Sign InSign Up

Terms of Use

PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING OUR SERVICES

These terms tell you the rules for using our website www.anovaevidence.com and www.anovaos.com (“AnovaOS”), our mobile applications and the Anova Platform (collectively, the “Services”) .

  1. DEFINITIONS

Authorised Users:  those employees of the Research Site or a Sponsor who are authorised by the Research Site or the Sponsor to use the Services in accordance with these terms;

Confidential Information: any information that is proprietary or confidential and is clearly labelled as such.

Platform:  the online platform at www.anovaos.com allowing research sites to connect and share information with Sponsors and other individuals and organizations, to facilitate participation in a Sponsor study, and provided by Anova as part of the Services.

Research Site: means a clinical organisation conducting clinical trials and compassionate use programs and registered with the Platform and/or the Services.

Research Site Data: the data input by a Research Site, for the purpose of using the Platform and which is accessed by the Sponsor’s and other individuals and organizations through use of the Services.

Sponsor: a biopharmaceutical company, medical device manufacturer or a physician or academic centre or similar organisation including its employees, agents and contractors which has entered into a Sponsor agreement with Anova in connection with the Services.

  1. WHO WE ARE AND HOW TO CONTACT US  

www.anovaevidence.com is a website and www.anovaos.com is a Platform operated by Anova Enterprise, Inc. (“Anova” or “we”, “us” “our”). We are registered as a corporation in the State of Delaware, U.S. and have our registered office at 926 N. Beverly Ln, Arlington Heights, IL 60004.

To contact us, please email info.us@anovaevidence.com

  1. BY USING OUR SERVICES YOU ACCEPT THESE TERMS  
  • By using our Services, you confirm that you accept these terms of use and that you agree to comply with them.
  • If you do not agree to these terms, you must not use our Services.
  • We recommend that you print a copy of these terms for future reference.
  1. THERE ARE OTHER TERMS THAT MAY APPLY TO YOU

These terms of use refer to the following additional terms, which also apply to your use of our Services:

