Privacy Policy

The protection of your personal information is important to NeuroRx Research. We treat any personal information you provide to us carefully and in accordance with applicable laws.
The purpose of this policy is to explain how NeuroRx collects, uses and discloses personal information about its customers and other individuals, with the exception of professionals, employees and agents of the company.
By providing us with your personal information through our website, other sites operated by us, by email, in person or by telephone, you consent to the use and disclosure of your personal information for the purposes set out in this Privacy Policy.

Who are we?

NeuroRx is an imaging Contract Research Organization acting as a central MRI analysis center providing services to sponsors around the world in multicenter clinical trials.

What personal information do we collect and how?

Personal information is any information which relates to a natural person and directly or indirectly allows that person to be identified.
We may collect various categories of personal information in the course of our business and provision of services, including:

  • Contact information: name, position, role, company or organization, telephone number, email address and mailing address.
  • Device identifiers: data about the device you use to visit our websites, such as your device's operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, and other device identifiers.
  • Pseudonymized/De-Identified Clinical Trial Participant Information: NeuroRx receives and analyzes images from participants who have consented to be part of clinical MRI image studies in the context of clinical trials. This information belongs to special categories of data within the meaning of the General Data Protection Regulation (GDPR). Subject analyses are acquired by study MRI technologists at their local MRI centers and are transmitted to NeuroRx in a standard DICOM format. The information received by NeuroRx, other than the images themselves, is limited to the test protocol number, site number, subject number, name of the test visit, date and time of acquisition of the test.

We collect this personal information either:

  • directly from you; or
  • when you access our website; or
  • we acquire them from local MRI centres associated with our sponsors' clinical trials.

We limit the collection of personal information to that which is necessary for the legitimate purposes for which it was collected, which are listed below.

For what purposes do we use your personal information?

We process your personal information in a lawful, fair and transparent manner.
We use your personal information to provide you with our services and to manage our business and operations, with your consent or, where applicable, under another legal basis under the GDPR.
The legal basis on which our processing of personal information is based may be:

  • the performance of a contract or the preparation of a contract between us (for example, when we deliver a service that you require);
  • our legitimate interest (which is not overridden by your interests, fundamental rights and freedoms and taking into account your reasonable expectations); such as research and development, marketing, promoting our services, and protecting our legal rights and interests;
  • your consent to processing for a specific purpose (for example, you may allow us to send you our newsletter); or
  • a legal obligation we have to process your personal information.

How long is your personal information kept?

We only retain your personal information for as long as necessary to:

  • the identified purposes; or
  • to ensure compliance with our legal obligations; or
  • protect your vital interests or the vital interests of another natural person.

What safeguards do we apply to your personal information?

We will protect your personal information by employing commercially acceptable security measures commensurate with the sensitivity of the information to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification of your personal information.

Where do we store your personal information and international/interprovincial transfers?

The personal information we hold is stored in the province of Quebec, Canada, where our facilities are located.

What are your rights with respect to your personal information?

Choice and Consent: You are not required to provide us with your personal information. However, if you do not do so, it may affect your use of this website or the products and/or services offered on or through it.
Restriction: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for a specific purpose, you may change your mind at any time, but this will not affect any processing that has already occurred. If you ask us to limit how we treat your personal information, we will inform you of the impact of the restriction on your use of our website or our products and services.
Access and Portability: You may request details of the personal information we hold about you or a copy of your personal information in our possession. Whenever possible, we will provide the requested copy in CSV format or another easily readable machine format. You may also request that we transfer your personal information to a third party authorized to collect it.
Deletion: You may request that we erase, destroy or remove your personal information in certain circumstances. There are exceptions under which we may refuse such a request when the personal information is required for the purposes of compliance with the law or a contractual agreement between the parties, or in connection with claims.
Rectification: If you believe that the personal information we hold about you is inaccurate, outdated, incomplete, irrelevant or misleading, you have the right to have it corrected. We will take reasonable steps to correct any information that is found to be inaccurate, incomplete, misleading or out of date.
Notification of Privacy Incidents: We will comply with applicable laws in the event of a privacy incident.
Complaint: If you believe that we have violated any relevant privacy law, we invite you to file a complaint with our Privacy Officer as explained below. We will promptly investigate your complaint and respond to you in writing, setting out the outcome of our investigation and the measures taken as a result of your complaint.
If you wish to exercise any of your rights described above, please contact the Privacy Officer listed at the bottom of this Policy, in writing, at the appropriate email address.
You also have the right to lodge a complaint with the privacy authority, in particular in the state where you ordinarily reside, where we are located, or where there is evidence that privacy laws have been violated. In Quebec, you can file a complaint with the Commission d'accès à l'information.

Accountability and Governance Policies and Procedures for the Protection of Personal Information

Under applicable privacy laws, NeuroRx is responsible for personal information in its possession or control.
We have appointed a person in charge of the protection of personal information who is supported by a multidisciplinary team and is responsible for monitoring the organization's privacy issues.
We are committed to protecting personal information and have established policies and procedures that govern how we handle it. These policies and procedures include:

  • defining the roles and obligations of staff members with respect to the handling of personal information;
  • specific standards for the handling of subjects' personal and health information with respect to MRIs in the context of clinical trials;
  • the establishment of a process to respond to requests and complaints from the persons concerned in a timely and effective manner;
  • implementing policies and procedures to protect personal information in our custody or control from unauthorized access, use or disclosure;
  • the process for responding to and addressing confidentiality incidents and keeping of a confidentiality incidents registry.
  • the procedure applicable to privacy impact assessments when required by law, or in other circumstances where we deem appropriate.

NeuroRx staff not only receive documented training upon joining the organization, but also receive annual refresher training on privacy regulations, subject rights, confidentiality of protected personal and health information, and information security.
Documented refresher training is also provided to all staff in the event of changes or revisions to policies, procedures or regulations on these topics.

Changes to this Policy

At our discretion, we may change our Privacy Policy to reflect current acceptable practices and legislative changes. We will take reasonable steps to notify affected individuals of changes via our website. Your continued use of this site following any changes to this policy will be deemed acceptance of our privacy and personal information practices.
In the event of a material change to this Privacy Policy, such as changing a legal basis for processing your personal information, we will seek your renewed consent to the amended Privacy Policy.

Privacy Officer NeuroRx

NeuroRx Data Protection Officer: <dpo@neurorx.com>

This policy was last updated on January 6, 2025.