Lightship Privacy Policy

Last Updated and Effective: 15 April 2024  

This Privacy Policy and notice describes how Lightship Inc. and its affiliates, including Lightship Clinical Research Ltd. in the UK (collectively, “Lightship,” “we,” “us,” or “our”), collects, uses, shares, and safeguards personal information. This Privacy Policy and notice applies to your interactions with us or your use of our website(s) (www.lightship.com), mobile applications (Lightship: Trials), products, services, or features, either online or offline (collectively, our “Services”). This Privacy Policy also applies to individuals who apply for a position with us unless the individual is a UK candidate (see below). This Privacy Policy sets out at a high level how we comply with data protection, privacy, confidentiality, and associated laws in the USA and the UK and may be supplemented by additional information specific to a particular data collection from you. Depending upon whether you are in the USA or the UK, it also tells you about your rights and choices with respect to your personal information and how you can reach us to get answers to your questions. You can jump to specific topics by going to the headings below: 

If you are a UK candidate applying for a job at Lightship, please visit our Employee Recruitment Privacy Notice. 

If you are visually impaired, you may access this Privacy Policy and notice through your browser’s audio reader. 

If you do not understand, or you are not content with this Privacy Policy, please contact us before using, or continuing to use our Services.

Types Of Information We Collect, For What Purposes & Lawful Basis Relied Upon

We collect two basic types of information from you: personal information and non-personal information. 

Personal information includes all information that relates to you or opinions about you and either identifies or may be used to identify you personally (collectively, “personal information”). Wherever you are located, below are examples of the type of personal information that we may collect from and about you, how we may use that information and the lawful basis we rely upon to process this information. 

Community Outreach Events

  • Types of Data: When conducting events in the community, we may collect your name and contact information to register you for the event (“Registration Data”). Depending on the nature of the event, for example a health screening to determine preliminary eligibility for a specific clinical trial, we may also collect your date of birth, health and medical/medication history, gender, race, ethnicity, and any other necessary information to assess initial eligibility (“Health Eligibility Data”) at the event.
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: We will use your Registration Data to notify you about relevant event information, such as any appointment bookings based on our Performance of a Contract with you. For any additional information collected at our events, including Health Eligibility Data we will obtain your authorization to process this information.

Clinical Trial Recruitment

  • Types of Data: If you choose to complete pre-screening activities for a study or take part in a clinical trial, we will collect your name, contact details, date of birth, and other screening information, which may include but is not limited to, health and medical/medication history, ethnicity, height, weight, family history, and any other information necessary to determine your suitability for a given trial (“Pre-Screening Information”). We may also ask for your opinion on our service through the provision of an optional satisfaction survey.
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: We process Pre-Screening Information with your Consent to assess your eligibility for a given clinical trial and for safety reasons should you go on to participate in the trial. Furthermore, with your Consent, we may also add your Registration Data and Pre-Screening Information to our database so that we may contact you about current and future clinical trials, events, or related initiatives relevant to your health condition(s) conducted by us or our partners (“Direct Marketing”).
     
    Where necessary, as part of Pre-Screening, with your Consent we may also request a copy of your medical history from your treating physician.

Health screening

  • Types of Data: On some occasions, we offer screening and testing services for certain diseases in communities. This may be done in a medical facility, including a mobile research unit, at a community event, or at other appropriate locations. (“Community Disease Screening”). For this purpose, we may collect your contact and health information.
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: Once the test associated with the Community Disease Screening has been performed, the data / result will be shared with you. If we have your Consent, your contact and health information will be added to our database so that we may contact you with relevant Direct Marketing.

Market Research / Surveys

  • Types of Data: You may take part in our market research and surveys without volunteering any of your personal information. However, you also have the option of providing identifying information, including your contact details, which may be linked back to your feedback/opinions collected as part of the research or survey (“Survey Data”).
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: Market research and surveys provide us with valuable insights. You can take part without being identified. We will only process identifiable Survey Data with your Consent. We may then also send you Direct Marketing.

Client Relationship Management

  • Types of Data: We collect the name, contact details, and other professional information about our clients and their employees, or any third parties employed or engaged by them with whom we may interact (“Staff Contact Data”).
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: Where relevant to our client contracts, we will use the Staff Contact Data for normal business administration, such as projects, services, business-to-business marketing, client satisfaction surveys, and billing (“Business Administration”) based on our Legitimate Interests.

Investigator / Healthcare Professional Engagement

  • Types of Data: We collect personal information, such as your name, contact details, age, gender, ethnicity, licensure coverage, bank account information, or other professional information. If you are acting as an investigator on a trial, we may also be required to conduct a background check, including criminal history and professional debarment where the local law permits (collectively “Professional Information”).
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: We will process Professional Information with your Consent to understand your professional background, qualifications and training necessary to conduct a trial, for diversity and inclusion monitoring, to identify native languages which can be matched to the needs of our clients and study participants, and for the purposes of Business Administration based on the Performance of a Contract with you.

