Privacy Policy

Last modified: August 14, 2024

Introduction

At Trial Risk Index, Inc. (DBA BioPhy) ("Company" or "we"), we respect your privacy and are committed to protecting it through our compliance with this policy.

This policy describes the types of information we may collect from you, that you may provide when you visit the websites biophy.ai, insights.biophy.ai, and biophyrx.ai (our "Website") or utilize our services (together with the Website, our “Services”), or that may be obtained from third-party partners, collaborators, or other sources, and our practices for collecting, using, maintaining, protecting, and disclosing that information.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, you should not to use our Website or Services. By accessing or using our Services, you agree to this privacy policy. This policy may change from time to time (see “Changes to Our Privacy Policy”). Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Children Under the Age of 13

Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at: privacy@biophy.ai.

Information We Collect About You and How We Collect It

User Data

We collect several types of information from and about users of our Services and prospective customers, including information:

·          By which you may be personally identified, such as name, postal address, e-mail address, telephone number, job title, employer name, or any other identifier by which you may be contacted online or offline ("personal information");

·          That is about you but individually does not identify you; and/or

·          About your internet connection, the equipment you use to access our Services, and usage details.

We collect this information:

·          Directly from you when you provide it to us.

·          Automatically as you navigate through the Services. Information collected automatically may include usage details, IP addresses, , the region or general location where your computer or device is accessing the internet, browser type, operating system, and information collected through cookies and other tracking technologies.

·          From third parties, for example, our business partners.

·          Employee, Consultant, and Business Partner Data

We also collect several types of information from and about our employees, consultants, and business partners, which may include personal information, information that is about you individually but does not identify you, and data on usage of our Services or internal systems.

We collect this information:

·          Directly from you when you provide it to us.

·          Automatically as you navigate through the Services and utilize our internal systems. Information collected automatically may include usage details, IP addresses, , the region or general location where your computer or device is accessing the internet, browser type, operating system, and information collected through cookies and other tracking technologies.

·          From third parties, for example, our business partners.

·           

Patient Data

We also may collect personal information and/or health data of patients from third parties, for example, our business partners.

Information You Provide to Us 

The information we collect on or through our Services may include:

·          Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to our Services, posting material, or requesting further services. We may also ask you for information when you report a problem with our Services.

·          Records and copies of your correspondence (including email addresses), if you contact us.

·          Your responses to surveys that we might ask you to complete for research purposes.

·          Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website.

·          Your search queries in the Services.

Information We Collect Through Automatic Data Collection Technologies.

As you navigate through and interact with our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

·          Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.

·          Information about your computer and internet connection, including your IP address, operating system, and browser type.

The information we collect automatically we maintain or associate with personal information we collect in other ways or receive from third parties. It helps us to improve our Services and to deliver a better and more personalized service, including by enabling us to:

·          Estimate our audience size and usage patterns.

·          Store information about your preferences, allowing us to customize our Website according to your individual interests.

·          Recognize you when you return to our Website.

The technologies we use for this automatic data collection may include:

·          Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system may issue cookies when you direct your browser to our Website.

·          Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see “Data Subject Rights” and “Choices About How We Use and Disclose Your Information”.

How We Use Your Information

User Data

We use information that we collect about you or that you provide to us, including any personal information:

·          To present our Website and its contents to you.

·          To provide you with information, products, or Services that you request from us.

·          To fulfill any other purpose for which you provide it.

·          To provide you with notices about your account, including expiration and renewal notices.

·          To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

·          To notify you about changes to our Website or any products or Services we offer or provide though it.

·          To allow you to participate in interactive features on our Services.

·          In any other way we may describe when you provide the information.

·          For any other purpose with your consent.

We may also use your information to contact you about goods and services that may be of interest to you. If you do not want us to use your information in this way, see “Data Subject Rights” and “Choices About How We Use and Disclose Your Information.”

Employee, Consultant, and Business Partner Data

We use information that we collect about our employees, consultants, and business partners, including any personal information:

·          To communicate with you regarding anything within the scope of our business relationship.

·          To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for payroll, billing, and collection.

·          To fulfill any other purpose for which you provide it.

·          In any other way we may describe when you provide the information.

·          For any other purpose with your consent.

If you do not want us to use your information in this way, see “Data Subject Rights” and “Choices About How We Use and Disclose Your Information.”

Patient Data

We may use patient data, including any personal information and health data, that is provided to us by third-parties, for example our business partners, in the following very limited circumstances:

·          Research and development of new drugs or medical treatments.

·          Research and development to improve, repurpose, or better utilize existing drugs or medical treatments.

·          Research regarding patient needs and opportunities to improve patient health.

·          To fulfill any other purpose for which you provide it.

·          To fulfill any legal notice obligations.

·          For any other purpose with your consent.

If you do not want us to use your information in this way, see Choices About How We Use and Disclose Your Information.

Disclosure of Your Information

The Website connects with third-party services such as LinkedIn and others. If you choose to share information from the Website through these services, you should review the privacy policy of that service. If you are a member of a third-party service, the aforementioned connections may allow that service to connect your visit to our site to your personal data.

·          User, Employee, Consultant, and Business Partner Data

We will not sell your personally identifiable information to third parties without your consent. We may disclose aggregated information about our users, employees, consultants, and business partners, and information that does not identify any individual user, without restriction.

