Patient Privacy Policy

Last Updated: 16 September 2016


This Privacy Policy should be read in conjunction with the appropriate Terms and Conditions of the service provided.

Who we are

Exco InTouch is the leading provider of digital patient engagement and data capture solutions for clinical research and healthcare providers. Using a combination of software and services, Exco InTouch solutions provide simple, secure channels of communication that empowers patients to become more involved in their healthcare, and ultimately lead to better health outcomes.

In respect of your personal information, Exco InTouch does not use this.  Instead we provide the technical infrastructure to support research and healthcare programs, typically in respect of clinical trials to help patients engage with their clinician or healthcare provider.

What we do with personal information

Exco InTouch is an independent service provider that has contracted to abide by the directions the clinical trial study team or study sponsors have given to it. It provides a service, but is not part of your health care provider.

The restricted web site associated with the service will only contain your subject ID and your/the provided mobile phone number and/or e-mail address; no other personal information will be stored except for any electronic diary entries you make. This information might be seen by:

  1. The study doctor and his/her team – in order to enroll you in, and manage your service
  2. Exco InTouch and its service representatives – in order to provide the service
  3. The sponsor will see your electronic diary entries

Exco InTouch and its service representatives will not share your/the provided contact details with other third parties unless required by law or allowed by this form; they will not contact you except for sending the messages.

When your study doctor withdraws you from the service, Exco InTouch will stop sending you text and/or e-mail messages (except for unusual circumstances such as an emergency).

If you provide additional personal information including sensitive information (race, ethnic origin, political, religious or philosophical beliefs, trade union membership, sexual orientation or medical or health conditions) Exco InTouch may process and disclose that information to those entitled to see it (this includes Exco InTouch service providers, the study doctor and his/her team, and people entitled by law to view the information). The study doctor may also inform you of other people who will have access to your sensitive information.

Where you are using our Mobile App Service, the Terms and Conditions should be read in conjunction with this Privacy Policy.

Our approach to privacy

We adopt a rigorous approach to data protection and privacy compliance globally.

Exco InTouch believes that the protection of all patient data is of vital importance and we focus heavily on compliance with global data regulations, including FDA, HIPAA (Health Insurance Portability and Accountability Act) and EU data protection directives and regulations.

We have integrated FDA, HIPAA and Federal Communications Commission (FCC) controls into our technology and associated processes, and Quality Management System (QMS) procedures to ensure the highest level of protection for patients.

Exco InTouch Limited operates under EU Data Protection Directive 95/46/EC and is registered under the Data Protection Act 1998 with the Information Commissioner in the UK (Registration Number: Z9648865), where our registered office is located.

We may transfer data to and store data in secure servers outside the EU, typically in the United States (U.S.).  Where data are transferred to or stored in a country not governed by the EU Data Protection Directive such as the U.S., we ensure that the transfer and storage meets the requirements of that Directive and/or any specific legal requirements or instructions of our clients on whose behalf we are processing the data.

For residents in the European Union (EU), through our company in the U.S., Exco InTouch Inc, we adhere to and self-certify our compliance with the Privacy Shield Principles that make up the U.S. – EU Privacy Shield Framework to provide you with safeguards around your personal information if processed in the U.S. You can find the Principles along with other information about the Privacy Shield at the website maintained by the U.S. Department of Commerce at

We are committed to applying the Principles to all personal information we collect.  We acknowledge the authority of the Federal Trade Commission (FTC) as the appropriate enforcement body.

On an annual basis we self-certify that our policies comply with the Principles and that we have procedures for training employees, disciplining misconduct and conducting periodic reviews.

What are the Principles?

The Principles apply to “personal information” (“PI”) which essentially means information that identifies you or is so linked to you or your device (like your phone or computer) that you reasonably can be identified. PI doesn’t include information that is public or that is “de-identified” (e.g., others reasonably can’t identify you).

These are the basic Principles and our policy regarding them:

  1. Notice and Choice: in Part I we let you know about types of PI we collect and why, what we do with it, types of third parties with authorized access, and your choices usually, your study doctor or study team or supporters make PI determinations and we follow their directions. We store this PI for as long as advisable to support the study or deal with questions or documentation rules. We do not use your personal information for any other purpose.

If legally required to do so, we may disclose information to meet national security or law enforcement requirements.

  1. Onward Transfer: when Exco InTouch transfers PI to third parties located outside the EU, the “onward transfer” Principle says we must make them protect PI with the same care that Exco InTouch takes. We will only transfer your PI to those third parties if they have agreed to comply with the Privacy Shield Principles and contract with them to this effect. Any such third party will be acting as our agent and under our instructions for very specific and limited purposes.
  2. Security: this Principle requires us to take reasonable and appropriate precautions to protect PI from things like loss, misuse and unauthorized disclosure or access. We operate our own Information Security Policy and ensure any third parties we use apply equally robust security measures. In the unlikely event of any data issue, we, your study doctor or trial sponsor may use your contact information to send you notices of any security incident to your mobile number or email address.
  3. Data Integrity: this Principle requires us to only collect PI for relevant and limited purposes and to keep it accurate. Exco InTouch does not determine the types of PI collected as we largely follow the directions of others in the study. If you have concerns about data integrity, please contact your study doctor.
  4. Access: this Principle gives you access to PI we collect and to lets you update, amend and delete it. Because this is a research study, access will be restricted for most PI, although your study doctor can update some details such as your mobile number and email address. PI for the study itself usually cannot be accessed by you once you submit it. If you have questions, please contact your study doctor (or if there isn’t one, contact us at our address below).
  5. Enforcement: this Principle requires us to use a third party who will look at our compliance if you make a complaint.

Any complaint can be raised directly with us and our internal complaints process should resolve any concerns quickly and efficiently.

We are committed to cooperate with EU data protection authorities (‘DPAs’) in respect of meeting our Privacy Shield Recourse, Enforcement and Liability Principle.  As a first step in this process you should address any complaint with which you are still dissatisfied after raising this with us to:

The Information Commissioner, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF UK

Phone: +44(0)303 123 1113 (local rate) or +44(0)1625 545 745 (national rate)



If any complaint is not resolved by other recourse or enforcement mechanisms, at your request we agree to binding arbitration to address your complaint.

The Principles, and our descriptions of them, are general and are not intended to limit any other legal or ethical rights.

Our contact details:

Our Privacy Officer who is also our designated point of contact in respect of our Privacy Shield compliance, or any other member of the Exco InTouch team can be contacted as below:

Exco InTouch, Ltd. Unit 6, Wheatcroft Business Park, Landmere Lane, Nottingham NG12 4DG

Phone: +44 (0)115 7210510 | Email:

Exco InTouch, Inc. 2101 Gateway Centre Boulevard, Suite 104, Morrisville, NC 27560, U.S.A

Phone: +1 877 327 5777 | Fax: +1-800-599-8404 |