Privacy Policy

EFFECTIVE: October 3, 2023


At Crowley Webb and Associates, Inc. (“The Company,” “We,” “Us”), We are committed to protecting your privacy. This Policy explains our data collection practices and your choice about the way your information is used on our websites ( and, our Platform (, and our consumer panel, Sample. In order to find this Privacy Policy, We have committed to making it available on every page of the corporate website and all study websites, PraxisDirect®, and all mobile device applications. The use of information collected through our service shall be limited to the purpose of providing the service for which the Client has engaged The Company.

The Company (Crowley Webb and Associates, Inc. and its wholly owned subsidiary, Praxis Communications, LLC) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. The Company has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. The Company has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit

The Company is responsible for the processing of personal data it receives, and subsequently transfers to a third party acting as an agent on its behalf. The Company complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over The Company’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, The Company may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, The Company commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.

APEC Participation
Crowley Webb and Associates, Inc. privacy practices, described in this Privacy Policy, comply with the APEC Cross-Border Privacy Rules System.  The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies.  More information about the APEC framework can be found here.

GDPR Compliance
The Company (Crowley Webb and Associates, Inc. and its wholly owned subsidiary, Praxis Communications, LLC) complies with the requirements of the EU General Data Protection Regulation (GDPR).  To learn more about GDPR, visit the European Commission website (

We implement security measures to protect any personally identifiable information that We transmit or store. We collect your name, email address, and phone number. When you employ the email contact feature, We do not collect any personal information about you unless you provide Us that information voluntarily. Any information you provide Us in an email contact is used only to respond to your inquiry, which may be by email or a phone call from one of our representatives if you provide phone contact information. Any information you voluntarily provide to Us in a questionnaire on a study website is used only to enable the local research site in your area to contact you about that study, and only with your consent. Any information your local research site provides Us about you is used only for setup and functionality of clinical research study mobile device applications once you have enrolled into a clinical research study.

When you download and use our Services, We automatically collect information on the type of device you use and the operating system version.

If We collect information from you specifying medical or health conditions; racial or ethnic origin; political opinions; religious, ideological, or philosophical beliefs; trade union membership; information on social security measures or administrative or criminal proceedings or sanctions (which are treated outside pending proceedings); or information with respect to personal sexuality (collectively, “Sensitive Information”), We will not (a) disclose such Sensitive Information to a third party or (b) use such Sensitive Information for a purpose other than those for which it was originally collected or subsequently authorized by you without obtaining your affirmative opt-in (unless We believe in good faith that We are required to do so in order to comply with an applicable statute, a regulation, a rule or law, a subpoena, a search warrant, a court or regulatory order, or other valid legal process).

Although The Company is not a covered entity according to the Health Insurance Portability and Accountability Act (HIPAA), and the information gathered on our study prescreening questionnaires is the equivalent of a survey rather than a medical record, We understand that information supplied on such online forms may be of a sensitive nature and that the research sites We work with must comply with HIPAA guidelines. Therefore, the confidentiality of the personally identifiable information is vigilantly maintained and secured.


We have collected the following categories of personal information from consumers within the last twelve (12) months:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, address, telephone number, education, employment, employment history, or any other financial information such as bank used or personal income, medical information, or health insurance information.

Some personal information included in this category may overlap with other categories.

C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). YES
D. Commercial information. Records of personal property; products or services purchased, obtained, or considered; or other purchasing or consuming histories or tendencies. YES
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints; iris or retina scans; keystroke, gait, or other physical patterns; and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES
G. Geolocation data. Physical location or movements. YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
I. Professional or employment-related information. Current or past job history or performance evaluations. YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. YES

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from forms, surveys, or questionnaires you complete.
  • Indirectly from you. For example, from observing your actions on our website.

The Company does not disclose, give, or sell any personally identifiable information you provide in an email inquiry form or in response to clinical research study recruitment campaigns to any outside organizations for any reason (other than where We may be required to by law and as stated in this Policy). This includes information voluntarily provided by users via The Company recruitment websites and any patient information entered by research sites from their own recruitment efforts. Research sites utilizing PraxisDirect for clinical recruitment trials agree to keep their login information private and handle accessible data in compliance with this Privacy Policy and any confidentiality and/or privacy agreements executed between the research site and the clinical trial sponsor in relation to the study data. At the close of each recruitment campaign, all personally identifying information housed in PraxisDirect is deleted, retaining only aggregate data for analyses.

We may also disclose your personal information as required by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process when We believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

You may sign up to receive newsletters from Us.  If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails We send to you, or please click here to send Us an email.


We may share your personal information by disclosing it to a third party for a business purpose.  For example, We may employ independent contractors, consultants, vendors, and suppliers, such as a call center, a mail house, or any other third party who may need to receive or handle personally identifiable information on our behalf in connection with the performance of obligations and exercise of rights under this Privacy Policy and the website Terms and Conditions and to provide specific services and products related to the website, such as hosting and maintaining the website, providing fraud screening, providing shipping services, and developing applications for the website and email services.  We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, The Company has disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.

