Oracle Life Sciences Healthcare Research Privacy Policy
1. INTRODUCTION
This Oracle Life Sciences Healthcare Research Privacy Policy (also referred to as the “Privacy Policy”) provides information on the collection, use, and sharing (collectively referred to “processing” or “process”) of personal information by Oracle Life Sciences, previously Cerner Enviza and its affiliates (“Oracle”, “we” or “us”) in connection with the personal information you provide to Oracle, either in electronic or paper format to facilitate Oracle research activities. This Privacy Policy also explains the privacy rights you have in relation to these processing activities.
This Privacy Policy was last updated on March 7, 2024. However, the Privacy Policy can change over time, for example, to comply with legal requirements or to meet changing business needs. The most up-to-date version can be found on this website. In case there is an important change that we want to highlight to you, we will also inform you in another appropriate way (for example, via a pop-up notice or statement of changes on our website). See the previous version of this Privacy Policy.
As used in this Privacy Policy, “personal information” or “personal data” means information that relates to an identified individual or to an identifiable individual. For example, this could include among other things your name, address, email address, business contact details, information gathered through your interactions with us via our websites, data concerning your health, or your personal opinions, perceptions, behaviors. Personal information is also referred to as “information about you.” For more detail about the types of information about you that we may process, please refer to Section 4 below.
Categories of personal information
Find out what categories of personal information Oracle processes.
Sources
Find out how Oracle obtains your personal information.
Data use
Find out how Oracle uses personal information.
Disclosing
Find out how Oracle discloses personal information within Oracle and with third parties.
Rights
Exercise your privacy rights (opt-out, deletion, correction, or access) by filling out our inquiry form.
Contact
Contact the Global Data Protection Officer with any questions or concerns.
2. SCOPE
This Privacy Policy applies to the processing of personal information by Oracle when you have provided your personal information for a research study conducted by Oracle or by a third party acting on behalf of Oracle. We will process the personal information provided by you voluntarily in the context of such study and only for the study purpose disclosed at the point of collection.
The Privacy Policy does not apply to the following activities:
- Data collected for Oracle’s own direct marketing purposes. For information about Oracle’s processing activities with regard to your personal information collected on Oracle websites and applications, or used for Oracle’s own direct marketing purposes, please refer to https://www.oracle.com/legal/privacy/privacy-policy.html.
- Personal information collected about you by Oracle customers. Oracle customers are responsible for their own personal information collection and processing practices, including when customers use Oracle products or services to process your personal information or when those customers commission Oracle to conduct a research study on the customer’s behalf. To find out more about our customers’ use of personal information about you, you are encouraged to review the relevant privacy policy of the company who collected your information from you. Please consult that company directly if you have any further questions about its use of information about you.
3. WHO IS RESPONSIBLE FOR YOUR PERSONAL INFORMATION?
Oracle Corporation and Oracle America, Inc., having their registered address at 2300 Oracle Way, Austin, TX, 78741, USA, are responsible for processing your personal information in scope of this Privacy Policy, except as noted below for Cerner Enviza.
Cerner Enviza has been acquired by Oracle and the below affiliates are in varying stages of transition to the Oracle Life Sciences Healthcare Research Privacy Policy. The provisions of the Cerner Enviza Privacy Policy will remain active until the integration is complete. Please see the Cerner Enviza Privacy Policy for information on these entities’ processing activities.
Cerner Enviza and its affiliated entities are responsible for processing your personal information described in the Cerner Enviza Privacy Policy: Diamond (KH) China AssetCo, Diamond Korea AssetCo Ltd, and ZEG-Zentrum für Epidemiologie und Gesundheitsforschung Berlin GmbH.
4. WHICH CATEGORIES AND SPECIFIC PIECES OF PERSONAL INFORMATION DO WE PROCESS?
Oracle can process information about you collected directly from you when you sign up to participate in an Oracle commissioned research study. Information about you may also be provided to Oracle by third parties who collect information about you on behalf of Oracle. Oracle may also process publicly available data (e.g., social media or publications) for validation purposes.
Specific pieces of information about you that Oracle may collect and process depending on your interaction with Oracle, which may include data from research surveys conducted by Oracle or by third parties on behalf of Oracle:
- Contact details such as name and physical address, email addresses, and telephone numbers;
- demographic attributes, when tied to personal information that identifies you, such as age and household composition;
- public information about your work and education history, including professional affiliations;
- information you provide on your public social media profiles related to your professional and educational history, such as LinkedIn;
- company data such as the name, size and location of the company you work for and your role within the company as well as publicly available company information and activity associated with company data;
- your views about certain products and services or to understand your behavior in different situations including personal opinions, perceptions, behaviors;
- image or voice recordings collected during the course of the research study;
- in limited circumstances, bank or payment details or government identifiers to facilitate payment; or
- unique IDs such as your mobile device identifier or cookie ID on your browser and information about the device.
