Privacy and Use Policy
CareEvolution's MyDataHelps Designer web platform (“the Platform”) enables end users to build and launch an end-to-end digital research or health project in hours— no coding required. Core components include eConsent, automated survey and notification delivery, and wearable and EHR information collection.
Please also see our MyDataHelps Privacy and Use Policy that covers the MyDataHelps mobile and web applications (applies to project participants).
Table of Contents
What does this Policy Cover?
CareEvolution (“We”) take your privacy very seriously and are conscientious about how we handle data entered by you about yourself or your project(s). Your use of the Platform is voluntary. The set of policies here covers what kinds of information (the “Data”) We collect, how We use the Data, how We secure the Data, how We may share the Data, how We communicate with you, and your Data responsibilities. By using the Platform, you acknowledge that you accept the practices and policies outlined here. You also consent that We collect, use, and share your information as described in this policy.
Data We Collect
Registering for the Platform
In order to participate on the Platform, we ask you to create an account. To create an account, you must share certain identifying information (such as name and email address), and agree to the usage and privacy practices as detailed in this document, which may be modified over time.
The Platform will obtain information from you in two ways:
- Manually entered information–this is information that you manually enter into the Platform, such as your email address and name.
- Automatically collected information–this information is generated as a byproduct of your use of the Platform, such as your IP address, operating system, and features used.
We may also collect project information you provide to us in support of your MyDataHelps project. This includes information such as your project name, other MyDataHelps Designer users, surveys, notifications, schedules, and associated participant information. Further details regarding participant information are covered in the Your Data Responsibilities section of this policy.
How We Use Data
Identifiable Data will never be sold or used for advertising without your consent. We may aggregate your Data for legitimate business purposes. In such circumstances, CareEvolution will de-identify the Data to protect your confidentiality and privacy. Deidentification means that the Data cannot reasonably be associated with you or your projects, and aggregation involves combining the Data with other users and projects, again, such that no user or project can be identified.
The Platform collects Data for the following purposes:
- Primarily, the Data enables usage of the Platform. For example, participant information is collected so that you may access it for analysis.
- We may use the Data to understand, customize and improve user experience with the Platform. For example, we may engage analytics services (i.e. “Cookies”) to analyze this information in order to help us understand how users engage with and navigate the Platform, how and when features within the Platform are used, and by how many users.
- We may use the Data to send you important information. Please refer to the How We Communicate With You section of this policy for further details.
- We may use the Data for business purposes, such as understanding how we may continue to support your use of the Platform.
- We may use the Data without your identifying information (name, contact information, email address) to support research and health or quality improvement initiatives with external collaborators and partners.
How We Secure Data
The Data is maintained in the United States by us (CareEvolution) or our authorized partners.
We use appropriate physical, organizational, and technical safeguards designed to protect the confidentiality, integrity, and availability of the Data we collect. For example, the Data is encrypted both at rest and in transit in accordance with the security standards set forth by the National Institute of Standards and Technology’s (NIST) Federal Information Processing Standard (FIPS) Publication 140-2: Security Requirements for Cryptographic Modules. These are the standards mandated by the Department of Health and Human Services for securing health information. We cannot, however, fully guarantee the security of the Data or any information transmitted to us.
How We May Share Data
Except as described in this policy, we will not sell, rent, lease, give away, disclose, or share your contact information, and will not disclose the Data we collect through the Platform without your consent.
We may combine your Data without identifying information (removing information such as name and email address) with others' Data (also without identifying information) for use in health and fitness research and quality improvement initiatives.
We also reserve the right to disclose your information that we believe, in good faith, may be necessary to i) protect our intellectual property and other rights; ii) take liability; iii) protect ourselves from fraudulent, abusive, or unlawful uses or activity; iv) investigate and defend ourselves against any third-party claims or allegations; or v) protect the rights or safety of others. We will notify you of any such disclosures.
When we work with third parties who provide services on our behalf, we take steps to limit the information provided to them to that which is reasonably necessary for them to perform the functions for the allowable purposes listed above. We require them to agree to handle and process the information in accordance with our instructions and to maintain the confidentiality, integrity, and availability of the information by applying appropriate organizational and technical safeguards.
We reserve the right to disclose and otherwise transfer the Data to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, to the extent and in the way as prescribed by applicable law.
How We Communicate With You
We may contact you to:
- Notify you of important system updates or alerts.
- Assist you with the use of the Platform.
- Obtain your feedback regarding the use of the Platform.
- Inquire about additional business opportunities for the Platform.
- Provide or inquire about other administrative matters.
Your Data Responsibilities
We collect and process project information on behalf of you. In such cases where activities are subject to the EU General Data Protection Regulation (“GDPR”), we act as Data Processors (as such term is defined in the GDPR). As the responsible entity for protecting your data subjects' Personal Data, your responsibilities as a Data Controller (as defined in the GDPR) include the following:
- Oversight of which participants engage with MyDataHelps and who else has access to your project information (other users).
- Configuration of the content displayed to participants in the app, survey, and notifications.
- Determination of information collected from participants and assurance of its security if exported from the Platform.
- Assessment of and compliance with your own obligations to your Institutional Review Board (“IRB”)/ Ethics Committee (“EC”) and/or your project's Informed Consent Form (“ICF”), which may differ from what is outlined in this policy.
Data You Can Access and Withdrawing
The Platform enables you to view, edit, and share some of the Data.
You may request that your Data be deleted by contacting us at firstname.lastname@example.org with the email address used to register your account.
In some circumstances, we may not delete all of your Data, and we may continue to use your Data if it is necessary to comply with our legal obligations (including law enforcement requests), to meet regulatory requirements, to maintain our security program, or if retaining such Data is in the interest of public health or scientific research purposes.
Data is deleted within 45 days of a deletion request, except where retention is necessary as described within this policy.
Limitations and Terms Related to Your Use
By using the Platform, you agree that you will not do anything to interfere with or disrupt the operation of the Platform, will provide only accurate and current information through the Platform, and will not impersonate anyone else in your use of the Platform. You further agree not to transmit content that you do not have the right to transmit or that infringes the rights of any party, and you agree to use the Platform in compliance with all applicable laws. You understand that the Platform or portions of it may be subject to patent, copyright, trademark, and other intellectual property protection and that the ownership of software and other intellectual property related to the Platform, as well the goodwill associated therewith, remains with CareEvolution. You agree that any improvements or other changes to the Platform are the property of CareEvolution.
To the maximum extent permitted by law, the Platform is provided “As Is” and “As Available”, with all faults and without warranty of any kind, and CareEvolution and its licensors disclaim all warranties, either implied or statutory, including, but not limited to, the implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, accuracy, quiet enjoyment, and non-infringement of third party rights. To the extent not prohibited by applicable law, in no event shall CareEvolution be liable for personal injury, or any incidental, special, indirect or consequential damages whatsoever arising out of or related to your use or inability to use the Platform.
Changes to Our Privacy and Use Policy
We may change this policy over time. Any changes will be posted on our website and will be effective when published at http://mydatahelps.careevolutionapps.com/mdhd-terms-of-service.html.
If you have any questions, comments, or requests regarding this policy or our handling of your Data, please contact:
625 N Main Street
Ann Arbor, MI 48104