  • Our Privacy Policy Privacy Policy – Anova See further under How we may use your personal information.
  • Our Cookie Policy Cookie Policy – Anova which sets out information about the cookies on our Services.
  • Subscription Agreement. If you are a Sponsor and purchase a subscription for use of our Platform and/or Services, the terms of our Subscription Agreement will apply.  If there is a conflict between the terms of your Subscription Agreement and these terms and conditions, then the Subscription Agreement will take priority.
  1. WE MAY MAKE CHANGES TO THESE TERMS
  • We have the right to and will amend these terms from time to time. Every time you wish to use our Services, please check these terms to ensure you understand the terms that apply at that time.
  • These terms were most recently updated on 01 July 2025.
  1. WE MAY MAKE CHANGES TO OUR SERVICES
  • We may update and change our Services from time to time to reflect changes to our products and services, our users’ needs and our business priorities.
  1. WE MAY SUSPEND OR WITHDRAW OUR SERVICES
  • We do not guarantee that our Services, or any content on them, will always be available or be uninterrupted or provided to users at any kind of service levels. We may suspend or withdraw or restrict the availability of all or any part of our Services for any reason.
  • You are responsible for ensuring that all persons who access our Services through your internet connection are aware of these terms of use and other applicable terms and conditions, and that they comply with them.
  1. YOU MUST KEEP YOUR ACCOUNT DETAILS SAFE
  • Where you are provided with, a user identification code, password or any other piece of information as part of our security procedures, you must treat such information as confidential. You must not disclose it to any third party.
  • We have the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in our reasonable opinion you have failed to comply with any of the provisions of these terms of use.
  • If you know or suspect that anyone other than you knows your user identification code or password, you must promptly notify us at our contact information provided above, and change your username, password immediately.
  1. HOW YOU MAY USE MATERIAL ON OUR SERVICES
  • We are the owner or the licensee of all intellectual property rights in our Platform and Services, and in the material published on them, other than any materials that you upload to the Platform or the via the Services (“your content”). Those works are protected by intellectual laws and treaties around the world. All such rights are reserved.
  • Any content you upload to our Platform or via our Services will be considered non-confidential and non-proprietary. You warrant that you own all rights in your content or otherwise have (and will continue to have) all rights and permissions to legally use, share, transfer and license your content to Anova (including users of our Platform and the Services) in the manner required under these terms and that our use of your content will not infringe or violate any third party intellectual property rights. You agree to: (i) grant Anova a worldwide, irrevocable, non-exclusive, royalty-free, licence and transferable license to display, use, distribute and publish your content and (ii) grant each user of the Platform and the Services a non-exclusive license to access your content through our Platform and Services free of charge. Furthermore, You agree to defend, indemnify and hold harmless Anova against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with a breach of your obligations and warranty in the preceding paragraph above.
  • You may print off one copy, and may download extracts, of any page(s) from our Platform or via the Services for your personal use and you may draw the attention of others within your organisation to content posted on our Platform or via the Services.
  • You must not modify the paper or digital copies of any materials you have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or audio sequences or any graphics separately from any accompanying text.
  • Our status (and that of any identified contributors) as the authors of content (other than your content) on our Platform and the Services must always be acknowledged.
  1. MARKETING
  • You acknowledge that by registering to use the Platform,  you authorise Anova to disclose your use of AnovaOS for marketing purposes. Anova will not represent itself as your agent in any way.
  1. RELIANCE AND USE OF INFORMATION ON THIS PLATFORM AND SERVICES
  • The content on our Platform and Services is provided for general information purposes only, it is in no way intended to constitute medical advice or replace medical care. It is not intended to amount to advice on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our Platform or via our Services.
  • Although we make reasonable efforts to update the information on our Platform or via our Services, we make no representations, warranties or guarantees, whether express or implied, that the content on our Platform or our Services is accurate, complete or up to date.
  1. WE ARE NOT RESPONSIBLE FOR WEBSITES WE LINK TO
  • Where our Services contain links to other sites and resources provided by third parties, these links are provided for your information only. Such links should not be interpreted as approval by us of those linked websites or information you may obtain from them.
  • We have no control over the contents of those sites or resources.
  1. HOW TO COMPLAIN ABOUT CONTENT UPLOADED BY OTHER USERS
  • If you wish to complain about content uploaded by other users please contact us on our contact information provided above.
  1. OUR RESPONSIBILITY FOR LOSS OR DAMAGE
  • We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors and for fraud or fraudulent misrepresentation.
  • Different limitations and exclusions of liability will apply to liability arising as a result of the supply of paid for services, which will be set out in our subscription agreement for Sponsors.
  • The Platform and Services are provided “as is” and we exclude all implied conditions, warranties, representations or other terms that may apply to our Platform and/or Services or any content on them.
  • We will not be liable to you for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with:
    • use of, or inability to use, our Platform and/or Services; or
    • use of or reliance on any content displayed on our Platform and/or Services.
  • In particular, we will not be liable for:
    • loss of profits, sales, business, or revenue;
    • business interruption;
    • loss of anticipated savings;
    • loss of business opportunity, goodwill or reputation; or
    • any indirect or consequential loss or damage.
  1. HOW WE USE PERSONAL INFORMATION
  • Where we are a controller of personal data contained in business contact information provided by you, we will only use that personal data in accordance with our Privacy Policy available at www.anovaevidence.com/privacy-policy.
  • Other than the personal data referred to in clause 14.1, if we process any personal data on your behalf, we shall act as processor, and you shall be the controller of such personal data for the purpose of data protection legislation. Such processing will be subject to our data processing terms, as set out in Schedule 1. This includes any patient personal data (including special category data) that you upload to our Platform and/or Services.
  • In the event that you wish to share personal data with a third party via the Platform and/or Services you are responsible for ensuring that you have in place appropriate data sharing arrangements in place between you and the relevant third party. Unless you and the relevant third party agree otherwise, the data sharing terms in Schedule 2 (“Data Sharing Terms”) shall govern any such data sharing and you agree that they form a separate binding agreement between you and the relevant third party.
  1. ADDITIONAL TERMS FOR SPONSORS
  • If you sign up to our Platform and/or Services as a Sponsor the additional terms contained in this clause 15 shall apply to you. You will be required to agree to our subscription agreement and will subsequently be granted access to use our Platform and/or Services subject to the terms contained therein.
