Introduction

ATTENTION: PLEASE READ CAREFULLY THIS DISCGENICS PRIVACY POLICY ("PRIVACY POLICY"), WHICH IS PART OF THE DISCGENICS TERMS OF USE, BEFORE YOU ACCESS, DOWNLOAD, OR OTHERWISE USE THE SERVICE.

The Service is operated by DiscGenics, Inc., 5940 Harold Gatty Drive, Salt Lake City, UT 84116 ("We," "Us," or "DiscGenics"). This Privacy Policy describes the information collected through Your use of the Service at https://www.dddtrial.com, how We use it, how We share it, how We protect it, and the choices You can make about Your information.

USING THE SERVICE INDICATES THAT YOU ACCEPT AND AGREE TO BE BOUND BY THIS PRIVACY POLICY IN FULL. IF YOU DO NOT ACCEPT THIS PRIVACY POLICY, DO NOT USE THE SERVICE. You acknowledge (a) that You have read and understood this Privacy Policy; and (b) this Privacy Policy shall have the same force and effect as a signed agreement.

This Privacy Policy is part of the DiscGenics Terms of Use ("TOU") for Our website. Any terms defined in the TOU shall have the same meaning in this Privacy Policy.

Important Notice About HIPAA: We are not subject to the federal Health Insurance Portability and Accountability Act ("HIPAA") rules that limit the use and disclosure of Your health information and provide You with certain rights regarding Your health information. Your HIPAA rights and HIPAA's restrictions on the use and disclosure of health information do not apply when You use the Service. However, we have implemented our own privacy protections as described in this Policy.

Summary at a Glance 

What information do we collect?

  • Contact information (name, email, phone, address)

  • Pre-screening health questionnaire responses (kept separate from your identity)

  • Technical information (IP address, device type, browsing activity)

How do we keep health information private?

Your health questionnaire responses are assigned a unique code and stored separately from your contact information. We cannot identify you from your health responses alone.

Who do we share information with?

  • Clinical trial sites (only if you qualify and consent)

  • Service providers helping us operate the website

  • Our website hosting platform (Squarespace)

Your rights:

  • Request access to your information

  • Request deletion of your information

  • Opt out of marketing communications

  • Opt out of data sales/sharing (California residents)

  • Correct inaccurate information

  • See Your Privacy Rights for full details 

Questions?

Contact us at info@discgenics.com

Information We Collect

 A. Information You Provide Directly

Pre-Screening Questionnaire:

When You complete our Pre-Screening Questionnaire, we collect:

  • Health-related information about your condition, symptoms, and medical history

  • Information about previous treatments

  • Demographic information (age range)

Important: This health information is pseudonymized (assigned a unique code) and stored separately from your contact information. See Health Information Separation for details.

Contact Information (if you pre-qualify for the trial):

If you meet preliminary eligibility criteria and choose to be contacted, we collect:

  • Full name

  • Email address

  • Telephone number

  • Zip Code

B. Information We Collect Automatically

When You access and use the Service, we automatically collect:

  • Device Information: Device type, operating system, browser type, unique device identifiers

  • Usage Information: Pages visited, time spent on pages, clickstream data, referral source

  • Location Information: IP address, general geographic location (city/state level)

 C. Information from Third Parties

 We may receive information about You from:

  • Our website hosting platform (Squarespace)

  • Publicly available sources (to verify clinical trial site information)

We may combine all of the information we collect from or about You and use it in the manner described in this Privacy Policy.

