Privacy Policy

1. Background

The Nucleus Network Pty Ltd ACN 102 450 706 (“Nucleus Network,” “our,” “us”) recognizes and values:

(a) the protection of your personal information, and

(b) that you have an interest in our collection and use of your personal information.

We have implemented this Privacy Policy in accordance with the Privacy Act 1988 (Cth) (“Privacy Act”), Australian Privacy Principles (“APP”), the European General Data Protection Regulation (GDPR), the General Data Protection Regulation of the United Kingdom (UK GDPR), and California Consumer Privacy Act, as amended by the California Privacy Rights Act, (“CCPA”) of the United States and other applicable data protection rules in order to be open and transparent about how we collect, hold, and use your personal information, and under what circumstances we may disclose or transfer it.

This Privacy Policy forms part of the terms and conditions of our various agreements with you (as applicable).

^ back to top

2. Disclaimer

While your privacy is very important to us, nothing in this privacy policy constitutes a voluntary opt-in to any privacy laws, anywhere in the world, which we are not statutorily bound to comply with.

^ back to top

3. Personal Information

3.1 What personal information do we collect?

Personal information held by us may include your:

  1. name and date of birth;
  2. residential and business postal addresses, telephone/mobile/fax numbers and email addresses;
  3. health information (see Section 4 below);
  4. any information that you provide to us when completing any form on our website, or create an account with us;
  5. bank account and other payment details;
  6. preferences and password for using our services;
  7. computer/device and connection information; and
  8. any information that you otherwise share with us.

3.2 Why we collect personal information

We may collect personal information:

  1. when you use our website https://www.nucleusnetwork.com and any associated services, including (without limitation) when you complete an online form to:
    1. register your interest in participating in a clinical trial,
    2. register your company or organisation’s interest in working with us; or
    3. submit an enquiry;
  2. when you contact us by telephone;
  3. when you send us an email; and
  4. in connection with a clinical trial.

Information will only be collected directly from you unless you authorise another person to provide the information.

3.3 IP addresses

We may also collect Internet Protocol (IP) addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. We collect and manage IP addresses as part of our services, website and for security purposes. We may also collect and use web log, computer/device and connection information:

  1. for security purposes;
  2. to help prevent and detect any misuse of, or fraudulent activities involving, the website and any services/products; and
  3. to improve our services/products.

3.4 Use

The personal information you provide is used for purposes related to our primary business operations. In each case, we will rely on an appropriate lawful basis for processing your personal information. Examples of when your information may be used include:

  1. verifying your identity;
  2. in connection with a clinical trial for which you participate in, or are considered for participation in;
  3. for the purposes of processing payments;
  4. contacting taxis or ride-share apps on your behalf, where you require transportation following a clinical trial;
  5. dealing with requests, enquiries or complaints and other related activities;
  6. administration needs, including with respect to your account;
  7. assisting you to use functionality on the website or services;
  8. responding to any queries or feedback that you may have;
  9. preventing and detecting any misuse of, or fraudulent activities involving, this site or our services;
  10. conducting research and development in respect of our services;
  11. gaining an understanding of your information and communication needs or obtaining your feedback or views about our services in order for us to improve them;
  12. marketing services and products generally; and
  13. carrying out any activity in connection with a legal, governmental or regulatory requirement imposed on us or in connection with legal proceedings, crime or fraud prevention, detection or prosecution; and
  14. for any other purpose reasonably considered necessary or desirable by us in relation to the operation of our business.

We may also use personal information for purposes (as would be reasonably expected by you) in connection with those activities described above. We will not use your information for purposes other than as described in this privacy policy unless we have your consent, or there are specific law enforcement, public health or safety reasons.

^ back to top

4. Sensitive Information

We will only process your sensitive information when allowed by law. When you register your interest in current and future clinical trials, we may ask that you disclose certain health information, for example, your history of asthma and frequency of smoking. Under applicable law, such information may be both “personal information” (as noted above) and “sensitive information” or “protected health information” (PHI). There are additional restrictions on how we can use your sensitive information or PHI, which we take seriously. By submitting such information to us, you consent to us collecting and using this sensitive information or PHI for research purposes and associated purposes.