  • As a Sponsor, you may upload content and contact information of other users (such as research sites) and upload your own content and information in accordance with the terms of our subscription agreement. You acknowledge and agree that Anova shall not be responsible for the accuracy or use of any such content or information provided by you or third parties.
  • You acknowledge and agree that your use of our Platform and/or Services will comply with your obligations under our subscription agreement and that Anova’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection our Platform and/or Services shall be limited to the limits and caps set under the applicable subscription agreement.
  • Any arrangements entered into between you as a Sponsor and any research sites shall be a direct relationship, you shall be solely responsible for choosing to enter into such relationship and Anova disclaims all responsibility and liability arising out of or in connection with such relationship.
  • You assume sole responsibility for the information and results obtained from the use of our Platform and/or Services and for conclusions drawn from such use, including your selection of research sites. Anova shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts that you rely on or any actions taken by you including your selection of research sites.
  1. ADDITIONAL TERMS FOR RESEARCH SITES
  • If you sign up to our Platform and/or Services as a research site (a clinical organisation conducting trials including its employees, agents and contractors) the additional terms contained in this clause 16shall apply to you.
  • As a research site, you may upload content and contact information and you shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of such content. You warrant that you own or have the necessary authority, licenses, rights, consents, and permissions to upload such content and authorise Anova and other third parties to use such content.
  • You assume sole responsibility for the information and results obtained from the use of our Platform and/or Services and for conclusions drawn from such use, including your selection of Sponsors. Anova shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts that you rely on or any actions taken by you including your selection of Sponsors.
  • Any arrangements entered into between you as a research sites and any Sponsors shall be a direct relationship and you shall be solely responsible for choosing to enter into such relationship and Anova disclaims all responsibility and liability arising out of or in connection with such relationship.
  • Anova does not warrant that: (i) your use of our Platform and/or Services will be uninterrupted or error-free; (ii) that our Platform and/or Services and/or the information obtained by you through our Platform and/or Services will meet your requirements; (iii) our Platform and/or Services will be free from viruses or vulnerabilities.
  • Anova is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and you acknowledge that our Platform and/or Services may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
  • You acknowledge and agree that Anova reserves the right, without liability or prejudice to its other rights, to disable your access to any material that breaches these terms.
  • You shall own all right, title and interest in and to all of the Research Site Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Research Site Data. You acknowledge that the Sponsor owns all right, title and interest in and to all of the Sponsor Data and you are hereby provided with a non-exclusive, non-transferrable, royalty free licence to use the Sponsor Data solely for the purposes of using the Services and any other activities approved by the applicable Sponsor. You hereby grant to Anova a royalty-free, non-exclusive, non-transferable, perpetual, irrevocable licence to use the Research Site Data for the purpose of providing the Services and its other internal business purposes.  You agree that Anova may anonymise the Research Site Data and create its own database containing such anonymised data. Anova shall own all right, title and interest in such database.
  • Anova shall follow its archiving procedures for Research Site Data as set out in its back-up policy available from Anova, as such document may be amended by Anova in its sole discretion from time to time. In the event of any loss or damage to Research Site Data, the Research Site’s sole and exclusive remedy against Anova shall be for Anova to use reasonable commercial endeavours to restore the lost or damaged Research Site Data from the latest back-up of such Research Site Data maintained by Anova in accordance with the archiving procedure described in such back-up policy. Anova shall not be responsible for any loss, destruction, alteration or disclosure of Research Site Data caused by any third party (except those third parties sub-contracted by Anova to perform services related to Research Site Data maintenance and back-up.
  • If the Research Site receives Sponsor Data that is personal data in connection with this agreement, then the Research Site and the Sponsor shall be separate controllers of this personal data and you hereby undertakes to Anova and the Research Site to comply with the applicable data protection legislation in respect of such personal data.
  1. UPLOADING CONTENT TO OUR SERVICES
  • The Services may include information and materials uploaded by other users, including special category data and contact information. This information and these materials have not been verified or approved by us. Any views expressed by other users on our Platform and/or Services do not represent our views or values.
  • Whenever you make use of a feature that allows you to upload content to via our Services, or to make contact with other users of our Services, you must comply with the content standards set out in the section below, ‘Acceptable Use of Our Platform’.
  • You warrant that any such contribution complies with acceptable use requirements set out in clause 19 and any content standards notified to you from time to time by Anova, and you will be liable to us and indemnify us for any breach of that warranty..
  • We also have the right to disclose your identity to any third party who is claiming that any content posted or uploaded by you to our Services constitutes a violation of their intellectual property rights, or of their right to privacy.
  • We have the right to remove any posting you make via our Services if, in our opinion, your post does not comply with the content standards set out in these terms.
  • You are solely responsible for securing and backing up your content.
  1. CONFIDENTIALITY
  • A party to these terms (for the purposes of this clause, the “Receiving Party”) may receive or be given access to Confidential Information of the other party or another user of the Platform and/or Services (for the purposes of this clause, the “Disclosing Party”) in order to use or provide the Services. A party’s Confidential Information shall not be deemed to include information that:
    • is or becomes publicly known other than through any act or omission of the receiving party;
    • was in the other party’s lawful possession before the disclosure;
    • is lawfully disclosed to the receiving party by a third party without restriction on disclosure; or
    • is independently developed by the receiving party, which independent development can be shown by written evidence.
    • is required to be disclosed by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that where disclosure is required under this sub-clause and the Receiving Party is legally permitted to do so, it shall provide the Disclosing Party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given, the Receiving Party shall take into account the reasonable requests of the Disclosing Party in relation to the content of such disclosure.
  • The Receiving Party shall hold Disclosing Party’s Confidential Information in confidence and not make such Confidential Information available to any third party, or use the other’s Confidential Information for any purpose other than the use of the intended use of the Services.
  • The Receiving Party shall take all reasonable steps to ensure that the Disclosing Party’s Confidential Information received through the Platform and/or the Services is not disclosed or distributed by its employees or agents in violation of the terms of these Terms & Conditions.
  • You acknowledge that details of the Services, and the results of any performance tests of the Services, constitute Anova’s Confidential Information.
  1. ACCEPTABLE USE OF OUR SERVICES