How We Use Your Information

We use the information that We collect for the following purposes:

Primary Purposes:

  • Clinical Trial Pre-Screening: To determine if You might be eligible to participate in our clinical trial

  • Trial Recruitment: To connect eligible candidates with participating clinical trial sites

  • Communication: To respond to Your inquiries and provide information You request

  • Service Operation: To provide, maintain, and improve the Service

Secondary Purposes:

  • Research and Analysis: To analyze usage patterns and improve our recruitment methods

  • Marketing: To send You information about the trial, related research, or DiscGenics updates (with your consent)

  • Legal Compliance: To comply with legal obligations and respond to lawful requests

  • Safety and Security: To prevent fraud, abuse, and protect the security of our systems

Analytics and Improvement:

  • To generate reports about user behavior and Service usage patterns

  • To analyze the effectiveness and usability of the Service

  • To personalize and enhance Your experience

  • To compile aggregate data for internal and external business purposes

Legal Bases for Processing (for individuals in jurisdictions requiring this disclosure):

  • Consent: When You provide explicit consent (e.g., for marketing communications)

  • Contractual Necessity: To provide the Service You've requested

  • Legitimate Interests: To improve our Service, prevent fraud, and conduct research (balanced against Your privacy rights)

  • Legal Obligations: To comply with applicable laws and regulations

How Health Information is Separated from Personal Information

Our Pseudonymization Process

We have implemented a strict separation between your health information and your contact information to protect your privacy:

Step 1: You Complete the Questionnaire

When you complete the Pre-Screening Questionnaire, your health responses are immediately assigned a unique pseudonymized identifier code (e.g., "ID-847592-A"). This code contains no information that could identify you.

Step 2: Separate Storage

Your health questionnaire responses are stored in a separate database from your contact information using only the pseudonymized code. At this stage:

  • We can analyze health data to compare and analyze potentially eligible candidates

  • We cannot identify who you are from the health data alone

  • Your contact information and health information are not linked

Step 3: If You Qualify and Choose to Proceed

If you meet preliminary eligibility criteria:

  • You will be asked if you want to be contacted about the trial

  • If you consent, you may provide your contact information

Step 4: Sharing with Clinical Sites

If you consent to be contacted by DiscGenics or a clinical trial site:

  • Only the site(s) that may potentially enroll you receives your contact information

  • This transfer occurs only after you explicitly consent by entering your contact information and clicking subscribe.

  • The clinical trial site becomes responsible for protecting the contact information that DiscGenics provides them (with your permission) and any of your information they collect from you under their own privacy policies and HIPAA.

What This Means for You:

  • Your health information submitted in the questionnaire remains anonymous.

  • We use aggregate, de-identified health data for research and analysis.

  • If you decide not to proceed, your contact information and health information remain permanently separated

How Your Information is Disclosed

We may disclose Your information to third parties as described below. You have choices about some of these disclosures see Your Privacy Rights.

A. Clinical Trial Sites and Healthcare Providers

What We Share: If You qualify for pre-screening and provide consent, we may share Your contact information with participating clinical trial sites and healthcare providers.

Purpose: To allow these sites to contact You directly regarding potential enrollment in the clinical trial.

Your Control: This sharing only occurs with Your explicit consent. You may withdraw consent at any time by contacting us at info@discgenics.com.

Data Protection: We require clinical trial sites to maintain appropriate privacy and security safeguards through written Data Processing Agreements and vendor qualification processes.

B. Service Providers and Business Partners

We use third-party service providers to perform functions in connection with the Service. These providers may have access to Your information only to perform specific tasks on our behalf and are obligated to protect Your information.

Categories of Service Providers:

  • Website Hosting: SquareSpace (hosts our website and analytics)

  • Email Communications: Email marketing platforms for sending updates and information

  • Data Storage: Secure cloud storage providers

  • Website Hosting and Analytics: Squarespace (essential cookies only, with analytics logging disabled)

  • Customer Support: Customer relationship management systems

 Data Processing Agreements: We maintain written agreements with service providers that:

  • Limit their use of Your information to services provided to us

  • Require appropriate security measures

  • Prohibit them from selling Your information

  • Require deletion of Your information when no longer needed

Note: We do not authorize service providers to use Your health-related information for their own direct marketing purposes.

C. Affiliates

We may share Your information with our affiliates (companies under common ownership or control) for purposes consistent with this Privacy Policy. Our affiliates are required to maintain Your information in accordance with this Privacy Policy.

