Contact UsCareers
Top bar
WHO WE ARE
  • OUR MISSION
  • MEET OUR TEAM
    •  PIPELINE
  • OUR APPROACH
  • GAMMA SECRETASE INHIBITORS (GSIs)
  • INVESTIGATIONAL THERAPIES: AL101 & AL102
    •  CLINICAL TRIALS
  • CLINICAL PRIVACY NOTICE
    • MEDICAL PROFESSIONALS PATIENTS & CAREGIVERS
  • SCIENCE EXPLAINED
  • PARTICIPATING IN CLINICAL TRIALS
  • EXPANDED ACCESS POLICY
  • PATIENT RESOURCES
    •  INVESTORS & MEDIA
  • NEWS RELEASES
  • EVENTS & PRESENTATIONS
  • FINANCIAL INFORMATION
  • STOCK INFORMATION
  • CORPORATE GOVERNANCE
  • RESOURCES
    •

    Clinical Trials

    Clinical trials privacy notice (EN)

    bottom-line

    Ayala Pharmaceuticals, Inc. Clinical Trial Privacy Notice

    Effective on: 20 April 2023

    Ayala Pharmaceuticals, Inc. (“Ayala”, “we”, “us”, “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously. This Privacy Notice (this “Notice”) describes how we use your Personal Data we may receive, either directly from you, or from third parties, in connection with the clinical trials (a “Trial” or the “Trials”) we sponsor. This Notice is applicable to you if you are a Trial patient or Trial personnel at one of our Trial sites (individually and together, “you,” “your”).

     

    This Notice explains in general terms our commitment to comply with data privacy laws and regulations, including but not limited to the Protection of Privacy Law, 5741-1987 of Israel, the Taiwanese Personal Data Protection Act 2015, the Australian Privacy Act 1988, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the European General Data Protection Regulation (GDPR), the General Data Protection Regulation of the United Kingdom (UK GDPR), and the Health Insurance Portability and Accountability Act (“HIPAA”) of the United States.

     

    This Notice does not apply to Personal Data we collect by other means, like Personal Data that we receive directly through our public website located at www.ayalapharma.com. For more information about how we process Personal Data about other types of people, please see our general Privacy Policy. This Notice does not apply to Personal Data of Ayala employees.

     

    Important note: Nothing in this Notice is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.

    Controllership

    Within the scope of this Notice, Ayala acts as a data controller for the Personal Data we collect, use and process (“process”). This means that we determine the purposes and the means of the processing of Personal Data.

     

    However, we do not have direct access to Trial patients’ identifiable Personal Data, meaning that we are typically unable to directly identify Trial patients. Your Personal Data is collected by the clinical research organization (CRO) assisting us with the Trial, the Trial site (the doctor’s office, clinic, hospital, or other healthcare facility where the Trial is being conducted), or other third parties, such as your primary care doctors. When any information relating to Trial patients is shared with us, it will be key-coded (also known as “pseudonymized”) so that you will not be identified by any direct personal identifier.

     

    There may be other organizations that jointly control the processing of your Personal Data in conjunction with us. If you would like to know more about the other data controllers that jointly determine the purposes for which we process your Personal Data, and the means by which we do so, you may ask your Trial doctor or the Trial site for further details, specific to the Trial you participate in.

    Basis of Processing

    Before, during, and after each Trial, we will process your Personal Data for various purposes. In each case, we will rely on an appropriate lawful basis for processing your Personal Data. We will only process your sensitive Personal Data (like health and genetic data) when allowed by law.

     

    Trial participants:

     

    We process your Personal Data for safety and reliability purposes in order to comply with our legal obligations.

     

    We process your Personal Data for scientific research purposes based on our legitimate interest in conducting clinical trials and performing valuable scientific and medical research.

     

    If we process your Personal Data for other purposes after the end of a Trial, we will do so based on your consent or our legitimate interest in conducting further research.

     

    Ayala will need to process data about your health in order for you to participate in a Trial. Health data is considered sensitive Personal Data (also known as a “special category” of Personal Data) and special rules apply to working with it. When we process special categories of your Personal Data, we only do so when the processing is necessary for reasons of public interest in the area of public health. Those reasons include making sure our drugs are safe and effective, and conducting our Trials safely. We also process your sensitive Personal Data based on your explicit consent.