We do not sell personal information.  In the preceding twelve (12) months, The Company has not sold personal information to the categories of third parties indicated in the chart below.

Personal Information Category Category of Third-Party Recipients
Business Purpose Disclosures Sales
A: Identifiers. Independent contractors, consultants, vendors, and suppliers. None
B: California Customer Records personal information categories. (Cal. Civ. Code § 1798.80(e)). Independent contractors, consultants, vendors, and suppliers. None
C: Protected classification characteristics under California or federal law. Independent contractors, consultants, vendors, and suppliers. None
D: Commercial information. Independent contractors, consultants, vendors, and suppliers. None
E: Biometric information. Independent contractors, consultants, vendors, and suppliers. None
F: Internet or other similar network activity. Independent contractors, consultants, vendors, and suppliers. None
G: Geolocation data. Independent contractors, consultants, vendors, and suppliers. None
H: Sensory data.  Independent contractors, consultants, vendors, and suppliers. None
I: Professional or employment-related information.  Independent contractors, consultants, vendors, and suppliers. None
J: Non-public education information.  Independent contractors, consultants, vendors, and suppliers. None
K: Inferences drawn from other personal information.  Independent contractors, consultants, vendors, and suppliers. None

The Company will take reasonable steps to protect the information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration, or destruction. The Company cannot guarantee the security of information on or transmitted via the internet.

The Company will process personal information only in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, We will take reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.

Upon request, The Company will provide you with information about whether We hold, or process on behalf of a third party, any of your personal information.  To request this information please click here to fill out our online form or send Us an email at or call Us toll-free at 1-855-467-7294.

Contact Us to update, remove, or request deletion of the information you provided to Us. In order to protect your privacy, We will take reasonable action to verify your identity before changing or updating your information. Please refer to the section “How to Contact Us” below. We will respond to your request based on the time frames below.

Response Timing and Format

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact Us via email at

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If We require more time (up to another 45 days), We will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option.

Any disclosures We provide will only cover the 12-month period preceding our receipt of your request. The response We provide will also explain the reasons We cannot comply with a request, if applicable. For data portability requests, We will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell you why We made that decision and provide you with a cost estimate before completing your request.


We will not discriminate against you for exercising any of your rights or privileges provided under this Privacy Policy. Unless permitted by law, We will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, We may offer you certain financial incentives permitted by law that can result in different prices, rates, or quality levels. Any lawful financial incentive We offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time. We currently provide the following financial incentives:

  • In our Sample consumer panel, We offer reward points to qualifying participants that may be exchanged for an Amazon gift card. The Sample consumer panel with a link to its terms and conditions can be found here:
  • If you would like to opt in and participate in the Sample consumer panel, please click here:
  • You may opt out from your prior submission to our Sample consumer panel at any time. To be removed from our Sample database, please email
  • We do not assign a monetary value to the data that We collect and strive to only use that information to further our business in accordance with our Privacy Policy; to the extent that We are required to assign a monetary value to your personal information, it is equal to the value of the discount or financial incentive that We have provided to you.

On occasion, We may make available on our website links that will give you access to other websites that may be of interest to you but that We do not control. We cannot be responsible for the privacy policies of such other websites. If you submit personal information to any of those websites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.

We and our partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and gather demographic information about our user base as a whole. Users can control the use of cookies at the individual browser level.

As is true of most websites, We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.

We do not link this automatically collected data to other information We collect about you.

We partner with a third party to either display advertising on our website or manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based on your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt out by clicking here (or, if located in the European Union, click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.

The Company collects information under the direction of its Clients and has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that uses our service, please directly contact the Client with which you interact. We may transfer personal information to companies that help Us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.

The Company has no direct relationship with the individuals whose personal data it processes. An individual who seeks to access data, or who seeks to correct, amend, or delete inaccurate data, should direct their query to The Company’s Client (the data controller). If requested to remove data, We will respond within a reasonable time frame.

We will retain personal data We process on behalf of our Clients for as long as needed to provide services to our Client. The Company will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If the way We treat personally identifiable information changes in any material way, such changes will be included in an updated version of this Policy prior to the change becoming effective and will be posted in this same location. We will use personally identifiable information only in accordance with the terms of the Policy under which it was collected. Please check back to ensure you are familiar with the most recent Privacy Policy.

If you have any questions, concerns, or complaints about our Privacy Policy or how We handle your personally identifiable information, please contact our privacy officer at Crowley Webb and Associates, Inc., 268 Main Street, Suite 400, Buffalo, NY 14202, or click here to email. Our privacy officer will immediately investigate any complaint about our use of your personally identifiable information.

By using our corporate website, any study websites, PraxisDirect, or any mobile device applications, you signify your assent to our Policy. If you do not agree with this Policy, you are not permitted to use our websites or mobile device applications.

TRUSTe Privacy Certification