Participant Mobile Application

  • Types of Data: Study participants who have enrolled in a clinical trial will be offered Lightship’s secure patient mobile application. The application will collect account credentials, such as name, email address, scheduling information for study visits, and responses to health questionnaires and satisfaction surveys (“Patient App Data”).
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: Study participants will Consent to the use of Lightship’s patient mobile application and to the use of their Patient App Data to manage account access, schedule study visits, and engage with Lightship’s study team throughout the course of a clinical trial. This is designed to provide participants with a safe and convenient way to manage and share information. Should a participant not Consent to use of the App, our study team can discuss alternative approaches for engagement.

Feedback / Support

  • Types of Data: If you provide feedback or contact us for support, we will collect your name and email address, as well as any other information that you wish to send to us in order for us to respond (“Feedback Data”).
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: By submitting Feedback Data to us, you Consent to us processing your personal information to act upon your query, feedback, or issue.

Employment

  • Types of Data: If you apply for a job posting or become an employee or contractor, we collect information necessary to process your application or to hire and/or retain you as an employee or contractor. This may include your contact details, professional qualifications, employment history, and government issued identification. If necessary for a given role, we may conduct background checks, including criminal history and professional debarment where the local law permits.
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: We use information about current employees or contractors to manage your employment or engagement or in anticipation of a contract with you. In some contexts, we are also required by law to collect certain information about our employees or contractors. We also have a legitimate interest in using your information to have efficient staffing and workforce operations.

Email Interconnectivity

  • Types of Data: If you receive an email from us, we use certain tools to capture data related to when you open our message or click on any links or banners it contains (“Email Activity Data”).
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: We obtain your Consent prior to collecting Email Activity Data. By understanding how you interact with our electronic communications, we are able to make them more relevant to you in future.

First Party Cookies

  • Types of Data: We may use cookies, clear GIFs, and other tracking technologies. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a website is viewed to enable the website to function appropriately from a technical standpoint, and to improve the user experience of the site. This can include information about your device or browser.
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: We have a Legitimate Interest in collecting personal information from strictly necessary cookies for our website to function. With your Consent, we place cookies to improve the performance of our website based on how you interact with it or to personalize your experience based on your preferences and interests.  
  • We apply the same approach to cookies when you access our website via your mobile device.  
  • Our Services do not currently change the way they operate in the USA upon detection of a Do Not Track or similar signal.

Third Party Cookies

  • Types of Data: We work with third parties to help us identify potential participants for our clients’ clinical trials and for other purposes. These third parties may use technology, such as cookies, to track whether you have completed a questionnaire on our website.
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: The terms and conditions should be set out in the privacy policy of the third party’s website through which you came. Lightship does not have control over these types of cookies.

Web Logs

  • Types of Data: When completing one of our online questionnaires (e.g., study online screener or market research survey), we collect your Internet Protocol (IP) address (a number that is automatically assigned to a computer when the internet is used).
  • Primary Purpose for Collection and Use of Data and Lawful Processing Ground / Condition: We have a Legitimate Interest in monitoring our networks and the visitors to our websites to cut down on fraudulent activity or bogus screeners completed by a robot.

 

Where permitted by applicable law, we may process your personal information for a compatible purpose secondary to the primary reason for collection, such as obligations under law or scientific research in the public interest. Either with your Consent or in our Legitimate Interest, we may combine your personal information collected through various sources (see below), including information collected through our Services, and develop a profile that will be used for the purposes above. We may also process your information to establish or exercise our rights, to defend against a legal claim, to respond to legally binding requests, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, equality and diversity monitoring, or a violation of our policies. 

We strive to uphold data minimization principles and only seek to collect personal information from you for the purposes described in this Privacy Policy and notice. We are required to disclose the categories of personal information we collect under California law – see California Privacy Law Appendix for details. 

Non-personal information includes information that does not personally identify you or information that has been anonymized (collectively, “non-personal information”). When we combine non-personal information with personal information, we treat the combined information as personal information. Subject to undertaking a legitimate interest balancing test and based on our Legitimate Interest, we may use personal information to create non-personal information. We use non-personal information for any legitimate business purpose.

Offline Interactions and Other Sources

In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources, or from our offline interactions with you. Where legally required, if we believe a person does not already know that we hold personal information about them (e.g., we do not have an existing active relationship with them), we will inform them that we are now holding their data, the reasons why, the lawful basis we are relying upon and inform them of their associated rights and choices.

Online Analytics

We also use various types of online analytics, including Google Analytics, a web analytics service provided by Google, Inc. (“Google”), on our website. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website or app. To learn more about Google’s partner services and to learn how to opt-out of tracking of analytics by Google click here.