Oracle may collect personal information that is classified as special categories of personal data or sensitive data personal information. This includes racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Such data may include your health status, such as conditions you may suffer from or diagnoses and treatments. You can choose whether to provide this data to us.
In order to prevent multiple entries in studies by the same individuals, or to assign the correct study to you (e.g., we may have a longitudinal study requiring regular participation over a period of time), we will assign you a unique ID or use your IP address, browser specification or unique identifiers such as Medical Education (ME) number or National Provider Identifier (NPI). If so, we will disclose this activity at the beginning of each of these studies.
5. WHY AND HOW DO WE USE YOUR PERSONAL INFORMATION?
We may use personal information for the following commercial purposes:
- To conduct observational longitudinal studies that monitor and analyze your habits, health, treatment patterns over a period of time;
- To conduct clinical trials to analyze treatment plans (including medical, surgical, or behavioral intervention or the use of a drug or medical device) to understand the impact of such treatment on data subjects and to better inform effective treatments;
- To analyze, study, participate and generate reports in an Oracle research study; and
- To better understand prescribing and treatment patterns using publicly available information which may include personal information on Influencers/Key Opinion Leaders (KOLs).
We may use personal information for the following business purposes:
- To communicate and respond to your requests and inquiries to Oracle;
- To provide payment via bank or gift cards to study participants;
- To analyze, develop, improve and optimize the use, function and performance of our sites and products and services;
- To manage the security and operation of our sites, facilities, and networks and systems; and
- To comply with applicable laws and regulations and to operate our business.
These purposes are described below in further detail.
To conduct observational longitudinal studies that monitor and analyze your habits, health, treatment patterns over a period of time.
As an example, observational studies may be conducted over a period of years to better understand health conditions that researchers are interested in further understanding.
To conduct clinical trials to analyze treatment plans (including medical, surgical, or behavioral intervention or the use of a drug or medical device) to understand the impact of such treatment on data subjects and to better inform effective treatments
If you choose to participate in a research study conducted by Oracle or by a third party acting in cooperation with Oracle, we process personal information provided by you voluntarily in the context of the study and for the study purpose. The scope of our studies could be e.g., to understand your views about certain products and services or to understand your behavior in different situations.
To analyze, study, participate and generate reports in an Oracle research study
Oracle processes personal information contained in research study results and findings.
To better understand prescribing and treatment patterns using publicly available information which may include personal information on Influencers/Key Opinion Leaders (KOLs)
We may collect the publicly available on Influencers/Key Opinion Leaders (KOLs) in a given disease, therapeutic or expertise area. We will then use publicly available resources (e.g., social media or publications) to validate the Influencers/KOLs’ personal details to build a database to better understand prescribing and treatment patterns and influence in given disease, therapeutic or expertise areas, and share with industry sponsors who may use it to understand the sharing of knowledge between healthcare system and possible purposes of participation in educational programs, speaker opportunities, or clinical trials, etc.
To communicate and respond to your requests and inquiries to Oracle
If you get in touch with us, we process information about you to communicate with you and to respond to your requests or other inquiries.
To provide payment via bank or gift cards to study participants
In limited circumstances, we may collect bank or payment details (as well as any required government identifiers) to reimburse a study participant for any costs associated with the study or for the participant’s time, inconvenience or other consideration. Such circumstances would be voluntary for participants and further information would be provided to you at the onset of the study.
To analyze, develop, improve and optimize the use, function and performance of our sites and products and services
We may process personal information in order to analyze, develop, improve and optimize the use, function and performance of our sites and products and services, including for quality assurance and training purposes.
To manage the security of our sites, facilities, networks and systems
We may collect site use data to validate your identity, for security and operations management to help keep our sites, facilities, networks and systems secure, or to investigate and prevent potential fraud, including ad fraud and cyber-attacks and to detect bots.
To comply with applicable laws and regulations and to operate our business
In some cases, we have to process personal information to comply with applicable laws and regulations. For example, to respond to a request from a regulator or to defend a legal claim. We may also process personal information in the performance and operation of our business, such as to conduct internal audits and investigations or for finance and accounting and archiving and insurance purposes.
6. WHAT IS OUR BASIS FOR PROCESSING INFORMATION ABOUT YOU?
For personal information collected about you in the EU/EEA, the UK and other relevant jurisdictions, our basis for processing is the following:
- We rely on consent in processing contact and related information about you in order to communicate adequately with you and to respond to your requests.
- We process personal information for research studies based on your consent where so indicated in our disclosures at the time your personal information was collected.
- We rely on our legitimate interest to analyze, develop, improve and optimize our sites, facilities, products and services, and to maintain the security of our sites, networks and systems.
