COASTAL ORGANIZATIONAL RESEARCH and LEARNING STRATEGIES LLC
(772) 934-4467 | DrP@coralsllc.com
Privacy Policy
CORALS LLC This policy also serves as the privacy notice to research participants and website visitors.
Effective date: June 22, 2026 Last updated: June 22, 2026
1. Who We Are
CORALS LLC ("CORALS," "we," "us," or "our") is an IRB-registered applied research and consulting firm. We conduct academic and applied research, including survey and Delphi studies, and we operate this website to describe our work and to recruit and communicate with research participants.
For research that CORALS conducts on its own behalf (such as our WOE research program), CORALS LLC is the data controller responsible for the personal information described in this policy, for the purposes of the EU General Data Protection Regulation (GDPR), UK GDPR, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and comparable laws. Where CORALS conducts or supports research on behalf of a client, the client is typically the controller of the participant data in that study and CORALS acts under contract as a processor or joint controller; in those engagements the client's own privacy notice also applies. This policy addresses the research CORALS conducts as controller.
Contact for privacy and data matters: CORALS LLC 700 SE Becker Road #277, Port St. Lucie, FL 34984, USA Email: drp@coralsllc.com
2. Scope of This Policy
This policy explains how we collect, use, share, and protect personal information when you:
- visit or interact with our website;
- contact us by email or web form; or
- take part in our research (for example, completing a survey or participating in a Delphi panel).
Research studies also have their own informed-consent documents. Where a study-specific consent form or participant information sheet applies, that document governs the details of that study (its purpose, procedures, risks, and your rights as a participant). This policy supplements those consent documents; it does not replace them. If anything in a study consent form conflicts with this policy, the consent form controls for that study.
3. Information We Collect
We collect only the information needed for the purposes described below.
You provide directly:
- Contact information — name, email address, and (where you provide it) telephone number.
- Research responses — your answers to surveys, Delphi questionnaires, interview prompts, and related research instruments.
- Demographic and professional information — for example, age range, professional role, industry, organization type, or region, where relevant to a study.
Collected automatically when you use the website:
- Standard technical data such as IP address, browser type, device information, and pages visited, collected through our web host and any essential cookies. See Section 9 (Cookies and Website Data).
Special-category (sensitive) data. Some studies ask limited demographic questions that may reveal special-category information — for example, racial or ethnic origin, religious belief, political opinion, or sexual orientation — and questions about gender identity are handled with the same care. Where a study includes such questions, answering them is voluntary, and we use the responses only for research demographic analysis. Where GDPR or UK GDPR applies, we process this data on the basis of your explicit consent, supported where relevant by the scientific-research provisions described in Section 4. We do not collect health, genetic, or biometric data. Outside of these specific, consented questions, please do not submit sensitive information in open-text responses; if you do, we will minimize, protect, or delete it as appropriate.
4. Why We Use Your Information, and Our Legal Bases
We use personal information to:
- conduct, analyze, and publish research;
- recruit, enroll, and communicate with research participants;
- respond to your inquiries; and
- operate, maintain, and secure our website.
Where GDPR or UK GDPR applies, our legal bases are:
| Purpose | Legal basis |
|---|---|
| Enrolling you and processing your research responses | Consent (Art. 6(1)(a)) — given when you agree to participate |
| Processing special-category (sensitive) demographic data, where a study collects it | Explicit consent (Art. 9(2)(a)), supported where relevant by scientific-research processing with safeguards (Art. 9(2)(j) and Art. 89(1)) |
| Responding to inquiries and general correspondence | Legitimate interests (Art. 6(1)(f)) — operating and communicating about our services |
| Operating and securing the website | Legitimate interests (Art. 6(1)(f)) |
| Meeting legal, regulatory, or research-integrity obligations | Legal obligation / public-interest research as applicable |
You may withdraw consent to research participation at any time (see Section 8). Withdrawal does not affect processing already carried out, or the use of data that has been irreversibly de-identified before withdrawal.
5. Research Data, De-Identification, and Publication
Research findings are reported in aggregate or de-identified form. We do not publish information that identifies you individually unless a study consent form specifically provides for attributed quotation and you have agreed to it. Where we de-identify or anonymize data, we apply reasonable measures so that it can no longer be linked to you, after which it is no longer treated as personal information under this policy.
De-identified response data may be aggregated across study branches to support comparative and synthesis analyses. Where a branch uses program-level (Tier 1) consent, this cross-branch aggregation is disclosed in the consent document; for anonymous branches, it is disclosed in the branch-level activity disclosure notice.
6. How We Share Information
We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
We share information only as follows:
- Service providers (processors). We use Microsoft 365, including Microsoft Forms, to collect, store, and process data. Microsoft acts as our processor under its Data Protection Addendum. We do not use third-party advertising, analytics, or email-marketing platforms with your research data.
