Privacy Policy
Effective Date: 3 February 2020
Yendou is a clinical trials management platform that provides teams at sponsor and site level with the tools to orchestrate their study startup. At Yendou, our mission is your mission. We’re committed to protecting your privacy rights, so you can focus on the work that matters most to your business — with peace of mind.
This Privacy Policy describes how Yendou GmbH collect, process and manage your information and explains the choices available to you with respect to your information. If you have any questions or concerns about how Yendou processes your information or about this Privacy Statement, you can email us any time at privacy@yendou.io. Additionally, if you’re looking to exercise your privacy rights, just send us an email at privacy@yendou.io.
Our Relationship With You
Information We Process
How we use your information
How we disclose your information
Protection, Storage, Transfer and Retention of Your Information
Other Important Information
Your Privacy Rights
Our GDPR commitment
Changes To Our Privacy Statement
Contact Us and Privacy Questions
Previous Privacy Statement
1 - Our Relationship with you
In situations where our users are subject to our Subscriber Agreement, Enterprise Master Services Agreement, or other Master Services Agreement to use Yendou’s services, Yendou is the processor/service provider (a provider that processes personal data on behalf of or at the direction of a controller, or other similar designation under the law) and our customer (usually a company or organization) is the controller/business (the entity that decides how and why information is processed) of the information provided to Yendou via their use of Yendou. In all other cases, Yendou is the controller of the information.
For example, if you create an account with
your corporate email address, your company is the controller of that information.
A free email domain (like gmail.com) or personal email account, Yendou is the controller.
Yendou can be used by companies, Organisations (like SMOs, site networks, research sites) or by individual users within a research site:
If you’re using Yendou through your company, educational institution, or with your company email address, your company or educational institution’s own Yendou’s administrator is responsible for the accounts associated with that company or institution and can: restrict, suspend, or terminate your access to or ability to use the services, access information about you, access or retain information stored with us (including your workspace content and log data about your use of Yendou), and restrict your ability to edit, restrict, modify, or delete information associated with your use of our products and services.
2 - Information We Process
Yendou processes information we receive directly from you, automatically collected when you use Yendou or visit one of our websites, and collected by Yendou from third parties. However, please note that this Privacy Policy does not apply to the processing of your information by third parties through your use of any third-party integrations available via our services. Please visit those third-party websites directly for more information on their privacy and data protection practices.
Informations Yendou receives directly from you
The Information needed to create an account.
This includes information that is needed for Yendou to create an account for you and manage your ability to log in and out of Yendou:
Identifiers, such as first and last name and email address
Your password for Yendou (hashed) - unique, long, and strong, please Information related to a third-party authentication identity provider, such as Google Authenticator
Your Company affiliation, such as the name, Phone and address of Site Information you provide to us through your use of Yendou
Information you provide in studies, profile, My trials, and study feasibility surveys Information uploaded to Yendou, such as attachments
Information from emails you forward to us on all email addresses linked in Terms, Privacy, Subscriber agreement, contact, and every email with an @yendou.io ending Profile details and other information you provide to describe yourself, which we only collect if you do choose to provide it, such as your gender pronouns
Video and audio recordings, and transcripts of those recordings, if you use video messaging
Professional or employment information, such as your title or role at your company Any other information you choose to provide while using Yendou that identifies or can be reasonably associated with you
Other information you may provide to us when you interact with Yendou in other ways. You may voluntarily provide us with information when you interact with us in other ways. If you directly interact with
Yendou staff, such as our sales, user research, or user operations groups, or if you become a Yendou Champion, Yendou may process:
Your requests, questions, and responses to us via forms or email
Information to verify your identity
Geographic information, such as region and country
Social media information
Your date of birth Your audio and video, if you participate in a sales call or user research study and do not opt out of call recording, which also involves the collection of biometric information associated with the call recordings
Information automatically processes when you visit our websites or use our mobile or desktop app
We may also collect the following:
Metadata and inference information related to your use of Yendou, our websites, and third-party integrations to better understand the way you work in Yendou. We may log the actions you take as you use Yendou, including but not limited, to the number of clinical trials you participate in, patient enrolment rate, the number of studies you are creating, when you delete a study, an activity or comment, the features and embedded content you interact with, the types of files you transmit, and what, if any, third-party integrations you use.
Internet network activity, cookies, and similar tracking technologies, including data our servers automatically record, such as your web request, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, and other such information. Please visit our Cookies Notice for more information about the types of information we collect via cookies, including information about advertising and analytics, and how we use it.