     

    The specific grounds on which we process your Personal Data, including your health data, may vary somewhat from the above in order to comply with the requirements of applicable local laws in jurisdictions where we sponsor Trials. If you are a patient in an Ayala Trial, please refer to the informed consent form you signed for more information about the legal grounds on which we process your Personal Data. If there is any conflict between any provision in this Notice and any provision in the informed consent form you signed in connection with your participation in a clinical trial we sponsor, the informed consent form shall supersede the conflicting provision in this Notice.

     

    Trial personnel:

     

    Ayala may process the Personal Data of Trial personnel based on our legitimate interests in facilitating the operation of our business and conducting Trials, making informed investigator selection decisions, and improving our principal investigator and Trial staff recruiting and contracting processes.

     

    We also process Personal Data because it is necessary for the performance of the contracts between Ayala and Trial sites, including by enabling us to communicate with you and other principal investigators about the performance of the relevant Trial.

     

    Ayala may process Personal Data of Trial personnel in order to comply with applicable laws and regulations, including clinical trial regulations requiring us and those acting on our behalf to collect Personal Data from individuals who participate in the conduct of a Trial.

     

    Personal Data may also be processed based on your consent.

    How We Receive Personal Data

    We receive your Personal Data when:

    • you visit one of our Trial-specific websites or online portals;
    • you provide it to us, the CRO, or a Trial site directly when you complete a pre-screening questionnaire on one of our Trial-specific websites;
    • you provide it to us, the CRO, or a Trial site when you participate in a Trial;
    • your doctors or healthcare providers provide it to us; or
    • you provide it to us in your role as Trial personnel in the context of assisting in the operation of a Trial.

    Categories Of Personal Data

    Ayala itself will have access to the following types of Personal Data about Trial patients:

    • health care information, such as the identity and contact information of your doctors and health care providers;
    • health information, such as your medical background, history, and reaction to the Trial drug; and your genetic information.

     

    Ayala may collect and process the following types of Personal Data about Trial personnel:

    • personal details of Trial personnel, such as their name, age, gender and contact details;
    • professional details of Trial personnel, such as their place of practice, job title, the medical field in which they are active, professional qualifications and scientific activities; and
    • professional financial details of Trial personnel, such as payment-related information.

     

    Ayala’s service providers, including the CRO,  will have access to and process the following types of your Personal Data:

    • basic identifying information, such as your first and last name;
    • contact information;
    • location information, such as the location of your testing site and Trial location; and
    • identifiers and device information, such as IP address and associated location, operating system, and device IDs when you visit a Trial-specific website.

    Purposes Of Processing

    We will process Trial patients Personal Data for the purposes of:

    • determining your eligibility for a Trial;
    • conducting the Trials;
    • ensuring that each Trial drug is safe and reliable; and
    • conducting related scientific and medical research.

     

    We also process the Personal Data of Trial patients for the specific purposes described in the Trial information provided to Trial patients by the Trial site.

     

    We will process Trial personnel Personal Data for the purposes of:

    • managing our relationship with Trial personnel;
    • contacting Trial personnel for planning and organizing the Trials;
    • conducting the Trials; and
    • complying with applicable laws and regulations.

    Automated Individual Decision-Making

    If you participate in a Trial, you will be assigned a unique patient identification number. Depending on the Trial you participate in, this number may be used as part of an automatic process that randomly determines if you will receive the experimental drug substance or treatment that is being evaluated in the Trial, or if you will receive a different treatment. This type of automated decision-making is required in order to ensure that the Trial is conducted in an ethical way, and in accordance with good clinical practice standards.

    Data Retention

    Ayala will keep your Personal Data until we fulfill the purposes listed above, or for as long as required by applicable law.

     

    Our Trials are long-term. We use them to track the effects of test medications using information collected from Trial participants like you. This means we will need to keep your Personal Data for a long time. However, in order to protect your privacy, the information of every Trial participant is “key-coded” before we enter it into the studies and reports. This means that we replace identifying information like your name and contact information with a code number.

     

    To the maximum extent permitted by law, once your data has been key-coded and recorded in official Trial documents, we cannot remove it without affecting the accuracy of the studies and test results. For example, European law requires us to keep Personal Data that is part of the clinical trial master file for at least twenty-five years after the conclusion of the applicable Trial. Other laws may require different retention periods. This includes your identity and health information and any adverse effects of the drug you took during the Trial.