You may use our Services only for lawful purposes. You may not use our Services:

  • In any way that breaches any applicable local, national or international law or regulation.
  • In any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect.
  • For the purpose of harming or attempting to harm minors in any way.
  • To bully, insult, intimidate or humiliate any person.
  • To send, knowingly receive, upload, download, use or re-use any material which does not comply with our content standards in these terms.
  • To transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam).
  • To knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware.

You also agree:

  • Not to reproduce, duplicate, copy or re-sell any part of our Services in contravention of the provisions of these terms.
  • Not to access without authority, interfere with, damage or disrupt: any part of our Services; any equipment or network on of from which our Services are provided; any software used in the provision of our Services; or any equipment or network or software owned or used by any third party.
  • Not to attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Services in any form or media or by any means;
  • Not to attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Services;
  • Not to access all or any part of the Services in order to build a product or service which competes with the Services;
  • Not to use the Services to provide services to third parties other than the provision of clinical research services as intended by these terms, unless we expressly agree to such use via a separate subscription agreement;
  • Not to license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services or related services available to any third party except the Authorised Users, or
  • Not to attempt to obtain, or assist third parties in obtaining, access to the Services, other than as permitted herein; or
  • Not to create a false identity using the Service, misrepresent your identity, create a profile for anyone other than yourself (a real person and/or organization), or use or attempt to use another’s account.
  • You acknowledge and agree that we are under no obligation to oversee, monitor or moderate any content uploaded by any other users of our Services (including Sponsors and research sites that we provide on our Services), and we expressly exclude our liability for any loss or damage arising from the use of any such content.

You will be responsible for ensuring that any content you uploaded on our Services must not:

  • Be defamatory of any person.
  • Be obscene, offensive, hateful or inflammatory.
  • Bully, insult, intimidate or humiliate.
  • Promote sexually explicit material.
  • Promote violence.
  • Promote discrimination based on race, sex, religion, nationality, disability, sexual orientation or age.
  • Infringe any copyright, database right or trade mark of any other person.
  • Be likely to deceive any person.
  • Breach any legal duty owed to a third party, such as a contractual duty or a duty of confidence.
  • Promote any illegal activity.
  • Be in contempt of court.
  • Be threatening, abuse or invade another’s privacy, or cause annoyance, inconvenience or needless anxiety.
  • Be likely to harass, upset, embarrass, alarm or annoy any other person.
  • Impersonate any person, or misrepresent your identity or affiliation with any person.
  • Advocate, promote, incite any party to commit, or assist any unlawful or criminal act such as (by way of example only) copyright infringement or computer misuse.
  • Contain a statement which you know or believe, or have reasonable grounds for believing, that members of the public to whom the statement is, or is to be, published are likely to understand as a direct or indirect encouragement or other inducement to the commission, preparation or instigation of acts of terrorism.
  • Contain any advertising or promote any services or web links to other sites.
  1. WE ARE NOT RESPONSIBLE FOR VIRUSES AND YOU MUST NOT INTRODUCE THEM
  • We do not guarantee that our Services will be secure or free from bugs or viruses.
  • You are responsible for configuring your information technology, computer programmes to access our Services. You should use your own virus protection software.
  • You must not misuse our Services by knowingly introducing viruses, trojans, worms, logic bombs or other material that is malicious or technologically harmful. You must not attempt to gain unauthorised access to our Services, the server on or from which our Services are provided or any server, computer or database connected to our Services. You must not attack our Services via a denial-of-service attack or a distributed denial-of service attack. By breaching this provision, you may be committing a criminal offence. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our Services will cease immediately.
  1. RULES ABOUT LINKING TO OUR SERVICES
  • You may link to our home page, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it.
  • You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists.
  • You must not establish a link to our Platform and/or Services in any website that is not owned by you.
  • Our Platform and/or Services must not be framed on any other site, nor may you create a link to any part of our Platform and/or Services other than the relevant home page.
  • We reserve the right to withdraw linking permission without notice.
  • The website in which you are linking must comply in all respects with the content standards set out in these terms.
  • If you wish to link to or make any use of content of our Platform and/or Services other than that set out above, please contact us on our contact information provided above.
  1. WHICH COUNTRY’S LAWS APPLY TO ANY DISPUTES?

These terms of use, their subject matter and their formation (and any non-contractual disputes or claims) are governed by the laws of Delaware. We both agree to the exclusive jurisdiction of the courts of Delaware.

  1. OUR TRADEMARKS

“Anova – Accelerating Clinical Development” and “AnovaOS” are U.S. registered trade mark of Anova, Enterprise, Inc. You are not permitted to use it without our approval, unless it is part of material you are using as permitted by us.