The personal information we collect about you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, we engage third parties to send information to users of our Services, our employees, consultants, or business partners, including information about our products, services, and events.

You may request a list of our third-party sub processors by emailing privacy@bipohy.ai.

We may disclose personal information of users of our Services, our employees, consultants, or business partners, that we collect or you provide as described in this privacy policy:

·          To our subsidiaries and affiliates.

·          To contractors, service providers, and other third parties we use to support our business.

·          To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the Company about our Services users is among the assets transferred.

·          To fulfill the purpose for which you provide it.

·          For any other purpose disclosed by us when you provide the information.

·          With your consent.

We may also disclose your personal information:

·          To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

·          To enforce or apply our Terms of Use, your engagement letter and/or any other written terms of sale with us (“Terms of Sale”), and other agreements, including for billing and collection purposes.

·          If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

We do not otherwise reveal your personal information to third-party persons or businesses for their independent use unless you request or authorize it.

Patient Data

We will not sell patient personal information or health data to third parties without your consent. We may disclose aggregated information about patients, and information that does not identify any individual patient, subject to relevant health data regulations.

The patient personal information and health data we collect is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information or health data for any purpose other than cloud storage and retrieval.

You may request a list of our third-party sub processors by emailing privacy@bipohy.ai.

We may disclose patient personal information and health data only as necessary for the purposes set forth in the “How We Use Your Information” section, and subject to relevant health data regulations:

·          To our subsidiaries and affiliates.

·          To contractors, service providers, and other third parties.

·          To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the Company about our Services users is among the assets transferred.

·          To fulfill the purpose for which you provide it.

·          With your consent.

We may also disclose your personal information or health information:

·          To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

We do not otherwise reveal patient personal information or health data to third-party persons or businesses for their independent use unless you request or authorize it.

Transferring Personal Data to the U.S.

We have our headquarters in the United States. Information we collect about you will be processed in the United States. By using our services, you acknowledge that your personal information will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, we are providing for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA and the UK. These clauses have been enhanced based on the guidance of the European Data Protection Board and will be updated when the new draft model clauses are approved.

Depending on the circumstance, we also collect and transfer to the U.S. personal data with consent; to perform a contract with you; or to fulfill a compelling legitimate interest of the Company in a manner that does not outweigh your rights and freedoms. We endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with the Company and the practices described in this Privacy Statement. We also enter into data processing agreements and model clauses with our vendors whenever feasible and appropriate. Since it was founded, the Company has received zero government requests for information.

For more information or if you have any questions, please contact us at privacy@bipohy.ai.

Data Subject Rights

The European Union’s General Data Protection Regulation (GDPR) and other countries’ privacy laws provide certain rights for data subjects. Data Subject rights under GDPR include the following:

·          Right to be informed

·          Right of access

·          Right to rectification

·          Right to erasure

·          Right to restrict processing

·          Right of data portability

·          Right to object

·          Rights related to automated decision making including profiling

This Privacy Policy is intended to provide you with information about what personal data we collect about you and how it is used. The Company is considered both a data controller and data processor under the GDPR.

If you wish to confirm that the Company is processing your personal data, or to have access to the personal data we may have about you, please contact us.

You may also request information about the purpose of the processing; the categories of personal data concerned; who else outside the Company might have received the data from the Company; what the source of the information was (if you didn’t provide it directly to us); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by the Company if it is inaccurate. You may request that we erase that data or cease processing it, subject to certain exceptions. You may also request that we cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process your personal data. When technically feasible, we will—at your request—provide your personal data to you.

Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, we will provide you with a date when the information will be provided. If for some reason access is denied, we will provide an explanation as to why access has been denied.

For questions or complaints privacy@biophy.ai. Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or with your nation’s data protection authority.

Data Storage and Retention

Your personal data is stored by the Company on our servers, and on the servers of the cloud-based database management services we engage, located in the United States. We retain service data for the duration of the customer’s business relationship with us and for a period of time thereafter, to analyze the data for our own operations, and for historical and archiving purposes associated with our services. We retain prospect data until such time as it no longer has business value and is purged from our systems. All personal data that we control may be deleted upon verified request from Data Subjects or their authorized agents. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at: privacy@biophy.ai.

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

·          Tracking Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

·          Promotional Offers from the Company. If you do not wish to have your contact information used by the Company to promote our own or third parties' products or services, you can opt out by checking the relevant box located on the form on which we collect your data (the registration form) or at any other time by sending us an email stating your request to privacy@biophy.ai. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to the Company as a result of a product purchase, warranty registration, product service experience, or other transactions.

Accessing and Correcting Your Information

You may send us an email at privacy@biophy.ai to request access to, correct, or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Website home page. If we make material changes to how we treat our users' personal information, we will notify you through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

Contact Information

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at: privacy@biophy.ai

Our mailing address is:

1650 Market Street

Suite 4810

Philadelphia, PA 19103

Under Article 27 of the GDPR, we have appointed an EU Representative to act as our data protection agent. Our nominated EU Representative is:

Instant EU GDPR Representative Ltd.

Adam Brogden contact@gdprlocal.com

Tel +35315549700

INSTANT EU GDPR REPRESENTATIVE LTD

Office 2,

12A Lower Main Street, Lucan Co. Dublin

K78 X5P8

Ireland