Sunrise Trials (BrightFire) Privacy Policy

Last Updated Date: March 15, 2023

I. GENERAL

BrightFire and its group entities ("BrightFire", "we", or "us") offer services to match consumers with clinical trials, health-related products, and other relevant offers (the "Services"). This Privacy Policy sets out how we use and protect your Personal Information and your rights and choices with regard to that information. This Privacy Policy applies to Personal Information collected by or on behalf of BrightFire, including information collected through our website: https://www.sunrisetrials.com and mobile versions of our website (collectively "the Site") or anywhere else we display this Privacy Policy. It also applies to information collected by or through our Services, which may include by phone, text message, email, the Site or other communication mechanisms.

To the extent you are a parent, guardian, caretaker or other authorized representative of another individual (such as a minor) and register for the Services on that person's behalf, you represent that you are legally authorized to take such actions and to disclose the individual's Personal Information. In such case, statements in this Privacy Policy directed to registered users of the Services apply to the person whose Personal Information you provided.

By visiting the Site or using the Services, you accept and consent to the terms of our Privacy Policy in effect at the time of your visit or use.

II. WHAT WE MEAN BY "PERSONAL INFORMATION"

For purposes of this Privacy Policy, "Personal Information" means information that directly or indirectly identifies you or can be used to identify you as an individual.

III. WHAT PERSONAL INFORMATION DO WE COLLECT?

(1) Information You Provide to Us

When you use the Site or otherwise communicate or interact with us through the Services, we collect information that you provide to us directly. For example, we collect information in the following circumstances: when you contact us when you register for and engage with our Services; and when you otherwise communicate with us. Occasionally, you may choose whether or not to provide or disclose Personal Information in connection with your use of the Services. If you choose not to provide the Personal Information we request, you may still visit and use parts of the Site, but may be unable to access or use certain features, options, programs, and services of the Site. In addition, as we need certain Personal Information for the performance of the Services, the consequence of not providing such information might be that the Services cannot be provided as requested.

The Personal Information you provide to us may include the following:

 

The business or commercial purpose for which it is collected is for our operational purposes and performing services you request. When applicable, we will obtain your consent or authorization before accessing such information, in accordance with applicable law.

 

In addition, where you decide to participate in a clinical trial, then any information you provide as a participant in that trial is subject to the informed consent form that you complete.

(2) Information Collected Automatically

Certain information is collected automatically on the Site by means of various software tools. We have a legitimate interest in using such information to assist in log-in, systems administration purposes, information security and abuse prevention, to track user trends, and to analyze the effectiveness of the Site. Alone or in combination with other information, such automatically collected information may constitute Personal Information. Some of our service providers (described in Section V., below) may use cookies or other methods to gather information regarding your use of the Site and to track your activities over time and across sites to provide advertising services to us.

 

Type of Cookies

Description

Managing Settings

Required cookies

Required cookies enable you to navigate the Site and use its features, such as accessing secure areas of the Site and using our services. If you have chosen to identify yourself to us, we use cookies containing encrypted information to allow us to uniquely identify you. Each time you log into our Site, a cookie containing an encrypted, unique identifier that is tied to your account is placed on your browser. These cookies allow us to uniquely identify you when you are logged into the Site and to process your online transactions and requests.

Because required cookies are essential to operate the Site, there is no option to opt out of these cookies.

Performance cookies

These cookies collect information about how you use our Site, including which pages you go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies you. Information is only used to improve how the Site functions and performs. From time-to-time, we may engage service providers to track and analyze usage and volume statistical information relating to individuals who visit the Site. We may also utilize Flash cookies for these purposes.

To learn how to opt out of performance cookies using your browser settings, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.

Functionality cookies

Functionality cookies allow our Site to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features. These cookies also enable you to optimize your use of the Site after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. We may use local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on the Site to personalize your visit.

To learn how to opt out of functionality cookies using your browser settings, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.

Targeting or Advertising cookies

From time-to-time, we may engage service providers to track and analyze usage and volume statistical information from individuals who visit the Site. We sometimes use cookies delivered by service providers to track the performance of our advertisements. For example, these cookies remember which browsers have visited the Site. By way of example, as you browse the Site, advertising cookies may be placed on your computer so that we can understand what you are interested in. Our advertising partners then enable us to present you with advertising on other sites based on your previous interaction with the Site. Service providers, with whom we partner to provide certain features on the Site or to display advertising based upon your web browsing activity, use Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored.

