Skip to main content

Clinical privacy policy

Effective Date. This Privacy Notice (“Notice”) is effective as of May 20, 2025.

Enterra Clinical PRO Privacy Notice 

If you are participating in a clinical study (“Clinical Study”) that requires you to use the Enterra Clinical PRO application (“App”), you will also be required to review and sign an informed consent form (“ICF”) and any applicable privacy notices included in it. The ICF will be provided to you by your study site. In the event of a conflict between the terms of this Notice and the ICF, the terms of the ICF will supersede the provisions of this Notice. We would still like to invite you to review this Notice carefully as it provides you with important information about how we will process Personal Data about you. Agreement to the terms of this Notice is required for the use of the App. If you do not agree, you can choose to not use this App, however you will then be unable to participate in clinical studies that require its use. 

Introduction 

Enterra, including our Affiliates, is committed to protecting your Personal Information. This Notice and the App Terms and Conditions of Use (together – the “Terms”) outline the types of Personal Information Enterra may collect; the means by which Enterra may collect, use, or share your Personal Information; steps Enterra takes to protect your Personal Information; and choices you are provided with respect to the use of your Personal Information. Please be aware that Enterra will primarily act as a Data Controller for Processing of your Personal Information in the App. For details around this concept, please see the definitions section. To the extent that this Notice provides you with information on Enterra’s activities as a Data Controller, this document complements the information provided by your study doctor (“HCP”) for the Clinical Study. 

Please read this Notice carefully. We respect your privacy, and we want you to understand how Enterra manages the information you provide to us and the measures we take to protect it. 

Enterra is the provider of the App and serves as the distributor of the App. Enterra has partnered with service providers to develop the App and maintain it. We need to know certain Personal Information about you to conduct the Clinical Study. Please note: if you choose not to provide any Personal Information, it may not be possible for you to use the App or participate in the Clinical Study. 

By registering to use the App, you acknowledge that you have read, understood and agree to the App’s Notice, and that you are aware that the collection, use, processing and disclosure of your Personal Information, as outlined below, is required for you to use the App and in compliance with the Terms and applicable laws and privacy regulations. 

Depending on your country of residence, you may have additional privacy rights under your local law. 

This includes if you reside in the United Kingdom (UK), Switzerland, a Member Country of the European Union (EU) or a Member State of the European Economic Area (EEA), and the United States of America. Rights which may apply to you and how to contact Enterra in connection with these rights or with inquiries are below. To the extent your HCP is the controller of data about you, we invite you to review your privacy rights with your HCP. 

If you are a User in the EU/EEA, you will have the rights as a data subject as stipulated by the EU General Data Protection Regulation EU 2016/679 (“GDPR”) and the applicable ePrivacy framework. If you are a User in the UK, data protection is governed by the UK General Data Protection Regulation (Regulation (EU) (2016/679) (“UK GDPR”) and the Data Protection Act 2018. For U.S. residents, please see the U.S. section below. 

If you are participating in a clinical study that requires you to use this App, you will also be required to sign an informed consent form (“ICF”), which will be provided to you by the HCP. This Notice only applies to your use of this App. This Notice does not apply to any third-party apps or websites linked to or accessible from the App. Enterra is not responsible for the privacy practices, the content or any Processing activities of any third parties, sites or apps. 

Definitions 

“Enterra Clinical PRO” or the “App” is an application which allows study participants to enter survey responses on a regular basis into the App. Enterra receives the survey response data through regular uploads which are associated solely with the participant’s assigned subject ID. This subject ID is only directly identifiable using the key at the study site which is managed by the HCP. 

“User” or “you” means you, the individual, who has been granted use of the App by Enterra. 

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, including, but not limited to, your name, address, e-mail address, telephone number and/or certain categories of sensitive personal information (such as health data you may choose to share with us). 

“Data Controller” determines the purpose and means of personal data processing; this is a regulatory concept developed under the EU/UK GDPR. In more lay terms, the data controller decides about the “why” and the “how” of the data processing. 

“Data Processor” processes personal data only on behalf of the Data Controller, as determined in an agreement between the parties. The data processor is often a third party to the Data Controller (e.g., a service provider for Enterra). 

