable law). We do not knowingly collect Personal Data from children under these ages without verifiable parental or legal guardian consent.
If you are a parent or legal guardian and believe that your child has provided us with Personal Data without your consent, you may contact us at Support@BuildClinical.com. We will take steps to delete such information promptly as required by applicable data protection laws.
If we become aware that we have collected Personal Data from a child without proper consent, we will securely delete the information from our systems unless we are legally obligated to retain it.
In compliance with the Children’s Online Privacy Protection Act (COPPA), GDPR, and other applicable laws, we implement procedures to ensure that children's data is not collected or processed inappropriately.
6. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?If you are a California resident, you are granted specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). These include:
- The right to know what personal information we collect, use, disclose, and sell;
- The right to delete personal information collected about you, subject to legal exceptions;
- The right to opt out of the sale or sharing of personal information, if applicable;
- The right to correct inaccurate personal information about you;
- The right to limit the use and disclosure of sensitive personal information;
- The right not to be discriminated against for exercising any of your CCPA/CPRA rights.
You can learn more at https://www.buildclinical.com/ccpa-notice-of-collection.
To exercise your rights, you may submit a request to us at Support@BuildClinical.com. We will verify your identity before fulfilling your request in accordance with applicable law.
Additionally, California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits users of the web site who are California residents to request and obtain certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. If you are a California resident and would like to make such a request, please contact us at support@BuildClinical.com.
7. DO WE MAKE UPDATES TO THIS POLICY?We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, operational, or technological environments. When we make material changes, we will post a revised policy on our Website and update the "Last Revised" date.
We encourage you to review this Privacy Policy regularly to stay informed of how we are protecting your Personal Data.
If you continue to use our Services after a revised policy is posted, you acknowledge and consent to the updated terms.
8. HOW CAN YOU CONTACT US ABOUT THIS POLICY?If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, please contact us at:
Support@BuildClinical.com
If you are located in the EU or UK and wish to contact our Data Protection Officer (DPO), please email Support@BuildClinical.com with "DPO Inquiry" in the subject line. If we are required to appoint a formal DPO, their contact information will be made available on our website.
Last Revised: May 29, 2025