To learn more about these and other advertising networks and their opt out instructions, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.

 

(3) Do-Not-Track Signals

Some browsers have a "Do-Not-Track" feature that lets you tell websites that you do not want to have your online activities tracked. When you choose to turn on the Do-Not-Track setting in your browser, your browser sends a signal to websites, analytics companies, ad networks, plug-in providers, and other web services that you may encounter while browsing the Internet, instructing them to stop tracking your activity via cookies or other online tracking technologies. While we continue to evaluate this evolving technology to implement such capabilities, the Site does not currently respond to browser based Do-Not-Track signals. For information regarding Do-Not-Track and how to enable this setting if available on your devices, please see https://allaboutdnt.com.

(4) Information Received from Third Parties

We may also obtain data from third-party sources such as a registrant's authorized representative or guardian, our customers or vendors such as data providers.

IV. PURPOSES FOR OUR COLLECTION AND USE OF PERSONAL INFORMATION

(1) General Uses

We may use Personal Information obtained through the Services in the following ways:

(2) Registered Users

If you register for our Services, BrightFire uses algorithms that enforce criteria to select the Services most suitable to you, which is the service that you (as the data subject) request from BrightFire. Use of our Services is voluntary and when you choose to participate and disclose your information to us, you also provide your explicit consent, which is freely given and can be withdrawn at any time by contacting us through the contact details further below.

In order to safeguard your rights and freedoms and legitimate interests, you have the right to obtain human intervention on the part of BrightFire, to express your point of view and to contest the decision.

V. WHO DO WE SHARE INFORMATION WITH?

We may disclose your personal information, combined personal, demographic, behavioral or indirect information to third parties, as set forth below.

(1) We may share your information with third parties who help us in the delivery of our own products and services to you. We disclose information to companies and individuals we employ to perform functions on our behalf. Examples include hosting our web servers, analyzing data, providing marketing assistance and providing customer service. These companies and individuals may be located in a country whose data protection legislation is different from your country, and they will have access to your personal information as necessary to perform their functions, but they may not share that information with any other third party or use that data for any other purpose. We will remain the data controller and be responsible for any information shared in this way.

(2) We may disclose such information to third parties if you consent to such disclosure. Our website contains links to third parties and other sources of information. If you follow links to another page, they may be provided with access to your information. If you indicate that you would like to receive information about the opportunities, products or services of third parties, we supply your contact information to select third parties such as clinical trial recruiting companies, healthcare service providers, data aggregators, marketers or others for the purpose of sending you e-mail or otherwise communicating with you. We use data we have about you (such as the interests and preferences you have expressed) to determine whether you might be interested in the opportunities, products or services of a particular third party. Any information that you provide to another site after leaving our website would be managed by their linked site and their Privacy Policy.

We also share aggregated anonymous information about visitors to the Sites with clients, partners, other Site visitors, and other third parties so that they can understand the kinds of visitors to the Sites and how those visitors use the Sites. We may also aggregate on an anonymous basis data regarding demographics, location or health conditions.

(3) We disclose information if legally required to do so, if requested to do so by a governmental entity or if we believe in good faith – after considering your privacy interests and other factors – that such action is necessary to: (a) conform to legal requirements or comply with legal process; (b) protect our rights or property or our affiliated companies; (c) prevent a crime or protect national security; or (d) protect the personal safety of users or the public. Because BrightFire is a US company and information collected on our Sites is stored in whole or in part in the United States, your information may become subject to U.S. law.

(4) We may disclose and transfer such information to a third party who acquires all or a substantial portion of BrightFire's business, whether such acquisition is by way of merger, consolidation or purchase of all or a substantial portion of our assets.

Again, in each of these situations, the recipients of your data may potentially be located in any country in the world. If you are a resident in any EU member state, for example, you must be aware that the EU authorities do not generally consider that the regulations of non-EU countries ensure an adequate or equivalent level of protection as compared to the EU data protection regulations.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

VI. COMMUNICATION PREFERENCES

Once you register for our Services, if you have opted in to certain communications, you may be contacted at the phone number you provide including wireless number (if provided), by a representative of BrightFire (Short Code ____) or its database administrator. You may opt out of these calls or texts at any time by sending an email to privacy@brightfire.net. If you would like to stop receiving text messages, you may text STOP in reply to any messages that you receive.