SCHEDULE 1 (DATA PROCESSING TERMS)

  1. Definitions and Interpretation
    • The following definitions apply to this Schedule.

Definitions:

  • Commissioner: the Information Commissioner (see Article 4(A3), UK GDPR and section 114, DPA 2018).
  • Controller: the Platform user who discloses Personal Data (including Special Category Data) to Anova in connection with this agreement.
  • Controller, processor, data subject, personal data, processing: have the meanings given in the Data Protection Legislation.
  • Data Protection Legislation:
    1. To the extent the UK GDPR applies, the law of the United Kingdom or of a part of the United Kingdom which relates to the protection of Subject Data.
    2. To the extent the EU GDPR applies, the law of the European Union or any member state of the European Union to which Anova or the Controller is subject, which relates to the protection of Subject Data.
  • Australian Privacy Act 1998.
  • Data Subject: the identified or identifiable living individual to whom the Subject Data relates.
  • EU GDPR: the General Data Protection Regulation ((EU) 2016/679).
  • EEA: the European Economic Area.
  • FADP: Swiss Data Protection Act.
  • HIPPAA: Health Insurance Portability and Accountability Act of 1996.
  • PDPA: Taiwan Personal Data Protection Act.
  • PDPO: Hong Kong Personal Data (PrivacyOrdinance (Cap. 486).
  • PIPA: South Korean Personal Information Protection Act.
  • Processing, processes, processed, process: any activity that involves the use of the Subject Data. It includes, but is not limited to, any operation or set of operations which is performed on the Subject Data or on sets of the Subject Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring the Subject Data to third-parties.
  • Subject Data: Personal Data disclosed to Anova by a Platform user which is processed in connection with this agreement.
  • Subject Data Breach: a breach of security leading to the accidental, unauthorised or unlawful destruction, loss, alteration, disclosure of, or access to, the Subject Data.
  • UK GDPR: has the meaning given in section 3(10) (as supplemented by section 205(4)) of the DPA 2018.
  1. Personal data types and processing purposes
    • Anova and the Controller agree and acknowledge that for the purpose of Data Protection Legislation:
      • the Controller is the controller, and Anova is a processor of Subject Data on behalf of the Controller;
      • the Controller retains control of the Subject Data and remains responsible for its compliance obligations under the Data Protection Legislation.
      • Annex A describes the subject matter, duration, nature and purpose of the Processing and the Subject Data categories and Data Subject types in respect of which the Anova may process the Subject Data.
  1. Lawful Basis and Processing
    • The Controller shall ensure that it has all necessary and appropriate consents and notices in place to enable the lawful transfer of Subject Data to Anova and/or any Sponsor or Research Site, as applicable, for the duration and purposes of this agreement so that Anova may lawfully use, process and transfer the personal data in accordance with this agreement on the Controller’s behalf.
  2. Anova’s obligations
    • Anova will only process the Subject Data on the documented written instructions of the Controller. Anova will notify the Controller if, in its opinion, the Controller’s instructions do not comply with the Data Protection Legislation.
    • Anova will comply with the Controller’s written instructions requiring Anova to amend, transfer, delete or otherwise process the Subject Data, or to stop, mitigate or remedy any unauthorised processing.
    • Anova will reasonably assist Controller, at no additional cost to Anova, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
    • Anova shall maintain complete and accurate records and information to demonstrate its compliance with this Schedule.
  3. Security
    • Each party shall ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures, including as appropriate:
      • the pseudonymisation and encryption of Subject Data;
      • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
      • the ability to restore the availability and access to Subject Data in a timely manner in the event of a physical or technical incident; and
      • a process for regularly testing, assessing and evaluating the effectiveness of the security measures.
  1. Subject Data Breach
    • Both parties shall, without undue delay, notify the other in writing if it becomes aware of:
      • the loss, unintended destruction or damage, corruption, or unusability of part or all of the Subject Data and use commercially reasonable endeavours to restore such Subject Data;
      • any accidental, unauthorised or unlawful processing of the Subject Data; or
      • any Subject Data Breach.
    • Where a party becomes aware of (a), (b) and/or (c) above, it will, without undue delay, also provide the other with the following written information:
      • description of the nature of (a), (b) and/or (c), including the categories of in-scope Subject Data and the approximate number of both Data Subjects and the Subject Data records concerned;
      • the likely consequences; and