D. Business Transfers 

If We become involved in a merger, acquisition, sale of assets, joint venture, securities offering, bankruptcy, reorganization, liquidation, dissolution, or other transaction or if the ownership of all or substantially all of our business changes, We may transfer Your information to a third party or parties in connection with such transaction. You will be notified via email and/or a prominent notice on our Service of any change in ownership or uses of Your personal information.

E. Legal Requirements and Protection

We may disclose information about You to third parties if We believe that such disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal processes (e.g., subpoenas, court orders)

  • Cooperate with law enforcement, government officials, or regulatory authorities

  • Protect the rights, property, safety, or security of DiscGenics, our users, or the public

  • Investigate, prevent, or take action regarding suspected illegal activities, fraud, or violations of our policies

  • Respond to claims and legal processes

  • Enforce our Terms of Use or other agreements

F. Aggregated and De-Identified Information

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify You with:

  • Research partners and academic institutions

  • Industry partners and collaborators

  • The public (e.g., in published research or reports)

This information does not contain personal information about any individual user.

G. With Your Consent

We may share Your information for purposes not described in this Privacy Policy with Your explicit consent.

Your Privacy Rights

You have the following rights regarding Your personal information:

A. Right to Access

You have the right to request:

  • What personal information we have collected about You

  • The categories of sources from which we collected it

  • Our purposes for collecting and sharing it

  • The categories of third parties with whom we share it

  • Specific pieces of personal information we have about You

How to Exercise: Email info@discgenics.com with the subject line "Access Request"

B. Right to Delete

You have the right to request deletion of Your personal information that we have collected, subject to certain exceptions (e.g., to complete a transaction, comply with legal obligations, or for internal research purposes).

How to Exercise: Email info@discgenics.com with the subject line "Deletion Request"

What Happens: We will delete or de-identify Your personal information from our active databases. Some information may be retained in backup systems for a limited period.

C. Right to Correct

You have the right to request correction of inaccurate personal information we maintain about You.

How to Exercise: Email info@discgenics.com with the subject line "Correction Request" and specify what information is inaccurate.

D. Right to Opt-Out of Sale/Sharing

We do not sell or share Your personal information with third parties for cross-context behavioral advertising or other commercial purposes that would constitute a "sale" or "sharing" under state privacy laws.

If our practices change in the future, you will have the right to opt out of such sales/sharing.

How to Exercise (if applicable in the future):

  • Click "Do Not Sell or Share My Personal Information" link in our website footer

  • Email info@discgenics.com with subject line "Opt-Out Request"

  • Enable the Global Privacy Control (GPC) signal in your browser (we will honor this signal)

E. Right to Limit Use of Sensitive Personal Information

Under certain state laws, You may have the right to limit our use and disclosure of "sensitive personal information" (which includes health information) to only what is necessary to provide the Service.

How to Exercise: Email info@discgenics.com with the subject line "Limit Sensitive Information"

Note: Because we only use health information for clinical trial pre-screening purposes (the service You requested), limiting use may prevent us from providing the Service.

F. Right to Opt-Out of Marketing

You may opt out of receiving marketing communications from us at any time.

How to Exercise (if applicable in the future):

  • Click "Unsubscribe" in any marketing email

  • Email info@discgenics.com with subject line "Marketing Opt-Out"

Note: Even if You opt out of marketing, we may still send You transactional or Service-related communications.

 G. Right to Non-Discrimination

We will not discriminate against You for exercising any of Your privacy rights, including by:

  • Denying goods or services

  • Charging different prices or rates

  • Providing a different level or quality of goods or services

 H. Authorized Agents

You may designate an authorized agent to make privacy requests on Your behalf. We may require:

  • Written proof of the agent's authority

  • Verification of Your identity

  • Direct confirmation from You that You authorized the agent

Processing Your Requests

Response Time: We will respond to verified requests within 45 days (may be extended by an additional 45 days if reasonably necessary).

