For the latest updates on how we are managing changes due to COVID-19 please click here.

Privacy Policy

Your privacy is important to us.

Ora, Inc. (Ora) is committed to respecting the privacy of all individuals. This privacy policy explains our information practices and the choices you have about the way your personal information (PI) is collected, used, and protected. Any questions or concerns can be directed to the email address listed at the end of this policy.

This policy applies to Ora and for all purposes discussed herein the data Controller is Ora.


1. Information We Collect

Much of the personal data we process is collected from you directly. However, depending on your relationship with our company, we may process data about you received from other sources such as conference/event hosts, recruiting partners, and information you’ve made publicly available.

During the processes of screening/recruiting prospective patients for clinical trials, operating and maintaining our website, conducting marketing activities, collecting information from our prospective customers, employees, contractors, and collaborators, Ora may collect the following PI (without limitation):

General Data

 

Sensitive or Special Data


2. Purposes and Legal Basis for Collecting/Processing Personal Information (PI)

Ora collects and processes PI under the following circumstances:

  1. Process – Prospective Clinical Trial Patients Recruitment/ Screening – Legal Basis – Consent/Permission – Purpose for Processing – In order to effectively recruit patients for clinical trials, Ora must (with your consent) collect, retain, and process, contact information and limited Medical/Health information (as described above).
  2. Process – Prospective Customers and Collaborators – Legal Basis – Legitimate Interest – Purpose for Processing – Ora has a legitimate interest in expanding its professional network and the growth of its business. Collecting contact information and other details from prospective customers and collaborators relevant to its business is necessary for this purpose in order to communicate with them. Having considered purpose and necessity, Ora assesses that the balance favors its processing as it is reasonable for prospective customers and collaborators submitting their PI to expect that their business contact details will be processed, and the impact on them will be low. The information submitted is subsequently collated and added to a business contact database. Ora also ensures that it provides these data subjects the opportunity to exercise their rights.
  3. Process – Prospective Employees – Legal Basis – Legitimate Interest – Purpose for Processing – Ora has a legitimate interest in soliciting candidates for employment to identify and evaluate talented prospective employees to contribute to the growth of Ora’s business. Collecting PI from candidates is necessary for Ora to effectively and efficiently identify candidates for positions, evaluate their qualifications (i.e. prior experiences), and process submitted employment applications. Having considered purpose and necessity, Ora assesses that the balance favors its processing as it is reasonable for prospective employees submitting their PI to expect that their business contact details will be processed, and the impact on them will be low. The information submitted is processed in an applicant database. Ora also ensures that it provides these data subjects the opportunity to exercise their rights.
  4. Process – Investigator and Site Recruiting – Legal Basis – Legitimate Interest – Purpose for Processing – Ora has a legitimate interest in collecting PI from clinical investigators and clinical sites in order to identify and evaluate talented prospective investigators and sites to contribute to the growth of OraNet™ and to provide information to its customers in relation to the capacity to carry out clinical trials. Ora must be able to effectively and efficiently vet such potential new members of OraNet™ by evaluating their qualifications (i.e. prior experiences, resumes, etc.). Having considered purpose and necessity, Ora assesses that the balance favors its processing as it is reasonable for prospective clinical investigators and clinical sites submitting their PI to expect that their resumes and business contact details will be processed, and the impact on them will be low. The information submitted is processed in a clinical investigator and site database. Ora also ensures that it provides these data subjects the opportunity to exercise their rights.
  5. Process – Survey Administration – Legal Basis – Consent/Permission – Purpose for Processing – From time to time, we may request information from you via surveys. Participation in these surveys is completely voluntary, and, therefore, you have the choice of whether or not to disclose such information. Information requested may include contact information (such as name, correspondence address and telephone number), and demographic information (such as zip or postal code or age).
  6. Process – Website Operation, Maintenance, and Optimization – Legal Basis – Consent/Permission – Purpose for Processing – Ora and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole.

3. Release, Sharing and/or Transfer of Data

Access to PI will at all times be restricted to only those individuals who require access to perform a necessary job function in accordance with the original purpose of collection (Principle of Least Privilege). Ora may share your PI with third parties that process information on its behalf. These may include (without limitation):

Any such third parties receiving PI are required to sign confidentiality agreements or provide assurance agreeing to handle all confidential information containing personal data in accordance with applicable law. Additionally, Ora will validate that any third party involved in the processing of PI will have the proper technical and organizational measures in place to protect PI.

Except as described above, we will not otherwise use or disclose any of your PI, except to the extent reasonably necessary: (i) to correct technical problems and malfunctions and to technically process your information; (ii) to protect the security and integrity of our Web site; (iii) to protect our rights and property and the rights and property of others; (iv) to take precautions against liability; (v) to the extent required by law or to respond to judicial process; or (vii) to the extent permitted under other provisions of law, to provide information to law enforcement agencies or for an investigation on a matter related to public safety, as applicable.