Information collected as a result of participation in beta testing, such as error reports or feedback provided by you Information about how you interact with our website yendou.io, such as where you click, how long you visit a page, your scrolling, mouse hovers, and other data to help us better understand your experience and provide you with the best user experience Device information and activity when you use Yendou via a mobile device, such as the type of device you are using, device IDs, operating system version, and mobile network information to ensure that we are serving you the correct version of our application Derived device geolocation information, such as approximate geographic location inferred from an IP address Information Yendou receives from other sources Sometimes Yendou receives your information from third parties (other individuals, marketing services, third-party integrations), which may include Information processed from third-party integrations you set up with Yendou. For example, a third-party integration may give us access to information stored in that third party that Yendou will process to facilitate the integration Name, email, and business contact information Information about you provided to us from other individuals or users of Yendou
3 - How we use your information
Yendou uses your information to operate our products and services, communicate with you, and to comply with the law. Specifically, we may process your information to:
Provide services to you and operate our business
Maintain, provide, and improve our products and services
Help us better understand user interests and needs, and customize Yendou for you
Analyze and research how you interact with our websites and applications
Protect Yendou and you, for example:
Securing our systems and products against fraud or unauthorized activity
Identifying, troubleshooting, and fixing bugs and errors
Complying with global laws and regulations
Investigate in good faith alleged violations of our User Terms of Service
Comply in good faith with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines or that we otherwise determine is necessary to respond to
If you use Yendou as part of an organization, company, or academic institution with an agreement with Yendou, Yendou will process your information as required by our contract with your organization or academic institution. Those contractual terms may differ from, and, in the event of a conflict, take precedence over, the uses described in this Privacy Statement.
In addition, we use information about your use of Yendou, account information (such as your email address and name), and information related to third-party integrations to:
Facilitate reporting and analyze performance of the Yendou platform or features available in Yendou
Provide webinars or public presentations
Demonstrate Yendou or provide you access to a demo Yendou instance
Process your information at your direction
Provide cross-device management of your account. For example, we may locate or try to locate the same unique users across multiple browsers or devices (such as smartphones or tablets), or work with service providers that do this, in order to save your preferences across devices and analyze usage of our products and services. If you wish to opt out of Google’s ability to locate you across devices in this way, you may install the Google Analytics Opt-out Browser Add-on by clicking here.
Provide you with support and get your feedback
Respond to your requests for information
Help identify and troubleshoot any issues with your account and answer your questions
Resolve support requests
Provide you with reports about usage
Survey your opinions through surveys, research studies, and questionnaires
Combined Information
Unless otherwise prohibited by law, we may combine the information that we collect through your use of our products and services with information that we receive from other sources, both online and offline, and use that combined information as set out above.
Aggregated and de-identified data
We may aggregate and/or de-identify information related to your use of Yendou (such as how many feasibilities you participated in (as research site) or study projects you created (as sponsor)) so that such information can no longer be linked to you or your device.Aggregated and de-identified data
We may aggregate and/or de-identify information related to your use of Yendou (such as how many feasibilities you participated in (as research site) or study projects you created (as sponsor)) so that such information can no longer be linked to you or your device.
4 - How we disclose your information
We need to disclose the information we collect about you to make our products and services run smoothly and to operate our business under the following conditions:
Service providers and subprocessors. We may provide access or disclose your information to select third parties that use the information on our behalf to assist in providing Yendou’s services, website, and features. These third parties provide a variety of services to us, including without limitation sales, marketing, provision of content and features, advertising, analytics, research, data storage, security, fraud prevention, and other services. You can find a list of our subprocessors here.
Advertising and marketing. We may provide information collected when you visit a Yendou website (such as email addresses) to service providers, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, in order to provide you with more relevant Yendou ads when you visit other websites.
Because you ask us to disclose. We may disclose your information to third parties when you ask us to do so. This includes when you connect Yendou with other tools via available integrations (Please note that - as of today - Yendou offer no integrations).
Consistent with your settings within our products and services. Please note that the information you submit through and post to Yendou may be viewable by other users in your study workspace, team, division, or organization, depending on the specific settings you have selected and if an organization has been created for your domain.
Affiliates and subsidiaries. We may disclose the information we collect within the Yendou family of companies to provide Yendou’s services to you. A list of our affiliates will be available once available.
Business transfers. If the ownership of all or substantially all of our business changes, or all or some of our assets are sold as part of a bankruptcy or other proceeding, we may transfer your information to the new owner so that the services can continue to operate. In such case, your information would remain subject to the promises and commitments contained in this Privacy Statement until the acquiring party updates it. If such transfer is subject to additional mandatory restrictions under applicable laws or agreements, Yendou will comply with those restrictions.
