Accelerated Enrollment Solutions (AES) is comprised of the legacy companies Synexus, Acurian and Optimal and have the following privacy policies, based on the service(s) offered.
Our Approach to Privacy
Clinical and medical research are founded upon the collection and analysis of the most confidential information about people. Individuals will only share their sensitive information where there is a culture of trust and where stakeholders implement safe data handling practices. Operating within this environment, Synexus Clinical Research Limited (together with its affiliates and subsidiaries “Synexus”) recognize that when we handle information about any individual, we must do so responsibly, with due care to individual privacy, complying with laws on data privacy and confidentiality.
What Types of Personal Information Does Synexus Handle and for What Purposes?
Clinical and Medical Information
As a global site management organization, Synexus provides investigational sites for clinical trials conducted by our clients. As such, we collect, host and analyze significant quantities of health data and bio-medical samples relating to study subjects. In terms established by the Directive and the Regulation, Synexus considers itself as co-Controller with sponsor/client in determining how and why clinical and medical data are processed in its capacity as a site management organization.
To enhance privacy, consistent with GCP, subjects’ names and other direct identifiers are not attached to records or samples utilized by Synexus’s clients for research purposes.
In our database, we keep information, including medical details, on individuals who have expressed to us an interest in taking part in clinical trials, so that we are able to match them with a suitable clinical trial as they may arise. We run general statistical analysis in support of patient recruitment.
On some occasions, Synexus operations also provide health services to local communities in the form of screening activities for certain pathologies/diseases. During this activity, we’ll process named medical data of participants. Once the test is performed, with the consent of the data subject, we’ll add their medical data to our database so that they can be contacted by us for future testing or clinical trial opportunities, in line with their specific medical condition. Should they choose not to provide such consent, Synexus will only share results with their General Practitioner and maintain paper records as long as legally required.
Industry Professional Information
In the course of conducting our business, Synexus will interact with employees, consultants, contractors and other third parties employed or engaged by our clients involved in clinical and medical research. Synexus will record and use the names, contact details and other professional information on these individuals for legitimate business-related purposes, including project and financial administration. We may use the information we obtain, including email addresses, to provide relevant information on Synexus’s services to our clients.
Employee and Human Resource Data
Synexus collects personal information from applicants seeking employment with the company, including private contact details, professional qualifications and previous employment history to inform employment decisions. Synexus conducts various background checks on applicants, including where law allows on criminal history and professional disbarment. Once employed, Synexus collects information on staff for human resource, performance, payroll and tax purposes. Synexus will collect and record employee level information in various company systems, consistent with standard business operations. Synexus processes similar information relating to consultants, contractors and other third parties engaged by the company to provide products or services to it.
Synexus collects named information about visitors to company websites where this is voluntarily provided to meet a request from those individuals, for example where a client contact requests information on a company service, a health professional is interested in participating in a clinical trial or where someone wants to apply for a vacant position with the company. Through the use of cookie-based technologies, Synexus may collect various data linked to virtual identities allocated to visitors when they access our websites. This data is used for various purposes, including site analytics and first party marketing (see Online Issues below). In certain cases, these virtual identities are linked to the real world identities of visitors when they provide their named information as described above. This allows Synexus to tailor marketing messages to those individuals, inclusive of information that is likely to be of interest to them.
Synexus appoints vendor contact centers for the purpose of reaching out to individuals who have expressed an interest in taking part to clinical trials. Personal data on those contacted are only collected to process their request and determine whether or not they are eligible to make an appointment for a screening visit at Synexus’ facilities. Our contact centers do not reach out to individuals who have not previously provided their contact information to Synexus. Calls may be recorded for quality assurance purposes. Callers (inbound and outbound) are notified if their call is recorded.
Internal and External Disclosures of Personal Information
Personal information will be shared within Synexus and its affiliated companies such as PPD and Acurian and third parties only on a “need to know” basis to meet stated legitimate business purposes. Access to databases and folders containing personal information is restricted to appropriate staff. Synexus does not trade or sell personal information. Under some circumstances, Synexus may be required by law enforcement or judicial authorities to disclose certain personal information as part of investigations or for litigation purposes. Synexus may disclose personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of Synexus or some or all of its assets.
Companies working as vendors of Synexus are required to sign “processor” and/or confidentiality agreements whereby they will commit to only process personal information consistent with contracted purposes and apply appropriate organizational and technical security safeguards.
