Dream ePRO App Privacy Policy

Update (September 25, 2024)

Welcome to the Dream ePRO App Service, which respects and protects the information security and personal privacy of all Dream ePRO App users. App will collect, use, store and disclose your personal information as specified in this Privacy Policy, and ensure your relevant rights as required by laws and regulations, and take security measures to protect the security and controllability of your user information, and we will update this Privacy Policy from time to time.

We remind you to read and thoroughly understand this privacy policy before using the Dream ePRO App services. Use related products and services only after confirming full understanding and agreement. If you have any questions after reading, you can contact us through the feedback channels listed in Chapter IX, and we will answer them as soon as possible.

1. Rules for the collection and use of information

(1). How do we collect your personal information

1) During your use of the Dream ePRO App service, we will collect information that you actively provide or generate as a result of your use of the service to provide you with the service or optimize our service as follows.

A. You first need to register for a Dream ePRO App account to become a registered user of the Dream ePRO App. When you register, you can do so by filling in your username and password and setting up security questions. After successfully registering, you will verify your identity through the App by scanning a designated QR code provided by the research staff or a designated person, which will link to your subject number.

B. User logs in to App: When you log in to Dream ePRO App, we will obtain your mobile phone device information (including but not limited to the information describing the basic situation of personal commonly used devices, including hardware serial numbers and IMEI/Android ID unique device identification codes). In addition, we will obtain your MAC information in the background state of App, so that we can adapt to different device models and provide users with differentiated interface display content. Such information is the basic information that must be collected in order to provide services.

C. My Tasks: When you click to enter the "HomePage-My Tasks" page, you will need to fill out self-assessment scales or relevant questionnaires online so that the clinical trial researchers can collect feedback information about your participation in the trial. This includes hospital examination reports or feedback on your personal health condition, as well as any feedback on any physical abnormalities you may have. The self-rating form or related questionnaire is provided by the clinical trial institution. Your results may form part of the personal health physiological information and will be fed back to the researcher side of the clinical trial. Personal health physiological information is sensitive information. If you do not provide such information, the researcher may not be able to obtain your effective clinical trial feedback information and make appropriate medical judgments based on it.

D. In order to ensure the accuracy of data collection and push, App may obtain your MAC address information in the way of data collection and/or promotion in App, which is limited to Android phones. MAC address information is sensitive and we do not actively obtain the aforementioned information without your explicit authorization. If you do not provide this information, we may not be able to provide you with more accurate services, but it will not affect your normal use of basic service functions such as App platform browsing.

2) To provide you with our services, ensure their normal operation, and safeguard your account security, we will need to request permissions related to your camera, microphone, and storage. These permissions will only be granted to us after you have explicitly agreed.

3) We will use the collected information for the purposes covered by this privacy policy. If we use your personal information beyond the stated purpose and in direct or reasonable connection with the collection, we will inform you again and obtain your express consent before using your personal information.

(2) How We Use Your Personal Information

1) We use the collected information for the following purposes, in strict compliance with the laws and regulations and in accordance with our agreements with users.

A. Provide, maintain and optimize Dream ePRO App services: We will use the collected information to provide and optimize and improve Dream ePRO App services, such as tracking problems reported to us by users and providing users with better services based on service usage information;

B. Security: We will use relevant information to help improve the security and reliability of Dream ePRO App services, including detecting, preventing and responding to fraud, abuse, illegal acts, security risks and technical issues that may endanger users or the public;

C. Communicate with users: When necessary, we will use the collected information to directly communicate with users. For example, if we detect suspicious activity, we may send notifications to users that we may let them know about upcoming changes or improvements to Dream ePRO App.

D. In order to comply with the relevant requirements of relevant laws and regulations, departmental rules and government instructions.

2) Currently, we do not use your personal information for personalized recommendation or advertising purposes. If we use your personal information, which is beyond the scope of the stated purpose at the time of collection and is directly or reasonably associated, we will inform you separately and obtain your express consent through the App page pop-up prompts and interactive processes before using your personal information.

3) We use the collected information in strict compliance with laws and regulations as well as with our users, as described in this Privacy Policy, to provide you with better services.

(3) Exceptions to the collection and use of your relevant personal information that require your authorization and consent

1) It is directly related to national interests such as national security and national defense security; it is directly related to major public interests such as public security, public health, and public information;

2) directly related to criminal investigation, prosecution, trial and execution of judgments;

3) It is difficult to obtain personal consent for the purpose of protecting your or other personal life, property, reputation and other major legitimate rights and interests;

4) The personal information collected is made public to the public by yourself;

5) Collecting personal information from legally disclosed information, such as legal news reports, government information disclosure and other channels;

6) What is necessary for signing and performing the contract according to your requirements;

7) It is necessary to maintain the safe and stable operation of the products or services provided, such as finding and disposing of failures of the products or services;

8) Necessary for carrying out legal news reports;

9) Designing the personal information contained in the results when it is necessary to carry out statistical or academic research in the public interest and it provides the results of academic research or description to the outside world;

10) Other circumstances stipulated by laws and regulations

(4) Please understand that the features and services we provide to you are constantly updated and developed. If a feature or service is not included in the aforementioned description and has collected your information, we will separately explain to you the content, scope and purpose of the information collection through page reminders, interactive procedures, website announcements, etc. to obtain your consent.