Social Media Integration

Our Services may, from time to time, contain links to and from social media platforms. You may choose to connect to us through a social media platform, such as Facebook, LinkedIn, or Twitter, and when you do, we may collect additional information from you, including the information listed in the “Types Of Information We Collect, For What Purposes & Lawful Basis Relied Upon” section above. We encourage you to review the social media platforms’ usage and disclosure policies and practices, including the data security practices, before using them.

Sharing Of Information

We do not disclose your personal information to third parties for profit. We also do not share personal information with third parties for their own Direct Marketing purposes without your Consent, and under no circumstances will we share your mobile telephone number along with your SMS opt-in data and consent (if provided) with third parties or affiliates for Direct Marketing or promotional purposes. In addition to the specific situations discussed elsewhere in this Privacy Policy, we disclose information in the following situations:

  • Affiliates and Acquisitions. We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control and branding). In accordance with applicable law, we may also transfer or assign personal information to third parties as a result of, or in connection with, a sale, merger, consolidation, change in control, transfer of assets, bankruptcy, reorganization, or liquidation.
  • Medical and Other Consultants. We may share information with research coordinators, investigators, and physicians (including your general practitioner), safety monitors, and statisticians, who advise on, supervise, or are otherwise involved in carrying out screening or consenting activities to facilitate recruitment onto a trial.
  • Other Disclosures with Your Consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy.
  • Public. Some of our websites may provide the opportunity to post comments or reviews in a public forum. If you decide to submit information on these pages, that information may be publicly available.
  • Service Providers. Pursuant to a suitable contract, we may share your information with service providers. Among other things, service providers may help us to administer our website, conduct surveys, and provide technical support.
  • Legal Claims. If we are involved in defending a legal claim, we may disclose personal information about you that is relevant to the claim to third parties as a result of, or in connection with, the associated legal proceedings.
  • Courts, Regulators, and Competent Authorities. We may share personal information with law enforcement and regulatory authorities or other third parties as required or permitted by law for the purpose of: (a) responding to a subpoena, court order, or other legal processes; (b) defending, protecting, or enforcing our rights; (c) assisting in the event of an emergency; and (d) complying with applicable law.

When we share data with our contractors and service providers, we do so under suitable contractual conditions of confidence, including security safeguards. 

We are required to disclose the categories of personal information we share under California law; to see the categories, refer to California Privacy Law Appendix.   

We share non-personal information with third parties as reasonably necessary to meet our business needs.

Your Privacy Rights & Choices Regarding Your Personal Information

The following rights and choices are available to you, but some exceptions may apply based on the lawful processing ground/condition and/or our reason for processing your personal information and applicable privacy laws in your jurisdiction. Depending on the above, you may have the right to:

  • Access Your Personal Information. You may request that we send you or another organization or person a copy of your personal information held by us.
  • Change/Correct Your Personal Information. We rely on you to ensure that the personal information you provide to us is up to date. You may request us to correct or modify your personal information where it is inaccurate or incomplete at any time. Note that we may keep historical information in our backup files as permitted by applicable law.
  • Delete Your Personal Information. You may request information about how long we keep a specific type of information or request that we delete your personal information. Note that in many situations, we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our legitimate business purposes, which could include honoring your wish not to be re-contacted with Direct Marketing.
  • Object to Certain Processing. You may, under certain circumstances, object to our use or disclosure of your personal information, including for the purposes of Direct Marketing.
  • Withdraw Your Consent. You may withdraw your Consent at any time or for any reason where such processing is based upon your Consent (e.g., Pre-Screening). If you withdraw your Consent for the processing of personal information, then we may no longer be able to provide you with the Services specifically related to the Consent you have withdrawn.
  • Restrict Certain Processing / Limit Use of Sensitive Personal Information. You may, under certain circumstances, request that we restrict processing of your personal information or limit the use of sensitive personal information.
  • Text Messages. If you receive an automated text message from us, you can opt-out of receiving future text messages by replying “STOP” at any time.
  • Promotional Emails. You may choose to provide us with your email address for the purpose of Direct Marketing, allowing us to send free newsletters, surveys, offers, and other promotional materials to you. You can stop receiving promotional emails by following the unsubscribe instructions in emails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications. 

You also have the right not to be subject to discriminatory treatment for exercising the above privacy rights. 

To submit requests or questions, or designate an authorized agent to make a request, please contact us via our online webform, or send an email to privacyinquiry@lightship.com, or call or write to our US or UK privacy team using the contact information below. 

Please note that, as required by law and for your protection, we will need to verify your identity before we are able to fulfil your information rights request. Depending on your request, we will ask you to validate existing information that we already have on file for you to ensure we are confident about your identity. We may also use two factor authentication techniques to do this. Following successful verification, we will fulfill your request to the extent necessary under applicable law and within applicable legal timelines. 

