Privacy Statement

 

CLINIPACE PRIVACY STATEMENT

The privacy of data is of paramount importance to Clinipace. As such, Clinipace, Inc. and its subsidiaries, assigns and successors (“CLINIPACE”) subscribes to standards that instill confidence in our ability to satisfy customer data privacy requirements and will withstand the scrutiny of any data protection authority.  Accordingly, CLINIPACE has developed a global privacy compliance program and policy to meet its ongoing privacy obligations for all applicable data privacy laws and/or regulations, including but not limited to the Health Information Portability and Accountability Act (“HIPAA”) of the United States, the European Commission’s Directive on Data Protection of the European Union and the Swiss Federal Act on Data Protection of Switzerland.

This statement is partially in response to the European Commission’s Directive on Data Protection enacted in October 1998 (“ECDP”) and the Swiss Federal Act on Data Protection (“FADP”) enacted in July 1993 (and followed by important modifications in January 2008), which among other objectives include requirements that prohibit the transfer of personal data to non-European Union and non-Swiss nations that do not meet their standards for privacy protection.

CLINIPACE complies with the U.S.-EU Safe Harbor Framework (which was approved by the European Union (“EU”) in 2000) and the U.S.-Swiss Safe Harbor Framework (which was approved by Switzerland in 2009), as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information from Swiss and European Union member countries.  CLINIPACE has certified that it adheres to both the EU and Swiss Safe Harbor Privacy Principles of: 1) notice, 2) choice, 3) onward transfer, 4) access, 5) security, 6) data integrity and 7) enforcement in regard to the transfer of all personal data from the EU and Switzerland to the United States.  CLINIPACE has also certified that it agrees to cooperate and comply with the EU Data Protection Authority and the Swiss Federal Data Protection and Information Commission in terms of the transmission and protection of human resources related personal data from the EU and Switzerland to the United States.

CLINIPACE’S Safe Harbor Certification can be found at https://safeharbor.export.gov/list.aspx.

Additional information regarding the Safe Harbor program can be viewed at http://export.gov/safeharbor/.  The CLINIPACE Data Privacy Statement is located on the www.clinipace.com website.

CLINIPACE self-certifies compliance with:

 SafeHarbor Logo-Lines

 

 

 

CLINIPACE PRIVACY POLICY

OVERVIEW OF CLINIPACE

As a global full-service digital contract research organization (dCRO), CLINIPACE has pioneered an innovative technology-amplified CRO service model to serve the unique needs of venture-backed, mid-tier, and strategic pharmaceutical, biotechnology and medical device firms.  Powered by TEMPO™ (CLINIPACE’S proprietary eClinical platform), our team of experts brings extensive therapeutic knowledge and insight into assisting life science firms in developing and executing regulatory strategies, clinical development and post-approval research to ensure a successful drug and medical device development program.

CLINIPACE acts as a collector and processor of data collected and stored in secure databases on behalf of its clients, who are the data controllers of the information.  When clinical trial data is entered into TEMPO, the information is key-coded and is generally not personally identifiable to CLINIPACE.  CLINIPACE does not use the information in any way beyond client instruction and/or the means specified on IRB/EC approved clinical trial informed consent forms.  At the end of each clinical trial study, copies of the data are transferred to the client and the individual sites that originally collected that data.  Client notification occurs prior to the destruction of the data at the end of the retention period.

CLINIPACE also collects and stores human resources data necessary for personnel administration. 

SCOPE OF POLICY

CLINIPACE’s Safe Harbor Policy (“Policy”) applies to all Personal Information (as defined below) of an Individual (as defined below), in any form, that is received by CLINIPACE, in the United States from the EU and Switzerland. The Policy is based on the EU and Swiss Safe Harbor Privacy Principals of 1) notice, 2) choice, 3) onward transfer, 4) access, 5) security, 6) data integrity and 7) enforcement. For purposes of this Policy, “Personal Information” shall be defined as any information that identifies or could be used to identify an individual that is not encoded, anonymized or publically available.  For purposes of this Policy, “Individual” shall be defined as clients and/or potential clients, clinical trial participants, clinical trial investigators, third party clinical trial personnel and employees, contractors, potential employees and/or potential contractors of CLINIPACE.