International Transfers of Personal Information
Synexus is a global company serving an industry that is increasingly globalized in its approach to clinical research. Personal information will be shared across international borders as required to service global projects. Synexus hosts personal information in databases in different locations throughout the world, including in the United States. In certain circumstances, Synexus and client personal information will be hosted within vendor platforms located in the Internet cloud. Synexus recognizes that many countries globally have regulations restricting the flow of personal information across international borders. Synexus has put in place measures to ensure that adequate protection is provided to such data where legally mandated. For example, Synexus has executed Standard Data Protection Clauses (“SDPC”) for the purpose of transferring certain personal information from the European Economic Area. EU residents whose personal information is handled under these SDPC may request a copy of the agreement from Synexus through the contact details listed below. Where privacy risks are very low, for example with respect to the sharing of key coded data, Synexus may rely on informed consent from individuals for the transfer of their information to legal regimes with less strong data privacy safeguards.
Notice and Consent
At the point of data collection, Synexus will provide notice to individuals in a clear and conspicuous language about how their information will be used, disclosed and transferred; what choices they have in relation to how their data are handled; what informational rights they have under data privacy law or under this Policy; and who to contact with any questions or complaints. These privacy notices are tailored to specific situations of data collection. In providing such notice, Synexus meets its obligations to be transparent and fair with individuals as is required by many data privacy laws. Dependent on the medium, notice may be given in person, by email, post, telephone, or by posting on our website.
In many situations, including where mandated by data privacy law, and also where it is a matter of good practice, Synexus will seek consent of individuals to collect, use and disclose their data consistent with the relevant privacy notice. However, in certain cases where law allows, particularly where gaining consent will involve a disproportionate effort, where intended processing of the data is in Synexus’s or our clients’ legitimate interests and the privacy risks are low, Synexus will proceed to process personal information absent of consent. Also, Synexus will use and disclose personal information without consent where required by law and judicial order. Consistent with GCP, laws on confidentiality and data privacy regulations, Synexus will collect necessary informed consents of study subjects on behalf of its clients.
Data Quality and Record Retention
Data quality and accuracy are fundamentally important principles to Synexus. Crucial to the integrity of clinical research is the accuracy of data relating to study subjects, particularly where attached to bio-medical samples. Consistent with regulatory requirements, Synexus employs a professional quality assurance department. In general, our privacy notices provide individuals easy means of validating, correcting errors and updating information. Synexus retains personal information in accordance with contractual, legal and regulatory requirements.
In jurisdictions with data privacy laws, and where contractual commitments require, Synexus ensures that individuals can exercise all relevant informational rights with respect to their personal information processed by the company, including but not limited to the right of access and correction, to withdraw consent at any time, object to data processing, request data deletion, restrict aspects of data processing, prevent direct marketing and request transmission of personal data in a common digital format (e.g. pdf) to the themselves or another organization.
In all other respects, where no overriding interest prevails, Synexus will endeavor to allow the following informational rights under this Policy as a matter of good practice:
Subjects enrolled in clinical studies run by Synexus’s clients must contact the investigator at their Synexus site, who will be able to make the necessary link to subject identity.
The company maintains a comprehensive information security policy that seeks to apply technical and organizational security measures that protect personal information, particularly sensitive clinical data, against unauthorized access or loss. Consistent with regulatory requirements, particularly under U.S. state law and the Regulation, Synexus also maintains a detailed Security Breach Policy, which establishes a procedural response to dealing with any breach of personal information, including making any necessary notifications to individuals or governmental authorities.
A cookie is a data file that is placed by a website operator on the hard drive of a visitor to their site. Cookies with the following functions are enabled to the computers of visitors to Synexus websites: to allow the site to deliver the service requested by the visitor; to remember repeat visitors; to improve the user experience of the site; to allow the company to perform site analytics; and to help tailor marketing messages to the visitor based on previous browsing. Your online relationship with Synexus may be managed by using settings available on most internet browsers. For example, most browsers will allow a visitor to choose which cookies can be placed on his/her computer, to delete or disable cookies, and to set Do Not Track as a function. Please note that disabling cookies may prevent a visitor from using certain features on Synexus websites.
Children’s Online Privacy Protection
Synexus does not collect information through our websites from individuals who are known to be under the age of 13, and no part of our online presence is directed to anyone less than 13 years.
Inquiries, Complaints and Requests to Exercise Rights
Communications, queries, requests to exercise informational rights (e.g., access to data) or complaints can be addressed to the attention of the Data Protection Officer, Privacy Department, Granta Park Cambridge, CB21 6GQ, United Kingdom
Under the Regulation, Synexus Polska Sp Z.o.o.. as Synexus’s leading EU affiliate (“controller”) for data protection purposes, shall be primarily responsible for data protection matters affecting our EU group of companies. For purposes of compliance with the Regulation, the Data Protection Officer may be contacted through the co-ordinates above.