In some circumstances, you may designate an authorized agent or representative to submit requests to exercise your privacy rights on your behalf. We will require the authorized agent or representative to verify that they have been authorized to make this request on your behalf by presenting a copy of the signed permission. This should be submitted at the time of issuing the request to us. Without this information, the request may be denied. 

California residents under 18 years of age, in certain circumstances, may request and obtain removal of personal information or content that you have posted on our Services. Please be mindful that this would not ensure complete removal of the content posted by you on our Services. To submit a request, please contact us using the contact information below. 

How We Protect Personal Information

We use a number of physical, technical, and organizational security measures in an attempt to safeguard data against any unauthorized access, disclosure, or loss and evaluate these measures on an ongoing basis. However, no method of transmission over the internet or use of electronic storage is fully secure; therefore, we do not guarantee that your data will be 100% secure from theft, loss, or unauthorized access.  

In the event that we are required by law to inform you of a security incident, we may notify you electronically, in writing, or by telephone, if permitted to do so by law. 

Some of our websites permit you to create an account. When you do, you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether such access or use has been authorized by you. If you have reason to believe that your interaction with us is no longer secure (for example, if your account password has been compromised), please notify us immediately using the contact information below.

Miscellaneous

The following additional information relates to our privacy practices:

  • Transmission Of Your Personal Information Outside of Your Home Country. Your personal information may be transferred to, stored, accessed from, and/or processed outside of the country where we collect it from you. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect personal information that we transfer in line with this Privacy Policy, requiring that our business partners or service providers adhere to this Privacy Policy and the applicable privacy regulations in your home country. We have put in place appropriate measures to protect your personal information when transferred, such as data transfer agreements and other contractual commitments or technical and organizational measures, which ensure legally appropriate safeguards. For more information on the measures that we use when transferring your personal information outside of your home country, please contact us using the details below.
  • Retention Of Your Personal Information. Typically, we retain your personal information for an appropriate period given the nature of our interaction with you and in line with our records retention policy, unless a longer retention period is required or permitted by law.
  • Children’s Privacy. We seek to collect the information necessary to provide our Services solely from parents or legal guardians to the extent required by law. We do not knowingly collect personal information directly from children or other persons who are under 16 years of age. Individuals who are children or those under the age of 16 should not attempt to provide us with any personal information. If you think we have received personal information from children or those under the age of 16 without a parent or legal guardian’s permission, please contact us immediately.
  • Changes To This Privacy Policy. We have the right to change our Privacy Policy and practices from time to time by posting the changes here. To the extent that our Privacy Policy changes in a material way, the policy that was in place at the time that you submitted, or we collected your personal information will generally continue to govern that information, unless we have your Consent to the new Privacy Policy, where relevant. If your Consent is not necessary, the new version of the policy will apply from the date stated. If we choose to amend this Privacy Policy, we will revise the “Last Updated” date at the top of this Privacy Policy when we post the updated version. We may also provide you with notice by prominently posting on our website, via email or both, if we make any significant changes to this Privacy Policy. 
  • Consent as the applicable law requires/permits means either: (a) an explicit, specific, informed, freely given unambiguous indication of your agreement to our processing of your personal information; or (b) an indication of your acceptance, following the provision of transparency information and a refusal to exercise your opt-out right (sometimes referred to as “implied consent”).
  • Legitimate Interests means our interest in conducting and managing our business to enable us to give our clients and individuals the best service, the most opportunity to take part in healthcare initiatives, and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests by undertaking an assessment. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your Consent or are otherwise required or permitted to by law to process your personal information). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting the relevant privacy team (contact details below).
  • Performance of a Contract means processing your personal information where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering such a contract.
  • Comply with a Legal Obligation means processing your personal information where it is necessary for us to comply with a legal obligation.

Contact Information

If you have any questions, comments, or complaints concerning our privacy practices, please contact us at the appropriate address below. We will respond to your requests and provide you with any necessary additional privacy-related information. 

US Team:
privacyinquiry@lightship.com
+1-855-544-4820
Lightship, Inc.
222 Pacific Coast Highway 10th Floor 
El Segundo, CA 90245

UK Team:
privacyinquiry@lightship.com
0808-189-0937
Lightship Clinical Research Limited
Acre House, 11/15 William Road
London
NW1 3ER
United Kingdom

If you are in the UK and are not satisfied with our response, you have a right to lodge a complaint with the Information Commissioner’s Office.

California Privacy Law Appendix

In accordance with California law, please see the chart below to learn more about the categories of personal information we collect, how we collect it, why it is collected, with whom we share the information, and how long we retain it. For further information on the specific context in which we use each category of data, please see the ‘Types of Personal Information We Collect & For What Purposes’ section above.