Purpose and Consent

Before collecting Personal Information from you, we will explain to you the purpose of collecting it and we will only collect, use and disclose your Personal Information with your consent, except where otherwise permitted or required by law.

You may withdraw your consent to our collection, use and disclosure of your Personal Information at any time, subject to legal or contractual restrictions and reasonable notice. If you withdraw your consent, the implications of such withdrawal may be that we are not able to allow you to participate in a study. To withdraw your consent, simply contact us and advise us of what Personal Information you no longer wish us to collect, use or disclose.

Limiting Collection

Our collection of Personal Information is limited to what is reasonable under the circumstances and your information will be used only for the purpose for which it is collected.

Security

INQUIS Clinical Research (“INQUIS”) takes all reasonable precautions to ensure that your personal information is kept confidential and secure and is not disclosed to anyone outside our company without your consent, unless required by law. Our safeguards include physical measures (locked records rooms, restricted access to our office, alarm systems), technological tools (passwords, encryption, firewalls), and organizational controls (security clearances, limiting access on a ‘need-to-know’ basis, staff training, confidentiality agreements). We will ensure training of all INQUIS employees that may have access to your personal information on our privacy procedures and applicable regulations.

Despite having these controls in place, if it is discovered that your personal health information has been stolen, lost, or accessed by unauthorized persons, unless prohibited by law, INQUIS shall notify you of any breach of security safeguards involving your personal information under our control if it is reasonable to believe that the breach creates real risk of significant harm to you. This notification will be given as soon as feasible after we determine that the breach has occurred.

Access

You have the right to access your own Personal Information and to request that any inaccuracies be corrected.

What is Personal Information?

Personal Information is any information that identifies you, or by which your identity could be deduced. Data we collect with personal identifiers removed (so that it is impossible to determine the identity of the person to whom the information relates) is not considered Personal Information.

The 10 Privacy Principles

Since INQUIS is committed to maintaining the confidentiality, accuracy, and security of your Personal Information, we have adopted the 10 principles forming part of the Personal Information Protection and Electronic Documents Act (PIPEDA), which governs the collection, use and disclosure of Personal Information.

Accountability: All INQUIS staff are responsible for maintaining and protecting all Personal Information under their control. INQUIS has designated an individual to oversee our compliance with PIPEDA and our Privacy Principles.

Identifying Purposes: We will identify the purposes for which Personal Information is collected, either before or at the time of collection.

Consent: We will only collect, use and disclose your Personal Information with your consent, except where otherwise permitted or required by law.

Limiting Collection: We will limit the collection of your Personal Information to only those details which are necessary for the purposes identified.

Limiting Use, Disclosure and Retention: Your Personal information will only be used or disclosed for the purpose for which it was collected, unless you have otherwise consented, or when it is required or permitted by the law. We will only retain your Personal Information for the period of time required to fulfill the purposes for which it was collected or for the period of time required by law.

Accuracy: We will keep Personal Information we collect as accurate, complete and up-to-date as necessary to fulfil the purpose for which it was used.

Safeguards: We will protect the Personal Information we collect with security safeguards appropriate to the sensitivity of the information.

Openness: Information about our policies and practices relating to the management of Personal Information will be made readily available to you.

Access: You may request access to your Personal Information at any time to review its content and accuracy and have it amended as appropriate. If your information is not accurate or complete, please contact us to have it changed.

Challenging Compliance: You may contact us with any questions, complaints or suggestions with respect to our Privacy Principles.

Collecting Your Personal Information

INQUIS may collect personal information, with your consent, when you:

• Complete a telephone or online questionnaire to participate in a research study
• Call into our recruiting department to register in our recruiting database
• Come in for a screening visit to participate in a research study
• Come in for a research study visit

This information could include but is not limited to: your name, phone #, address, date of birth, gender, race, height, weight, childbearing potential, contraception used, participation in other trials, health lifestyle questions (re: past hospitalization, smoking history, past street drug use, alcohol consumption, caffeine consumption, dietary requirements, concomitant medication use), vital signs, in-house urine pregnancy testing (if applicable), medical history, physical exam, Family Physician information (name, address, phone and fax numbers).

Access/Use of Personal Information

Those parties that could have access to your personal information include the study sponsor, INQUIS, its employees, the law (e.g. regulatory bodies like Health Canada and the FDA) and the Ethics Review Board that reviewed the research study. INQUIS may use your personal information, from time to time in order to:

• Identify you
• Determine your eligibility for possible study participation based on study protocol
• Respond to internal inquiries about your study information
• Meet any legal requirements
• To create statistics about our business. These statistics would not contain any information that could identify you personally.