“Processing” means any operation or set of operations which is performed on Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

“Enterra” or “we” or “us” means (i) when in relation to the App’s enabler or distributor: a company-member of Enterra that operates in the country where the App is made available to you (“Enterra Affiliate”); and (ii) when in relation to Enterra a service provider. 

Enterra may act as a Data Controller as defined by the EU or UK GDPR. 

The EU representative for Enterra: 

Enterra Medical, Inc.
EU Representative (Art. 27 GDPR)
Kalms Consulting GmbH
Rheinstraße 45-46
12161 Berlin, Germany

Email: [email protected] 

Data protection officer: 

Bernard Bosley
5353 Wayzata Boulevard, Suite 400
St. Louis Park, MN 55416 

1-855-768-3772
[email protected] 

What Information Does Enterra Collect in the Enterra Clinical App? 

In order to facilitate your use of the App, your HCP will collect an informed consent from you as part of the Clinical Study in which you are participating. Then, you will be instructed to download the App and will active the App using an assigned Username and Password. Enterra does not collect information from your HCP medical records, or other sensitive Personal Information held by your HCP, such as treatment plans or previously collected diagnostic information, through the App. 

After the activation of the App, You will be able to perform Clinical Study activities that will involve the processing of the following categories of personal data: 

  • Survey responses that describe or rate your symptoms in connection with the Clinical Study. This information will be linked to a study subject ID which is unique to you. Only your HCP will have the key to this ID, linking it directly to you. 
  • Background Data (for improving the App or diagnosing and correcting issues). This includes operating system version and time zone. 

Due to the nature of the App, the system also generates certain types of event data (such as system logs) that may qualify as Personal Information in certain jurisdictions. For example, if the User is conducting one of the survey activities in the App, the system will record the results of the activity and also the fact that the activity was successfully completed via a timestamp. This information is required to conduct the Clinical Study. This allows Enterra to understand the App is being used to inform improvement of the App. 

For your full understanding, the App does not ask for or collect Personal Information such as: 

  • Your name 
  • Your age 
  • Your gender 
  • Your telephone or fax number 
  • Your email address 
  • Your address 
  • Your location data 
  • Your internet protocol address 
  • Your income 
  • Your citizenship status 
  • Your marital status 
  • Your religion 
  • Your device’s health-related tracking data 
  • An image or biometric information of You 

Non-Personal Information. 

Enterra collects and retains certain non-Personal Information to help improve the App product and services. This information may include, and is not limited to, aggregated data, and other technical, non-Personal Information resulting from your use of the App. This information collected and used by Enterra will not personally identify you and will therefore not fall under applicable data protection laws and regulations. 

Legal Basis for Processing of Personal Information. 

You may only register to use and access the App if you are part of a Clinical Study. Therefore, Enterra processes your Personal Information primarily to facilitate your use of the App as necessary to conduct the Clinical Study. 

Enterra may process your Personal Information also as a Data Controller to: 

  • take an action expressly permitted or authorized by you; 
  • improve the App product and services as described in this Notice, including functional improvements; 
  • perform additional services requested by you; and/or 
  • comply with applicable laws and regulations. 

For the avoidance of doubt, to the extent we process data relating to data subjects in the EU/EEA or UK as a Data Controller – including Processing activities that ensure the security of Processing, the improvement of the App product and services, Processing activities that aim to secure the integrity and availability of the App, the adherence to legitimate requests from governmental or regulatory institutions or courts, and other compliance related activities – these are based on our legitimate interests as defined in Article 6(1)(f) GDPR. 

How Will Enterra Use my Personal Information? 

Any Personal Information we collect and process on behalf of you or the HCP shall be used solely for the following purposes: 

  • Facilitate your use of the App, as agreed to by you, to use the App within a Clinical Study, and; 
  • Provide general and technical support, when requested by you 

Enterra will act as a Data Controller for certain Processing activities, in particular activities related to security, integrity and availability of the App services, adherence to regulatory requirements, the improvement of the App product and services, compliance-related matters and legitimate requests from authorities, courts and other governmental institutions. Enterra will use identifiable data whenever needed for product improvement activities, or to fulfill its contractual, legal or regulatory obligations. Enterra may use aggregated, de-identified or anonymized data (e.g., identifiers removed) for additional research activities and the development of new or materially different products/services. Enterra will not re-identify or attempt to re-identify you from such aggregated, de-identified or anonymized data. 

