Privacy Notice


Study Platform Privacy Notice

Last updated: June 7, 2023


Welcome to the Study Platform eligibility and enrollment Web site Privacy Notice. The Study Platform is operated by ZS, and this Privacy Notice describes how we collect and process your personal data through your use of the Web site and enrollment in a study. 


It is important that you review this Privacy Notice together with any other privacy notice or study consent and eligibility documentation we may provide in the course of your participation in a study to help ensure that you are fully aware of how and why we are using your data. This Privacy Notice supplements any other notices and consent forms you receive during a study. If you are a healthcare professional or clinical site staff member who accesses this platform, we will also collect some information about you such as for account and access provisioning.


The data we collect about you  

Personal data, or personal information, is information that may identify you but excludes data that has been de-identified or anonymized and can no longer be attributable to you.


The categories of personal data that we may collect, use, store, and transfer can include the following:

  • Identity data such as first name, last name, date of birth, and gender. 
  • Contact data such as e-mail address, physical address, and telephone numbers. 
  • Technical data such as IP address, time zone setting, browser types and versions, operating system, and device ID.
  • Profile data means your survey responses.
  • Usage data includes information about how you use the Web site.


In some cases, we may collect location data such as precise GPS coordinates collected from your mobile device if you have permitted this collection. We will request your consent before location data is collected and will inform you of the purpose and your choices regarding the handling of your location data.


We may aggregate data that includes statistical or demographic data. Aggregated data is derived from your personal data but has been de-identified. For example, we may aggregate study participants’ usage data to calculate the percentage of users accessing a specific Web site feature. In some circumstances, a study’s sponsor may access anonymized and aggregated data reports from users within the Web site. The study sponsor is the organization that commissioned the study.


The study platform may also collect and process sensitive data about you. Sensitive data means the various categories of personal data identified by applicable data privacy laws as requiring special treatment. These categories can include data relating to ethnic origin or race, marital status, political opinions or affiliations, ideological views or activities, trade union membership, religious beliefs, physical or mental health, genetic or biometric information, sexual orientation, information on social security measures, or administrative or criminal proceedings or records. These kinds of data are only collected and processed based on your explicit consent.


How your personal data is collected

We use different methods to collect data from and about you. We will collect data directly from you, such as your identity and contact information when you complete enrollment documents and otherwise communicate with us by phone or e-mail. We also collect data from you indirectly using automated and tracking technologies including cookies and server logs. This data typically includes Web site interactions and device, browser, and operating system details.  A cookie is a small piece of information that is sent to your device or browser and stored in your device’s memory:

  • Authentication and authorization cookies allow access to secure areas and specific functionality of the platform. These are strictly necessary for the proper operation of our online services that we provide to you.
  • Personalization cookies allow our platform to remember choices you make and provide personalized features. They may also be used to provide services in the way you have specified.
  • Tracking cookies collect information about how you use our platform, what areas you visit, and how often. We use this information to improve our services.


You can control how your browser or device handles cookies received from Web sites in general. You can choose to refuse all cookies or to be prompted before a cookie is saved to your device. You may also set your browser to only accept cookies from certain Web sites that you designate. Information on deleting or controlling cookies is available at By refusing to accept cookies from us, you may not be able to use our platform.


How we use your personal data  

We will only use your personal data when we have a lawful basis as described in the next section below. Most commonly, we will use your personal data:

  • Where we need to perform the actions to properly conduct the study;
  • When we create a user account for you to enable your use of the Web site;
  • To provide you with updates regarding any changes to the Web site;
  • To administer and protect our business and the Web site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
  • To deliver relevant Web site content to you; 
  • To establish, exercise, or defend our legal rights including in any legal proceedings; or 
  • Where we need to comply with a legal or regulatory obligation.  


Legal bases for processing your data

Our legal basis for processing your personal data will typically be one of the following:

  • We have your consent to use your personal data;
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;  
  • It is necessary to fulfill a contract that we have in place with you; or
  • The processing is necessary to comply with our legal obligations.


Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data. Please contact us using the contact information provided to you with your study enrollment documentation if you need details about the specific lawful basis we are relying on to process your personal data. You also have the right to withdraw consent to the study at any time by contacting us at using the contact information provided to you with your study enrollment documentation.


Change of purpose 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose that is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so or request your consent for the new purpose.


Disclosures of your personal data to third parties, including regulators 

We do not rent, sell, share, or otherwise distribute your personal data to third parties outside of ZS except as required by law and in these circumstances:

  • We will share data with the study sponsor or other third parties where you have consented to such sharing, as described in the consent forms provided to you, related to the research, reimbursement, clinical analysis, or legal reporting requirements;
  • Your personal data may be shared with other companies within our group of companies or with contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them, per the purpose and/or with your consent as set out in this Privacy Notice.
  • We may share, transfer, or disclose the information in our databases and server logs in the event of our sale, merger, reorganization, dissolution, or similar event, as well as to comply with a contractual obligation with our clients, protect your vital interests, and/or protect the security or integrity of our databases or services. We will inform you of any such transfer or disclosure as required by law.
  • We may be required to disclose your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Governmental and regulatory bodies must follow the applicable legal process to obtain valid and binding orders. All requests must be specific and are reviewed by the ZS Legal team to ensure that the requests are valid and so that ZS can object to overly broad or otherwise inappropriate requests. ZS does not provide any government with direct and unfettered access to your personal data, and we do not provide any government with our encryption keys.


Location of your data and transfers of your data abroad

We are a global company, and your data may be transferred throughout our offices worldwide. We are headquartered in the United States, and your data will be stored and processed according to U.S. privacy standards in alignment with the OECD Privacy Guidelines. ZS adheres to the essential data protection principles of lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.


Your data rights

Under applicable data protection laws, you may have rights to access, correct, delete, or limit the use and disclosure of your personal data.

  • Access. You can request access to a copy of the personal data we hold about you.
  • Correct. You can request that we correct any incomplete or incorrect data about you, subject to our ability to verify the updated information.
  • Delete. You can request the erasure of your personal data.
  • Limit, restrict, or object. In certain situations, you can ask that we limit or restrict the processing of your personal data. You may also object to the processing if you believe your data is not being handled lawfully.


In some situations, you may also be able to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.


You may also withdraw consent at any time where we are relying on your consent to process your personal data.


If you wish to exercise any of the rights set out above, please contact us at the contact details provided with your enrollment documentation, by e-mail to our privacy team at, or by using the ZS Privacy Request Tool which is monitored by our privacy team.


Data retention  

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Typically, data is maintained in identifiable form not longer than 7 years after the conclusion of the study, unless we are required to maintain data for a longer period, after which personal data is deleted or anonymized.


Data security  

We provide reasonable and appropriate physical, technical, and organizational safeguards intended to maintain the confidentiality, integrity, and availability of the personal data we collect. Please be aware that, although we endeavor to provide reasonable security for data we process and maintain, no security system can prevent all potential security breaches.


If you become aware of any unauthorized use of or access to your account, you must notify us immediately. We will not be liable for any loss or damage that you may incur as a result of someone else using your account, either with or without your knowledge. However, you could be held liable for loss or damage incurred by us or another party due to someone else using your account.   


Governing Law

This Privacy Notice forms part of our Terms of Use and is governed by the laws of the State of Illinois.



This Privacy Notice is reviewed at least annually. We may change this Privacy Notice at any time. Any updates to this Privacy Notice will be posted here. The date at the top indicates the date of the last update.



When you leave our Web site via links to other sites or services that we do not provide, this Privacy Notice no longer applies to those sites or services.



This Web site is not intended for children, and we do not knowingly collect data relating to children. Users must verify that they are 18 or older upon signing up to use the Web site. If we become aware that anyone under age18 has provided us with personal data, we take steps to remove such data and will delete the child’s account.  


Contact Us

If you have any questions regarding this Privacy Notice or our privacy practices generally, please contact us via e-mail at You may also mail us at:


ZS Associates, Inc.

Attn. Data Protection Officer

One Rotary Center

1560 Sherman Ave. Ste. 800

Evanston, IL 60201


© 2023 ZS