^ back to top

5. Our use of Cookies and third-party integrations

5.1 What are cookies?

This site and our services and products may use "cookies" to help personalise your online experience. A Cookie is a text file or a packet of information that is placed on your device’s local disk storage by a web page server to identify and interact more effectively with your device. There are two types of cookies that may be used by us: a persistent cookie and a session cookie.

A persistent cookie is entered by your web browser into the "Cookies" folder on your device and remains in that folder after you close your browser and may be used by your browser on subsequent visits to this site. A session cookie is held temporarily in memory on your device and disappears after you close your browser or shut down your device.

Cookies cannot be used to run programs. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. In some cases, cookies may collect and store personal information about you. We extend the same privacy protection to your personal information, whether gathered via cookies or from other sources.

You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent. Please refer to your internet browser’s instructions to learn more about these functions. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of this site.

5.2 Why we use cookies

This site and our other services may use cookies in order to:

  1. remember your preferences;
  2. recognise you as logged in while you remain so (if applicable). This avoids your having to log in again every time you visit a new page;
  3. record information as to what marketing activities caused you to visit our website;
  4. show relevant notifications to you (e.g., notifications that are relevant only to users who have, or have not, created an account or subscribed to newsletters or email or other subscription services); and
  5. remember details of data that you choose to submit to us (e.g., through online contact forms).

Many of these cookies are removed or cleared when you log out, but some may remain so that your preferences are remembered for future sessions.

5.3 Third-party cookies

In some cases, third parties may place cookies through this site. For example:

  1. Google Analytics, one of the most widespread and trusted website analytics solutions, may use cookies to track de-identified data about how long users spend on this site and the pages that they visit;
  2. Google AdSense, one of the most widespread and trusted website advertising solutions, may use cookies to serve more relevant advertisements across the web and limit the number of times that a particular advertisement is shown to you; and
  3. Third-party social media applications (e.g., Meta – Facebook & Instagram, Twitter, LinkedIn, Pinterest, YouTube etc) may use cookies in order to facilitate various social media buttons and/or plugins in this site. Log files track actions occurring on the websites, and collect data including your IP address, browser type, internet service provider, referring/exit pages, and date/time stamps.

5.4 Our use of Google Analytics

In the case of Google Analytics information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. We may integrate data received from Google Analytics with other data sources, such as answers provided by potential participants when they register their interest.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

By using this website, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.

^ back to top

6. Interacting with Us

If you contact us with a general question, we may interact with you anonymously or through the use of pseudonyms.

However, you are required to provide true and accurate details in connection with any clinical trials, including submitting an expression of interest. You agree you will provide accurate information if so required.

^ back to top

7. Direct Marketing

From time to time, we may send you marketing or promotional material. Marketing and promotional material will only be sent to you if you have opted into receiving marketing material.

SMS Short Code Terms & Conditions related to Marketing and Transactional campaigns are referenced on our website: Terms & conditions | Nucleus Network.

We (or an appointed third party) may also conduct surveys or market research and may seek other information from you on a periodic basis. These surveys will provide us with information that allows improvement in the type, quality and the manner in which those services and products are offered to you.

To opt-out of receiving certain marketing material, you may contact us, select the “unsubscribe” link provided in an email, or respond “STOP” to a text message.

If you are experiencing issues with the text messaging you can reply with the key word “HELP” for assistance.

Message and data rates may apply for any messages sent to you from us and to us from you. If you have any questions about your text plan or data plan, it is best to contact your wireless provider.

^ back to top

8. Sharing your Personal Information

We may disclose your personal information to:

  1. our employees, contractors, related companies and professional advisors such as our lawyers;
  2. other medical research institutions, hospitals, clinics associated with a clinical trial, and the personnel of such institutions;
  3. law enforcement agencies to assist in the investigation and prevention of criminal activities;
  4. government and regulatory authorities and other organizations, as required or authorized by law;
  5. organizations who manage our business strategies, including those involved in a transfer/sale of all or part of our assets or business (including accounts and trade receivables) and those involved in managing our business risk and funding functions;
  6. third-party contractors or service providers with whom we have a business association, including:
    1. integration providers;
    2. marketing service providers;
    3. accounting service providers; and
    4. information technology service providers including cloud application providers.

7. sharing your personal information; all the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We will not disclose your personal information other than in accordance with this privacy policy without your consent. Unless necessary for our purposes, we will de-identify your information where it is shared with third parties under Section 8(6).

