- For Researchers
- For Biospecimen Contributors
- For Patients
- Human Biospecimens
iSpecimen is not responsible for content and privacy practices of any third-parties.
For purposes of this Policy:
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
“EU” means the European Union and Iceland, Liechtenstein and Norway.
“Governing Regulations” means the US Privacy Act of 1974 and the EU’s General Data Protection Regulations (GDPR).
“Identifiable Information” means information in which a user can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
“Personal Data” means any identifiable information received by iSpecimen regarding a natural person .
“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.
“Sensitive Data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data.
“Services” means the use of any iSpecimen website or software product.
“User” means a natural person who has agreed to use iSpecimen’s Services.
As a Data Controller, iSpecimen collects Personal Data directly from Users or indirectly from third parties Controllers. Personal data is collected directly from Users when, for example, a biomedical researcher or specimen contributor visits iSpecimen’s website or Marketplace. Personal data is collected indirectly when, for example, iSpecimen obtains a list of trade show attendees from a trade organization or marketing affiliate.
iSpecimen may also directly obtain and use Personal Data independent of its Services, including, but not limited to, surveys, focus groups, market research, inbound and outbound Consumer communications and education, etc.
The types of Personal Data iSpecimen iSpecimen collects may include:
iSpecimen may use this personal data for purposes such as:
Additionally, iSpecimen may aggregate personal data in a general way and use it in a de-identified fashion, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, Users will not be personally identifiable.
iSpecimen, along with the service providers that help the company provide the Services, use small text files called cookies, which are small computer files sent to or accessed from a Consumer’s web browser or computer’s or tablet’s hard drive that contain information about the computer, such as a user ID, user settings, browsing history and activities conducted while using the Services. Cookies are not themselves personally identifiable, but may be linked to Personal Data that is provided to the company through interaction with the Services. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier.
Cookies help iSpecimen improve the Services by tracking Consumers’ navigation habits and storing their passwords, customizing their experience with the Services; enabling the company to analyze technical and navigational information about the Services; and helping to detect and prevent fraud.
iSpecimen also uses other cookies and other data collection tools (such as web beacons and server logs), collectively refer to as “data collection tools,” to help improve Consumers’ experience with the Services.
The Services also may use data collection tools to collect information from the device used to access the Services, such as operating system type, browser type, domain and other system settings, as well as the operating system used and the country and time zone in which the computer or device is located.
Web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to manage and delete cookies, visit www.allaboutcookies.org. Some web browsers (including some mobile web browsers) provide settings that allow a user to reject cookies or to alert a user when a cookie is placed on the user’s computer, tablet or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the Services.
For non-Service based activities involving collection of Personal Data, iSpecimen will seek explicit informed consent prior to the collection, which will include the opportunity to review this policy.
iSpecimen is not responsible for the practices, privacy policies, or compliance generally of any of its partners or collaborators.
iSpecimen does not sell products or provide services for purchase by minors, nor do we market to minors. Should the company become aware that Personal Data is from a minor, the Personal Data will be expunged.
iSpecimen generally does not use Personal Data for purposes that are materially different from the purposes for which the information was originally or subsequently authorized by the Data Subject. Should iSpecimen wish alter the use of the Personal Data, iSpecimen will offer Data Subjects the opportunity to choose whether their data may be used in this fashion. Additionally, iSpecimen limits the Personal Data it collects to that which is relevant for the purposes for which the information was originally or subsequently authorized by the Data Subject.
iSpecimen may share Personal Data to third-party Processors. With respect to third-party Processors, iSpecimen (a) enters into a contract with each relevant Processor, (b) transfers Personal Data to each such Processor only for limited and specified purposes, (c) ascertains that the Processor is obligated to provide the Personal Data with at least the same level of privacy protection as is required by the Governing Regulations, (d) takes reasonable and appropriate steps to ensure that the Processor effectively processes the Personal Data in a manner consistent with iSpecimen’s obligations under the Governing Regulations (e) requires the Processor to notify iSpecimen if the Processor determines that it can no longer meet its obligation to provide the same level of protection as is required by the Governing Regulations, (f) upon notice, including under (e) above, takes reasonable and appropriate steps to stop and remediate unauthorized processing of the Personal Data by the Processor.
iSpecimen may share Personal Data with its affiliates and subsidiaries. iSpecimen may disclose Personal Data without offering an opportunity to opt out, and may be required to disclose the Personal Data, (a) to third-party Processors the company has retained to perform services on its behalf and pursuant to its instructions, (b) if it is required to do so by law or legal process, or (c) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. iSpecimen also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).
iSpecimen will not share or disclose any of your Personal Data with third-party Controllers except as described in this policy. iSpecimen does not sell your Personal Data. We do not share Personal Data about you with third-party Controllers for their marketing purposes (including direct marketing purposes) without your permission.
Except as permitted or required by applicable law, iSpecimen provides Data Subjects with an opportunity to opt out of sharing their Personal Data with third-party Controllers.
iSpecimen may continue to retain and process Personal Data until a Data Subject withdraws consent or it can be reasonably assumed that consent no longer exists. Data Subjects may withdraw consent at any time by instructing iSpecimen at firstname.lastname@example.org. However, if upon doing so, Data Subjects may not be able to use the company’s website or other services further.
iSpecimen takes reasonable steps to ensure that the Personal Data the company processes is accurate, complete and current. This generally includes the right to request access, rectification, erasure or restriction, and data portability. Where appropriate, iSpecimen provides reasonable access to the Personal Data iSpecimen maintains. iSpecimen also provides a reasonable opportunity to correct, amend or delete Personal Data where it is inaccurate or has been processed in a purported violation of law, as appropriate. iSpecimen may limit or deny access to Personal Data where the burden or expense of providing access would be disproportionate to the privacy risks in the case in question, or where the rights of persons other than natural person would be violated.
A natural person may request access to their Personal Data by contacting iSpecimen as indicated in this Policy.
iSepcimen offers a global service. Personal Data are generally collected, processed, and stored in the United States. However, we may also use outsourced services in other countries from time to time. The United States, European Economic Area (“EEA”) Member States, and other countries all have different laws and requirements. If personal data is moved from one country to the next, the laws and requirements that protect personal data in the country to which personal data is transferred may be different from those in the originating country. For example, the circumstances in which law enforcement can access personal data may vary from country to country. In particular, if personal information is in the US, it may be accessed by government authorities in accordance with US law.
To the extent that iSpecimen is deemed to transfer personal data outside of the EEA, we rely separately, alternatively, and independently on the following legal bases:
Informed Consent: iSpecimen may obtain personal data outside the use of its Services. In this circumstance, iSpecimen or the person or the entity providing the information will have obtained the personal data with explicit informed consent, or under another lawful basis, that includes the possible transfer to other entities, such as iSpecimen, and to other jurisdictions that may offer different legal protections.
iSpecimen takes reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.
iSpecimen has mechanisms in place designed to effect compliance with the Governing Regulations. iSpecimen conducts a regular self-assessment of its Personal Data practices to verify that the attestations and assertions iSpecimen makes about its privacy practices are true and that iSpecimen’s privacy practices have been implemented as represented and in accordance with the Governing Regulations.
To ask questions or express concerns about iSpecimen’s collection, management and processing of Personal Data, or questions or concerns about this Policy or other Privacy Policies as may exist, Data Subjects may contact us using the contacts listed below.
450 Bedford Street
Lexington, MA 02420 USA