LIMITATIONS ON SCOPE:                                                                                                                   
Adherence to this Policy may be limited to the extent required by law, regulations or other governmental obligations, and CLINIPACE reserves the right to share an Individual’s Personal Information as required or authorized by law or regulation or requested by governmental authorities.

This Policy may not apply or may be limited 1) when Personal Information is obtained by CLINIPACE under an agreement that contains the requisite Model Contract Clauses approved by the European Commission with respect to the Personal Information or 2) when necessary for the performance of a contract between an Individual and CLINIPACE.

PRIVACY PRINCIPALS:

  1. Notice
    CLINIPACE relies upon the assurances of the Individual on whose behalf it processes Personal Information that those Individuals about whom the Personal Information concerns have been fully informed about the purposes for which the Personal Information is collected and used, including the types of non-agent third parties to which that Personal Information is disclosed, if any, and the choices and means offered such Individuals for limiting the use and disclosure of its Personal Information.

    Upon client instruction, CLINIPACE will inform Individuals about the purposes (“Purpose(s)”) for which CLINIPACE collects and uses Personal Information.  “Purposes” for the Personal Information will depend on the type of Individual.  For clinical trial participants, clinical investigators or other third clinical trial personnel, Personal Information may be used in order to 1) comply with applicable legal obligations, policies and/or procedures, 2) carry out a clinical trial and/or 3) for internal administrative purposes.  For employees, contractors or potential employees or contractors of CLINIPACE, CLINIPACE will use Personal Information to 1) carry out, support and/or comply with CLINIPACE human resources functions, activities, procedures and/or policies and 2) comply with applicable laws and regulations.  For clients and/or potential clients, Personal Information will be used to 1) process requests for services, 2) improve client satisfaction, 3) provide CLINIPACE product and/or service information, and/or 3) comply with applicable legal obligations, policies and/or procedures.

    If so instructed, CLINIPACE also will disclose the types of non-agent third parties, if any, to which CLINIPACE discloses this information and the choices and means, offered to Individuals for limiting the use and disclosure of its Personal Information.  CLINIPACE will require that this notice be provided in a clear and conspicuous manner at the same time Individuals are first asked to provide Personal Information, or as soon as possible thereafter and, in any event, before CLINIPACE uses or discloses Personal Information for a purpose other than that for which it was originally collected.