Verification: To protect Your privacy, we will verify Your identity before processing requests. We may ask for:

  • Information to match against our records

  • A signed declaration under penalty of perjury

  • Additional information for sensitive requests

No Fee: We do not charge a fee to process requests unless they are excessive, repetitive, or manifestly unfounded.

Appeal Rights: If we deny Your request in whole or in part, You may appeal by contacting us at info@discgenics.com within 30 days.

Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files stored on Your device that help websites remember information about Your visit. We use cookies and similar technologies for tracking, analytics, and personalization.

Types of Cookies We Use

Strictly Necessary Cookies:

Essential for the Service to function. These cannot be disabled.

  • Session management

  • Security features

  • Load balancing

We do not use analytics cookies. Our website hosting platform (Squarespace) is configured with analytics logging disabled.

We do not use advertising cookies or third-party tracking for marketing purposes.

Preference Cookies:

Remember Your choices and settings.

  • Language preferences

  • Display settings

Essential Cookies Only

Squarespace Essential Cookies:

Our website is hosted on Squarespace, which uses only essential cookies necessary for the Service to function properly. These cookies enable:

  • Secure sessions and user authentication

  • Basic website functionality (form submissions, navigation)

  • Security features and fraud prevention

  • Load balancing and performance optimization

Squarespace's analytics functionality is disabled on our site. No usage analytics or tracking data is collected beyond what is strictly necessary for the Service to operate.

For more information about Squarespace's privacy practices: https://www.squarespace.com/privacy/

Other Tracking Technologies

Web Beacons: Small graphic images that allow us to monitor usage and deliver cookies. You can disable web beacons by blocking cookies.

Local Storage Objects (Flash Cookies): Data files stored by websites. To manage Flash cookies: http://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html

Session Cookies: Temporary cookies that expire when You close Your browser.

Persistent Cookies: Remain on Your device until they expire or You delete them.

Your Cookie Choices 

Browser Controls:

You can set Your browser to refuse all cookies or alert You when cookies are being sent. However, some parts of the Service may not function properly without cookies.

Cookie Preference Center:

Our cookie banner informs you that we use only essential cookies necessary for the Service to function. These cookies cannot be disabled as they are required for basic website operations.

Global Privacy Control (GPC):

Because we do not use advertising cookies or sell/share personal information for marketing purposes, GPC signals do not affect our cookie usage. However, we honor GPC signals for data sharing preferences:

  • We will not share Your personal information with third parties for advertising or marketing purposes

  • We will limit use of Your information to only what is necessary to provide the Service

Do Not Track:

Some browsers have a "Do Not Track" feature. While our Service does not respond to Do Not Track signals, we honor GPC signals as described above.

Cross-Site Tracking

We do not use third-party advertising or tracking technologies that follow you across websites. Our website uses only essential cookies from Squarespace that are necessary for the Service to function.

Security

Our Security Measures 

We implement industry-standard security measures to protect Your information, including:

Technical Safeguards:

  • Encryption: Data encrypted in transit using TLS 1.2 or higher

  • Encryption at Rest: Sensitive data encrypted when stored

  • Secure Authentication: Password policies and multi-factor authentication for employee access

  • Network Security: Firewalls, intrusion detection, and DDoS protection

  • Access Controls: Role-based access limiting who can view Your information

Organizational Safeguards:

  • Employee Training: Regular privacy and security training

  • Background Checks: For employees with access to personal information

  • Confidentiality Agreements: All employees and contractors sign confidentiality agreements

  • Vendor Management: Due diligence and ongoing monitoring of service providers

  • Incident Response Plan: Procedures for detecting and responding to security incidents

Physical Safeguards:

  • Secure data center facilities with controlled access

  • Environmental controls and backup power systems

Security Limitations

While We take commercially reasonable measures to protect Your information, please understand that:

  • No system is 100% secure. No Internet, email, or mobile application transmission is ever fully secure or error free.