Within the EU, individuals have the right in law to complain about how their information is handled to a supervisory authority that is responsible for regulating compliance with the Regulation. A list of all EU supervisory authorities is available on the European Commission website: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
Legal Status of Policy and Policy Changes
Children Under 13
Our websites and applications are not intended for children under 13 years of age. No one under age 13 may provide any personal information to us through our websites and applications. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on our websites and applications. If we learn we have collected or received personal information from a child under 13 we will delete that information.
Information Covered by this Policy
This Policy applies to any personally identifiable information about you (“Personal Information”) that you may provide to Acurian when:
Information Collected and How We Use It
At various locations on our site or other applications, and during our business practice, we ask you for information, which will allow us to provide you (whether you are a patient or physician) with information that is targeted specifically to you. If you would like to be considered for enrollment in a clinical trial, this information allows us to contact you regarding particular studies for which you may be eligible. We collect information in the following ways:
We will retain your information for as long as your account is active or as needed to provide you services. You may remove your information from our contact list by sending an email entitled “Unsubscribe” to firstname.lastname@example.org. Please note that we may retain and use your information as necessary to comply with our legal obligations, when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order or similar legal process, resolve disputes, and enforce our agreements.
Information Sharing and Transfer
We will share your Personal Information with third parties only in the ways that are described in this privacy statement or unless you expressly opt in to such sharing.
We may provide your information with our affiliates, third-party service providers (e.g., call centers, email service providers), or data partners who are contractually bound to handle your information confidentially and prohibited from disclosing your information to others.
We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
When and How Acurian and Affiliates of Acurian May Contact You
When you register with Acurian, or complete a prequalification questionnaire associated with a particular trial, you indicate your consent for Acurian and its affiliates to store your Personal Information in our database and contact you about clinical trials for which you may be eligible by various means, including telephone, email, and US mail. You also have the option of receiving emails regarding new postings to our site, including news or new clinical trials. In addition, we may contact you periodically when we have provided new functionality to our websites or applications, so that you may take advantage of the new services. If you receive a text message from us and would like to discontinue such messages, you may reply with the word “STOP.” Providing a telephone number constitutes your consent for Acurian to contact you at that number for the purposes outlined in this Policy.
Cookies / Tracking Technologies
A cookie is a data file that is placed by a website operator on the hard drive of a visitor’s computer to their site. First-party cookies (owned and controlled by Acurian) are enabled to the computers of those visiting our websites and applications for the following purposes: to improve the user experience by allowing the site to remember a visitor as they browse through different pages; to allow us to perform site analytics; to assess whether visitors to the site later become referrals to clinical trials. One of the ways that we do this is through the use of Google Analytics using data layers listed here.
First-party cookies are enabled and controlled by our web team, which is established on U.S. territory. Our websites and applications also place cookies for the purpose of serving Acurian-, and Acurian affiliates-sponsored advertisements at third-party websites and applications, and for the purpose of performing various cost analyses relating to the site.
As is true of most web sites and applications, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you and to improve analytics and site functionality.
Social Media Widgets
Correcting Your and Your Child’s Personal Information and “Opting Out”
Upon request Acurian will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at email@example.com.
You may correct your Personal Information or your child’s information, modify your contact preferences, or completely opt out of our services at any time. You can update your or your child’s information, correct inaccuracies, or delete some or all of your or your child’s data by emailing us at firstname.lastname@example.org, we will respond to your request to access within 30 days.
We sometimes refer to your consent to be contacted, to be included in a clinical trial, or to other use of your Personal Information as “opting in.” You may revoke your consent (i.e., “opt out”) at any time.
The first time you provide us with information, you will have the ability to instruct us regarding other communications (e.g., requesting newsletters, etc.). You may opt-out from receiving our newsletters by clicking on the “unsubscribe” link located at the bottom of each newsletter. To completely opt out of our services, please send an email entitled “Unsubscribe” to email@example.com.
We maintain information security safeguards to protect your Personal Information. We protect any Personal Information you provide using encryption, and utilize firewalls to protect our computer network from hackers. We take reasonable steps designed to prevent unauthorized access, use and alteration of Personal Information, but cannot guarantee the security of such information.
We require you to select a username and password. To minimize the chance that someone can guess your password, we require passwords with a minimum length of 8 characters, including numbers and upper and lower case letters. Please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
Data Protection Laws
In jurisdictions with data protection laws, we will ensure that individuals can exercise all relevant informational rights regarding their Personal Information we process, including the rights of access and correction, to prevent direct marketing, block processing, and erase data. Acurian has executed Standard Contractual Clauses for the purpose of transferring personal information from the European Economic Area.