(5) Please note that at this time we do not actively access your personal information from third parties outside of Dream ePRO. If you need to obtain your personal information indirectly from a third party for business development in the future, we will inform you of the source, type and scope of use of personal information before obtaining it. If we need to conduct personal information processing activities beyond the scope of your original authorization to provide personal information to a third party, we will obtain your authorization consent before processing your personal information; in addition, we will strictly abide by the relevant laws and regulations and require the third party to ensure the legality of the information provided by it.

2．Storage of information

(1) We store your information in a secure way, including on-premises storage (such as data caching with APP), databases, server logs, and cloud storage.

(2) Please note that if you choose to log out of your account, we will delete or anonymize your information, except for information that is required by relevant laws and regulations to be retained for a certain period of time. For the above information that must be retained, we will delete or anonymize it after the retention period prescribed by laws and regulations expires.

(3) We will take reasonable and feasible measures to avoid collecting irrelevant user information. Unless permitted by law or otherwise agreed, we will only retain your user information for as long as necessary to achieve the purposes stated in this Privacy Policy. We will delete or anonymize your personal information after the above user information retention period has expired.

(4) If the Dream ePRO App products and services cease to operate, we will take reasonable measures to protect the security of your user information and prevent the continued collection of user information in a timely manner; the suspension notice will be notified to users in the form of one-by-one delivery or announcement; and all personal information held will be deleted or anonymized.

(5) We will store your user information collected in the People's Republic of China. If you need to transmit personal information abroad due to business needs in accordance with applicable laws, we will obtain your consent in advance and inform you of the purpose of leaving the country, the recipient, security measures, security risks, etc.

3.Information security protection

(1) Dream ePRO App accounts have security features. Please keep your username and mobile phone verification code properly. We have taken reasonable and feasible security measures to protect your information and ensure that your information is not lost, abused and changed. We strive to provide users with information security guarantees to prevent information leakage, loss, improper use, unauthorized access and disclosure.

(2) We use industry-leading technology protections. The technical means we use include, but are not limited to, firewalls, encryption of transport protocols (such as HTTPS), de-identification or anonymous processing, access control measures, etc. In addition, we continue to enhance the security capabilities of the software installed on your device. For example, we will do some of the information encryption work locally on your device to consolidate secure transmission; we will understand the application information installed on your device and the process information running to prevent malicious programs such as viruses and Trojans.

(3) We have established a special management system, process and organization to ensure the security of personal information. For example, we strictly limit the range of people accessing information and require them to comply with their confidentiality obligations, and those who violate their obligations are punished according to regulations. We also review the management regime, processes, and organization to prevent unauthorized access to, use of, or disclosure of user information.

(4) We recommend that you pay full attention to the protection of your personal information when using products and services. We also provide a variety of security features to help you protect your personal information. If you find that your personal information is leaked, especially the username and password of Dream ePRO App are leaked, please contact Dream ePRO App customer service or email to Clinflash.service@clinflash.com immediately, and send relevant suggestions to email so that Dream ePRO App can take appropriate measures.

(5) After an unfortunate user information security incident (leakage, loss, etc.), we will promptly inform you of the basic situation and possible impact of the security incident in accordance with the requirements of laws and regulations, the disposal measures we have taken or will take, suggestions that you can prevent and reduce risks independently, and remedial measures for you. We will inform you of the relevant events in a timely manner by email, letter, phone, push notification, etc. When it is difficult to inform the user of the main body of information one by one, we will adopt a reasonable and effective way to issue an announcement. At the same time, we will also report the handling of user information security incidents in accordance with the requirements of the regulatory authorities.

4. Sharing, transfer and public disclosure of information

(1) Share

1) We will not share your personal information with any company, organization or individual outside of the Company unless expressly agreed to by you.

2) After you have successfully enrolled in and participated in a clinical trial project, we will only encrypt and transmit the information you fill out or submit in self-assessment scales or relevant questionnaires to the doctor's assistants and researchers at the clinical project institution when it is necessary for the project and with your explicit authorization. Apart from this, we will not proactively share or transfer your personal information to third parties. If there are other instances of sharing or transferring your personal information, or if you need us to share or transfer your personal information to a third party, we will directly confirm with the third party whether such sharing has obtained your express consent.