  • Shared Responsibility: You are responsible for maintaining the confidentiality of Your account credentials.

  • Email Security: Email or other messages sent through the Service may not be secure. Use caution when deciding what information to provide.

  • Third-Party Security: We cannot guarantee the security practices of third parties (including clinical trial sites after information is shared).

We implement reasonable security measures, but cannot guarantee absolute security. If You believe Your information has been compromised, contact us immediately at info@discgenics.com.

Breach Notification

In the event of a data breach involving Your personal information, we will:

  • Investigate the incident promptly

  • Notify affected individuals as required by law (typically within 72 hours of discovery)

  • Notify relevant regulatory authorities

  • Provide information about the breach and steps You can take to protect yourself

  • Take measures to prevent future incidents

Data Storage Location

Your information is stored and processed in the United States. If You access our Service from outside the United States, You consent to the transfer of Your data to the United States.

Data centers used for storage meet industry standards for security and are certified under relevant frameworks (e.g., SOC 2, ISO 27001).

Data Retention

How Long We Keep Your Information

 We retain Your information for different periods depending on the type of information and purpose:

Pre-Screening Questionnaire Responses (Pseudonymized Health Data):

- Active Recruitment Period: Throughout the clinical trial recruitment period

- De-Identified Research Data: Up to 25 years in de-identified form for research and regulatory purposes

- If You Don't Qualify: Pseudonymized responses retained for research purposes; no contact information retained

Contact Information:

- If You Qualify and Consent: Retained for 5 years after last contact or until You request deletion

- Marketing Lists: Retained until You unsubscribe, then deleted within 30 days

Communications Records:

- Email correspondence and support tickets: 3 years

- Phone call records (metadata only): 1 year

Technical and Usage Data:

- Server logs and IP addresses: 12 months

- Analytics data: Retained in aggregate/anonymized form indefinitely

- Cookie data: According to cookie expiration settings (typically 30 days to 2 years)

Legal and Compliance Records:

- Records required for legal compliance: As required by law (typically 7 years minimum)

- Litigation holds: Until legal matter is resolved

Deletion and De-Identification

When retention periods expire or You request deletion:

  • Active Deletion: Personal information is deleted from active systems within 30 days

  • Backup Systems: Information in backup systems is deleted or overwritten according to backup retention cycles (typically within 90 days)

  • De-Identification: Health data may be retained in de-identified form for research purposes

  • Legal Exceptions: We may retain information as required by law, to resolve disputes, prevent fraud, or enforce our agreements

Changing or Deleting Your Information

To request deletion or update Your information before the standard retention period expires, see Your Privacy Rights

International Data Transfers

Primary Data Location 

Your information is primarily stored and processed in the United States. 

Service Scope

This Service is designed for individuals in the United States who may be eligible to participate in clinical trials conducted at US-basedsites. While our website is accessible from other countries, our clinical trials are currently only recruiting US residents.

Transfers Outside Your Country

If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. By using the Service, you acknowledge and consent to this transfer. The United States may not have the same data protection laws as your country. We implement reasonable security measures to protect your information (see our Security section above), but we cannot guarantee the same level of protection required in all jurisdictions.

For European Visitors

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please be aware that:

  • The United States does not have an adequacy decision from the European Commission

  • Your data protection rights under GDPR may be limited when your data is processed in the US

  • You may have the right to lodge a complaint with your local data protection authority

We recommend that EEA/UK/Swiss residents carefully consider whether to provide personal information through this Service. 

For questions about international transfers, contact us at info@discgenics.com

Children's Privacy

Age Restriction

The Service is intended for adults 18 years of age or older who may be eligible to participate in clinical trials. We do not knowingly collect personal information from individuals under 18 years of age. 