Links to Third Party Sites
Our website includes links to other websites and applications (including but not limited to Facebook, Twitter) whose privacy practices may differ from those of Acurian. If you submit personal information to any of those websites and applications, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.
Sale or Transfer of Corporate Assets
Acurian expressly reserves the right to transfer its database of information to another legal entity as part of any sale or merger of Acurian, Inc. with that entity. Any entity acquiring Acurian’s data assets will do so with the express, written commitment to use the data only for authorized purposes, and only if the entity maintains a similar level of privacy and information security protection. You will be notified via email or notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Inquiries, Complaints, and Requests to Exercise Rights
All communications, queries, requests to exercise informational rights (e.g. access to data) or complaints should be addressed:
EU-U.S. and Swiss-U.S. Privacy
Acurian is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Acurian complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Acurian is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Acurian may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Acurian has put in place measures to ensure that adequate protection is provided to the data where legally mandated.
In compliance with the Privacy Shield Principles, Acurian commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Acurian:
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Changes to the Policy
We regularly review our Policy to ensure that it provides an appropriate level of protection for your Personal Information. From time to time, we may make changes to our Policy to keep it current with industry standards and as required by law. We will post the date of the most recent revisions on this page. Please check back here from time to time to make sure that you are current and up-to-date on our Policy. Please keep in mind that your use of our Web site means that you accept our Privacy and Security Policy. For more information on this point, please read our Terms of Service of site use. If we make a material change to this policy, we will notify you here, by email, or by means of a notice on our home page prior to the changes taking effect.
Optimal Research, LLC is committed to protecting the privacy of your personally identifiable information (“PII”). This privacy statement explains Optimal’s practices for collecting and using data gathered throughits website (the “Site”). By using the pages in this site, you agree to the information collection and use practices described in this policy.
COLLECTION OF PERSONAL INFORMATION
We may ask you for PII that allows us to contact you to provide a service or to carry out a transaction that you have requested, including requests for information about OPTIMAL’s services and requests for e-mail newsletters/notifications. The PII we collect may include your name, your address, your other contact information,and other information about services requested through the Site.
The Site also may collect certain information about your visit, such as the name of the Internet service provider and the Internet protocol address through which you access the Internet; the date and time you access the Site; the pages that you access while at the Site,and the Internet address of the website from which you linked directly to the Site. This information is used, among other things, to help improve the Site, to analyze use trends, and to administer the Site
USE OF PERSONAL INFORMATION
Except as otherwise required or permitted by law, the PII collected on this Site will solely be used to operate the Site and to provide the service(s) or to carry out the transaction(s) you have requested or authorized. In support of these purposes, OPTIMAL may use PII to provide you with more effective customer service, to improve the Site and any related OPTIMAL services, and to make the Site easier to use by eliminating the need for your repeated entry of the same information. In order to offer you a more consistent experience in your interactions with OPTIMAL, information collected by the Site may be combined with information collected in connection with other OPTIMAL services.
OPTIMAL occasionally hires other companies to provide limited services on its behalf, such as website hosting, packaging, mailing, and sending information about services. We only provide those companies with the PII they need to deliver the service. They are required to maintain the confidentiality of PII and are prohibited from using it for any other purpose.
OPTIMAL may disclose PII if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the edicts of the law or comply with legal process served on OPTIMAL or the Site or (b) protect and defend the rights or property of OPTIMAL and the Site.
CONTROL OF PERSONAL INFORMATION
Except as otherwise described in this privacy statement, PII will not be shared outside of OPTIMAL and its subsidiaries and affiliates without your permission. You can access your PII and make choices about how you wish to be contacted by contacting OPTIMAL as described at the bottom of this statement or through alternative means of access described by the Site.
SECURITY OF PERSONAL INFORMATION
OPTIMAL is strongly committed to protecting the security of your PII. We use a variety of security technologies and procedures to help protect PII from unauthorized access, use, or disclosure.
A cookie is a small text file that is placed on your hard disk by a web page server and that helps the Site to recall your specific information on subsequent visits. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
CHANGES TO THIS STATEMENT
We reserve the right to update this privacy statement from time to time. We encourage you to review this privacy statement periodically to stay informed about how we are helping to protect the PII we collect. Your continued use of the service constitutes your agreement to this privacy statement, as amended from time to time.
LIMITATIONS OF PRIVACY STATEMENT
This privacy statement explains only data collection and use practices related to OPTIMAL’s website; it does not apply to other OPTIMAL services. Please be aware that this privacy statement and any choices you make on the Site will not necessarily apply to PII you may have provided to OPTIMAL in the context of other, separately provided, OPTIMAL services.