Personal information is any information about an identified or identifiable individual, including, but not limited to: names or initials; home or other physical address; photograph; telephone number; email address or online identifier associated with the individual; social security number or other similar identifier; or any other information relating to an individual that is combined with any of the above and subject to data protection laws.
When personal information is collected directly from individuals, MedTrials will explain the purposes for collection and use of the personal information, the types of third parties to which that information may be disclosed, and the choices and means individuals have for limiting the use and disclosure of their personal information. MedTrials will provide additional information as required by law for a specific context, product or service. When MedTrials receives personal information it will use such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
As a contract research organization (CRO), we collect, host and analyze health data relating to clinical trial subjects, on behalf of, and according to, the directions of our clients/sponsors. To maintain privacy and consistent with good clinical practice (GCP), subjects’ names and other direct identifiers are not attached to any records collected and archived by MedTrials (e.g., case report forms). Instead, subjects are only identified by a code. Only heath care professionals and authorized MedTrials personnel (monitors) may access the complete, named, subject records at the investigational sites. All clinical and medical information processed by MedTrials is done so under contract with our clients/sponsors. In terms established by the GDPR, MedTrials considers that the client/sponsor is the “controller”, that is ultimately in control of how and why clinical and medical data are processed, whereas MedTrials is the “processor”, that processes data under the sponsor’s direction. The processing occurs based on the explicit consent of the study subjects, obtained by the designated heath care professionals or investigational sites and acting upon written contracts between us, the sponsor, the investigator and the investigational sites.
Data pertaining to individuals participating in research studies being managed by MedTrials, including patients, their spouses/partners, caregivers, relatives, clinical investigators, other health care professionals and study personnel, and other consultants, contractors, managers, and agents of the study sponsor and its corporate affiliates, business partners and third-party service providers may contain personal information. Personal information may be used in order to carry out the applicable studies, other study-related services, and/or pharmacovigilance. This may include the transfer of personal information to the applicable study sponsor, its corporate affiliates, business partners and third-party service providers performing services related to the study. When partnering with third-party service providers, personal information will be made available to these parties only when necessary to fulfill the services they provide to us. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us.
MedTrials collects personal information from applicants regarding open positions at MedTrials, including private contact details, professional qualifications and previous employment history, as necessary to reach to employment decisions. MedTrials may conduct various background checks on applicants, including, where law allows, on criminal history and professional disbarment. Once employed, MedTrials collects information on staff for human resource, performance, payroll and tax purposes. Various MedTrials internal systems will collect and record employee information consistent with standard business operations. MedTrials may process similar information relating to consultants contracted on a freelance basis. MedTrials may also collect and transfer the CVs of its employees or partners to competent authorities and/or its contractual partners, as mandated by standard legal procedures and/or according to an existing contract between MedTrials and the said partner (usually the Sponsor of a project), or during the pre-contractual stage thereof (e.g. CV of a proposed project team member).
MedTrials may collect named information about visitors to the MedTrials website, www.medtrials.com, where this is voluntarily provided to meet a request from those individuals, by filing our on-line contact form. For example, we may collect requests for professional services, training, employment, or interest in participating in a clinical trial. Through the use of cookie-based technologies, MedTrials may collect various data linked to virtual identities associated with visitors when they access our websites. This data is used for various purposes, including site analytics and first-party marketing. In certain cases, these virtual identities are linked to the real world identities of visitors only when they choose to provide their named information as described.
Moreover, web browsers and other search and analysis tools use "cookies", which are text files located on an individual’s computer, to analyze users' use of the website. Information generated by cookies about use of the website (including IP addresses) will be directly transmitted and stored on servers in the United States. Google or other analytical services will use this information on our behalf for the purpose of keeping track of website use, compiling reports of website activity and providing other services related to website activity and Internet use. Google may transfer such information to third parties when required by law, or when such third parties process the information on behalf of Google.
Data collected from individuals who share personal information with MedTrials in order to inquire about or otherwise make use of our services or to purchase, receive or seek information, including services, opportunities to participate in clinical research, educational and other programs that may be available through MedTrials, may be used in order to provide the requested information, products, and/or services. Such uses may include processing requested transactions, improving the quality of our services, sending communications about the products and services available through MedTrials, and enabling our business partners and agents to perform certain activities on our behalf.
Where MedTrials receives personal information from its agents and contractors or from other entities in the European Union (EU) or European Economic Area (EEA), including when acting as a CRO processing personal information under the direction of a customer, it shall use such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
MedTrials may offer individuals the opportunity to choose whether their personal information is to be disclosed to a third party or to be used for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the individual.
MedTrials will not process, sell, or share personal information about individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the individual unless the individual explicitly consents to the processing (“opt-in”), or as required or permitted by law or regulation.
In some cases, even if an individual opts out of disclosures of their personal information, MedTrials may still disclose such information if required to do so by law or if MedTrials believes disclosure is necessary or appropriate to prevent physical harm to an individual or in connection with an investigation of suspected or actual illegal activity. MedTrials will provide individuals with reasonable means to exercise their choices to the extent required by applicable law.
MedTrials will employ reasonable and appropriate technical, administrative and physical safeguards designed to protect personal information in its possession from loss, misuse or unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal information.
We will report any unlawful data breach of personal information in our custody or the custody of our third-party service providers to relevant persons, customers and authorities within 72 hours of the breach being identified by us or our third-party service providers, if it is apparent that personal data stored in an identifiable manner has been viewed, tampered with or stolen.
Data Integrity and Purpose Limitation
As a CRO, MedTrials intends only to process personal information that is relevant to the services it provides and for purposes compatible with those for which the personal information was collected. Wherever possible, such personal information is de-identified. When MedTrials processes personal information as a CRO under the direction of its customers, MedTrials works with customers so that the customers can provide a way for individuals to correct or update their personal information to the extent required by law.
Individuals have a right to access personal information about themselves, and to amend, correct or delete information that is inaccurate, incomplete or outdated. MedTrials has no direct relationship with medical research subjects participating in a clinical trial and any such individuals who seek access, or who seek to correct, amend, or delete their inaccurate personal information should direct his or her query to the relevant study sponsor or investigator which has transferred such personal information to MedTrials for processing.
Information, Deletion, Blocking
In accordance with the GDPR, individuals have the right to request information about the data stored with us, to correct incorrect data, and to demand the deletion or blocking of the data, or to limit or prohibit the processing of such data. If MedTrials processes an individual’s personal data on the basis of provided consent, the individual may revoke their consent at any time without cause. Individuals asserting a claim of inappropriate processing of their personal data have the right to appeal to a competent supervisory or regulatory authority.
Questions, comments, concerns or complaints regarding this policy or MedTrials use, disclosure or processing of personal information should be submitted to the MedTrials Privacy Officer who may be contacted at the following e-mail address: [email protected]. Inquiries will be saved for the purpose of processing and responding to the inquiry and will not be passed on to third parties without consent. We will delete the data as soon as it is no longer required to process the request. MedTrials will make reasonable efforts to investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.