Guardian Research Approach to Privacy

Guardian Research fully recognizes that when we handle information about any individual, we must do so responsibly, with due care to individual privacy, complying with laws on data privacy, complying with laws on data privacy and confidentiality. Accordingly, Guardian Research is committed to safeguarding your privacy. Guardian Research has developed and implemented internal policies, procedures, and training programs designed to support compliance with these laws and this Notice. Our policies,
procedures and training programs are reviewed on a regular basis, and managed by a team of qualified professionals with executive oversight.

This Privacy Notice (“Notice”) describes the main types of Personal Information we process within our organization, how that information is used and disclosed, and our commitments to the individuals whose information we handle.

This Notice explains in general terms how we seek to comply with data privacy laws and regulations as detailed in the Health Insurance Portability and Accountability Act (“HIPPA”), and associated state security breach laws in the United States.

Types of Personal Information Guardian Research Handles and How it is Used

Guardian Research collects basic information including but not limited to: name, title, contact details, including email address and telephone numbers provided by you. Guardian Research needs to collect and use certain information about individuals for the purpose of managing clinical trials and/or for the contacting individuals for future clinical trial opportunities. To enhance privacy, names and other direct identifiers of subjects in clinical trials are not attached to records or samples collected by Guardian Research for research purposes. Trial subjects are only identified by a code. Only study doctors and authorized personnel, including but not limited to Guardian Research monitors and auditors, may access
named subject source records. All clinical and medical information processed by Guardian Research is done so under contract with clinical trial sponsors.

Health Professional Information

Guardian Research analyzes the professional profiles of doctors and other health care providers for the purpose of identifying potential investigators to assist in clinical and medical research on specific indications. Guardian Research will use available contact information, including email addresses, for the purpose of inviting potential investigators to apply to participate in research. For operational purposes, Guardian Research regularly collects information relating to the involvement and performance of
investigators and supporting study staff. Guardian Research also processes financial information of investigators to support payment for services.

Industry Professional Information

In the course of conducting business, Guardian Research interacts with employees, consultants, contractors and other third parties employed or engaged by sponsors of clinical and medical research. Guardian Research records and use the names, contact details and other professional information on these individuals for legitimate business related purposes, including project and financial administration.

Employee and Human Resource Data

Guardian Research collects Personal Data from applicants seeking employment with the organization, including private contact details, professional qualifications, and previous employment history to inform employment decisions. Guardian Research conducts various background checks on applicants, including where law allows on criminal history and professional disbarment. Once employed, Guardian Research collects information on staff for human resource, performance, payroll, and tax purposes. Guardian Research collects and records employee level information in various company systems, consistent with standard business operations. Also, Guardian Research processes similar information relating to
consultants, contractors, and other third parties engaged by Guardian Research to provide products or services to it.

Sensitive Data

Current data protection legislation imposes safeguards for Sensitive Data (for example–tighter obligations around when such information can be collected, and the need for explicit consent when collecting and/or using Sensitive Data). While Guardian Research attempt to minimizing the amount of Sensitive Data that it processes, the organization must process such information in certain circumstances such as when it is obliged by law to do so.

Importantly – We do request that parties associated with Guardian Research (e.g., trial subjects, and trial investigators) not send us or disclose any Sensitive Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through our website or via other unsecure means.

Sharing of Personal Data

Internal and External Disclosures of Personal Data

Personal Data about our users is an integral part of the business of Guardian Research. Personal Data is shared with companies working as agents of Guardian Research, and third parties only on a “need to know” basis to meet stated legitimate business purposes. Guardian Research does not trade or sell Personal Data.

Protection of Guardian Research and Others

Under some circumstances, Guardian Research may be required to disclose your Personal Data (a) under applicable law, (b) to comply with legal process (c) to respond to requests from public and government authorities (d) to enforce our terms and conditions, (e) to protect our operations or those of any of our affiliates, and (f) as part of investigations or for litigation purposes. Companies working as vendors of Guardian Research are required to sign data protection and/or confidentiality agreements whereby they will commit to only process Personal Data consistent with contracted purposes and apply appropriate organizational and technical security safeguards.

Databases

Access to databases and folders containing Personal Data is restricted to appropriate Guardian Research employees, agents, consultants, and service providers with whom Guardian Research contractually requires to maintain the privacy, confidentiality and security of the Personal Data.

Please note that Guardian Research will use and disclose Personal Data without consent where required by law and judicial order.

Data Quality and Record Retention

Data quality and accuracy are fundamentally important principles to Guardian Research. Crucial to the integrity of clinical research is the accuracy of data relating to subjects, particularly where attached to bio-medical samples. Consistent with regulatory requirements, Guardian Research operates a professional quality assurance department. In general, our privacy notices provide individuals easy means of validating, correcting errors and updating information. Guardian Research retains Personal Data in accordance with contractual, legal and regulatory requirements.

Rights to Your Information

Guardian Research ensures that individuals can exercise all relevant informational rights with respect to their Personal Data processed by the organization, including but not limited to the right of access and correction, to withdraw consent at any time, object to data processing, request data deletion, restrict aspects of data processing, and request transmission of personal data in a common digital format (e.g., pdf) to themselves or another organization.

In all other respects, where no overriding interest prevails, Guardian Research will endeavor to allow the following informational rights under this Notice as a matter of good practice: To

• Allow access to copies of Personal Data within a reasonable timeframe;
• Correct Personal Data where inaccurate;
• Allow study investigators to opt out of future solicitations to participate in studies, by contacting Guardian Research;
• Withdraw a previously provided consent to processing of Personal Data.

Information Security

Guardian Research has implemented organizational, technical, and administrative measures in an effort to protect Personal Data within our organization, including security controls that are intended to prevent unauthorized access to our systems (e.g., standard operating policies and procedures, firewalls and restricted access). While Guardian Research takes these reasonable steps to secure Personal Data from loss, misuse, interference and unauthorized access, modification and disclosure, it is important to disclose that no security procedures or protocols are ever guaranteed to be 100 percent secure from intrusion or hacking, and there is therefore always some risk to sharing Personal Data online.

Guardian Research also maintains a comprehensive information security policy that seeks to apply technical and organizational security measures that protect Personal Data, particularly Sensitive Data, against unauthorized access or loss. Consistent with regulatory requirements, Guardian Research also maintains a policy that dictates a procedural response to dealing with any breach of Personal Data.

Legal Status of Notice and Notice Changes

This Notice is not a contract, and it does not create any legal rights or obligations. Guardian Research reserves the right to modify or amend this Notice. Guardian Research regularly assesses and evaluates its methods and performance in relation to handling Personal Data. This Notice is updated on the Guardian Research website as necessary to reflect best practice in data management, security and control.

Questions, Concerns, or Complaints

Your privacy is very important to Guardian Research. If you have any questions, concerns, or complaints regarding the way we collect and handle personal information, please contact us by email at Shayla @guardian-research.com, or by mail at 483 N. Semoran Blvd. Suite 208, Winter Park, Florida 32792. Guardian Research takes any privacy complaint seriously. All privacy complaints are assessed by an appropriate person in a timely and efficient manner.