    Sharing Personal Data With Third Parties

    We will share your Personal Data with service providers who process Personal Data on our behalf and who agree to use your Personal Data only to assist us in conducting our Trials or as required by applicable law.

     

    Our service providers provide:

    • Clinical research (CRO) services;
    • Payment processing services;
    • Lab services;
    • Drug safety services;
    • Medical writing services;
    • Project management services; and
    • General consulting services.

     

    We will also share your Personal Data with other third parties involved in the Trials. Some of these third parties are data controllers in their own right. These third parties include clinical sites like hospitals and medical offices, and public government agencies and may be located in other countries. Therefore, your Personal Data may be processed outside your jurisdiction and in countries not subject to an adequacy decision by the European Commission or your local legislature and/or regulator, and that may not provide for the same level of data protection as your jurisdiction.

     

    We ensure that the recipient of your Personal Data offers an adequate level of protection, for instance, by entering into appropriate data protection agreements and if required, the European Commission-approved standard contractual data protection clauses.

    Other Disclosure Of Your Personal Data

    We may disclose your Personal Data:

    • to the extent necessary, to regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
    • if, in the future, we sell or transfer, or we consider selling or transferring,  part or all of our company, business, shares or assets to a third party, we will disclose your Personal Data to such third party (whether actual or potential) in connection with the foregoing events; or
    • in the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your Personal Data in connection with the foregoing events; and/or
    • if necessary, to our group companies for business purposes, as described above.
    • If you want to receive the list of the current recipients of your Personal Data, please make your request by contacting us at privacy@ayalapharma.com.

     

    If we have to disclose your Personal Data to a government or law enforcement authority, we may not be able to ensure that those officials will protect your Personal Data.

    Cookies

    A “cookie” is a small file stored on your device that contains information about your device. We may use cookies on our Trial-specific websites. For more information about the cookies we use, please refer to the cookie policy located in the footer of the website relevant to your specific Trial.

    Data Integrity & Security

    We have put in place technical, administrative, and physical measures that are designed to help protect your Personal Data from being accessed, disclosed, altered, or destroyed by unauthorized people. These measures include the use of measures like key-coding and encryption, where appropriate.

    Your Rights

    If we process your or your child’s Personal Data, you will have the right to request access to (or to update or correct) that Personal Data. You may also have the right to ask that we limit our processing of your Personal Data, as well as the right to object to our processing of your Personal Data. You may also have the right to data portability, which means that you may have the right to ask us to provide you with a copy of your Personal Data that another company like Ayala can process.

     

    If HIPAA applies to you, you also have the right to request or receive confidential communications from us by alternative means or at a different address and the right to receive a copy of this Notice.

     

    To submit these requests or raise any other questions, please contact us by using the information in the “Contact Us” section below.

     

    You may also have the right to lodge a complaint with a data protection regulator in your applicable jurisdiction. If HIPAA applies to you, you also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services.

    Data About Children

    We obtain parental or legal guardian consent before processing Personal Data about children.

    Changes To This Notice

    If we change this Notice, we will provide you with a copy of the revised Notice or update the web page you read it on. We will also update the “Effective” date.

    Contact Us

    If you have any questions about this Notice or our processing of your Personal Data, please contact our Data Protection Officer (DPO) at the contact information provided below. Our DPO will respond to you as soon as possible, but no later than 4 weeks after you contact us.

    Data Protection Officer

    We have appointed VeraSafe as our DPO. Please contact VeraSafe on matters related to our use of your Personal Data. VeraSafe’s contact details are:

     

    VeraSafe

    100 M Street S.E., Suite 600

    Washington, D.C. 20003

    Email: experts@verasafe.com

    Web: https://www.verasafe.com/about-verasafe/contact-us/

    European Union Representative

    We have also appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, please contact VeraSafe on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +420 228 881 031.

     

    VeraSafe can also be contacted at:

    VeraSafe Netherlands BV

    Keizersgracht 391 A

    1016 EJ Amsterdam

    The Netherlands

    		  

     

     

     

    United Kingdom Representative

    We have also appointed VeraSafe as our representative in the United Kingdom (UK). While you may also contact us, please contact VeraSafe on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 45322003.

     

    VeraSafe can also be contacted at:

    VeraSafe United Kingdom Ltd.

    37 Albert Embankment

    London SE1 7TL

    United Kingdom