PRIVACY POLICY

PROMETRIKA’ s Notice of Certification Under the EU-U.S. UK Extension and Swiss-U.S. Data Privacy Frameworks

PROMETRIKA’s Privacy Policy sets forth the privacy principles that PROMETRIKA follows for the transfer of personal information from European Economic Area (EEA) member countries, the United Kingdom and Switzerland to the United States of America (U.S.). PROMETRIKA values the confidence of its customers and respects individual privacy, including the personal information of candidates, employees, business partners, investors, patients, clinical research participants, clinical research site staff, Investigators, and Health Care Professionals.

Scope: PROMETRIKA, LLC (PROMETRIKA) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  PROMETRIKA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  PROMETRIKA has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ or see notice of our participation at https://www.dataprivacyframework.gov/list.

Data Processed: PROMETRIKA commits to and does comply with the Data Privacy Framework Principles in the collection, use, and retention of personal information transferred from EEA member countries, the UK and Switzerland to the U.S. from:

  • Clinical research site staff, such as Investigators and Health Care Professionals;
  • Potential and active clinical research participants and patients;
  • Business partners;
  • Vendors I suppliers.

Purposes of data processing: PROMETRIKA will collect use and retain personal information as follows:

  • Clinical Research: as agent I data processor in order to host data on behalf of business partners and/or to provide clinical research services, clinical research management, consulting services, clinical research support activities, and statistical analysis of clinical studies on pharmaceutical products; and/or regulatory affairs services and/or pharmacovigilance services to business partners based on agreements executed between business partners and PROMETRIKA;
  • Business Administration: as data controller in order to recruit potential clinical research participants and Investigators and for customer relationship management, customer service, social engagement, community building, and data analytics;
  • Human Resources: as data controller in order to recruit, employ, and administer benefits to personnel.

Disclosure and transfer to third parties: PROMETRIKA may transfer or disclose data to third party contractors or organizations who provide services to PROMETRIKA to assist PROMETRIKA in the data processing described above. Such disclosure shall be to the following types of third parties for the following purposes:

Clinical Research: PROMETRIKA will disclose Clinical Research information only to other entities which are participating in the applicable clinical research activity and only as necessary to carry out purposes of the clinical research.  In all such cases PROMETRIKA will conform its use and transfer of Clinical Research information to either, as applicable, (i) the scope of the Informed Consent applicable to such information or (ii) the confidentiality provisions in effect among participating entities.

Business Administration: PROMETRIKA will disclose Business Administration information to individuals and other entities with which it conducts, or desires to conduct business.  Generally, Business Administration information does not include any sensitive personal information; If it does, it will be treated the same as Clinical Research information, above.  Any Business Administration information that is confidential and/or proprietary, but not sensitive, will be disclosed under appropriate confidentiality arrangements.

Human Resources: PROMETRIKA will disclose Human Resource information only to other business entities which assist PROMETRIKA or are otherwise involved in the recruitment, compensation or other administration of the employment relationship.  All such disclosures are made under the governance of appropriate confidentiality arrangements.

Responsibility:  The Data Privacy Framework Principles describe PROMETRIKA’s accountability for personal information that it receives under the Data Privacy Framework and subsequently transfers to a third party. In particular, PROMETRIKA remains responsible and liable under the Data Privacy Framework Principles if third party agents that it engages process personal information on its behalf in a manner inconsistent with the Data Privacy Framework Principles, unless PROMETRIKA proves that it is not responsible for the event giving rise to the damage.

Compelled disclosure: PROMETRIKA may be required to disclose personal information received from EEA member countries, the UK and Switzerland under the Data Privacy Framework in response to lawful requests by U.S. public authorities, including to meet national security or law enforcement requirements.

Your right to access, limit use or disclosure, correct or delete your information: Inhabitants of EEA member countries, the UK and Switzerland have the right to access, to limit use and disclosure of, and to correct and delete their personal information. With our Data Privacy Framework certification, PROMETRIKA has committed to respect those rights. However, PROMETRIKA personnel have limited ability to access and/or identify the data that research site staff and Investigators or our business partners submit to us for our services. Therefore, if you wish to request access, to limit use, or disclosure or to correct or delete your personal information, please provide the name of the research site staff and Investigators or PROMETRIKA business partner who submitted your personal information to us. We will refer your request to that research site staff and Investigators or business partner, and will support them as needed in responding to your request.

Other Uses:  PROMETRIKA does not anticipate that it will use or disclose personal data covered by this Privacy Policy for any purpose that is materially different from that for which the personal data was originally collected or subsequently authorized. In the unlikely event that this occurs, PROMETRIKA will provide you with an opportunity to choose whether to have your personal data so used or disclosed and will provide you with the appropriate contact information in order for you to opt out of such use or disclosure.  PROMETRIKA will not use or disclose any Sensitive Personal Data other than for the purpose for which it was originally collected or subsequently authorized by the individual unless PROMETRIKA has received the subject’s affirmative and explicit consent (opt-in).

Inquiries and complaints:  In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, PROMETRIKA commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

EU, UK and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact PROMETRIKA’s Privacy Officer by writing to us at: PROMETRIKA, LLC, 100 CambridgePark Drive, 2nd Floor, Cambridge, MA 02140, USA or by email to: .

If your DPF complaint cannot be resolved through the above channels, under certain conditions you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit one of the following for more information or to file a complaint.

https://edps.europa.eu/data-protection/our-role-supervisor/complaints/edps-complaint-form_en

https://ico.org.uk/make-a-complaint/

https://www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows/transfer-of-data-to-the-usa.html

The services of the European Data Protection Authority, the UK Information Commissioner’s Office, and the Federal Data Protection and Information Commissioner of Switzerland are provided at no cost to you.

Arbitration. Under certain circumstances you may have the right to invoke binding arbitration with regard to claims of whether PROMETRIKA has violated its obligations under the Data Privacy Framework Principles as to you, and whether any such violation remains fully or partially unremedied. The Recourse, Enforcement and Liability Principles, available at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction  provide further information regarding your rights and the procedures to be followed.

Enforcement: The Federal Trade Commission has jurisdiction over PROMETRIKA’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).