When sharing PI with third parties (including any international transfers of data that may occur) Ora will take all necessary steps to ensure the protection of this information by implementing appropriate safeguards relative to the risk and sensitivity of the information being shared. Ora may also transfer information across international borders when necessary. When international transfers do occur, Ora implements a GDPR compliant transfer method as follows:

International Transfer Compliant Transfer Method
Collecting and processing PI from prospective customers, collaborators, Investigators around the world involves transferring information internationally. Model Contractual Clauses
Collecting and processing PI from prospective employees from around the world involves transferring information internationally. Model Contractual Clauses


4. Data Security

Ora maintains a high level of security, particularly in relation to PI. Computer equipment, networks, programs, data and documentation is maintained to a high standard, and access to data and equipment is at all times restricted to appropriate staff. Ora’s security framework is designed to ensure that holistic and effective security practices are maintained to protect PI that Ora collects and processes.


5. Data Retention

Ora will retain PI only for as long as is necessary for the purpose(s) for which it was collected and in accordance with any applicable consent given in relation to such PI and any applicable laws.

Data will be securely destroyed upon request by a data subject (when applicable), or the data is no longer needed for the purpose(s) it was collected for.


6. Individual Rights:

Individuals have the following rights in relation to their PI*. Ora will not discriminate against individuals for exercising their rights under applicable data privacy laws.

Right to be Informed This privacy policy provides the information you are entitled to receive. (e.g. Purpose of the processing, right to withdraw consent, etc)
Right to Access This privacy policy provides the information you are entitled to receive. (e.g. Purpose of the processing, right to withdraw consent, etc) – The right to view your PI that is being processed and/or request a copy of this data. There is no charge for Ora providing you with this data and it will typically be provided within three weeks of the request (unless the request is unfounded or excessive).
Right to Rectification This privacy policy provides the information you are entitled to receive. (e.g. Purpose of the processing, right to withdraw consent, etc) The right to have PI rectified if it is inaccurate or not up to date. When applicable, Ora will promptly update any incorrect information.
Right to Erasure This privacy policy provides the information you are entitled to receive. (e.g. Purpose of the processing, right to withdraw consent, etc) The right to have PI deleted. When applicable, Ora will promptly delete the requested data.
Right to Withdraw Consent This privacy policy provides the information you are entitled to receive. (e.g. Purpose of the processing, right to withdraw consent, etc) The right to withdraw previously given consent for processing PI.  When applicable, Ora will cease processing PI collected by the basis of consent.
Right to Data Portability This privacy policy provides the information you are entitled to receive. (e.g. Purpose of the processing, right to withdraw consent, etc) The right to have PI transferred to him/herself or to another controller. When doing so the information will be provided in a machine-readable electronic format.
Right to Object This privacy policy provides the information you are entitled to receive. (e.g. Purpose of the processing, right to withdraw consent, etc) The right to stop processing of PI, contingent that the objection to processing is based on legitimate interests or the performance of a task in the public interest / exercise of official authority (including profiling).
Right in Relation to Automated Decision Making This privacy policy provides the information you are entitled to receive. (e.g. Purpose of the processing, right to withdraw consent, etc) Right to object to a decision based on automated processing. When possible a manual review of information will be conducted to reach a decision.

*Not all rights are guaranteed. Legal basis for collection/processing, the requirement of disproportionate effort, legal requirements, and other factors can have an impact on data subject rights.


7. Automated Decision Making

No automated decision making is used to process PI.


8. Minors

The services and personal data processing activities for which Ora is a data controller, as described under this policy, are not intended for individuals 15 years of age or younger.


9. Right to Lodge Complaint

If an individual believes they have a grievance in regard to violation of this privacy policy or applicable privacy laws, rules, or regulations, they can lodge a complaint with the supervisory authority at the Information Commissioners Office (ICO) in the United Kingdom: https://ico.org.uk/make-a-complaint/


10. ‘Do Not Track’ Disclosures

Ora’s website does not respond to ‘Do Not Track’ signals from your browser.


11. Privacy Policy Changes

Ora reserves the right to modify or amend this privacy policy. For instance, this privacy notice may need to change as new legislation is introduced or as it is amended. It is recommended that individuals implicated by this policy review the most current version of this policy available at www.oraclinical.com

This policy was last updated in December 2022.


12. Merger

If Ora should ever file for bankruptcy or be acquired by a third party, merge with a third party, sell all or part of our assets, or otherwise transfer substantially all of our relevant assets to a third party, Ora is entitled to share the PI to potential and subsequent business and merger partners.


13. No Representation/No Liability

Ora makes no representations about the content of the information found on this Web site. The information presented on this Web site is provided to you “AS IS,” WITHOUT ANY WARRANTY, IMPLIED OR EXPRESSED, INCLUDING BY WAY OF EXAMPLE BUT WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR OTHERWISE. Under no circumstances shall Ora assume liability for the use or interpretation by you of information found on this Web site; rather, this will be your responsibility. Ora expressly disclaims liability for any direct, indirect, incidental, consequential or special damages arising out of your visit to this Web site and/or the information contained on this Web site, even if Ora is proven negligent.


14. Definitions

The following definitions apply to terms used throughout this policy:

Personal Information (PI):

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller:

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor:

A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


15. How To Contact Us

All communications, questions or concerns about these privacy policies should be addressed to Ora’s Data Protection Officer at: OraDPO@oraclinical.com

Please note that in instances where Ora is acting as the clinical research organization (CRO) for one or more of its customers (clinical sponsors) in its capacity of managing clinical trials, Ora’s customer is the data Controller and Ora is the data processor.