With your consent (unless otherwise permitted by applicable law) we use the Personal Information you provide us to send you information on our products and Services and other information based on the interests that you have indicated to us. You have the right to opt out of getting those messages. If you do not wish to receive these messages, click the unsubscribe link in your email. Please note that these selections are not permanent; they may be changed in the event you register for other Services or communications and consent to receive marketing messages. Please also note that even if you unsubscribe from commercial email messages, we may still email you non-marketing emails related to your account or the Services for which you have registered. You may also email us at privacy@brightfire.net for assistance.

VII. THIRD-PARTY PRACTICES

The Site may contain links to other sites, which are not owned or operated by us. We provide such links only as a convenience, and the inclusion of a link on the Site does not imply our endorsement of the linked site. Other sites may also reference or link to our Site. If you provide any Personal Information through a third-party website, your transaction will occur on such third party's website (not our Site) and the Personal Information you provide will be collected by, and controlled by the privacy policy of, that third party. We are not responsible for the privacy practices or the content of such third-party websites, including such websites' use of any Personal Information that you provide to them.

VIII. NOTICE TO CALIFORNIA RESIDENTS

The information in this section applies to residents of California. Please contact us at privacy@brightfire.net if you have any questions about this Privacy Policy, including this section specific to California residents, or if you would like a printed copy of this Privacy Policy. You may also print a copy of this Privacy Policy by selecting the "Print" button in your web browser.

(1) How We Collect and Use Personal Information

In accordance with the California Consumer Privacy Act of 2018 ("CCPA"), as amended by the California Privacy Rights Act (“CPRA”), this section describes the Personal Information we collected about California residents in the last 12 months, the sources of that information, our business or commercial purposes for collecting the information, and the third parties with whom we shared that information.

We collected the information listed in the table below from the following sources: directly from you, your authorized personal representative, or from third parties (such as medical providers or other entities you have authorized to share your Personal Information with us).

In some cases, we may share your information with our service providers or contractors that help us operate our business such as data storage or IT providers. We may also share your information with third parties, such as when required by law, to provide information or services you request, and pursuant to you consent or authorization.

For purposes of this Privacy Policy, when we use the term “third party,” we mean entities that are not service providers or contractors providing services on our behalf and that are not entities with whom you interact directly.

The categories of third parties with whom we may share your Personal Information for business purposes include: law enforcement or other governmental authorities or agencies, and clinical trial investigators and sites when applicable to your engagement with our services.

In the last 12 months, we have collected and, disclosed for a business purpose each of the categories of Personal Information noted in the table below, to the categories of recipients listed. We do not share your personal information for cross-context behavioral advertising or sell your personal information for monetary or other consideration and have not done so in the last 12 months.

Category of Personal Information

Categories of Recipients to Whom Personal Information Is Disclosed for Business Purposes

Identifiers, such as name, email address and other information.

Service providers and contractors, law enforcement, governmental authorities or agencies, clinical trial investigators and sites or their staff and agents

California Customer Records (Cal. Civ. Code § 1798.80(e)), such as birthdate and Payment Information.

Service providers and contractors, law enforcement, governmental authorities or agencies, clinical trial investigators and sites or their staff and agents

Protected Classification Characteristics, such as age, ethnicity and gender.

Service providers and contractors, law enforcement, governmental authorities or agencies, clinical trial investigators and sites or their staff and agents

Commercial Information, such as Shopping History and other information relating to your hobbies, interests and shopping behavior.

Service providers and contractors, law enforcement, governmental authorities or agencies, clinical trial investigators and sites or their staff and agents

Biometric Information, such as behavioral characteristics used to identify you; imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings from which an identifier such as a faceprint can be extracted; keystroke patterns or rhythms; gait patterns or rhythms; and sleep, health or other exercise data that contains identifying information.

Service providers and contractors, law enforcement, governmental authorities or agencies, clinical trial investigators and sites or their staff and agents

Internet/Network Information, such as IP address, Device Information, and Log and Analytics Data.

Service providers and contractors, law enforcement, governmental authorities or agencies, clinical trial investigators and sites or their staff and agents

Geolocation Data, such as Location Information from your device or estimated based on your IP address.