- In order to comply with applicable laws and regulations, such as to comply with a subpoena or other legal process, or to process an opt-out request.
7. FOR WHAT PERIOD DO WE RETAIN PERSONAL INFORMATION
Personal information will be retained only for such period as disclosed at the time of collection or as appropriate for its intended and lawful use, unless otherwise required by law. Personal information that is no longer required will be disposed of in ways that ensure their confidential nature is not compromised.
8. WHEN AND HOW CAN WE DISCLOSE YOUR PERSONAL INFORMATION?
Sharing within Oracle
As a global organization, information about you may be shared globally throughout Oracle’s worldwide organization. See the list of Oracle entities. Please select a region and country to view the registered address and contact details of the Oracle entity or entities located in each country.
Oracle employees are authorized to access personal information only to the extent necessary to serve the applicable purpose(s) and to perform their job functions.
Disclosing personal information to third parties
We may disclose personal information with the following third parties for a business purpose:
- Third-party service providers (for example, analytics, information technology and related infrastructure provision, customer service, e-mail delivery, auditing, and other similar service providers) in order for those service providers to perform business functions on behalf of Oracle;
- Relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings);
- As required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.
When third parties are given access to personal information, we will take appropriate contractual, technical and organizational measures designed to ensure that personal information is processed only to the extent that such processing is necessary, consistent with this Privacy Policy, and in accordance with applicable law.
9. HOW IS PERSONAL INFORMATION HANDLED GLOBALLY?
As a global organization, information about you may be shared globally throughout Oracle’s worldwide organization. See the list of Oracle entities. Please select a region and country to view the registered address and contact details of the Oracle entity or entities located in each country.
Oracle is a global corporation with operations in over 80 countries and personal information is processed globally as necessary in accordance with this policy. If personal information is transferred to an Oracle recipient in a country that does not provide an adequate level of protection for personal information, Oracle will take adequate measures designed to protect the personal information, such as ensuring that such transfers are subject to the terms of the EU Model Clauses or other adequate transfer mechanism as required under relevant data protection laws.
10. HOW IS YOUR PERSONAL INFORMATION SECURED?
Oracle has implemented appropriate technical, physical and organizational measures designed to protect personal information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing.
11. WHAT ARE YOUR PRIVACY RIGHTS?
You can exercise your privacy rights in accordance with applicable laws as specified on our Privacy Choices page, or by filling out our inquiry form. You have multiple privacy rights, subject to applicable law, in respect of the information we process about you:
- Opt-out of our use or sharing of your personal information
You may withdraw consent you have previously provided for the processing of information about you, including for email marketing by Oracle. - Delete personal information
You can ask us to erase or delete all or some of the information about you. - Change or correct personal information
You can edit some of the information about you by. You can also ask us to change, update or fix information about you in certain cases, particularly if it is inaccurate. - Object to, or limit or restrict use of personal information
You can ask us to stop using all or some of the information about you (for example, if we have no legal right to keep using it) or to limit our use of it (for example, if the information about you is inaccurate). - Right to access and/or have your information provided to you
You can also ask us for a copy of information about you and can ask for a copy of information about you provided in machine readable form if you reside in the EU, California or other jurisdiction that provides you this right as a matter of law.
If you are authorized to make an access or deletion request on behalf of a data subject, please reach out to us via the inquiry form and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a data subject.
If your inquiry relates to your company’s service account or support of Oracle products or services, please note the Oracle Privacy team cannot delete, correct, or access service account data or terminate your contracted Oracle product or service account. Please go to the Contact Oracle page for resources and contact information to administer service account data.
12. DO YOU COLLECT SENSITIVE INFORMATION AND INFORMATION FROM CHILDREN?
Sensitive personal information
Oracle may collect personal information that is classified as “special categories” of personal information. This includes racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. You can choose whether to provide this data to us.
Children’s privacy
In limited circumstances, as part of specific clinical trials, personal data about a child may be processed with parental consent per the disclosure and consent collected at the time of collection. Please follow the procedures in Section 12 to exercise privacy rights on behalf of your child.
13. WHAT ARE MY RIGHTS AS A CALIFORNIA RESIDENT?
Under the California Consumer Privacy Act (CCPA), as amended, California residents may request that we:
1. Disclose to you the following information:
- the categories and specific pieces of personal information we collected about you and the categories of personal information we sold (see Section 4);
- the categories of sources from which we collected such personal information (see Section 4);
- the business or commercial purpose for collecting or selling personal information about you (see Section 5); and
- the categories of third parties to whom we sold or otherwise disclosed personal information (see Section 8).
2. Delete personal information we collected from you or correct inaccurate personal information about you (see Section 12); or
3. Opt-out of any future sale of personal information about you (see Section 12).
We will respond to your request consistent with applicable law. If you are an authorized agent making an access or deletion request on behalf of a Californian resident, please reach out to us via the inquiry form and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a Californian resident.
