Privacy Policy Statement

SynteractHCR respects individual privacy and values the confidence of its customers, employees, clinical trial participants, healthcare professionals, business partners, and others. SynteractHCR has developed a global privacy program designed to respect and protect the data privacy rights of every individual with whom we transact business.

This Safe Harbor Privacy Policy (the "Policy") sets forth the privacy principles that SynteractHCR adheres to with respect to transfers of personal information from the member states of the European Union (EU) and Switzerland to the United States (US). This Policy complies with the U.S-EU and the U.S.-Swiss Safe Harbor Framework.

For more information about the Safe Harbor Framework, please visit the U.S. Department of Commerce’s website at http://www.export.gov/safeharbor/.

Scope

This Policy applies to all personal information received by SynteractHCR in the US from a member state of the EU and/or Switzerland in any format including electronic, paper, or verbal. This policy sets certain minimum standards within SynteractHCR which may be subjected to more stringent privacy safeguards as a result of the requirements of GCP, ICH, or other national and/or international requirements.

Definitions

"Agent" means any third party that uses personal information provided by SynteractHCR to perform tasks on behalf of and under the instructions of SynteractHCR.

"SynteractHCR" means SynteractHCR, its predecessors, successors, subsidiaries, divisions and groups in the United States.

"Personal information" means any information or set of information that identifies or could be used by or on behalf of SynteractHCR to identify an individual. Personal information does not include information that is encoded or stripped of all personal identifiable information, or that is publicly available.

"Sensitive personal information" means personal information that reveals such information about an individual such as, but not limited to, race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns the health or sexual orientation of an individual.

Privacy Principles

The privacy principles in this Policy are based on the U.S.-EU and U.S.-Swiss Safe Harbor Privacy Principles as established by the United States Department of Chamber of Commerce. SynteractHCR certifies its adherence to the Safe Harbor Principles. For more information about the Safe Harbor Principles, please visit the U.S. Department of Commerce’s website at http://www.export.gov/safeharbor/.

Notice

Where SynteractHCR or agent of SynteractHCR collects personal information directly from individuals in the EU and Switzerland, SynteractHCR will inform them about the purposes for which it collects and uses the information, the types of third parties to which SynteractHCR discloses that information, and the choices and means, if any, SynteractHCR offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to SynteractHCR, or as soon as practicable thereafter, but in any event before SynteractHCR uses the information for a purpose other than that for which it was originally collected or subsequently authorized by the individual.

Choice

SynteractHCR will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive personal information, SynteractHCR will give individuals the opportunity to affirmatively and explicitly consent (opt-in) to the disclosure of the information to a third party or to the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

Data Integrity

SynteractHCR will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. SynteractHCR will take reasonable steps to ensure that personal information is relevant to its intended use, and is accurate, complete, and current. Procedures are in place to ensure global data protection, and employees and consultants must ensure the protection of personal information according the procedure regardless of where the data collection or transfer originates.

Transfers to Agents

After obtaining assurance from its agents or contractors that they will safeguard any and all personal information received from SynteractHCR in a manner consistent with this Policy, SynteractHCR may share an individual's information with agents, contractors or partners of SynteractHCR in connection with services that these individuals or entities perform for, or with, SynteractHCR. SynteractHCR may, for example, provide an individual's personal information to contractors or business partners for hosting our databases, for data processing services, or to send to that individual the information that he or she requested. Appropriate assurance of commitment to compliance with the Policy may be given in a number of ways, which may include one or more of the following:

  1. A contract between SynteractHCR and the third party which includes provisions obligating the third party to provide at least the same level of protection as is required by the relevant Safe Harbor Principles.
  2. The third party may be subject to the U.S.-EU and/or U.S.-Swiss Data Protection Directive itself.
  3. The third party may have filed its own Safe Harbor certification.
  4. The third party may have Binding Corporate Rules approved by the European Commission, or may be subject to another European Commission adequacy finding (e.g. Argentina, Canada, Guernsey, Hungary, Switzerland).

SynteractHCR will ensure one of the above assurances of commitment to compliance are in place before sharing personal information. Where SynteractHCR has knowledge that an agent, contractor or partner is using or disclosing personal information in a manner contrary to this Policy, SynteractHCR will promptly take reasonable steps to prevent or stop the use or disclosure.

Access and Correction

Upon request, individuals will be granted reasonable access to personal information that SynteractHCR holds about them. In addition, upon request, SynteractHCR will take reasonable steps to permit individuals to correct, amend, or delete information that is found to be inaccurate or incomplete. However, due to regulatory requirements, and to ensure the scientific integrity of the clinical trials on which in works, SynteractHCR will not be able to provide direct access to research data to clinical trial participants or clinical investigators.

Security

SynteractHCR will employ reasonable safeguards to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. For personal information subject to electronic storage or transmission, SynteractHCR maintains an internal private, secure global network that is protected from computer virus infection and monitored for unauthorized access. Both electronic and paper based records holding personal information are maintained in access controlled facilities for which business continuity plans are required.

Enforcement

SynteractHCR will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. All reported breaches or potential breaches will be investigated by the Privacy Officer and the investigative agents the Privacy Officer assigns, who will take such actions as they deem appropriate in the investigation and if necessary, remediation of the situation. Any employee that SynteractHCR determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment. In the event of criminal or other serious violations of the law, these actions could also be subject to notification of the appropriate legal body.

Dispute Resolution

Any questions or concerns regarding the use or disclosure of personal information should be directed to the Privacy Officer at the address given below. SynteractHCR will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between SynteractHCR and the complainant, SynteractHCR has agreed to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities and Swiss Federal Data Protection and Information Commissioner to resolve disputes, pursuant to the Safe Harbor Principals.

Contact Information

Questions or comments regarding this Policy should be submitted to the SynteractHCR Privacy Officer by mail or email at the following address:

SynteractHCR, Inc.
C/o Privacy Officer
5759 Fleet Street
Suite 100 Carlsbad 
California 92008 USA
PrivacyOfficer@SynteractHCR.com

Reservation of Rights

SynteractHCR reserves the right to share an individual's information as required by law or to duly authorized information requests of government authorities.

Changes to this Policy

This Policy may be amended from time to time at the sole discretion of SynteractHCR.