Privacy Policy

This Privacy Policy (“Policy”) explains how information is collected, used, and disclosed by Xperiome, which is operated and owned by ePatient Network Limited), (“Xperiome,” “we,” “us,” or “our”) in connection with your use of our websites such as https://xperiome.com, mobile applications, and other online services (collectively, our “Services”). This Privacy Policy does not apply to any third-party websites, services, or applications (including those of our Partners), even if accessible through the Services. When you use the Services, you consent to our collection, use, disclosure, and protection of information about you as described in this Privacy Policy.

Xperiome operates another service called Raremark which is not subject to this Privacy Policy. The Privacy Policy for Raremark, a consumer application that builds and maintains a consumer driven knowledgebase, matches users to study opportunities and facilitates sponsored research programs, is available at https://raremark.com/privacy. Participation in studies are subject to the specific informed consent for the relevant research purpose to which this policy does not apply.

We are a private company registered and headquartered in England and Wales under company number 06262589 and our registered office is at Kemp House 152-160 City Road, London, EC1V 2NX

We have appointed Alex Garner, Chief Operating Officer at Xperiome (email: alex.garner@xperiome.com), as our nominated representative to keep this Policy accurate and up to date.

IF YOU DO NOT AGREE TO THIS PRIVACY POLICY PLEASE DO NOT USE THE SERVICES

This policy contains the following sections::

  • What is Xperiome?

  • What information do we collect?

  • How do we use this information?

  • Why and how we share your information?

  • How do we protect your information?

  • Additional information collected and use of cookies

  • Your rights

  • Links on our Site

  • California Privacy Rights

  • Changes to Policy

  • Contact information

What is Xperiome

(We) Xperiome is a digital healthcare company who operate and manage Raremark. Raremark is a knowledge bank for the lived experience of rare disease, to help people affected by rare disease better understand, manage, and talk about their rare condition.

Through Raremark We are able to invite people affected by rare disease to sponsored clinical and real-world studies, unlocking data-driven insights into the rare experience and helping make treatments available faster.

We never share the personal information of Raremark members without their express permission.

What information do we collect?

Information provided to us when interacting with our Services

Typically prospective customers of Xperiome Services will either directly or indirectly provide information to us. The types of information include (but not limited to):

  • Contact information (such as name, email address, phones numbers) through web-forms, email or over the phone

Information we automatically collect when interacting with our Services

When you use the Xperiome site certain information is collected for us to analyse how you and others interact with Raremark, and we use this information to make ongoing improvements to the overall user experience for our services. To achieve this we may use 3rd party services. The information we collect may include:

  • your IP address;

  • Location information (based off your IP address)

  • the type of browser you use (eg: are you using the Chrome or Safari browser?);

  • the number of sessions per browser on each device;

  • the type of device (eg: Samsung) and operating system (eg: Android) you are using;

  • referrer information (eg: Facebook, Twitter);

  • time zone;

  • user preferences; and

  • which pages you visited

We may (without limitation) de-identify, aggregate and analyse information collected through our services for our own internal research and marketing purposes. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with goods or services). In this case, you may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Purposes for which we will use your personal information

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer

(a) Identity (b) Contact

Performance of a contract with you

To process and deliver your order including:(a) Manage payments, fees and charges(b) Collect and recover money owed to us

(a) Identity (b) Contact(c) Financial (d) Transaction(e) Marketing and Communications

(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:(a) Notifying you about changes to our terms or privacy policy(b) Asking you to leave a review or take a survey

(a) Identity (b) Contact(c) Profile(d) Marketing and Communications

(a) Performance of a contract with you (b) Necessary to comply with a legal obligation(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To enable you to partake in a prize draw, competition or complete a survey

(a) Identity (b) Contact(c) Profile(d) Usage(e) Marketing and Communications

(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity(b) Contact(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical (b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity (b) Contact(c) Technical (d) Usage (e) Profile (f) Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)

Use of cookies

Cookies are small amounts of information that are sent to and stored on your computer. They are used to identify you when you visit the Site, and to make your use of the Site more convenient for you. Cookies are used to remember usernames, passwords and preferences and to deliver a faster and more personalized service. If you do not wish to have cookies placed on your computer, you can disable some or all cookies in your internet browser.

Turning them off, however, will mean that you will not be able to enjoy this Site to its fullest since some parts of the website may become inaccessible or not function properly.

If you decide to stop using the Site and the Services by unsubscribing for deleting your account, you may also want to remove any cookies that we have placed on any device used to access the Site and the Services.

How do we use the information we collect

We, and third party services we use, use the information collected to provide our Services to you as described in this Policy.

Examples of how we use your information:

  • Deliver services

  • Respond to queries about our services

  • Analyse how you interact with our Services so we can learn how to improve them

  • For any other purpose described in this policy, or the Terms of Use.

  • To update you on changes to our Services

  • To inform you of case-studies and updates to our Services that you subscribe to receive

When you subscribe to some of our services, we may use technology to help build a profile with the information you provide. When subscribing to a Service like this, you expressly consent for us to process your information and use it to update you about Service updates and information regarding our Services.

If you wish to unsubscribe you can do so by clicking the unsubscribe link at the bottom of the communication we send or by emailing contact@xperiome.com.

Why and how we share your information

We may share your information with our third-party service providers that help us operate our business. Such as client management record providers, accounting services and email hosting providers.