Service providers and contractors, law enforcement, governmental authorities or agencies, clinical trial investigators and sites or their staff and agents

Sensory Information, such as audio, electric, visual, thermal, olfactory, call recordings, or similar information.

Service providers and contractors, law enforcement, governmental authorities or agencies, clinical trial investigators and sites or their staff and agents

Other Personal Information, such as information you post on our Platform or on social media pages, and information you submit to us.

Service providers and contractors, law enforcement, governmental authorities or agencies, clinical trial investigators and sites or their staff and agents

Inferences, such as predictions about your interests and preferences.

Service providers and contractors, law enforcement, governmental authorities or agencies, clinical trial investigators and sites or their staff and agents

Sensitive Personal Information, such as: Social Security number, driver’s license number, state identification car, or passport; account log-in credentials; financial account, debit or credit card number with any required PIN or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; content of mail, email or text messages where we are not the recipient; genetic data; information concerning a consumer’s health, sex life or sexual orientation.

Service providers and contractors, law enforcement, governmental authorities or agencies, clinical trial investigators and sites or their staff and agents

Please refer to the section of this Privacy Policy above titled PURPOSES FOR OUR COLLECTION AND USE OF PERSONAL INFORMATION for descriptions of the business or commercial purposes for which we collected the information.

(2) Your Rights and How to Exercise Them

Under the CCPA, California residents have certain rights with regard to their Personal Information. Those rights may only apply in certain circumstances and may be subject to limitations or exceptions. A summary of those rights is provided below as well as information on how to exercise your rights. Please note that we will require certain identifying information about you as necessary for us to verify your request in accordance with applicable law.

We will not discriminate against you for exercising any of the rights noted above. However, we may offer certain financial incentives, charge reasonable fees related to your requests, or deny your right to know, right to access, or right to deletion in accordance with applicable law.

You can exercise these rights yourself or you can designate an authorized agent to make a request on your behalf. If you would like an authorized agent to submit a request on your behalf, please send us an email at privacy@brightfire.net for instructions and details on proof and information required for use of an authorized agent or select “Authorized Agent” when submitting the online form.

(3) How We Disclose Information

(4) Third-Party Marketing Disclosure

Under California Civil Code § 1798.83, California residents with whom we have a business relationship can request information about the types of personal information, if any, we shared with third parties for the direct marketing purposes of the third parties and the identities of the third parties with whom we shared such information in the immediately preceding 12 months. We do not share your Personal Information with third parties in this manner and have not done so in the last 12 months. You may request more information by contacting us using the contact information at the bottom of this Privacy Policy.

IX. NOTICE TO VIRGINIA RESIDENTS

The information in this section applies to residents of Virginia. This section addresses additional rights to Virginia residents.

(1) How We Collect and Use Personal Information

In accordance with the Virginia Consumer Data Protection Act (“VCDPA”), this section describes the Personal Information we collect about Virginia residents. Please refer to the corresponding sections of this policy above for details on the following:

(2) Your Rights and How to Exercise Them

Under the VCDPA, Virginia residents have certain rights with regard to their Personal Information. Those rights may only apply in certain circumstances and may be subject to limitations or exceptions. A summary of those rights is provided below as well as information on how to exercise your rights. Please note that we will require certain identifying information about you as necessary for us to verify your request in accordance with applicable law.

Right to Know: You have the right to confirm whether or not we process your Personal Information and to access such Personal Information. To exercise this right, please email your request to privacy@brightfire.net and include "Disclosure Request" in the subject line of your message.

Right to Correct: You have the right to request that we correct any inaccurate Personal Information that we maintain about you. To exercise this right, please email your request to privacy@brightfire.net and include “Correction Request” in the subject line of your message.

Right to Delete: You have the right to request us to delete the Personal Information we have collected or maintain about you. Please note that certain exceptions may apply to your right to delete information, such as when we must retain Personal Information as required or permitted by law and we will maintain a copy of your deletion request. We will notify you if any such exceptions apply to your request. To exercise this right, please email your request to privacy@brightfire.net and include "Deletion Request" in the subject line of your message.

Right to Appeal: If we refuse to take action on a request, you have the right to appeal our decision within a reasonable time. To exercise this right, please email your request to privacy@brightfire.net and include “Appeal Request” in the subject line of your message. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation for the decisions.

