Privacy Policy

Joint Notice. This Privacy Policy explains how AMClinical and Access Research Institute (collectively, "we," "us," or "our") collect, use, disclose, and protect personal information when you visit, interact with, or submit information through our websites, applications, forms, communications, or other services (collectively, the "Services"). This policy is intended to be clear, comprehensive, and enforceable.

Important: This document is provided for informational purposes and does not constitute legal advice. Laws evolve and may apply differently based on your circumstances. Consult qualified counsel to tailor this policy to your specific operations.

Scope & Roles

This policy applies to personal information processed by us in connection with the Services. Depending on context, AMClinical and Access Research Institute may act as independent or joint controllers (or business/covered entities under applicable law), and may also engage service providers/ processors to process information on our behalf under written contracts.

Definitions

• Personal Information means information that identifies, relates to, describes, or could reasonably be linked to an individual.
• Sensitive Personal Information includes, as applicable, health-related data, precise geolocation, government identifiers, and other categories defined by law.
• Health Information / PHI refers to medical or health-related information that may be protected under federal or state law (e.g., HIPAA) when those laws apply.

Information We Collect

We may collect the following categories of personal information:

• Identifiers (e.g., name, email address, phone number, postal address, online identifiers).
• Demographic information (e.g., age, date of birth).
• Health-related information you provide (e.g., symptoms, prior diagnoses, medications, medical history) and information generated during screening or communications.
• Internet or network activity (e.g., device/OS/browser, IP address, time zone, usage data, and cookie-related information).
• Geolocation data (approximate location derived from IP or device settings, where enabled).
• Communications and interactions (e.g., messages, call notes, forms, and support inquiries).
• Inferences drawn from the above to improve service quality and engagement.

We collect information directly from you (e.g., web forms, calls, messages), automatically through the Services (e.g., cookies, pixels, SDKs), and from service providers or partners who support our operations consistent with this policy and applicable law.

Purposes of Processing

We process personal information to:

• Provide, operate, secure, and improve the Services.
• Communicate with you, respond to inquiries, and manage your requests and preferences.
• Facilitate screening workflows, scheduling, coordination, quality assurance, and related operational activities.
• Conduct analytics, measurement, testing, and troubleshooting.
• Comply with legal, regulatory, audit, and reporting obligations; enforce agreements; and protect rights, privacy, safety, and property.
• Support corporate transactions (e.g., mergers, acquisitions, restructurings), subject to continued protections consistent with this policy.

Where required by law, we will obtain your consent (including for certain uses of sensitive personal information) or rely on other lawful bases (e.g., contract performance, legitimate interests, legal obligations, vital interests, or public interest tasks) depending on your location and the nature of processing.

Cookies & Similar Technologies

We and our service providers may use cookies, pixels, tags, SDKs, and similar technologies to operate the Services, remember preferences, measure engagement, and improve performance. You can adjust your browser settings to refuse or delete cookies; doing so may affect certain features.

How We Disclose Information

We may disclose personal information as follows:

• Service Providers/Processors: Vendors who perform services for us under written agreements that restrict use to our instructions and require appropriate safeguards.
• Affiliates & Partners: Within and between AMClinical and Access Research Institute and their respective affiliates to support unified operations in accordance with this policy.
• Professional Advisors: Attorneys, auditors, and consultants under confidentiality obligations.
• Legal & Compliance: To comply with law, regulation, subpoena, court order, or other lawful request; to enforce agreements; or to protect rights, safety, and property.
• Corporate Transactions: In connection with or during negotiations of a merger, financing, acquisition, restructuring, or dissolution.
• With Your Direction or Consent: When you request or consent to disclosures.

International Transfers

We may transfer, store, and process personal information in countries other than where it was collected. Where required, we implement appropriate safeguards (e.g., standard contractual clauses) and take steps to ensure an equivalent level of protection.

Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this policy, including to meet legal, regulatory, accounting, or reporting requirements, resolve disputes, and enforce agreements.

Children's Privacy

Our Services are not intended for children under the age defined by applicable law without verifiable consent from a parent or legal guardian. If we learn we have collected personal information from a child contrary to law, we will take reasonable steps to delete it.

Your Privacy Rights

Depending on your jurisdiction, you may have rights to request access, correction, deletion, portability, restriction, or objection to certain processing, and rights related to automated decision-making. You may also have the right to withdraw consent where processing is based on consent, and to lodge a complaint with a supervisory authority.

• U.S. State Laws (e.g., CA, CO, CT, VA, UT): You may have rights to know/access, correct, delete, opt out of certain targeted advertising/sharing, and limit use/disclosure of sensitive personal information as defined by law.
• EEA/UK/Switzerland (GDPR/UK GDPR): Where applicable, we process personal data under lawful bases such as consent, contract, legal obligation, vital interests, public interest, and legitimate interests, and you may exercise rights provided by these laws.
• HIPAA: To the extent we act as a covered entity or business associate, separate HIPAA notices and agreements may govern certain health information; this policy applies in addition to, and does not replace, HIPAA obligations.

To exercise rights, use the contact methods below. We may verify your request and, where permitted, deny requests that cannot be authenticated. Authorized agents may submit requests consistent with applicable law.

Do Not Track & Opt-Out Signals

Our Services may not respond to all browser "Do Not Track" signals. In jurisdictions recognizing universal opt-out mechanisms, we will endeavor to honor applicable signals as required by law.

Third-Party Links & Services

The Services may link to third-party sites or services. We are not responsible for the privacy practices of third parties, and we encourage you to review their policies.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, or other factors. The "Last Updated" date below indicates the effective date of the current version. Material changes will be communicated as required by law.

Contact Us

If you have questions, requests, or complaints regarding this Privacy Policy or our privacy practices, please contact us using one of the methods below.

Notice at Collection (California)

We may collect the categories of personal information listed in the section titled "Information We Collect" for the purposes described in "Purposes of Processing." We retain information as described in "Retention" and disclose it as described in "How We Disclose Information." We do not sell personal information as the term is commonly understood, and we do not knowingly sell or share the personal information of consumers under 16 years of age.