3) In order to improve your user experience, we may need to share information that has been anonymized or de-identified with third-party partners, etc. We will require them to strictly abide by our data privacy protection measures and requirements, including but not limited to processing in accordance with data protection agreements, commitments and related data processing policies to avoid identifying personal identities and ensure privacy security.

4) We may share your personal information externally as required by laws and regulations, or as required by government authorities.

(2) Transfer

We will not transfer your personal information to any company, organization or person except in the following circumstances:

1) Transfer with express consent: With your express consent, we will transfer your personal information to other parties;

2) In the case of merger, acquisition or bankruptcy liquidation, if personal information transfer is involved, we will require the company or organization that holds your personal information to continue to be subject to this personal information protection policy, otherwise we will require the company or organization to re-seek your authorization consent.

(3) Public Disclosures

1) We will disclose your personal information publicly only in the following circumstances:

A. With your express consent;

B. Disclosures Based on Law: We may disclose your information publicly if required by law, legal procedures, litigation or mandatory requirements of government authorities.

2) Except for the above circumstances, we will not publicly disclose the collected personal information. If it must be publicly disclosed, we will inform you of the purpose of this public disclosure, the type of disclosure information, and the sensitive information that may be involved, and obtain your express consent.

(4) Exceptions that require authorization and consent in advance when sharing, transferring or publicly disclosing user information

1) Related to national security and national defense security;

2) Related to public safety, public health and major public interests;

3) Related to criminal investigation, prosecution, trial and execution of judgments;

4) It is difficult to obtain the consent of the person for the purpose of protecting the major legitimate rights and interests of the subject of personal information or other individuals, such as life and property;

5) The subject of personal information discloses personal information to the public on its own;

6) Collecting personal information from legally disclosed information, such as legal news reports, government information disclosure and other channels

5. The use of third-party SDK is in order to realize the service function in Dream ePRO App

we may choose to integrate third-party developers or choose to access third-party SDK. The following will list in detail the various business functions of Dream ePRO App and the personal information collected for the implementation of this function. This section of the personal information collected by the third-party SDK asks developers and end users to review the privacy policy of the third-party SDK.

Aurora Push SDK

Third-party main body: Shenzhen Hexun Huagu Information Technology Co., Ltd.

SDK Purpose: Provides information push service for APP users

Collect Personal Information Type: Device Parameters and System Information (Device Type, Device Model, System Version and Related Hardware Information): It is used to identify the user's device type, device model, system version, etc. to ensure the accurate distribution of messages; Device Identifiers (IMEI, IDFA, Android ID, GID, MAC, OAID, VAID, AAID, IMI, IMID, UAID, SN, ICCID, SIM information): It is used to identify unique users and ensure accurate delivery of push and accurate statistics of push information;

Network information (IP address, WiFi information, base station information, DNS address, DHCP address, SSID, BSSID) and location information (longitude and latitude): It is used to optimize the network connection request between SDK and aurora server, ensure the stability and continuity of service, and realize the regional push function at the same time;

Application List Information (Application Crash Information, Notification Switch Status, APP Application List and Active Status, APP Application Page Information, APP Function Event Related Information): When a device has multiple APP push links active at the same time, we adopt the combined link technology and randomly combine them into a link to achieve the purpose of saving power and flow for users.

Data Processing: Through de-identification, encrypted transmission, and other security methods

Official website link: https://www.jiguang.cn/push

Xiaomi Push SDK

Type of personal information involved: device identifier (e.g. Android ID, OAID, GAID), device information

Use Purpose: Push Message

Use Scenario: Use when pushing messages on Xiaomi mobile terminals

Third-party main body: Beijing Xiaomi Mobile Software Co., Ltd.

Data Processing: Through de-identification, encrypted transmission, and other security methods

Official website link: https://dev.mi.com/console/appservice/push.html

HUAWEI HMS SDK

Types of Personal Information Involved: Application Basic, Device Identifier Within Application, Device Hardware Information, System Basic, and System Setup Information

Use Purpose: Push Message

Use Scenario: Used when pushing messages on Huawei mobile terminals

Third-party main body: Huawei Software Technology Co., Ltd.

Data Processing: Through de-identification, encrypted transmission, and other security methods

Official website link: https://developer.huawei.com/consumer/cn/

Privacy Policy link: https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides/sdk-data-security-0000001050042177

Oppo Push SDK

Type of personal information involved: device identifier (such as IMEI, ICCID, IMSI, Android ID, GAID), application information (such as application package name, version number, and operational status), network information (such as IP or domain name connection result, current network type)

Use Purpose: Push Message

Use Scenario: Used when pushing messages on OPPO mobile terminals

Third-party main body: Guangdong Huantai Technology Co., Ltd.