Will Enterra Use My Personal Information for Marketing Purposes? 

We will not use, sell or transfer your Personal Information for marketing purposes unless we obtain your express consent for this in accordance with applicable laws. We will still send you important information about the App, any updates or changes in functionality that may affect your use of the App, as well as legal and regulatory notices, when required. 

How Will Enterra Share My Personal Information with Others? 

We do not sell your Personal Information. Enterra shall only share your Personal Information with your HCP, with Enterra Affiliates involved in the provision of services, and with our Enterra third-party service provider(s), for legal reasons, to facilitate your use of the App, or as requested by you. To the extent we rely on third-party service providers for the processing of App data, we will only do so after signing relevant agreements that ensure compliance with applicable data protection laws and regulations (e.g., a Data Processing Agreement under EU GDPR and UK GDPR). The following sections explain in more detail when and why we share your information. 

Enterra May Need to Share Your Personal Information for Legal Reasons. 

We may share your Personal Information in response to a legal obligation, or if we have determined that sharing your Personal Information is necessary to: 

  • Respond to legitimate requests of government authorities, or where required by applicable laws, court orders, or government regulations; 
  • Enforce our Terms and Conditions of Use including investigation of any potential violations thereof; 
  • Detect, prevent, or otherwise address fraud, security, or technical issues; 
  • Exercise or defend legal claims or protect against harm to the rights, property, or safety of Enterra, its users, or the public as required or permitted by law; or 
  • Where needed for corporate audits or to investigate or respond to a complaint or security threat. 

How Does Enterra Protect My Personal Information? 

Enterra and its Affiliates, as well as Enterra third-party service providers, seek to use adequate physical, technical, and administrative safeguards (such as firewalls, encryption, identity management, and intrusion prevention and detection) to protect the information you share through the App from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. All data uploaded into the App is encrypted in transit and at rest. However, Enterra cannot guarantee the absolute security of your Personal Information, as no data transmission over the Internet or data storage system is 100% secure. We recommend that you take any available precautions to protect Personal Information you submit via the App. If you have reason to believe that the use of the App is no longer secure (for example, if you feel that the security of your App account might have been compromised), please contact us or your HCP immediately. 

Separately, please also note that in the event of a notifiable data breach, it will be dealt with in accordance with the applicable data privacy / data breach laws and regulations of the relevant jurisdiction. 

For How Long Does Enterra Keep My Personal Information? 

Regarding the retention of the data relating to you, we would like to distinguish between different Processing activities. In the case of data related to your use of the App, Enterra will keep your information for as long as legally required in the relevant jurisdiction, or until we determine we can comply with a direct request by you to delete your information in accordance with applicable laws, whichever is sooner. Please note: deleting the App from your device does not delete your account. 

This does not result in deletion of the data collected through the App, which Enterra may be obligated to maintain if collected as part of a Clinical Study. 

We may retain your Personal Information for a longer period of time if so required by applicable law (for example, if legally required, we will retain user support emails and associated information to ensure that we can perform legitimate business functions such as accounting for tax obligations, legal and compliance obligations or audits for security purposes). The retention period will depend on the applicable law and Enterra policies, and you may contact Enterra at any time for further details on such data retention. 

Will Enterra Transfer My Personal Information Across International Borders? 

As necessary for the Study and subject to an agreement between your HCP and Enterra, your personal data may be transferred from the country it was collected in to other countries as permitted by applicable data protection laws. Additionally, Enterra may also transfer your Personal Information as deemed necessary by Enterra, in particular to Enterra Affiliates or third party-service providers that are involved in the provision of App services. Such transfers are based on intra-company agreements between the different Enterra legal entities, or in the case of a third party through a data Processing agreement that includes a transfer mechanism as required by applicable law (e.g., the EU SCC and additional safeguards as required for the EU/EEA/UK). For United States Residents, the App is hosted within the United States. For Residents outside of the United States, the App is hosted within the European Union. The countries in which data is processed may impose different privacy obligations than your country of origin. In transferring your Personal Information, we will rely on available data privacy mechanisms and applicable privacy laws and regulations to ensure a high level of protection for your Personal Information. 

What Rights Do I Have Related To My Personal Information? 