^ back to top

9. Overseas Disclosure

We operate facilities in both Australia and the United States of America. We may, to the extent required to undertake our primary operations, share your personal information between those countries.

We may disclose your personal information to third-party contractors, service providers, or customers with whom we have a business association.

While we do not otherwise actively disclose your personal information to overseas entities (unless provided for in a separate agreement with you), we do engage service providers (such as cloud data services or communications providers) who may have international data centres, hardware and disaster recovery sites. Consequently, these providers may have access to your information.

We rely solely on reputable organisations for such cloud services.

^ back to top

10. Security of your Personal Information

We store your personal information using services that have built-in measures to combat unauthorized access, modification, or disclosure. However, no data transmitted over or accessible through the internet can be guaranteed to be 100% secure. As a result, while we attempt to protect your personal information, we cannot guarantee or warrant that your personal information will be completely secure (i) from misappropriation by hackers or from other nefarious or criminal activities, or (ii) in the event of a failure of computer hardware, software, or a telecommunications networks.

While we endeavour to only hold personal information that is accurate, complete, and up-to-date, if you become aware your information is no longer accurate, complete, or up-to-date please contact us.

^ back to top

11. Disposal of personal information

If we hold personal information about you, and we do not need that information for any purpose, we will take reasonable steps to destroy or de-identify that information, in accordance with applicable privacy laws, unless we are prevented from doing so by law.

You may make a request to us in writing to remove your personal information and, where permitted, we will do so in accordance with applicable privacy laws.

Under law, financial records, such as those relating to financial transactions, must be retained for 7 years after the transactions contemplated by those records are completed.

Where you have consented to participate in a clinical trial, you acknowledge that we will retain records in accordance with the requirements of the applicable regulatory bodies in each jurisdiction. Otherwise, we will be required by the Good Clinical Practice (GCP) standards to retain records of clinical trials for up to 15 years.

^ back to top

12. How to access your Personal Information

Upon your request and after satisfying ourselves of your identity, we will provide access to your personal information we hold except in certain prescribed circumstances which include, where:

  1. we believe giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
  2. giving you access would be unlawful;
  3. granting that access would have an unreasonable impact on the privacy of other individuals;
  4. we would be in breach of our obligations under a Technical Assistance Notice (TAN), Technical Capability Notice (TCN) or Computer Access Warrant (CAW) from an Australian Government agency;
  5. the request for access is frivolous or vexatious; or
  6. there are anticipated legal proceedings.

We will amend any personal information about you that is held by us and that is inaccurate, incomplete, or out of date if you request us to do so. If we disagree with your view about the accuracy, completeness, or currency of a record of your personal information that is held by us, and you ask us to associate with that record a statement that you have a contrary view, we will take reasonable steps to do so.

^ back to top

13. Third-Party Websites

You may click through to third-party websites from this site, in which case we recommend that you refer to the privacy statement of the websites you visit. This Privacy Policy applies to this site only and we assume no responsibility for the content of any third-party websites.

^ back to top

14. GDPR

We welcome the General Data Protection Regulation (GDPR) of the European Union (EU) as an important step forward in streamlining data protection globally. Although we do not operate an establishment within the EU and do not target any offering of services towards clinical trial participants in the EU specifically, we intend to comply with the data handling regime laid out in the GDPR in respect of any personal information of data subjects in the EU that we may obtain.

The requirements of the GDPR are broadly similar to those set out in the Privacy Act and include the following rights:

  1. you are entitled to request details of the information that we hold about you and how we process it. For EU residents, we will provide this information for no fee;
  2. you may also have a right to:
    1. have that information rectified or deleted;
    2. restrict our processing of that information;
    3. stop unauthorised transfers of your personal information to a third party;
    4. in some circumstances, have that information transferred to another organisation; and
    5. lodge a complaint in relation to our processing of your personal information with a local supervisory authority; and
  3. where we rely upon your consent as our legal basis for collecting and processing your data, you may withdraw that consent at any time.

If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, please be aware that:

  1. such objection or withdrawal of consent could mean that we are unable to provide our services to you, and could unduly prevent us from legitimately providing our services to other clients subject to appropriate confidentiality protections; and
  2. even after you have chosen to withdraw your consent, we may be able to continue to keep and process your personal information to the extent required or otherwise permitted by law, in particular:
    1. to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact on your rights, freedoms or interests; and
    2. in exercising and defending our legal rights and meeting our legal and regulatory obligations.