If We Learn of Collection from Minors

If You are under 18 years of age, please do not:

  • Use the Service

  • Submit any information through the Service

  • Complete the Pre-Screening Questionnaire

If we discover that we have inadvertently collected information from someone under 18, we will:

  • Delete that information immediately from our systems

  • Not use the information for any purpose

  • Not disclose the information to third parties

Parental Notice

 If You believe we may have collected information from someone under 18, please contact us immediately at info@discgenics.com with the subject line "Minor Privacy Concern."

Third-Party Links

Links to Other Websites and Applications

This Privacy Policy applies only to our Service. The Service may contain links to other websites, applications, or services that we do not own or operate, including:

  • Clinical trial site websites

  • Partner organizations

  • Social media platforms

  • Informational resources

  • Research articles

We Are Not Responsible for Third-Party Practices

The links from the Service do not imply that we endorse or have reviewed these third-party sites. We have no control over and assume no responsibility for:

  • The privacy practices of third-party sites

  • The content of third-party sites

  • The security of information You provide to third parties

Review Third-Party Privacy Policies

The policies and procedures we describe in this Privacy Policy do not apply to third-party websites or applications. We encourage You to:

  • Review the privacy policy of each website You visit

  • Understand how third parties collect and use Your information

  • Make informed decisions about what information to provide

Clinical Trial Sites 

If we share Your information with a clinical trial site with Your consent:

  • That site becomes responsible for protecting Your information

  • The site's own privacy policy and, once You enroll, HIPAA protections will apply

  • We recommend reviewing the site's privacy practices before enrollment

Feedback Welcome

We welcome feedback about linked websites and applications. Contact us at info@discgenics.com if You have concerns.

Changes to This Policy

Right to Modify

We reserve the right to update or modify this Privacy Policy at any time to reflect:

  • Changes in our practices

  • Changes in applicable laws

  • New features or services

  • User feedback

Notice of Changes

Material Changes:

If we make material changes that significantly affect Your privacy rights, we will notify You by:

  • Email (if we have Your email address)

  • Prominent notice on the Service

  • Updated "Last Updated" date at the top of this Policy

We will provide notice at least 30 days before material changes take effect.

Non-Material Changes:

For non-material changes (e.g., clarifications, formatting), we will update the "Last Updated" date and may not provide additional notice.

Your Acceptance of Changes

BY CONTINUING TO USE THE SERVICE AFTER CHANGES BECOME EFFECTIVE, YOU AGREE TO BE BOUND BY THE REVISED PRIVACY POLICY.

If You do not agree to the changes, You must stop using the Service and may request deletion of Your information.

Review Regularly 

We encourage You to review this Privacy Policy periodically to stay informed about how we protect Your information.

Version History 

We maintain a version history of this Privacy Policy. To request previous versions, contact info@discgenics.com.

Contact Us 

Privacy Questions and Requests

For questions about this Privacy Policy or to exercise Your privacy rights, please contact us:

Email: info@discgenics.com (preferred method)

Mail: DiscGenics, Inc.

Attention: Privacy Office

5940 Harold Gatty Drive

Salt Lake City, UT 84116

Subject Line Guidance:

  • General questions: "Privacy Inquiry"

  • Access requests: "Access Request"

  • Deletion requests: "Deletion Request"

  • Correction requests: "Correction Request"

  • Opt-out requests: "Opt-Out Request"

  • Security concerns: "Security Concern"

 Data Protection Officer (DPO)

For residents of the European Economic Area, UK, or Switzerland:

Email: info@discgenics.com

Mail: DiscGenics, Inc.

Attention: Data Protection Officer

5940 Harold Gatty Drive

Salt Lake City, UT 84116

Response Time

We will respond to Your inquiries within:

  • Privacy rights requests: 45 days (may be extended by additional 45 days if necessary)

  • General inquiries: 10 business days

  • Security incidents: 24-72 hours

Regulatory Authorities

If You are not satisfied with our response to Your privacy concerns, You may have the right to lodge a complaint with Your local data protection authority.