You can exercise these rights yourself or you can designate an authorized agent to make a request on your behalf. If you would like an authorized agent to submit a request on your behalf, please send us an email at privacy@brightfire.net for instructions and details on proof and information required for use of an authorized agent.

X. INDIVIDUAL RIGHTS - USERS IN THE EEA OR SWITZERLAND

Where we process Personal Information pertaining to individual located in the European Economic Area ("EEA") or Switzerland, those individuals are entitled to ask us for an overview of the Personal Information we have about them and also to access, correct or delete certain Personal Information, restrict processing of their Personal Information, or to ask us to transfer Personal Information to other organizations. Certain individuals can also object to some processing of their Personal Information and, where we have asked for their consent, they can withdraw their consent at any time. Insofar as Personal Information about them is processed, certain individuals also have a right to know more about the protection we apply when transferring Personal Information to areas outside the EEA.

Note that we are not legally obligated to agree to such requests in all circumstances, and in certain circumstances, agreeing to a request may be infeasible - for example, a deletion request when we are required by law to maintain the Personal Information. Please also note that we are not able to act on any of the above requests if we are not in a position to identify an individual filing such request.

Where applicable, these rights can be exercised by sending us an email through the contact details further below. Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning your Personal Information. We encourage you to first reach out to us at privacy@brightfire.net so we have an opportunity to address your concerns directly before you do so. We are committed to compliance with the General Data Protection Regulation ("GDPR") where applicable, so please contact us through the details listed below if you have any questions about these rights.

XI. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

BrightFire is a U.S.-based company with domestic and international business clients. As a result, Personal Information that we collect through the Platforms may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may work with third-party service providers in the U.S. and in other countries to support our business activities. Thus, Personal Information may be transferred to, stored on servers in, and accessed from the U.S. and countries other than the country in which the Personal Information was initially collected. In all such instances, we use, transfer, and disclose Personal Information solely for the purposes described in this Privacy Policy.

XII. TRANSFERS OF PERSONAL INFORMATION FROM THE EEA OR SWITZERLAND TO THE UNITED STATES

In compliance with Privacy Principles, BrightFire commits to resolve complaints about your privacy and our collection or use of Personal Information about you. Persons in the EEA or Switzerland who have inquiries or complaints regarding this Statement should first contact us via email at: privacy@brightfire.net.

These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. Pursuant to the Privacy Shield, BrightFire remains potentially liable for the transfer of Personal Information to third parties acting as our agents unless we can prove we were not a party to the events giving rise to the damages.

In cases of onward transfer to third parties of Personal Information of individuals in the EEA or Switzerland received pursuant to the EU-U.S. and Switzerland-U.S. Privacy Shield, BrightFire is potentially liable.

XIII. DATA RETENTION

We keep Personal Information for as long as it is needed to fulfill the purposes for which it was collected, to provide our Services, to deal with possible legal claims, to comply with our business interests and/or to abide by all applicable laws. If you register for our Services, we keep your Personal Information for ten (10) years from the point of collection. Thereafter, we either delete Personal Information about you or de-identify it. Please note that even if you request the deletion of Personal Information about you, we may be required (by law or otherwise) to retain the Personal Information and not delete it. However, once those requirements are removed, we will delete Personal Information about you in accordance with your request.

XIV. DATA SECURITY

We follow generally accepted industry standards to protect the Personal Information we collect or process through the Platforms. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security.

XV. CHILDREN

The Site is not intended for children under the age of 13. Accordingly, we do not intend to collect Personal Information from anyone we know to be under 13 years of age through the Site. If we become aware that a child under age 13 has provided Personal Information through the Site, we will delete such information from our files.

XVI. CHANGES TO THE PRIVACY POLICY

This Privacy Policy may change from time to time, effective from the date mentioned in the updated version of the Privacy Policy. Please check the Platforms periodically to review such changes in the Privacy Policy. We may email periodic reminders of our agreements and policies in the event of a material change.

XVII. CONTACT US

If you have any questions about this Privacy Policy or about our privacy or data security practices, please contact us or our Data Protection Officer via the following:

E-mail: privacy@brightfire.net
Address: 11401 Century Oaks Terrace Ste 350 Austin, TX 78758