Digital registry in adult-onset leukoencephalopathy with
axonal spheroids and pigmented glia (ALSP)
Privacy policy
We strongly encourage you to read this policy and make sure you fully understand it before completing the survey. Where you have read this policy but would like further clarification, please contact us at alsp@vitaccess.com. Should you not agree with this policy, you should not complete the survey.
1. General terms
This policy informs you about how Vitaccess collects and manages personal data. The purpose of this policy is to provide you with a clear explanation of when, why, and how we collect and process your personal data; it also explains your statutory rights. This policy is not intended to override any rights you might have under applicable data privacy laws.
2. Roles
A data controller is the company that decides on the goal for the data collection and processing, and how the processing is done – processing means every manipulation of the data from collection up to filing/destruction. Data controllers are the owners of the data. They also must ensure they have a legal basis in place, which is the lawful reason for collecting and using your data.
A data processor processes the data purely following the instructions of the data controller and does not own the data. The data processor operates under the legal basis of the data controller.
The role of Vitaccess (Vitaccess Ltd, UK):
- Runs this survey
- Data processor for survey data, meaning your personal data, following the instructions of the data controller
- Data controller for data that are not part of the survey but are nevertheless processed as a result of running the underlying software used. An example would be data held in log files to help diagnose technical issues.
The role of Vigil Neuro (Vigil Neuroscience, Inc., US):
- Sponsor of this survey
- Data controller for survey data.
3. What information do we collect, how do we collect it, and on what legal basis?
About the survey
We are conducting a research study about adult-onset leukoencephalopathy with axonal spheroids and pigmented glia (ALSP). We aim to learn more about ALSP and how it affects people who have it, their families, and their caregivers. We hope to use the data from the study to help improve the lives of people affected by ALSP. Further details on this study are provided during study registration.
Before we launch this study, we are asking prospective participants to indicate their interest in participating in the study by completing the pre-registration survey. This survey will inform which countries we launch the study in.
To achieve this goal, the following personal data will be collected from you and further processed:
Personal information
We collect the following personal data from you as part of the survey using the following legal basis:
- Identification Information, such as your e-mail address, what country and state you reside, whether you are over the age of 18, and your connection with ALSP.
Collected when you register your interest in this study
| Reason | To contact you about the study |
| Controller | Vigil Neuro |
| Legal basis | Informed consent |
- Website usage
Example: how long it takes you to fill in the survey
Collected when you complete the registration survey
| Reason | To make improvements to the survey |
| Controller | Vigil Neuro |
| Legal basis | Legitimate interest |
| Reason | To help design surveys for future studies |
| Controller | Vitaccess |
| Legal basis | Informed consent |
Use of cookies and other tracking technologies
Vitaccess uses certain monitoring and tracking technologies, cookies and scripts, which enable Vitaccess to maintain and keep track of users’ preferences and authenticated sessions.
Please note that third-party services placing cookies or utilizing other tracking technologies through our services may have their own policies regarding how they collect and store information. These are not covered by this policy, and we do not have any control over them.
4. Cookies
Our website uses cookies, pixel tags, and other forms of identification and local storage (together referred to as “tags/files” hereunder) to distinguish you from other users of the website and of websites of our network. This helps us provide you with a good experience when you browse the website and websites of our network and also allows us to improve our website and our services.
In many cases, these tags/files lead to the use of your device’s processing or storage capabilities. Some of these tags/files are set by Vitaccess itself, others by third parties; some only last as long as your browser session, while others can stay active on your device for a longer period of time.
These tags/files can fall into several categories:
- Those that are necessary for functionality or services that you request, or for the transmission of communications (functionality tags/files);
- Those that we use to carry out website performance and audience metrics (analytics tags/files); and
- The rest (tracking across a network of other websites, advertising, etc.) (other tags/files).
Internet browsers allow you to change your cookie settings, for instance to block certain kinds of cookies or files. You can therefore block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies, you may not be able to access all or parts of the website where functionality cookies are used. For further information about deleting or blocking cookies, please visit: https://www.allaboutcookies.org/manage-cookies/.
Functionality tags/files do not require your consent. For analytical and other tags/files, however, we request your consent before placing them on your device. You can give your consent by allowing cookies in your browser settings, continuing to use our website, or clicking on the appropriate button on the banner displayed to you.
For more information about the cookies on our website, please read our Cookie Policy.
5. Protecting your privacy
We will only use your personal data for the purposes set out and where we are satisfied that the legitimate interest is valid or you have provided your consent to us using your personal data for that purpose.
6. Storage and security
We keep your data secure and private. We separate the data we analyze for the survey from any data that could identify you. This means that your survey data are de-identified by removing your email address (personally identifiable information).
In exceptional circumstances, like for safety or data integrity reasons, we may use a key to link the data back together to re-identify you.
Example: if a researcher spots something in your data that makes them concerned about your welfare and they would like to contact you.
7. Retention
We will keep your data for as long as Vigil Neuro needs us to, and a period thereafter (usually not more than six months) as determined by the data controller.
If you consent, we will keep your relevant data (country and email address) after the survey is closed to be able to contact you about taking part in any other related research.
Once we no longer need your data for the reasons we have described, we will delete or anonymize it.
We maintain a data retention policy which we apply to information in our care. Where your data are no longer required or in case you as the data subject use the right to object, we will ensure the data are either securely deleted or anonymized.