  1. Choice
    In accordance with client instructions, CLINIPACE will give Individuals the opportunity to choose (opt in or opt out) whether its Personal Information is disclosed to a non-agent third party  used by CLINIPACE or is to be used for a purpose other than the purpose originally authorized.For sensitive Personal Information (e.g., personal information that pertains to racial or ethnic origin, political or religious beliefs, health condition or sexual orientation) or for personal information used for a purpose other than the purpose originally authorized (in accordance the Individual’s instructions), CLINIPACE will work with Individuals to ensure that such Personal Information is disclosed to a non-agent third party  only after the Individual explicitly consents (opts in) to the disclosure.
  1. Onward Transfers
    CLINIPACE will transfer Personal Information received from the EU and Switzerland to agents, contractors, partners, third party providers and independent entities (“Third Parties”) consistent with the Individual’s instructions.  CLINIPACE will enter into a written agreement or contract to ensure that Third Parties to which CLINIPACE transfers Personal information adhere to the same level of privacy protection as CLINIPACE.  When CLINIPACE has knowledge that a Third Party is using or sharing an Individual’s Personal Information in a way contrary to this Policy, CLINIPACE will take reasonable steps to prevent or stop such processing or use.
  1. Access and Security
    Upon written request and in accordance with an Individual’s instructions, CLINIPACE will allow Individuals access to the Individual’s own Personal Information that CLINIPACE holds.  Individuals can correct, amend or delete Personal Information that is inaccurate, except in certain cases where providing this access would be disproportionate to the risks to Individual’s privacy or where rights of other Individuals would be violated.  Access will not be provided to Personal Information relating to medical or pharmaceutical clinical trials to the extent that access, disclosure, deletion or alteration of the Personal Information would jeopardize the integrity of the trial or if such access would be contrary to regulatory requirements.  CLINIPACE takes precautions to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.  These precautions include data redundancy and the implementation of physical and logical controls.
  1. Data Integrity
    CLINIPACE relies upon assurances from its Individuals that the Personal Information CLINIPACE possesses is relevant for the Purpose(s) for which it is to be used. CLINIPACE shall only use the Personal Information in accordance with the Individual’s instruction.  CLINIPACE will take reasonable steps to ensure that Personal Information entered onto its computer system platforms retains its original relevance, accuracy, completeness and currency.  The CLINIPACE Quality Assurance department will periodically review and conduct compliance audits of the relevant privacy practices, as a part of the internal audit process, to verify adherence with this Policy.  CLINIPACE management will make all commercially reasonable efforts to remedy issues arising out of any failure to comply with this Policy.
  1. Enforcement
    CLINIPACE has implemented internal, self-assessment procedures for conducting random audits of its privacy practices to ensure that such practices are in compliance with this Policy.  Any employee or contractor that CLINIPACE determines is in violation of this Policy will be subject to disciplinary action, up to and including termination.  CLINIPACE will cooperate and comply with the EU Data Protection Authorities and the Swiss Federal Data Protection and Information Commission, as applicable.                                                       
  1. Dispute Resolution
    CLINIPACE will investigate and/or resolve any concern, complaint or question (“Issue(s)”) in accordance with this Policy. CLINIPACE employees, contractors or applicable external parties will direct any Issue(s) arising from the use or disclosure of Personal Information to the CLINIPACE Privacy Officer through the following contact information:

Name: Christopher Porter
Address: 3800 Paramount Parkway, Suite 100, Morrisville, NC 27560
Phone: 919-224-8800
Fax: 919-321-2322
Email:cporter@clinipace.com

With a Copy to:

Attention: Legal Department
Address: 3800 Paramount Parkway, Suite 100, Morrisville, NC 27560
Phone: 919-224-8800
Fax: 919-321-2322
Email: legal@clinipace.com

The American Arbitration Association will be used for all complaints except for Human Resource related complaints, which will be resolved through an internal CLINIPACE dispute resolution process.  CLINIPACE has agreed to participate in the dispute resolution procedures of the EU Data Protection Authority and Swiss Federal Data Protection and Information Commissioner, as applicable, to resolve disputes pursuant to the Safe Harbor Principles. The appropriate statutory body that has jurisdiction to hear any claims against CLINIPACE regarding possible unfair or deceptive practices and violations of laws or regulations governing CLINIPACE’S privacy practices is the Federal Trade Commission.

CONTACT INFORMATION:

Questions, comments or concerns regarding this Policy should be submitted to:

Name: Christopher Porter
Address: 3800 Paramount Parkway, Suite 100, Morrisville, NC 27560
Phone: 919-224-8800
Fax: 919-321-2322
Email:cporter@clinipace.com

With a Copy to:

Attention: Legal Department
Address: 3800 Paramount Parkway, Suite 100, Morrisville, NC 27560
Phone: 919-224-8800
Fax: 919-321-2322
Email: legal@clinipace.com

POLICY CHANGES:

This Policy may be reviewed and amended from time to time, without advance notice, consistent with the requirements of the U.S.-EU and U.S.-Swiss Safe Harbor Privacy Principles, to ensure that an appropriate level of protection for Personal Information is maintained.

All amendments will be posted on the following website: www.clinipace.com.