How
we will use your data to ensure effective engagement with you
The DPS Unify™ mobile application has been developed and is managed by
AstraZeneca UK Ltd, a private limited company registered in England and Wales
under company number 03674842 with registered offices at 1 Francis Crick
Avenue, Cambridge Biomedical Campus, Cambridge, CB2 0AA (“AstraZeneca”)
AstraZeneca will collect and use some of your personal data that we obtain from you and your healthcare professional via the DPS Unify™ mobile application for the purposes of onboarding patients to clinical trials and allow for ways to contact between HCP and Patients when necessary.
The DPS Unify™ mobile application also delivers an optimal clinical trial experience for each individual patient, healthcare professionals and AstraZeneca staff. It will also create a single interface and experience for investigators by aggregating all features and functionality related to site, trial and patient administration/management into one unified platform.
We will use your personal data based on AstraZeneca’s legal requirements that cover the conduct of clinical studies and public interest.
What personal information will be
collected
We
may process the following categories of data which will be provided by you or your healthcare
professional: Personal characteristics (such as date of birth), Personal
Contact Details (such as email address, phone number, preferred language and
country), System User details (such as patient eCode , UserID and password),
information about your participation in clinical trials and non-interventional
studies. Except for your personal contact details, all other personal data will
be coded. We do this replacing your name/contact details with a code. This is
done by the study doctor who keeps the link between your name/ contact details
and the code to ensure your safety and confidentiality.
Coded information cannot directly identify you unless your study doctor provides your name or contact details, where allowed by applicable law. Where requested, permission to use your location is required only to support the Bluetooth pairing of a mobile phone with Unify™ Device(s). The app does not perform any activity in the background with regards to the location usage.
Sharing your information
Only your healthcare professional
and staff working at the hospital and minimum IT support personnel from both
AstraZeneca and its trusted third parties will have access to data that
personally identifies you. Any other parties will only have access to coded
data so that you cannot be personally identified. Your personal
information may be shared with other AstraZeneca group companies
(https://www.astrazeneca.com/global/en/AstraZeneca-Websites.html). We may also
share your personal data with certain third parties, such as: IT providers for
the purposes of operating, administrating, supporting and managing the DPS
Unify™ mobile application, companies that provide services to AstraZeneca to
conduct the clinical studies, organisations which collaborates with AstraZeneca
on the clinical trials, health authorities and ethics committees who supervise
the study, who approve the commercialisation of the drug or who receive the
adverse events reporting, auditors and consultants to verify our compliance with
external and internal requirements; statutory bodies, law enforcement agencies
and litigants, as per a legal reporting requirement or claim; and a successor
or business partner to AstraZeneca or to an AstraZeneca group company in the
event that it sells, divests or sets up a collaboration/joint venture for all
or part of its business.
The use of telehealth in
the DPS Unify™ Application
The DPS Unify™ Application incorporates Zoom Video Communication’s technology
in order to deliver telehealth functionality. In some studies, telehealth
will be used to enable scheduled site visits to be performed virtually with
your study healthcare professional via the DPS Unify™ Application. Your study
healthcare professional will schedule any telehealth visits and you will
receive reminders via your DPS Unify™ Application to let you know when your
visit will be held.
What
DPS Unify™ Application information does Zoom receive?
Zoom does not receive any of your directly identifiable personal information
when used in the DPS Unify™ Application. When using Zoom in the DPS
Unify™ Application for the purpose of providing telehealth medicine,
AstraZeneca is the Data Controller and Zoom is the Data Processor. As
such, AstraZeneca instructs Zoom to collect the following information from the
DPS Unify™ Application on AstraZeneca’s behalf:
- A ‘dummy’ (artificial) email address created by the DPS Unify™ Application which is not linked to any of your personally identifiable information, including your eCode
- The IP address of the mobile phone you have been provided with to be able to participate in the study. This is not the IP address of your personal mobile phone.
- Mobile phone attributes including: operating system version and battery level, WiFi information, and other device information such as Bluetooth signals. This applies only to the mobile phone you have been provided in order to take part in the study and does not include any other mobile phones you may have, including your personal mobile phone.
- The start and end date and time of any scheduled telehealth visit(s) performed via the DPS Unify™ Application
- The duration of any scheduled telehealth visit(s) performed via the DPS Unify™ Application
When using the DPS Unify™ Application, all Zoom functionality in relation to recording, chat, messaging, screen sharing, and file sharing functionality is disabled, and NO CONTENT can be captured or shared by you or your healthcare professional in Zoom at any time during or after scheduled telehealth visits. The live-stream audio and video meeting content of all telehealth visits conducted through the DPS Unify™ Application is subject to end-to-end encryption. Such content is therefore wholly inaccessible to Zoom. Zoom may act as a Data Controller for some of the DPS Unify Application information, as listed in this section, in order to develop and improve the services that they provide to you via the DPS Unify™ Application as described in the Zoom Privacy Notice (“Use of Zoom Video Communication Service”). In this instance, this DPS Unify™ Application information will be further pseudonymized and/or aggregated for this purpose.
