Privacy Policy

Personally Identifiable Information (“PII”) is data that can be used to identify a single person.

You may be asked to provide your PII anytime you contact Regenstrief. Regenstrief and its partners may share this PII with each other and use it consistent with this Privacy Policy. They may also combine it with other information to improve our research or services. You are not required to provide personal information that we have requested, but, if you choose not to do so, in many cases we will not be able to respond to any questions you may have.

Regenstrief processes personal information based on the following lawful bases:

• Consent: Where legally required, we obtain your explicit consent before processing personal data (e.g., research participation, marketing emails).
• Contractual Necessity: When processing is required for fulfilling a contract (e.g., employment records, research agreements).
• Legal Obligation: When required by law (e.g., regulatory reporting, compliance with court orders).
• Legitimate Interests: When necessary for research, security, or administrative purposes, provided such processing does not override your rights.

Here are some examples of the types of PII that Regenstrief may collect and how we may use it:

Regenstrief collects information to operate effectively and provide high-quality research and services. The types of data we collect depend on how you interact with us:

• Website Visitors: IP address, device identifiers, browser type, and browsing activity through cookies.
• Research Participants: Name, contact information, health data, demographic information, and other relevant research data (subject to IRB approval and consent).
• Job Applicants: Name, resume details, employment history, and references.
• General Inquiries: Contact details and any information voluntarily provided via email, phone, or online forms.

Other: We may ask for a government issued ID in limited circumstances, including when you may receive a gift card for participating in a research study.

We may process your PII: for the purposes described in this Privacy Policy, with your consent, for compliance with a Regenstrief legal obligation; for the performance of a contract to which you are a party; to protect your vital interests; or when we have assessed it is necessary for the legitimate interests pursued by Regenstrief or to a third party to whom it may be required to disclose information. If you have questions about the lawful basis that we process your PII, you can contact the Privacy & Data Protection Officer.

• The PII we collect allows us to keep you posted on Regenstrief-related announcements, articles, and upcoming events. You can change your preferences for our email list anytime here.
• We may also use PII to help us create, develop, operate, deliver and improve our research, products, services, content and advertising, and for anti-fraud purposes. We may also use your PII for account and network security purposes, to protect our services and research from harm, and for pre-screening or scanning uploaded content for potentially illegal or other harmful content. We limit our uses of data for anti-fraud purposes to those which are strictly necessary and within our assessed legitimate interests to protect our research and services.
• We may use your PII, including , to verify your identity, assist with identification of users, and to determine appropriate services. For example, we may use date of birth to determine the age of a participant
• From time to time, we may use your PII to send important notices, such as communications about research or changes in our policies.
• We may also use PII for internal purposes such as auditing, data analysis and process improvement to enhance our research and services.
• If you apply for a position at Regenstrief or we receive your information in connection with a potential role at Regenstrief, we may use your PII to evaluate your candidacy and to contact you. If you are a candidate, you will receive separate information about how Regenstrief handles candidate PII at the time of application.

Regenstrief shares PII with companies who provides services to us such as information processing and storage, managing data, conducting market research or surveys, and assessing your interest in our research, products, and services.

It may be necessary (by law, legal process, litigation, requests from governmental agencies) for Regenstrief to disclose your PII. We may also disclose your PII if we determine that disclosure is necessary or appropriate for law enforcement or other issues of public importance. We may also disclose your PII, but only if there is a lawful basis for doing so, if we determine that disclosure is reasonably necessary to enforce our terms and conditions, or to protect our systems and research. This could include providing PII to public or governmental authorities.

Regenstrief takes the security of your PII very seriously. Our websites and online services protect your PII during transit using encryption such as Transport Layer Security (“TLS”). When we store your PII, we use encrypted storage solutions with limited access using appropriate administrative, technological, and physical safeguards.

When you use some Regenstrief services or post on Regenstrief social media accounts, the PII and content you share may be visible to others and can be read, collected, or used by other users. You are responsible for the PII you choose to share or submit in these instances. For example, if you list your name and email address in a social media post, that information is public.