      • a description of the measures taken or proposed to be taken to address (a), (b) and/or (c), including measures to mitigate its possible adverse effects.
    • Immediately following any accidental, unauthorised or unlawful Subject Data processing or Subject Data Breach, the parties will co-ordinate with each other to investigate the matter.
  2. Transfers of Subject Data
    • Both parties agree and acknowledge that personal data, including Subject Data, may be transferred or stored outside the EEA or the country where the Controller and the Authorised Users are located in order for Anova to carry out the Services and for Anova’s other obligations under this agreement.
    • In respect of any personal data originating in the UK or the EEA, the parties shall not transfer such personal data outside the UK or EEA unless the following conditions are fulfilled:
      • the transfer is to a territory which has the benefit of a decision of adequacy by the European Commission or the UK ICO (as appropriate);
      • the transfer is subject to the European Commission Standard Contractual Conditions for Controller to Processor transfers in force from time to time, currently found at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914, but excluding all optional provisions (C2P Model Clauses) ;
      • for the purposes of the C2P Model Clauses the details in this agreement shall fulfil the requirements of Appendix 1 and Appendix 2; (ii) the C2P Model Clauses shall be governed by: the law of the EU Member State in which the exporter is established unless the exporter is established in the UK, in which case the C2P Model Clauses shall be governed by English law; and (iii) the C2P Model Clauses shall be treated as Confidential Information for the purposes of the confidentiality provisions of the Agreement. (iv) Within six (6) months of the date of a decision of the European Commission implementing new or replacement C2P Model Clauses, the parties shall enter into a written addendum adopting such C2P Model Clauses in substitution for the current C2P Model Clauses.
  1. Third-Party Processor
    • The Controller consents to Anova appointing a third-party processor of personal data under this agreement as set out or referred to in ANNEX B. Anova confirms that it has entered or (as the case may be) will enter into with the third-party processor, a written agreement incorporating terms which are substantially similar to those set out in this Schedule and in either case, Anova confirms that the terms will reflect and will continue to reflect the requirements of the Data Protection Legislation. Between the Controller and Anova, Anova shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this Paragraph 8.
  2. Complaints, data subject requests and third-party rights
    • Anova will reasonably assist the Controller, at no additional cost to Anova, in complying with:
      • the rights of Data Subjects under the Data Protection Legislation, including, but not limited to, subject access rights, the rights to rectify, port and erase personal data, object to the processing and automated processing of personal data, and restrict the processing of personal data; and
      • information or assessment notices served on the Controller by the Commissioner or other relevant regulator under the Data Protection Legislation.
  1. Data return and destruction and retention
    • Subject to paragraph 10.3, upon termination or expiry of this agreement, or at the Controller’s written request Anova shall, at the choice of the Controller:
      • return all Subject Data processed on behalf of the Controller; or
      • securely delete such Subject Data and certify to the Controller that it has done so.
    • The Controller acknowledges and agrees that Anova may retain documentation provided by the Controller (including any personal data therein) for a longer period than outlined in the back-up policy or this paragraph 10 where a legal or regulatory requirements exists (including, International Conference on Harmonization (ICH) Guidelines for Good Clinical Practice, FDA or EMA rules and other professional norms) and that the Controller shall ensure maintenance of, and therefore access to essential documents for a minimum period of 2 years after the latter of two occurrences: (i) the date when a clinical investigation conducted using information on the Platform is terminated or completed, or (ii) the date that the records are no longer needed to support a premarket approval (PMA) or new drug application (NDA) by the Controller.
  2. Audit
    • Subject to Anova’s consent and only to the extent necessary for the Controller to comply with its obligations under the Data Protection Legislation, Anova shall permit the Controller to audit Anova’s compliance with its agreement, on at least 60 days’ notice and not more than once per annum, at the Controller’s expense.
  3. Indemnification
    • The Controller agrees to indemnify, keep indemnified and defend at its own expense Anova against all costs, claims, damages or expenses incurred by Anova or for which Anova may become liable due to any failure by Controller or its employees, subcontractors or agents to comply with any of its obligations under this Schedule and/or the Data Protection Legislation.