Data Processing: Secure handling of transmission and processing by encryption

Official website link: https://open.oppomobile.com/new/introduction?page_name=oppopush

VIVO Push SDK

Types of personal information involved: Device Information

Use Purpose: Push Message

Use Scenario: Use when pushing messages on vivo phone terminals

Third-party entity: Guangdong Tianchen Network Technology Co., Ltd. and companies that will be transferred to operate the vivo open platform in the future

Data Processing: Through de-identification, encrypted transmission, and other security methods

Official website link: https://dev.vivo.com.cn/promote/pushNews

6.Special agreement on minor user information

(1) We mainly provide products and services for adults. If you are a minor, we ask you to ask your parents or guardians to read this privacy policy carefully and to use our services or provide information to us with the consent of your parents or guardians.

(2) For the use of our products or services with the consent of our parents or guardians to collect personal information of minors, we will only use, share, transfer or disclose this information if permitted by laws and regulations, with the explicit consent of parents or guardians, or necessary to protect minors.

7.Your rights.

(1) In accordance with relevant Chinese laws, regulations, standards, and common practices in other countries and regions, we guarantee users to exercise their rights to query, change, delete, cancel, and change the scope of authorization for their personal information.

(2) You can contact the App platform customer service hotline (400-803-8655) or send an email to Clinflash.service@clinflash.com to inform us of your claims including inquiries and modifications, and your opinions will be processed in a timely manner.

(3) You may request us to delete user information in the following circumstances:

1) if our handling of user information is in violation of laws and regulations;

2) if we collect and use your user information without your express consent;

3) if our handling of personal information is in serious breach of your agreement.

4) You have logged out of your Dream ePRO App account, uninstalled or no longer use our products (or services).

5) We stop serving you.

To ensure security, you may need to provide a written request or otherwise prove your identity as a user, and we may ask to verify our identity before processing your request.

(4) Change the scope of authorization:

1) Change or withdraw sensitive information permissions: You can change the scope of consent or withdraw your authorization by turning off geography, camera, etc. permissions in the operating system of the device itself.

2) Please understand that specific business functions and services will require your information to complete. After you withdraw your consent or authorization, we will not be able to continue to provide you with the services corresponding to the withdrawal of consent or authorization, and will no longer process your corresponding personal information. However, your decision to withdraw your consent or authorization will not affect the processing of personal information previously performed based on your consent or authorization.

(5) Each business function of Dream ePRO App requires some basic user information to complete. In addition, you can give or withdraw your license consent through the App platform customer service hotline (400-803-8655) or by sending an email to Clinflash.service@clinflash.com. When you withdraw your consent, we will no longer process the corresponding user information. However, your decision to withdraw your consent will not affect the processing of user information previously performed based on your authorization.

(6) You can submit an account cancellation request by contacting the App platform's customer service hotline (400-803-8655) or by sending an email to Clinflash.service@clinflash.com. After your request is approved, we will delete your user registration information as required by law, and we will cease providing you with our products or services. We will also delete your user information in accordance with applicable legal requirements. Please note that due to the special nature of clinical trials and the requirements of clinical trial regulations, the information you have submitted through scales or questionnaires will not be immediately deleted. You can contact your research physician for more information.

(7) We do not charge a fee for your reasonable request in principle, but we will charge a certain cost for repeated requests that exceed reasonable limits. We may reject requests that are unwarranted duplication, require excessive technical means (for example, the need to develop new systems or fundamentally change existing practices), pose a risk to the legitimate rights and interests of others, or are very impractical. In the following cases, according to the requirements of laws and regulations, we will not be able to respond to your request:

1) those directly related to national security and national defense security;

2) those directly related to public security, public health and major public interests;

3) those directly related to criminal investigation, prosecution, trial and judgment;

4) those that respond to your request will cause serious damage to the legitimate rights and interests of you or other individuals and organizations;

5) those involving trade secrets.

8. Change in privacy policy

(1) This Privacy Policy may be amended in due course and without your express consent, we will not restrict your rights under this Privacy Policy.

(2) When the terms of this Privacy Policy change, you will be notified of the changed Privacy Policy in an appropriate manner when the version is updated, and you will be informed of the effective date. Please read the changed Privacy Policy carefully, and you continue to use Dream ePRO App to indicate that you agree that we will process your personal information in accordance with the updated Privacy Policy.

9. Contact Us

When you have other complaints, suggestions, and other related issues or need to delete all access records, please contact us by calling the technical support group below or sending an email to Clinflash.service@clinflash.com. You can also mail your question to the following address:

Company Name: Clinflash Healthcare Technology (Jiaxing) Co.,Ltd.

Business Address/Incoming Address: 9th Floor, Tiger Medical Building, 28 Huixin Road, Nanhu District, Jiaxing City

Postcode: 314001

Contact Tel: 400-803-8655

We will review the issue as soon as possible and reply within 15 working days after verifying your user identity.