Regenstrief does not make any decisions involving the use of algorithms that significantly affect you.

Regenstrief allows you to keep your PII accurate, complete, and up to date. We will retain your PII for the period necessary to fulfill the purposes outlined in this Privacy Policy and our research-specific retention terms.  Regenstrief may retain research data, including data involving PHI, for at least 10 years following the completion of a study, or longer if required by applicable law, policies or funding agreements.  Employment & HR Data may be retained for up to and following seven (7) years following employment termination, per labor laws and other federal guidance.

Upon expiration of the retention period, data will be securely deleted or anonymized. Individuals may request data deletion by contacting us unless legal or research obligations require continued retention.

When assessing these retention periods, we carefully examine our need to collect PII at all, and if we establish a relevant need, we only retain it for the shortest possible period to realize the purpose of the collection unless a long retention period is required by law.

Regenstrief will provide you with a copy of your PII for any purpose including to request that we correct the data if it is inaccurate or delete the data unless Regenstrief is not required to retain, provide access or copies, or delete it by law or for legitimate research or business purposes.

We may decline to approve requests that are frivolous, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by law. We may also decline deletion or access requests if we believe doing so would undermine our legitimate use of data for anti-fraud and security purposes described earlier. Contact  Regenstrief to request access, corrections, or deletions of your PII.

The California Consumer Privacy Act (“CCPA”) provides California consumers with the right to obtain from certain businesses information about the PII they collect, use, and disclose. If you choose to exercise your privacy rights, you have the right to not receive discriminatory treatment or a lesser degree of service from the business. Regenstrief is not a business organized or operated for the profit or financial benefit of its shareholders or other owners.

A consumer has the right to opt-out of the sale of their PII. Regenstrief does not sell PII, and we do not sell goods or services to consumers for personal, family, or household purposes from Internet websites or online services.

Regenstrief takes extra precautions to protect the privacy and safety of children who may access our websites, services, and be included in research. Children under the age of 13, or equivalent minimum age in the relevant jurisdiction, are not allowed to create unique accounts for our websites and services. If we discover that we have collected the information of a child under the age of 13, or the equivalent minimum age in the relevant jurisdiction, we will take steps to delete the information as soon as possible. If at any time a parent needs to access, correct, or delete data associated with their child under the age of 13, or the equivalent minimum age in the relevant jurisdiction, they may contact us to delete their child’s information.

Regenstrief does not provide location-based services to collect, use, or share precise location data such as the real-time geographic location of your computer or device without your explicit consent for research.

On occasion, third parties may share their location data with us for research purposes. Location data may be de-identified or limited in detail, depending on the data source and applicable privacy protections.  The identifiability of this data depends on the data source and applicable legal requirements.

Regenstrief website, social media posts, and other communications may contain links to third-party websites, products, and services.

Information collected by third parties, which may include features such as location data or contact details, is governed by their privacy policies. We encourage you to learn about the privacy practices of those third parties.

Regenstrief does not transfer or store the information to locations outside of the United States, and we do not have any legal entities or control agents outside of the United States that collect, process, store or share PII. When you share your information, which originates from outside the United States to us, that information will be subject to jurisdiction of the United States.

When data is transferred internationally, we ensure adequate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) for data transfers to the European Economic Area (EEA).
• Data encryption and access controls to protect transferred information.

If you have any questions or concerns about Regenstrief’s Privacy Policy, you would like to contact our Privacy/Data Protection Officer, or if you would like to make a complaint about a possible breach of local privacy laws, please contact us by phone, email, or by filling out the form below.

When we receive a privacy question or a question about PII, we attempt to respond as quickly as possible within our limited resources, but some substantive questions may require up to seven (7) days for us to respond to you. You may contact the relevant jurisdictional regulator about your complaint at any time or if you are unsatisfied with our reply.

When your complaint indicates we can make an improvement in our handling of privacy issues, we will take steps to make such improvement at our next reasonable opportunity.

Regenstrief may update this Privacy Policy from time to time. When significant changes occur, we will notify users through:

• A banner notification on our website.
• Revision of the policy’s effective date at the top of this page.