Compliance with legal obligations. To comply in good faith with a valid legal subpoena, request, or other lawful process that meets the requirements of our Law Enforcement Guidelines. We will notify individuals or customers of that request unless: we are prohibited from doing so by law or court order; or there are exceptional circumstances, such as an emergency involving the risk of bodily injury or death to a person or group of people or potential harm to minors.
Your company’s own Yendou account administrator (if you have one). If you’re using Yendou in connection with an organization, academic institution, or company domain, your company’s own Yendou account administrator can export data associated with the domain they manage if they have a subscription plan that allows them to do so.
Public Forums. Our public forums, such as the Yendou community forum, make it possible for you to upload and post comments or feedback publicly with other users. Any information that you submit through such public forums is not confidential and Yendou may use it for any purpose (including in testimonials or other Yendou marketing materials). Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Such information can be read, collected and/or used by other users and could be used to send you unsolicited messages.
We use and disclose the categories of information we collect from and about you consistent with the various business purposes we discuss throughout this Privacy Policy. We do not disclose your information to third parties for their own direct marketing purposes. For more information, see our GDPR Commitment in section 8.
5 - Protection, Storage, Transfer & Retention of your information Security
Yendou takes technical and organizational measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet and no means of electronic or physical storage is absolutely secure, so we cannot ensure or warrant the security of that information. We are constantly updating and improving our safeguards and you can read up to date information about our security practices by visiting our Trust page.
Storage
When you use Yendou, some information about you will be stored in the EU.
Transfer of your information out of EEA, UK, Switzerland, and Japan
When you use our products and services, information about you will be transferred to Belgium where the majority of Yendou’s data processing occurs. In compliance with GDPR, We may also transfer information that we collect about you to third party processors across borders from your country or jurisdiction to other countries or jurisdictions around the world.
Data Retention
We will retain your information for the period necessary to fulfil the purposes outlined in this Privacy Statement, to make our products and services available to you, or as instructed by you, unless a longer retention period is required or permitted by law.
6 - Other important informations
Use by children under 16
If you are under the age of 16, you may not have a Yendou account or use Yendou’s products or services. We do not knowingly process any information from, or direct any of our products or services to, children under the age of 16.
Marketing Practices and Choices
If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data, such as when you open our message or click on any links or banners within our emails. This data allows us to gauge the effectiveness of our communications and marketing campaigns.
You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions, and special events that might appeal to your interests by contacting us via the methods listed in the Contact Us and Privacy Questions section. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails.
Please note that, regardless of your request, we may still use and disclose certain information as permitted by this Privacy Policy or as required by applicable law. For example, you may not opt out of certain transactional, operational, or service-related emails, such as those reflecting our relationship or transactions with you.
Global Privacy Control and Do Not Track
Yendou honors the Global Privacy Control (GPC) signal.
Some web browsers incorporate a “Do Not Track” feature. Our online resources do not currently alter their practices when they receive Do Not Track signals. To learn more about Do Not Track, you can do so here.
Legal Bases for Processing Your Information
The laws in some jurisdictions require us to inform you of our legal bases for processing your information. Our legal bases for collecting and using your information described above will depend on the particular type of information and the specific context in which we collect it. However, some examples of legal bases for processing that we rely on:
Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with the User Terms of Service which you accept by using Yendou’s services or to fulfill the terms of a contract signed with companies) Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security, operate our products and services, prevent fraud, analyze use of and improve our products and services, and for similar purposes) Where use of your information is necessary to comply with a legal obligation (for example, to comply with our legal obligations to collect and store tax or invoice information for a certain period of time) Where we have your consent to process data in a certain way
7 - Your privacy rights
Your Privacy Rights
Yendou users from around the world use our products to bring clarity to their work. Regardless of what country you’re located in, we respect your ability to know, access, correct, export, restrict the processing of, and delete your information, and have extended those rights globally. We will not discriminate against you for exercising your privacy rights.
Information about your rights
Upon your request, and subject to applicable legal exceptions, we will:
Provide access to and/or a copy of certain information we hold about you
Provide you with information about categories of information we collect or disclose about you, the categories of sources of such information, the business or commercial purpose for collecting your information, and the categories of third parties to which we disclose your information. For your convenience and so you don’t have to request it, we’ve included that information in this Privacy Statement.
prevent the processing of your information for promotional purposes (including any direct marketing processing based on profiling)
update information which is out of date or incorrect
delete certain information which we have about you
restrict the way that we process and disclose some of your information
transfer your information to a third party provider of services
revoke your consent for the processing of your information
If you request these rights, we will need to verify your identity and may need to verify your relationship with Yendou (for example, if you’re an administrator of a Yendou organization, division, or workspace and you’re making a request on behalf of another individual) for security and to prevent fraud.