About
the Study Participant Feedback Questionnaire
You may have the option to give feedback on your experience of the study, using
the Study Participant Feedback Questionnaire (SPFQ). Your feedback will help us
understand how we can make the experience better for participants within this
study and in future studies. This questionnaire is optional. Completing it will
not affect the care you receive. You can still take part in the main study,
even if you don't want to complete the questionnaire.You will have the option
to give your consent and complete the SPFQ in the DPS Unify™ application.
Feedback will be requested at three timepoints during the study – at the
beginning, middle and end of the study. You will be asked for your consent at
each timepoint. It will take about five minutes to complete the questionnaire
each time. You will be able to rate your experience of the study information,
procedures, visits and the site. You will also be able to rate the impact the
study has on your daily life. You can withdraw your consent to the SPFQ at any
time. If you wish to withdraw, please notify your study doctor. This will not
affect your participation in the main study or the care you receive. We will
ask if we can keep feedback you have already given. If you don't want us to
keep this feedback, it will be deleted or anonymised. Your individual feedback
will not be given to staff at your clinical study site. Your feedback will be
grouped with feedback from other participants and may be shared with the study
site staff. It will not be possible for the site to identify your individual
feedback from this grouped feedback. The site staff can use the feedback to
improve the study experience.
What
will we do with your SPFQ data and how will it be managed?
Your SPFQ feedback will be coded. This means that your name/contact details
will be replaced with a code. The sponsor will keep your coded SPFQ data for
five years after the end of the study. After that it will be deleted or
anonymised. The sponsor will combine your feedback with other study data, such
as age. This will help us better understand the patient experience. The sponsor
may combine your feedback with feedback from other studies. This will help us
improve the patient experience in future studies. The sponsor may share your
anonymised data with research partners or service partners. This will help us
understand the patient experience across different pharmaceutical companies.
The sponsor may publish your anonymised data in scientific journals or use them
for educational purposes.
The use of Home Supply
features in the DPS Unify™ Application
In some studies, a service called Home Supply may be used to enable the
delivery of study supplies directly to your home. Home Supply uses the
DPS Unify™ Application to track and manage your supplies throughout the
study. The DPS Unify™ Application gives you the option of using your
device’s camera to scan your study supplies when you receive them. If you
don’t want to scan your study supplies, you would need to verify the
information manually. To use the supply scanning functionality, the DPS Unify™
Application will ask permission to use the device’s camera to scan the code on
the study supplies package. Whether or not you choose to use the scanning
feature, the DPS Unify™ Application does not use the camera to capture, store
or share images or personal data.
International
Transfers
AstraZeneca
entities and third parties may be based anywhere in the world, which could
include countries that may not offer the same legal protections for personal
data as your country of residence. AstraZeneca will follow local data
protection requirements and its internal global privacy standard and will apply the necessary
safeguards under the applicable law of the country transferring the data for
such transfers. Irrespective of which country your Personal Data is
transferred, we would only share your personal data under a strict ‘need to
know’ basis and under appropriate contractual restrictions (such as AstraZeneca’s
Binding Corporate Rules and EU Standard Contract Clauses or equivalent instruments approved
by the European Commission or by the Supervisory Authority). You are entitled
to receive a copy of AstraZeneca’s Binding Corporate Rules and/or the
AstraZeneca’s EU Standard Contract Clauses upon request by contacting
AstraZeneca on Privacy@astrazeneca.com.
Retaining your
information
Your contact details and other personal data that directly identify you will be
retained in the DPS Unify™ mobile application only as necessary to deliver this
service to you and to comply with applicable laws. If you are in an ongoing
trial this information and your connection to your eCode will be removed a
maximum of 4 weeks after the end of the trial. However, the study site and
AstraZeneca are obliged by law to keep your coded data such as your medication
intake, how you take your medication, response to questionnaires, for a period
of up to 25 years after the end of the study or for as long as it is necessary
in order to satisfy our legitimate business interests, legal obligations, or in
order to establish, exercise or defend legal claims. After that your coded data
will be deleted or anonymized. For more information on AstraZeneca internal
Document Retention policy, you may go to www.astrazenecapersonaldataretention.com
Your rights
You can stop using the app at any time by telling your
healthcare professional and uninstalling the app from your phone. Your profile
and contact details will then be removed but any coded data will be retained as
described under the headline “Retaining your information”. You may contact your
study doctor to request access to the data we hold about you, to correct any
mistakes or to request deletion of the same. If such a request places
AstraZeneca or its affiliates in breach of its obligations under applicable
laws, regulations or codes of practice, then AstraZeneca may not be able to
comply with your request, but you may still be able to request that we block
the use of your personal information for further processing. You may also have
a right to data portability to another Data Controller under certain
circumstances.
How your information will be
protected
AstraZeneca has assigned a Data Protection Officer responsible for overseeing
AstraZeneca’s compliance with EU data protection law, which you may contact at Privacy@astrazeneca.com in case of any
questions or concerns regarding the processing of your personal data. If
AstraZeneca’s processing of your personal data is covered by EU law you may
also lodge a complaint with the corresponding Data Protection Supervisory
Authority in your country of residence. You can find the relevant Supervisory
Authority name and contact details under http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Version 1.5