Introduction

Sterling Institutional Review Board (“Sterling IRB”, “we”, “us”, or “our”) is dedicated to safeguarding your privacy.  This Privacy Policy outlines Sterling IRB’s practices regarding the collection, use, and disclosure of personal information when you visit our website at www.sterlingirb.com and access our portal, SilverLink, at sterlingirb.my.irbmanager.com (collectively referred to as “Services”). By using our Services, you consent to and agree to abide by the practices outlined in this Privacy Policy. We reserve the right to modify or amend this Privacy Policy at any time.

This Privacy Policy is intended to govern use of your personal information only.  Other privacy and confidentiality terms and protocols, such as those found in a Master Services Agreement between Sterling IRB and a sponsor client, will govern the confidentiality, access, use, and disclosure of studies and documents that are downloaded to our Silverlink portal.

All sites associated with Sterling IRB are designated for adults over 18 years of age. We do not promote our sites or Services to or knowingly collect personally identifiable information from minors or children under the age of 13.

Information Collection, Use, and Sharing

We may collect the following types of information either personal information shared with us, or information collected automatically:

  • Personal Information: This may include your name, email address, contact details, professional information, affiliated organization, and other information that can be used to identify you personally.
  • Account Information: When you create an account, we may collect username, password (encrypted), and other information necessary for account setup and management.
  • Usage Information: We collect data related to your interaction with the Services, such as IP addresses, browser type, access times, pages visited, and service providers.
  • Cookies: We use cookies and similar technologies to enhance your experience and gather information about your visits.

Individual browsing users will remain anonymous unless they voluntarily choose to tell us who they are through any of the following:

  • Emailing or calling our staff with questions or feedback
  • Registering for and utilizing our web portal SilverLink.  Note: You will also be required to create a password in connection with your user registration. Once you register, you will be able to review and change your registration information and password at any time by logging in to SilverLink and clicking on Settings. It is your responsibility to ensure that your registration information details are kept confidential and up to date. The information we collect helps to enhance the Services and authenticate our authorized users.

We may use the information collected to provide our Services to our clients as well as maintaining and improving our Services. We may use your information for the following purposes:

  • Account Management: Create, maintain, and authenticate your individual user account and registration information.
  • Provide Services: Provide the Services you request, process transactions, and fulfill our contractual obligations to our clients who make use of the Services.
  • Improve Services: Enhance and customize your experience, understand user preferences, and improve our Services.
  • Communication: Communicate with you, respond to your inquiries, and send important information.
  • Legal Compliance: Comply with legal obligations, resolve disputes, and enforce our agreements.

We will not sell or rent your personal information to anyone. We may disclose your personal information as follows:

  • The Sponsor/CRO Study Team, Affiliates, or Other Authorized Study Vendors. We may share your personal information with the sponsor/CRO study team who are overseeing the clinical study, or with other vendors that they have authorized to receive this information.
  • Third Parties Designated by You. We may share your personal data with third parties where you have provided your consent to do so.
  • Third Party Service Providers. We may share your personal data with our third-party service providers who provide services such as information technology and related infrastructure provision, customer service, auditing and other similar services.
  • Other Disclosures. We may share your personal information as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Privacy Policy; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.

Data Retention

We keep your personal information only so long as we need it to provide the Services to you and fulfill the purposes described in this Privacy Policy. When we no longer need to use your personal information and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or depersonalize it so that we cannot identify you. We may retain a copy of your personal information in our archives.

You may permanently delete your user account at any time. When you delete your account, we will deactivate it and remove your profile from our website. Please note that there may be legal reasons for us to keep your personal information, such as if we receive a law enforcement request asking us to preserve data. We may also retain certain personal information in our backup systems for a limited period of time, or as required by law.

Information Security

We take reasonable steps to protect your information from unauthorized access or disclosure. However, no method of data transmission over the internet is entirely secure, and we cannot guarantee its absolute security.

Rights to Your Information

You have certain rights regarding your personal information, which may include:

  • Access: You have the right to request a copy of the personal information we hold about you.
  • Correction: You can request that we correct any inaccurate or incomplete personal information.
  • Deletion: You can request the deletion of your personal information, subject to legal requirements.
  • Restriction: You can request that we restrict the processing of your personal information under certain circumstances.
  • Portability: You may request the transfer of your personal information to another data controller in a structured, commonly used, and machine-readable format.

To request access, correction, deletion, restriction, or portability of this information, please contact us at [email protected].

California Consumer Privacy Act (CCPA) Compliance

Right to Know: Under CCPA, you have the right to request that we disclose certain information about our data collection and sharing practices in the preceding 12 months. To exercise this right, please contact us at [email protected]. We will respond to your request within 45 days.

Right to Delete: You have the right to request the deletion of your personal information collected by us. To exercise this right, please contact us at [email protected]. We will process your request as required by CCPA.

Non-Discrimination: We will not discriminate against you for exercising your CCPA rights, such as by denying access to our services or charging different prices for services, unless such differentiation is reasonably related to the value provided to you by your data.

Under CCPA, Californians have the right to opt-out of sharing, disclosing, or sale of your personal information. To exercise your right, please contact us at [email protected].

GDPR Compliance

Our Services are intended for use by biopharmaceutical companies, contract research organizations, investigators, and institutions in the United States and Canada.  Nevertheless, if you reside in the European Economic Area (EEA), the United Kingdom, or Switzerland, our use of your personal information is governed by the European Union’s General Data Protection Regulation, or “GDPR” or applicable EEA, UK or Swiss national laws. These laws grant you particular rights in your personal information, including the right to alter, correct, receive, or delete personal information processed by Sterling IRB, subject to our business interests and any legal requirements we may face.

Those in the EEA, UK, or Switzerland have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.

In addition to the choices described above you also have the following rights under the GDPR if you are accessing the Services in Europe:

Right of Access: You have the right to ask us for confirmation on whether we are processing your personal information, and access to the personal information and related information on that processing (e.g., the purposes of the processing, or the categories of personal information involved).

Right to Rectification: You have the right to have your personal information corrected, as permitted by law.

Right to Erasure: You have the right to ask us to delete your personal information, as permitted by law. This right may be exercised among other things: (i) when your personal information is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is based on your consent and where there is no other legal ground for processing; (iii) when you object to processing which is necessary for our legitimate interests and there are no overriding legitimate grounds for the processing, or when you object to your personal data being used for direct marketing purposes; or (iv) when your personal information has been unlawfully processed.

Right to Restriction of Processing: You have the right to request the limiting of our processing under limited circumstances, including: when the accuracy of your personal information is contested; when the processing is unlawful and you oppose the erasure of your personal information and request the restriction of the use of your personal information instead, pending verification whether the legitimate grounds of Sterling IRB override your grounds.

Right to Data Portability: You have the right to receive the personal information that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.

Right to Object: You have the right to object to our processing of your personal information, as permitted by law. This right is limited to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or processing which is necessary for the purposes of our legitimate interests, and includes profiling based on those provisions, and processing for direct marketing purposes.

Policy Updates

We reserve the right to update this Privacy Policy to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any changes by posting the updated policy on our website. All users are highly encouraged to periodically review this privacy policy in order to stay abreast of how Sterling IRB safeguards users’ collected information. Continuing to access our website embodies your acceptance and adherence to this privacy policy.

Contacting Us

If you wish to exercise any your rights or have questions about them, please feel free to do so by emailing us at [email protected].

APP507 – Sterling IRB Privacy Policy
Effective Date: 12/28/23 Version: 2.0