For California Residents:

California Attorney General's Office

Privacy Enforcement

Email: privacy@oag.ca.gov

Phone: (916) 210-6276

For EEA/UK Residents:

Contact Your national data protection authority. A list is available at: https://edpb.europa.eu/about-edpb/board/members_en

State-Specific Privacy Rights

California Residents (CCPA/CPRA)

If You are a California resident, You have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know (Detailed Disclosure):

In the past 12 months, we have collected the following categories of personal information.  Please see previous sections in this document for more information about how we use the information, how it health information is kept separate from personal information, and how information is shared with third parties.

Categories of Sources:

  • Directly from You (questionnaire, contact forms)

  • Automatically from Your device (cookies, analytics)

  • From third-party analytics providers

Sale and Sharing:

We do not sell or share Your personal information with third parties for advertising purposes.

We do not sell or share the personal information of consumers we know are under 18 years of age.

Retention:

See Data Retention for specific retention periods.

Shine the Light:

Under California Civil Code Section 1798.83, California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes.

To make a request, email info@discgenics.com with subject line "California Shine the Light Request."

Financial Incentives:

We do not offer financial incentives for collection, sale, or deletion of personal information.

Virginia, Colorado, Connecticut, Utah, Indiana, Kentucky, Rhode Island, and Montana Residents

If You are a resident of these states, You have rights under Your state's privacy law, including:

  • Right to confirm whether we process Your personal data

  • Right to access Your personal data

  • Right to correct inaccuracies in Your personal data

  • Right to delete Your personal data

  • Right to obtain a copy of Your personal data (data portability)

  • Right to opt out of:

    • Targeted advertising

    • Sale of personal data

    • Profiling in furtherance of decisions with legal or similarly significant effects

How to Exercise Rights:

See Your Privacy Rights for contact information and procedures.

Appeals:

If we deny Your request, You may appeal by contacting info@discgenics.com within 30 days. We will respond to appeals within 60 days.

If we deny Your appeal, You may contact Your state Attorney General to submit a complaint.

Nevada Residents

Nevada residents have the right to opt out of the sale of certain pieces of their personal information to third parties who will resell or license that information.

We do not currently sell Your personal information as defined under Nevada law. If our practices change, we will update this Privacy Policy and provide You with the opportunity to opt out.

To opt out preemptively, email info@discgenics.com with subject line "Nevada Opt-Out Request."

Other States

If Your state has enacted comprehensive privacy legislation, You may have additional rights. Please contact us at info@discgenics.com to learn about rights specific to Your state.

Additional Information

Automated Decision-Making

We may use automated processing (including algorithms and analytics) to:

  • Determine preliminary eligibility for clinical trials based on questionnaire responses

  • Personalize website content

You have the right to:

  • Be informed about the logic involved in automated decision-making

  • Contest decisions made solely by automated means

  • Request human review of automated decisions

 

Contact info@discgenics.com for more information about our automated processing practices.

Joint Controllers

For certain processing activities (such as sharing information with clinical trial sites), DiscGenics and the clinical trial site may act as joint controllers. In such cases:

  • Both parties are responsible for complying with data protection laws

  • You may exercise Your rights with either party

  • We have agreements defining each party's responsibilities

Updates for Emerging Laws

We monitor privacy legislation and will update this Policy to comply with new laws as they take effect. Current effective laws include:

  • California (CCPA/CPRA)

  • Virginia (VCDPA)

  • Colorado (CPA)

  • Connecticut (CTDPA)

  • Utah (UCPA)

  • Indiana (ICDPA)

  • Kentucky (KYSPA)

  • Rhode Island (RIDPA)

  • Montana (MCDPA)

Version History:

- Version 2.0 - February 1, 2026: Comprehensive update for 2026 privacy law compliance (CCPA/CPRA, state privacy laws), added GDPR elements, detailed health information separation process, enhanced consumer rights, cookie consent improvements, security enhancements, and state-specific provisions

- Version 1.0 - July 12, 2019: Initial version