You may exercise your statutory data subject rights against the Data Controller, which with regard to a Study may be either Enterra, or both Enterra and your HCP. If you are unsure about the entity that serves as the Data Controller for a specific Processing activity, please do not hesitate to reach out to your HCP, or to Enterra. We will assist you and direct you accordingly. Enterra enables you to access, control and delete your Personal Information in accordance with Clinical Study requirements and applicable laws. To the extent Enterra acts as the relevant Data Controller, Enterra will adhere to the data subject rights provided by the EU GDPR/ UK GDPR. In the event that applicable laws and regulations grant stricter or structurally different data subject rights, Enterra will honor such rights in all countries in which Enterra offers the App services. This section explains the ways you may exercise these rights in accordance with applicable laws and regulations: 

(i) United States Users 

Profile Information. You can review the Username that was provided by your HCP by accessing Settings within the App. 

Deactivating Your Account. If you would like to deactivate your App account, contact the HCP who enabled your access to the App. If you are in an active clinical study where the App is necessary for the Study, you may need to withdraw from the Study to deactivate your account. When we deactivate your account, we may retain certain information for legitimate business purposes, or to comply with legal or regulatory obligations. For example, we may be obligated to retain your information as part of an open legal claim or to ensure the validity of the Clinical Study in which you are participating. When we retain such information, we do so in ways designed to prevent its use for other purposes. 

(ii) European Union / Switzerland / UK Users 

Profile Information. You can review the Username that was provided by your HCP by accessing Settings within the App. 

Deactivating Your Account. If you would like to deactivate your App account, contact the HCP who enabled your access to the App. If you are in an active clinical study where the App is necessary for the Study, you may need to withdraw from the Study to deactivate your account. When we deactivate your account, we may retain certain information for legitimate business purposes, or to comply with legal or regulatory obligations. For example, we may be obligated to retain your information as part of an open legal claim or to ensure the validity of the Clinical Study in which you are participating. When we retain such information, we do so in ways designed to prevent its use for other purposes. 

Provided GDPR, the UK GDPR or the Swiss Data Protection Act covers your personal data, please note that you have the right to request from Enterra access to and rectification of your personal data as well as the right to data portability, if applicable, or erasure or restriction of processing of your personal data. Erasure or restriction of Processing is only possible if and to the extent the Processing of personal data is based on consent or legitimate interest. If data processing is based on consent, kindly note that you have the right to withdraw your consent at any time, however, without affecting the lawfulness of processing based on consent before its withdrawal. To exercise your right to withdraw consent, or to object to the processing of personal data, or to exercise any of Your other rights as a data subject, please see contact details below. 

In the event you have the impression that our data Processing is non-compliant with GDPR, you are entitled to lodge a complaint with the responsible supervisory authority. 

Can Enterra Make Changes to this Notice? 

We may change this Notice from time to time. Such updates may reflect the continuous development of the App, but it may also be triggered by regulatory requirements or user feedback. Current versions of this Notice will be linked within the applicable App store and from within the App. If you do not agree to the changes after receiving notice of such changes, you should stop using the App. To deactivate the App account, please contact your Clinical Study HCP to discuss concerns and determine if you continue to meet requirements of the Clinical Study you are participating in. 

Important Note about Children’s Privacy. 

The App is not intended to be, and may not be, accessed or used by anyone who has not reached the age of majority in their location. If you are a parent or guardian and you become aware that your child has provided us with Personal Information, please contact us so that appropriate measures may be taken. 

Your Privacy Related Requests. 

You can access some of your Personal Information (your Username) in the App settings at any time. For any Processing activities for which your HCP acts as the Data Controller, to file a concern, a complaint, or a request for correction, a request for deletion of your Personal Information, or to opt-out of any particular programs, please contact your HCP. 

In the event you contact Enterra directly for any of the above, Enterra will notify your HCP, and will assist the institution in executing your privacy related request. Please also make sure you are provided with the contact details of the data protection / data privacy responsible for your HCP. 

Where Enterra acts as a Data Controller for certain Processing activities, please reach out to us as described in the following Contact Us section. 

Contact Us. 

For general inquiries related to the App, please contact your HCP or [email protected]

If you would like to contact Enterra regarding this Notice or if you would like to exercise any of the rights afforded to you by applicable law, please contact us at [email protected]

Please note that email communications are not always secure. Please do not include health information or other sensitive information in your email to us.