- CORALS consultants and collaborators. Research we conduct may involve paid consultants and collaborators — for example, methodologists, IRB-affiliated reviewers, or co-investigators. Those engaged by CORALS are bound by written confidentiality and data-protection agreements, and where their role requires it, they may access identifiable participant data, limited to what is necessary for their work. In studies using fully anonymous instruments, no identifying information is held. Individuals who are not engaged by CORALS under such agreements do not receive access to identifiable participant data.
- Client-commissioned research. Where CORALS conducts or supports research for a client, that client controls and has access to the participant data in its own study, as described in Section 1 and in that study's consent documents.
- Oversight and regulatory bodies. Our Institutional Review Board (IRB) and, where applicable, regulatory or oversight authorities may access research records — including identifiable data — to carry out their review, monitoring, and audit responsibilities.
- Legal requirements. We may disclose information where required by law, regulation, or valid legal process, or to protect our rights and safety.
7. International Data Transfers
CORALS is based in the United States. If you are located in the EU/EEA, the United Kingdom, Canada, or elsewhere, your information will be transferred to and processed in the United States.
For transfers of EU/EEA and UK personal data to the United States, we rely on appropriate safeguards under GDPR Article 46 and UK GDPR. Our processor, Microsoft, is certified under the EU-U.S. Data Privacy Framework (including the UK Extension), and Microsoft additionally makes the European Commission's Standard Contractual Clauses (SCCs) available in its Data Protection Addendum as a transfer safeguard and backup mechanism. These measures are intended to ensure your information continues to receive a level of protection essentially equivalent to that in your home jurisdiction. You may request more information about these safeguards using the contact details in Section 1.
8. Your Rights
The rights available to you depend on where you live. We will not discriminate against you for exercising any of these rights. To make a request, contact us at irb@coralsllc.com. We may need to verify your identity before responding.
All participants and visitors. You may ask us to access, correct, or delete personal information we hold about you, subject to research-integrity and legal limits.
EU/EEA and United Kingdom (GDPR / UK GDPR). You have the right to access, rectify, erase, restrict, or object to processing; the right to data portability; the right to withdraw consent at any time; and the right to lodge a complaint with your supervisory authority (in Ireland, the Data Protection Commission; in the UK, the Information Commissioner's Office).
California. CORALS does not meet the thresholds that make a business subject to the California Consumer Privacy Act (CCPA/CPRA), and we do not sell or share personal information. As a matter of practice, we nonetheless honor requests from California residents to know what personal information we hold, to access or delete it, and to correct inaccuracies, subject to the research-integrity and legal limits described in this policy.
Canada (PIPEDA). You have the right to access the personal information we hold about you, to request correction, and to withdraw consent, subject to legal and contractual limits. You may also contact the Office of the Privacy Commissioner of Canada.
We respond to rights requests within the timeframes required by applicable law.
9. Cookies and Website Data
Our website uses cookies and similar technologies that are strictly necessary for the site to function and to keep it secure. Where required by law, we request your consent before setting any non-essential cookies, and you can manage your preferences through your browser settings or any cookie banner we provide. We do not use advertising cookies.
10. Data Retention
We keep personal information only as long as needed for the purposes in this policy, in line with our IRB and record-keeping obligations and applicable law. We apply a tiered retention schedule:
- Identifiable and administrative information (such as contact details and any data that could identify a participant) is deleted within 12 months of the completion of the relevant study phase.
- De-identified research data is retained indefinitely for scholarly use (including analysis, synthesis, and publication). Because this data has been irreversibly de-identified, it is no longer personal information and is not linked back to you.
Contact information used only for general correspondence is deleted when it is no longer needed.
11. Data Security
We use reasonable administrative, technical, and organizational measures appropriate to the sensitivity of the information. Research data is stored in CORALS LLC's encrypted Microsoft OneDrive (cloud) environment, with a password-protected local device as secondary backup. Access to identifiable data is limited to the Principal Investigator and to consultants or collaborators whose role requires it and who are bound by confidentiality and data-protection agreements. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12. Participation Is Limited to Adults
Our research and this website are intended for adults (18 years or older). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.
13. Changes to This Policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date above, and, where required by law, we will provide additional notice. Material changes affecting active research participants will be communicated as required by the relevant study's consent process.
14. How to Contact Us
Questions, concerns, or requests about this policy or your personal information:
CORALS LLC 700 SE Becker Road #277, Port St. Lucie, FL 34984, USA Email: drp@coralsllc.com
If you participated in a specific study and have questions about your rights as a research participant, please also refer to the contact information on that study's consent document.