Your medical records relating to your participation are confidential to the extent permitted by the law (e.g. Government of Canada and the Government of the USA or other National Governments) and/or regulations and will not be made publicly available. INQUIS will not sell, rent or trade personal information such as email addresses or phone numbers to any third party. We treat all information you provide as confidential.

During onsite visits, your medical records and study source documentation will be made available for review for validity verification. All documentation collected by the Sponsor will not contain information that could identify you.

Other Clinical Investigators

Information from the research study will be used by the Sponsor in connection with the development of the study formulation and, therefore, may be disclosed as required to other clinical Investigators and to regulatory agencies. In order to allow the use of the information derived from the research study, it is understood that there is an obligation to provide the Sponsor with complete test results and all data generated in the study. If results of the study are published, a number only will identify you. If photographs of study subjects are published, the identity of the subjects will be protected.

Government Regulatory Agencies

Data (which will not contain any identifiable information about you) from studies may be submitted to government regulatory authorities (e.g., in the USA, Canada, European Union, etc.) to obtain approval to market the sponsor’s product. Regulatory inspectors that visit INQUIS will have access to all study documents. Some of these documents will contain your identity.

Ministry of Health or your Family Physician

Any positive infection results (HIV, Hepatitis B, Hepatitis C and TB) from screening labs will be forwarded to the Ontario Ministry of Health for verification by INQUIS, the local laboratory, or your family physician. Your full name, address and any other required information will be sent to the local infectious disease surveillance of the Ministry of Health together with a copy of the result. One of the study doctors or staff will contact you to discuss the results. You will be provided with a copy of the results and will either be (a) asked to see your family doctor for further medical care, or (b) if you do not have a family doctor or if you choose for the results not to be forwarded to your family doctor, a doctor at INQUIS will arrange for another doctor/specialist to see you. Test results will become a part of your medical record. If in the future, you sign waivers to release medical information to insurance companies, employers or any other third party, then the INQUIS investigators would be obligated to release a positive infectious result to those third parties.

Can I Access, Update or Delete My Information

You may access and verify the accuracy of your personal information upon written request. We will respond to your request to access, update, or delete your information within 30 days of receiving the request. We may ask you to verify your identity in a secure manner in order to help us respond to your request.

There may be instances when we will not be able to provide you with the Personal Information that you request. An example of such an instance would be if the information you request contains references to other individuals, or if it cannot be disclosed for legal reasons.

We encourage you to notify us in writing of inaccuracies or corrections to your Personal Information. We will make the proper changes unless restricted by law. You may also send us a written request that we delete personally identifying information stored in our database that we actively use for recruiting purposes. Unless restricted by law we will take all reasonable steps to functionally delete or de-identify such information from our database. More precisely, the de-identification process will remove all mention of the following information: Your name; address; any telephone or fax numbers; all elements of dates, including your date of birth; electronic mail address; any other information that may identify you.

Retention of Personal Information

It is a regulatory requirement that Investigators maintain the following records until; (1) a minimum of 3 years (or 15 years for a Health Canada regulated study); or (2) written notification is received from the Sponsor:

• a signed consent form of each subject
• completed source data forms of each subject

Communicating With You

Our concern with the privacy of your health information is reflected in how we communicate with you, and we protect your personal health information regardless of its format.

By Phone: Unless you indicate otherwise, we will only leave our name and phone number on any message for you.

By Email: Any confidential information that we send via email over public or external networks is encrypted. We employ a firewall and virus scanning software to mitigate against unauthorized modification, loss, access or disclosure.

By Mail: When health information is transferred to another location, it is placed in a sealed envelope, marked as confidential, and directed to the attention of the authorized recipient.

Whom Can I contact if I have Questions or Concerns?

INQUIS has a procedure in place in order to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. Individuals with inquiries or complaints will be informed of these procedures once contact is made with in one of the following ways:

By Mail: Privacy Officer

INQUIS Clinical Research

20 Victoria St., 3^rd floor

Toronto, ON, M5T 2N8

Email: info@inquis.com

Phone: 416-861-0506

We will investigate all complaints in a timely fashion and if the complaint is found to be justified, INQUIS will take appropriate measures including amending its policies and practices.

As permitted by law, we reserve the right to amend or modify our privacy policies and practices.