^ back to top

15. United States-based Privacy Rights

15.1 What are my rights?

Many jurisdictions in the United States have enacted their own comprehensive data privacy laws that include detailed consumer rights. If you are a California resident or a resident of a state with a comprehensive privacy law, these laws grant you certain data privacy rights. Your rights include the:

  1. Right to Access: You have the right to request a copy of the specific pieces of personal information that we have collected about you in the previous twelve (12) months. The information will be delivered by mail or electronically.
  2. Right to Data Portability: You have the right to receive your personal information in a portable, readily usable format that allows you to transmit your information to another entity without hindrance.
  3. Right to Correct Inaccurate Information: You have the right to request that we correct inaccurate information about you that we maintain.
  4. Right to Deletion: You have the right to request that we delete your personal information.
  5. Right to Be Free from Discrimination: You have the right to not be discriminated against by us for exercising any of your rights under the CCPA or applicable privacy laws.

California’s “Shine the Light” law permits Users of the Service who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at the information provided below.

^ back to top

16. CCPA Personal Information

Please consult the chart below to see the categories of personal information we do and do not collect (within the last twelve (12) months):

Category

Example

Collected

A. Identifiers.

name and date of birth;

residential and business postal addresses, telephone/mobile/fax numbers and email addresses;

health information (see Section 4 below);

any information that you provide to us when completing any form on our website, or create an account with us;

bank account and other payment details;

preferences and password for using our services;

computer/device and connection information; and

any information that you otherwise share with us.

Yes

B. Personal information categories listed in the California Customer Records. statute (Cal. Civ. Code § 1798.80(e)).

An address, telephone number, education, employment, employment history, bank account number. Some personal information included in this category may overlap with other categories.

Yes

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Yes

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Yes

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

No

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

Yes

G. Geolocation data.

Physical location or movements.

No

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

No

I. Professional or employment-related information.

Current or past job history or performance evaluations.

Yes (For Nucleus Network employees and job applicants only)

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

No

K. Inferences drawn from other personal information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

No


^ back to top

17. Verified Consumer Request

  1. To the extent applicable by law, you can exercise your legal rights by submitting a Verifiable Consumer Request to us by emailing us at the information below. Only you, or someone legally authorized to act on your behalf, may make a Verifiable Consumer Request related to your personal information. Making a Verifiable Consumer Request does not require you to create an account with us. You may only make a Verifiable Consumer Request for access to personal information twice in a 12-month period. The Verifiable Consumer Request must:
    1. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
    2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
  2. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a Verifiable Consumer Request to verify the requestor’s identity or authority to make the request.
  3. We will acknowledge receipt of a Verifiable Consumer Request within ten (10) days. We endeavor to respond to Verifiable Consumer Requests within thirty (30) days (for data subjects located in the EEA) or forty-five (45) days (for California residents) of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the Verifiable Consumer Request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
  4. We do not charge a fee to process or respond to Verifiable Consumer Requests, unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

^ back to top

18. Complaints procedure

18.1 Complaints handling

Your privacy is important to us. If you have a complaint or concerns about our information handling processes as they relate to your personal information, we ask that you first contact our privacy officer whose contact details are listed below.

If, after we have conducted our investigations, you are still not satisfied then we ask you consult with the relevant data protection authority in your jurisdiction.

18.2 Data Authority for Australian Residents

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you can lodge a complaint with or contact our Privacy Officer on the details above or directly with the Office of the Australian Information Commissioner. Full contact details can be found on the website www.oaic.gov.au.

^ back to top

19. How to contact us

If you have any queries, questions, concerns or wish to make a complaint regarding how we deal with your personal information please contact us:

Nucleus Network
Attn: Privacy Officer
Email: PrivacyOfficer@nucleusnetwork.com

Level 5, Burnet Tower,
89 Commercial Road,
MELBOURNE VIC 3004
AUSTRALIA

^ back to top

20. Changes to this Privacy Policy

We may make changes to this Privacy Policy at any time without notice to you. Any changes to this Privacy Notice will be promptly posted to this page and accompanied by a new updated date at the top of this page. We encourage you to review this Privacy Notice regularly for any changes.

Alternatively, please contact our Privacy Officer using the details provided above.

^ back to top