If required by law or as necessary to protect our users and services. We may share information when we believe that doing so is necessary to protect, enforce, or defend the rights, privacy, safety, or property of Xperiome and managed Services and our employees.

We may disclose or transfer your information to a third party if we sell, transfer, divest, or disclose all or a portion of our business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding or take steps in anticipation of such a transaction.

Otherwise with your Consent or at your Direction. In addition to the sharing described in this Policy, we may share information about you with third parties whenever you consent to or direct such sharing.

How do we protect your information

To prevent unauthorized access or disclosure to your information, we have in place suitable physical, electronic and managerial procedures to safeguard and secure the information you provide to us via the Site.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We store your information using 3rd party service providers that operate to the highest standards of physical and technical security and that comply with all relevant data protection regulations, including the EU General Data Protection Regulation 2016/679(GDPR) and the UK Data Protection Act 2018. Copies of their security certifications can be requested by emailing us at contact@xperiome.com.

The Personal Information that we collect from you may be transferred to, and stored at, a destination outside the UK or the European Economic Area (EEA). It may also be processed by staff operating outside the UK or the EEA who work for us or one of our service providers or partners. If this is the case, we will ensure that there are adequate safeguards in place to protect your Personal Information and Sensitive Information.

However, no data transmission over the internet can be guaranteed to be 100% secure and while we strive to protect your Personal Information, we cannot ensure or warrant the security of any information.

Your rights

You have the right to request a copy of the Personal Information you have provided and to request correction or deletion of such Personal Information. We first require you to prove your identity with a copy of two pieces of approved identification such as a passport and driving licence. Then, we will supply, correct or delete Personal Information you have provided on our files. In addition, you may request the restriction of processing of your Personal Information.

If you wish to complain about the processing of the information you have provided then please contact us first, but if we do not satisfactorily deal with your complaint, then you may contact the UK Information Commissioner. (See: https://ico.org.uk/concerns/)

Rights for California residents

California residents have the right under certain circumstances to request information from us regarding the sharing of certain categories of “personal information” (as defined by applicable California law) during the prior year to third parties for their direct marketing purposes.

We do not share your personal information with third parties for their direct marketing purposes unless we have your explicit permission. For any questions regarding this, please contact us at the information below.

California Consumer Privacy Act (CCPA). Under the CCPA, you have rights with respect to your personal information. This includes the:

Right to Know:

  • You can request information about, and access to, personal information that we have collected, disclosed, or sold in the past 12 months, including the categories of:

    • information collected;

    • sources from which the personal information is collected;

    • personal information that we have sold or disclosed about you for a business purpose;

    • third parties with whom we share personal information;

    • the business or commercial purpose for collecting the information; and

    • the specific pieces of personal information that we have collected about you.

Right to Deletion:

  • You can request that we delete your personal information (subject to certain exemptions).

  • Right to Opt-Out of the Sale of Personal Information (We do not and will not sell your personal information (as defined by the CCPA).

  • Right to Non-Discrimination for Exercising your Rights.

Requests to delete your account or unsubscribe can be made via the Raremark website and most notification messages.

Additionally, we are required to inform California residents of the following:

  • Sale of Personal Information: we do not and will not sell your personal information.

  • Financial Incentives: we do not offer financial incentives for personal information.

  • We do sometimes reward you for participating in research studies which includes taking part in surveys, or other programs sponsored on our platform.

  • Categories of Personal Information Collected: The following categories of information cover the personal information that we intend to collect from our users with their consent in the future, in addition to covering what we have previously collected, with our user’s consent, in the past 12 months:

    • Identifiers

    • Protected Classifications

    • Electronic network activity

    • Geolocation data;

    • Employment-related information;

    • Education information; and

    • Inferences.

  • Information Shared for a Business Purpose: We may share any of the above categories of information with our service providers for business purposes in order to provide the Services to you. We do not disclose your personal information to Third Parties (as defined in the CCPA) without your consent.

  • Categories of Sources: The information that we collect comes from you, for example, through emails and surveys

  • Business Purpose: We collect information from you in order to provide the Raremark services. To match you to a knowledgebase of shared wisdom, and to study opportunities with our strategic partners.

Links on our Sites

There are links on this Site to third-party websites, over which we have no control. We accept no responsibility or liability for any third-party practices on third-party websites. We advise you to carefully read third-party privacy statements prior to the use of any third-party website.

Change of Control

If the ownership of our business changes, we may transfer your information to the new owner so they can continue to operate the Site and provide the Services. The new owner will be obliged to comply with this Policy.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Retention of information

We will keep your personal information for as long as you wish to remain on our database to receive the benefits of our Services. You can edit or update your/your child’s Personal Information at any time.

You can ask for your Personal Information to be taken off the database whenever you wish by emailing us at: [contact@xperiome.com]

Please note that information may have been used, e.g. in reports or shared with our strategic partners, and therefore cannot be removed.

Changes to Policy

We may revise this Policy at any time by amending this page and we encourage you to check this page from time-to-time. Where it makes sense because the changes are material, we will notify you of the changes by email or in another appropriate manner such as when you next interact with the Site.

Contact details

contact@raremark.com

Xperiome

Kemp House

152-160 City Road

London EC1V 2NX

United Kingdom

You can also call us on: +44 20 3920 9880, or (from the US) +1 972-382-7227.

UK registered company number 06262589