 

 

SCHEDULE 1 ANNEX A

PROCESSING BY ANOVA

1.1. SCOPE

Personal data provided by the Authorised User to Anova for the Authorised User’s use of the Services.

1.2  NATURE

Personal data is provided by the Sponsor or Research Site via Authorised Users to Anova and is used to facilitate the use of the Services.  Anova processes such personal data to deliver the Services, primarily through the Platform. Personal data may include special category data.

1.3  PURPOSE OF PROCESSING:

The purpose of this processing is solely to provide the Services; this includes the provision of Research Site Data to Sponsors:

  • to provide the Platform to Authorised Users and to give Authorised Users the best possible experience of using the Services;
  • to enable Sponsors to connect with Research Sites registered on the Platform.
  • to provide anonymised, aggregated, non-identifiable analysis of the user activities being conducted over the Anova platform;
  • to provide and/or conduct research using anonymised (or pseudonymised if part of a clinical trial), aggregated, analysis of the patient and their data with the intent of contributing to generalisable knowledge, for example:
    • assessing natural history, including estimating the magnitude of a problem; determining the underlying incidence or prevalence rate of a condition; examining trends of disease over time; assessing service delivery and identifying groups at high risk; and describing and estimating survival;
    • determining clinical effectiveness, cost effectiveness, or comparative effectiveness of a test or a treatment;
    • measuring and monitoring safety and harm associated with the use of specific products and treatments, including conducting comparative evaluation of safety and effectiveness;
    • measuring or improving quality of care, including conducting programs to measure and/or improve the practice of medicine and/or public health;
  • anticipating and resolving problems with Authorised Users’ use of the Platform or related services;
  • for Anova to build a generalisable knowledge base of anonymised Patient Data; and
  • for Anova to verify via the EMPI system whether Patient Data is original or is a duplicate entry into the Platform.

1.4  DURATION OF THE PROCESSING

The duration of this agreement and any archiving duration referenced in this agreement.

TYPES OF PERSONAL DATA

The following types of Personal Data may be processed during the term of this agreement:

  • Names, Address, Date of Birth, Telephone Number, Email, Gender, Marital Status, Photograph Image.

The following types of Special Categories of Personal Data may be processed during the Term of this agreement:

  • Racial or ethnic origin.
  • Genetic data.
  • Biometric data for the purpose of uniquely identifying a natural person.
  • Data concerning health.
  • Data concerning a natural person’s sex life.

CATEGORIES OF DATA SUBJECT

Determined by the Authorised User and dependent on information provided by the Authorised User in documentation or Subject Data when using the Services. If the data is Research Site Data, this will include Special Category Data relating to patients.

ANOVA THIRD-PARTY PROCESSORS

Microsoft, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

 

SCHEDULE 2 DATA SHARING TERMS

  1. Interpretation

The following definitions and rules of interpretation apply in this schedule.

Definitions:

  • Agreed Purpose: has the meaning given to it in paragraph 2 of this schedule.
  • Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in respect of the processing of the Shared Personal Data, as amended from time to time.
  • Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Shared Personal Data.
  • Shared Personal Data: the personal data and special category personal data to be shared between the parties under paragraph 4 of this schedule.
  • Special Categories of Personal Data: the categories of Personal Data set out in Article 9(1) of the GDPR.
  • Subject Access Request: the exercise by a data subject of his or her rights of access under applicable Data Protection Legislation.
  • Supervisory Authority: the relevant supervisory authority in the territories where the parties are established.
    • Controller, Processor, Data Subject and Personal Data, Processing and “appropriate technical and organisational measures” shall have the meanings given to them in the Data Protection Legislation.
  1. Purpose
    • This Schedule establishes a separate binding agreement for the sharing of Personal Data when one Controller (the “Data Discloser”) discloses personal data to another Controller (the “Data Receiver/s”). It defines the principles and procedures that the parties shall adhere to and the responsibilities the parties owe to each other.
    • The parties consider this data sharing initiative necessary to assist in the field of clinical research and medical trials. The aim of the data sharing initiative is to improve the efficiency of clinical research and medical trials. It will serve to benefit society by the furtherance of medical and healthcare treatment.
    • The parties agree to only process Shared Personal Data, as described in paragraph 4.1 and paragraph 4.2 for the following purposes:
      • to use the Platform and/or Services in accordance with their terms of use as updated from time to time.
      • to enable sponsors (a biopharmaceutical company, medical device manufacturer or a physician or academic centre) to connect with research sites (a clinical organisation conducting trials) registered on the Platform.
      • to enable patients to connect with research sites (a clinical organisation conducting trials) registered on the Anova platform, to identify a matched research opportunity and/or register interest in participating in research and/or enrol and/or manage their participation in a clinical trial conducted by a sponsor and the research site;
      • to provide and/or conduct research using anonymised (or pseudonymised if part of a clinical trial), aggregated, analysis of the patient and their data with the intent of contributing to generalisable knowledge, for example:
        • Assessing natural history, including estimating the magnitude of a problem; determining the underlying incidence or prevalence rate of a condition; examining trends of disease over time; assessing service delivery and identifying groups at high risk; and describing and estimating survival;
        • Determining clinical effectiveness, cost effectiveness, or comparative effectiveness of a test or a treatment;
        • Measuring and monitoring safety and harm associated with the use of specific products and treatments, including conducting comparative evaluation of safety and effectiveness;
        • Measuring or improving quality of care, including conducting programs to measure and/or improve the practice of medicine and/or public health.
      • anticipating and resolving problems with your use of the Anova platform or related services.

The parties shall not process Shared Personal Data in a way that is incompatible with the purposes described in this clause (“Agreed Purpose”).