We may take additional steps to verify that you are authorized to make the request. If you are an end user of Yendou’s services and not a direct customer of Yendou (for example, your company uses Yendou and you’re an employee or authorized representative of that company), you should direct requests relating to your information to the administrator of your company’s Yendou account. We will redirect you to your administrator or notify the administrator directly. To exercise your privacy rights, please make a request by sending us an email to privacy@yendou.io.
Please note, however, that certain information may be exempt from such requests in some circumstances (for example, if we need to keep processing your information for our legitimate interests or to comply with a legal obligation). Depending on applicable law, you may have the right to appeal our decision to deny your request. If we deny your request, we will provide you with information on how to appeal the decision, if applicable, in our communications with you.
Right to manage cookies preferences and opt out of targeted advertising Yendou do not share information about your device and online browsing activities with any third-party advertising providers.
8 - Our GDPR commitment
Yendou is committed to protecting and honoring your privacy rights. In light of a number of jurisdictions having enacted laws that affect how companies handle personal information, we wanted to take a moment to share what measures Yendou has put into place to comply with the General Data Protection Regulation (GDPR):
General Data Protection Regulation
The GDPR is a European law establishing protections for the personal data of EU residents that came into force on May 25, 2018. Under the GDPR, organizations that collect, maintain, use, or otherwise process EU residents’ personal data (regardless of the organization’s location) must implement certain privacy and security safeguards for that data. Yendou has established a comprehensive GDPR compliance program and is committed to partnering with its customers and vendors on GDPR compliance efforts. Some significant steps Yendou has taken to align its practices with the GDPR include:
Enhancements to our security practices and procedures Closely reviewing and mapping the data we collect, use, and share Creating more robust internal privacy and security documentation Training employees on GDPR requirements and privacy/security best practices generally Carefully evaluating and building a data subject rights’ policy and response process Below, we provide additional details about the core areas of Yendou’s GDPR compliance program and how customers can use Yendou to support their own GDPR compliance initiatives.
International Data Transfers
EU data protection laws require organizations to use a recognized legal mechanism to transfer data from the EU to countries that do not have a similar data protection framework, including the United States.
Yendou’s Customer Data are exclusively stored in the EU.
The regulatory guidance in this area continues to evolve, and we are tracking additional guidance from data protection authorities closely. Yendou remains committed to the privacy of our customers and will continue to work to make sure we comply with data protection laws.
Data Access, Management, and Portability Tools
The GDPR gives individual data subjects in certain circumstances the rights to, among other things, access, delete, and make corrections to their personal data. Yendou is committed to facilitating data subject requests consistent with the GDPR, as further described here.
Privacy Documentation
At its core, the GDPR is focused on transparency, fairness, and accountability. Accordingly, the law requires organizations to maintain documentation about their privacy practices and their decisions about how they handle individuals’ personal data. Yendou shares the GDPR’s commitment to these principles.
Data Security
The GDPR requires organizations to use appropriate technical and organizational measures to protect the security, confidentiality, and integrity of personal data. Security continues to be a priority for Yendou.
At Yendou, we implemented a variety of safeguards to protect the security of our platform, including encrypting web connections to protect data transmissions, and replicating our databases to support reliability of the platform. Yendou also offers customers the ability to use additional security controls to further enhance the security of their teams’ data. For more information, please check our Security page.
Exercising Your Rights Under the GDPR
If you would like to exercise your rights under the GDPR, please submit your request to privacy@yendou.io.
9 - Changes to our Privacy Statement
We will update this Privacy Statement to make sure it accurately reflects our data collection and use practices, our amazing features, advances in technology, or as applicable laws require. We will comply with applicable legal requirements regarding providing you with notice and/or consent when we make such changes, depending on the type of change made. We also provide information about how our Privacy Policy has changed over time below.
10 - Contact us and privacy questions
Yendou is located at ℅ Zina Sarif, Wichertstraße 53, 10439 Berlin, Germany. If you wish to contact us or if you have any questions about or complaints in relation to this notice, please contact us at privacy@yendou.io. To contact our Data Protection Officer, please email dpo@yendou.io.
11 - Previous Privacy Statement
No history