If you are a California resident, you may obtain information about exercising your rights, as described above, by contacting us at 1-800-633-0748. For information on the CCPA requests Oracle received, complied with, or denied for the previous calendar year, please visit Oracle’s Annual Consumer Privacy Reporting page, available here.
14. DATA PROTECTION OFFICER
Oracle has appointed a Global Data Protection Officer. If you believe your personal information has been used in a way that is not consistent with the Privacy Policy or your choices, or if you have further questions, comments or suggestions related to this Privacy Policy, please contact the Global Data Protection Officer by filling out an inquiry form. Alternatively, you may reach out to the research investigator, who is in charge of the study in which you are participating in, for information on your rights.
Written inquiries to the Global Data Protection Officer may be addressed to:
Oracle Corporation
Global Data Protection Officer
Willis Tower
233 South Wacker Drive
45th Floor
Chicago, IL 60606
U.S.A.
For personal information collected about you in the EU/EEA or other relevant regions, the EU Data Protection Officer can be contacted by filling out an inquiry form and selecting “Contact Oracle’s external EU DPO” in the dropdown menu. Written inquiries may be addressed to:
Robert Niedermeier
Hauptstraße 4
D-85579 Neubiberg / München
Germany
For personal information collected from individuals INSIDE Brazil, written inquiries to the Brazilian Data Protection Officer may be addressed to:
Alexandre Sarte
Rua Dr. Jose Aureo Bustamante, 455
Vila São Francisco
São Paulo, BR
15. FILING A COMPLAINT
If you have any complaints regarding our compliance with this Privacy Policy, please contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Privacy Policy and in accordance with applicable law. You also have the right to file a complaint with a competent data protection authority.
16. ORACLE CORPORATE HEADQUARTERS
Oracle’s corporate headquarters are located at:
2300 Oracle Way
Austin, TX 78741
USA
Tel: +1.737.867.1000
Previous version: 10/26/21
13. WHAT ARE MY RIGHTS AS A CALIFORNIA RESIDENT?
Under the California Consumer Privacy Act (CCPA), as amended, California residents may request that we:
1. Disclose to you the following information:
- the categories and specific pieces of personal information we collected about you and the categories of personal information we sold (see Section 4);
- the categories of sources from which we collected such personal information (see Section 4);
- the business or commercial purpose for collecting or selling personal information about you (see Section 5); and
- the categories of third parties to whom we sold or otherwise disclosed personal information (see Section 8).
2. Delete personal information we collected from you or correct inaccurate personal information about you (see Section 12); or
3. Opt-out of any future sale of personal information about you (see Section 12).
We will respond to your request consistent with applicable law. If you are an authorized agent making an access or deletion request on behalf of a Californian resident, please reach out to us via the inquiry form and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a Californian resident.
If you are a California resident, you may obtain information about exercising your rights, as described above, by contacting us at 1-800-633-0748. For information on the CCPA requests Oracle received, complied with, or denied for the previous calendar year, please visit Oracle’s Annual Consumer Privacy Reporting page, available here.
14. DATA PROTECTION OFFICER
Oracle has appointed a Global Data Protection Officer. If you believe your personal information has been used in a way that is not consistent with the Privacy Policy or your choices, or if you have further questions, comments or suggestions related to this Privacy Policy, please contact the Global Data Protection Officer by filling out an inquiry form. Alternatively, you may reach out to the research investigator, who is in charge of the study in which you are participating in, for information on your rights.
Written inquiries to the Global Data Protection Officer may be addressed to:
Oracle Corporation
Global Data Protection Officer
Willis Tower
233 South Wacker Drive
45th Floor
Chicago, IL 60606
U.S.A.
For personal information collected about you in the EU/EEA or other relevant regions, the EU Data Protection Officer can be contacted by filling out an inquiry form and selecting “Contact Oracle’s external EU DPO” in the dropdown menu. Written inquiries may be addressed to:
Robert Niedermeier
Hauptstraße 4
D-85579 Neubiberg / München
Germany
For personal information collected from individuals INSIDE Brazil, written inquiries to the Brazilian Data Protection Officer may be addressed to:
Alexandre Sarte
Rua Dr. Jose Aureo Bustamante, 455
Vila São Francisco
São Paulo, BR
15. FILING A COMPLAINT
If you have any complaints regarding our compliance with this Privacy Policy, please contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this Privacy Policy and in accordance with applicable law. You also have the right to file a complaint with a competent data protection authority.
16. ORACLE CORPORATE HEADQUARTERS
Oracle’s corporate headquarters are located at:
2300 Oracle Way
Austin, TX 78741
USA
Tel: +1.737.867.1000
Previous version: 10/26/21