For more information, please contact us at alsp@vitaccess.com.
8. Publications
We will never use your name, or any other information that could identify you, in presentations or reports.
9. Access and transfers
Personal data are only processed for internal purposes, except in exceptional cases, namely when Vitaccess is obliged to do so based on a statutory provision or a decision of the court or supervisory authority, or if this is necessary in the interests of the prevention or prosecution of criminal offenses (such as fraud or deception).
The personal data collected by us may be transferred for the purposes mentioned above (purpose of processing and legal grounds) to any third parties to whom Vitaccess subcontracts all or part of this processing. This may for instance include hosting providers and server co‑location services, communications and content delivery networks, data and cyber security services, fraud detection and prevention services, web analytics, email distribution and monitoring services, session recording and remote access services, performance measurement data optimization and marketing services, content providers, our legal and financial advisors, and any other relevant roles (collectively, “third-party service(s)”). Note that we will never sell your personal data to a third party.
In the event of transfer of personal data to a country outside of the European Economic Area (EEA), we systematically ensure the application of an adequate level of protection of such personal data by means approved by applicable data protection legislation.
This policy does not apply to any linked third‑party websites and services.
10. Law enforcement, legal requests, and duties
Where permitted by local data protection laws, Vitaccess may disclose or otherwise allow others access to your personal data pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if we have a good faith belief that the law requires us to do so, with or without notice to you.
If warranted, we may also allow access to this information in special emergencies where physical safety is at risk. We reserve the right to disclose any personal data or other information obtained from or about you to third parties in connection with a merger, acquisition, bankruptcy, or sale of all or substantially all of our assets, to the extent that this is necessary for the process.
Where Vitaccess is legally required to make guarantees with non-European processors you can request a copy of these guarantees by contacting us at alsp@vitaccess.com.
When appropriate, we share data with the following people and organizations:
- Vitaccess, UK, and our sub-processors
- Vigil Neuro, US
- Legal authorities and regulatory organizations in the country where you live
Example: legal authorities or regulatory organizations might ask to see your data so they can make sure we are running the survey properly.
11. Rights
Data protection law gives you rights regarding your data:
- To request that we provide you with a copy of your personal data that we hold and you have the right to be informed of: (a) the source of your personal data; (b) the purposes, legal basis, and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entity to whom your personal data may be transferred;
- To withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- To request that we cease processing your personal data, in whole or in part, as you direct us, for any purpose, save to the extent it is lawful to do so without consent;
- To request that we restrict the processing of your personal data where: (a) the accuracy of the personal data is contested; (b) the processing is unlawful but you object to the erasure of the personal data; (c) we no longer require the personal data for the purposes for which it was collected, but it is required for the establishment, exercise, or defense of a legal claim;
- To request that we erase your personal data in limited circumstances where it is no longer necessary in relation to the purpose(s) for which it was collected or processed;
- To challenge processing which we have justified based on legitimate interest;
- To request that we not transfer your personal data to unaffiliated third parties for the purposes of direct marketing or any other purposes;
- To request that we change the way we contact you for marketing purposes;
- To request that we correct any errors in your personal data;
- To request that we update your personal data as required. Note that you may also correct, update, or remove certain parts of such personal data by yourself, or completely deactivate your user account, through your user account or user website settings;
- To obtain a copy of the safeguards under which your personal data are transferred outside the EEA;
- To lodge a complaint with your local supervisory authority for data protection.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
12. Commitment to data security
In order to prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Vitaccess ensures that data is secured against unauthorized external and internal access. Data is held in secure cloud databases which requires multiple levels of authentication to gain access. Access is restricted to named Vitaccess staff may grant temporary access to Vitaccess staff to fulfil a business need. Access to external parties is forbidden. Access is revoked once the need is fulfilled.
Extracts of data from the database are transferred securely within the Vitaccess network. Data are never shared on physical devices in publicly accessible locations in the Vitaccess network. Extracts are destroyed after the task which required it is complete. Data is only extracted to fulfil a business need and for no other purpose.
All data management activities and controls are documented in the ISO27001 certified Vitaccess Information Security, Physical Environment Security and Cryptographic Controls policies.
We will attempt to resolve any complaints regarding the use of your personal data in accordance with this policy.
For EU member state residents, you also have a right to lodge a complaint with your national data protection supervisory authority at any time. However, we encourage you to first contact us.
13. Contact
Survey questions and your privacy rights
If you have any questions about the survey, please contact Vitaccess:
Post
Vitaccess
The Oxford Science Park
Magdalen Centre
Robert Robinson Avenue
Oxford
OX4 4GA
United Kingdom
Phone
+44 (0) 1865 818 983
Rights
If you have questions about your rights, or to use them, please contact Vigil Neuro:
Data protection queries
If you have any data protection queries, please contact Vitaccess:
Post
Vitaccess
The Oxford Science Park
Magdalen Centre
Robert Robinson Avenue
Oxford
OX4 4GA
United Kingdom
Phone
+44 (0) 1865 818 983
You can also complain to your local data protection authority:
Online
https://www.hhs.gov/hipaa/filing-a-complaint/index.html
Post
Centralized Case Management Operations
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Room 509F HHH Building
Washington, D.C. 20201
Phone
1-800-368-1019
14. Changes to this policy
We keep this policy under regular review, and we will make any new versions available on our website. This policy was last updated on September 22, 2021.