  1. Compliance with national data protection laws
    • Each Party shall comply with applicable the Data Protection Legislation at all times during the term of this agreement.
  2. Shared Personal Data
    • The following types of Personal Data will be shared between the parties during the term of this agreement:
      • Names, Address, Date of Birth.
    • The following types of Special Categories of Personal Data will be shared between the Parties during the Term of this agreement:
      • Racial or ethnic origin.
      • Genetic data.
      • Biometric data for the purpose of uniquely identifying a natural person.
      • Data concerning health.
      • Data concerning a natural person’s sex life.
    • The Shared Personal Data shall not be irrelevant or excessive with regard to the Agreed Purposes.
  3. Lawful, fair and transparent processing
    • Each party shall ensure that it processes the Shared Personal Data fairly and lawfully in accordance with paragraph 5.2 during the term of this agreement.
    • Each party shall ensure that it has legitimate grounds under the Data Protection Legislation for the processing of the Shared Personal Data (including in respect of Special Category Data forming part of the Shared Personal Data).
    • The Data Discloser shall, in respect of Shared Personal Data, ensure that it provides clear and sufficient information to the data subjects, in accordance with the Data Protection Legislation, of the purposes for which it will process their personal data, the legal basis for such purposes and such other information as is required by the Data Protection Legislation, including:
      • the fact of the transfer to the Data Receiver and sufficient information about the transfer to the Data Receiver and the purpose of such transfer to enable the data subject to understand the purpose and risks of such transfer; and
      • if Shared Personal Data will be transferred outside the EEA, that fact and sufficient information about such transfer, the purpose of such transfer and the safeguards put in place by the controller to enable the data subject to understand the purpose and risks of such transfer.
    • The Data Receiver undertakes to inform the Data Subjects, in accordance with the Data Protection Legislation, of the purposes for which it will process their personal data, the legal basis for such purposes and such other information as is required by the Data Protection Legislation including:
      • if Shared Personal Data will be transferred to a third party, that fact and sufficient information about such transfer and the purpose of such transfer to enable the data subject to understand the purpose and risks of such transfer; and
      • if Shared Personal Data will be transferred outside the EEA, that fact and sufficient information about such transfer, the purpose of such transfer and the safeguards put in place by the controller to enable the data subject to understand the purpose and risks of such transfer.]
  1. Data subjects’ rights
    • The parties each agree to provide such assistance as is reasonably required to enable the other party to comply with requests from Data Subjects to exercise their rights under the Data Protection Legislation within the time limits imposed by the Data Protection Legislation.
  2. Data retention and deletion
    • The Data Receiver shall not retain or process Shared Personal Data for longer than is necessary to carry out the Agreed Purposes.
    • Notwithstanding paragraph 7.1, parties shall continue to retain Shared Personal Data in accordance with any statutory or professional retention periods applicable in their respective countries and / or industry.
  3. Transfers
    • For the purposes of this clause, transfers of personal data shall mean any sharing of personal data by the Data Receiver with a third party, and shall include, but is not limited to, the following:
      • subcontracting the processing of Shared Personal Data;
      • granting a third party controller access to the Shared Personal Data.
    • If the Data Receiver appoints a third party processor to process the Shared Personal Data it shall comply with applicable Data Protection Legislation and shall remain liable to the Data Discloser for the acts and/or omissions of the processor.
    • The Data Receiver may not transfer Shared Personal Data to a third party located outside the EEA unless it complies with the applicable Data Protection Legislation in respect of such transfer;
  4. Security and training
    • The parties undertake to have in place throughout the term of the agreement, appropriate technical and organisational security measures to:
      • prevent:
        • unauthorised or unlawful processing of the Shared Personal Data; and
        • the accidental loss or destruction of, or damage to, the Shared Personal Data
      • ensure a level of security appropriate to:
        • the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and
        • the nature of the Shared Personal Data to be protected.
      • It is the responsibility of each party to ensure that its staff members are appropriately trained to handle and process the Shared Personal Data in accordance with the technical and organisational security measures together with any other applicable national data protection laws and guidance and have entered into confidentiality agreements relating to the processing of personal data.
  1. Personal data breaches and reporting procedures
    • The parties shall each comply with its obligation to report a Personal Data Breach to the appropriate Supervisory Authority and (where applicable) data subjects under applicable Data Protection Legislation and shall each inform the other party of any Personal Data Breach irrespective of whether there is a requirement to notify any Supervisory Authority or data subject(s).
    • The parties agree to provide reasonable assistance as is necessary to each other to facilitate the handling of any Personal Data Breach in an expeditious and compliant manner.
  2. Changes to the applicable law

If during the term of the agreement, the Data Protection Legislation changes in a way that the Agreement is no longer adequate for the purpose of governing lawful data sharing exercises, the Parties will negotiate in good faith to review the agreement in the light of the new legislation.

Our site uses cookies to improve your experience. By continuing to use this site, you agree to the use of cookies. You can find out more: Privacy Policy