At MD Connect, we take the protection and security of our clients’ Personal and Sensitive Data very seriously and have invested heavily in infrastructure, policies and staff training to insure compliance with various global regulations (e.g. ICH E6/GCP, HIPAA/HITECH (US), GDPR (EU), APEC Cross Border Privacy, China CSL). We employ a series of physical, technical, and administrative security safeguards to reduce the risks of loss, misuse, unauthorized access, disclosure, or alteration which include, but are not limited to, the following:
The Company uses reasonable measures to protect Your and Patients’ information, however, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If You have reason to believe that Your interaction with us is no longer secure (for example, if You feel that the security of any account You have with us has been compromised), please notify us immediately by contacting firstname.lastname@example.org or by faxing Your notice to 781-235-0929.
MD Connect works closely with one of the world’s leading privacy regulatory consultants, TrustArc, to ensure our privacy programs are compliant with global regulations and privacy standards through a system of assessment, remediation, certification and ongoing monitoring. Our Recruitment Websites are certified with the broadly known TRUSTe seal which builds confidence and trust amongst Patients and Clients.
HIPAA / HITECH Compliance
Although data collected during the patient recruitment and pre-screening process by the Company may not constitute a patient medical record as defined by the Health Insurance Portability and Accountability Act (HIPAA), we understand that this data is nonetheless sensitive and treat it with all the appropriate security and privacy protections afforded Protected Health Information by both HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act.
GDPR compliance / Privacy Shield The Company participates in and has self-certified its compliance with the EU General Data Protection Regulation (GDPR). More can be found out about GDPR at https://eur-lex.europa.eu/eli/reg/2016/679/oj
The Company participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. The Company is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov/list]
The Company is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Company complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Company is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, The Company may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], You may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
The Company has been certified by a leading regulatory consultancy (TrustArc) to have privacy practices meeting the Asia-Pacific Economic Cooperation (APEC) Privacy Recognition for Processors (PRP) framework for data processors. More information on this can be found at https://www.trustarc.com/products/apec-certification/
When You visit our Website or contact us or we contact You, we collect personal information that You provide voluntarily. Most of our Recruitment Websites contain a contact form where we collect personal information which You or Patients provide or we may collect personal information when we contact You by telephone or email. The Company only collects personal information that is limited and necessary to contact Clients or Clients Patients. At the request of Clients, we occasionally collect additional information from Patients to determine their eligibility and qualifications for treatment by the healthcare provider.
On this Website, we may collect and process Your Personal Data. In the provision of our services, The Company (Data Processor) processes Personal Data on behalf of its Client(s) (Data Controllers). Personal Data means any information relating to an identified or identifiable natural person (data subject).
Personal Data includes direct and indirect identifiers such as:
In the provision of our services, The Company (Data Processor) may process Sensitive Data on behalf of its Client(s) (Data Controllers). Sensitive Data is a special category of Personal Data that requires additional privacy and security protections. The collection of Sensitive Data is done at the direction of our Client(s) and is limited to specific and necessary Sensitive Data of potential Patients needed to determine eligibility for specific clinical trials or for potential Patients needed to determine appropriateness for a given medical practice.
Uses and Disclosures of Information Collected The Company uses and discloses Personal Data (including Sensitive Data) for a variety of purposes that are limited and necessary to the operation of our business and the delivery of services to You. These purposes include to:
The Company may disclose personal information collected through this Website to affiliated third party service providers, such as IT support services, customer service providers, and other services providers that support us and facilitate the services we provide to You. These companies are authorized to use Your Personal Data only as necessary to provide these services to us. For example, we use Google Analytics, a web analysis service provided by Google. Google utilizes the data collected to track and examine the use of our Websites, to prepare reports for us on website activities and share them with other Google services. However, Google Analytics offers an opt-out provision for website visitors who do not want their data to be collected. You can access more information about this option at http://tools.google.com/dlpage/gaoptout .
The Company may disclose information to a third party in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of Your Personal Data, and choices You may have regarding Your Personal Data. Further, we may use and disclose information collected through the Website as we believe to be necessary or appropriate, including: (a) as permitted by applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect our rights, privacy, safety, or property, and/or that of our affiliates, You, or others; and (g) to allow us to pursue available remedies or limit damages that we may sustain. We may also disclose Your Personal Data to any other third party with Your prior consent.
The Company reserves the right to compile and use the Personal Data collected as described above, in a de-identified or anonymized format, i.e. no longer personally identifiable as defined by data privacy regulations, for data aggregation and data analytics purposes.
Passive Information Collection and Use
The Websites use a passive technology called “cookies” and other similar technologies. With cookies, we collect the IP (Internet protocol) addresses of all visitors to our Websites and other related information such as browser type, operating system and average time a visitor spends on our websites. The Company uses this information to help us understand our website activity and to monitor and improve our Websites. Cookies also provide information about You and Your preferences, and help us personalize Your experience on our Website. You can set Your web browser to notify You when cookies are being placed on Your system or to not accept cookies. However, if You decide not to accept cookies from our websites, You may not be able to take advantage of all of the features available to You on our Websites.
The Company also collects information from and about Your mobile device, such as a unique device identifier.
Unaffiliated Third Party Sites and Services
Use of Website by Minors
Use of this Website or our services is not generally directed to individuals under the age of 18, and we request that these individuals not provide Personal and/or Sensitive Data through the Websites or through our service providers unless identified as appropriate in the Pre-Screening criteria. However, there may be some Sponsors that are specifically seeking this age group. In such clinical trials or situations, parental consent may be required as part of the Pre-Screening process.
If personal information related to individuals under the age of 18 is identified and deemed inappropriate, reasonable steps will be taken to delete the information.
Choices and Access
Upon request the Company will provide You with information about whether we hold any of Your personal information. If You wish to change Your preferences about the personal information You provided to us or wish to withdraw Your consent to its retention, use or disclosure, please contact us at email@example.com or by faxing to 781-235-0929.
If You would like to review, correct, update, or delete the personal information that You have provided via the Website, please contact us at firstname.lastname@example.org or by faxing to 781-235-0929. We will reply to Your request in a reasonable period of time not to exceed 60 days.
If You have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Your information may be processed in the country in which it was collected or transferred to other countries, including the United States (where our servers are generally located), for processing where laws regarding processing of information may be less stringent than the laws in Your country. By using this Website and our services, You consent to the transfer of Your personal information to countries outside of Your country of residence, including the United States.
Platform Data Collection
In the provision of our services, The Company (Data Processor) collects information under the direction of its Client(s) (Data Controller(s)) and processes information on our Client(s)’ behalf. We have no direct relationship with the individuals whose Personal Data we process. If You are a customer of our Client(s) or are a participant in a Client(s)’ clinical trial and would no longer like to participate and/or be contacted by our Client, please contact the Client directly.
The Company acknowledges that You have the right to access Your personal information. Individuals who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Company’s Client or the Company directly. If requested to remove data we will respond within a reasonable timeframe.
The Company will retain Personal Data we process on behalf of our Client(s) for as long as needed to provide services to our Client(s). The Company will retain this personal information for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
OP SOP03 APP11-V1