PRIVACY POLICY

PROMETRIKA’s Notice of Certification Under the EU-U.S., UK Extension and Swiss-U.S. Data Privacy Frameworks

PROMETRIKA’s Privacy Policy sets forth the privacy principles that PROMETRIKA follows for the transfer of personal information from European Economic Area (EEA) member countries, the United Kingdom and Switzerland to the United States of America (U.S.). PROMETRIKA values the confidence of its customers and respects individual privacy, including the personal information of candidates, employees, business partners, investors, patients, clinical research participants, clinical research site staff, Investigators, and Health Care Professionals.

Scope: PROMETRIKA, LLC (PROMETRIKA) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  PROMETRIKA has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  PROMETRIKA has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ or see notice of our participation at https://www.dataprivacyframework.gov/list.

Data Processed: PROMETRIKA commits to and does comply with the Data Privacy Framework Principles in the collection, use, and retention of personal information transferred from EEA member countries, the UK and Switzerland to the U.S. from:

  • Clinical research site staff, such as Investigators and Health Care Professionals;
  • Potential and active clinical research participants and patients;
  • Business partners;
  • Vendors I suppliers.

Purposes of data processing: PROMETRIKA will collect use and retain personal information:

  • as agent I data processor in order to host data on behalf of business partners and/or to provide clinical research services, clinical research management, consulting services, clinical research support activities, and statistical analysis of clinical studies on pharmaceutical products; and/or regulatory affairs services and/or pharmacovigilance services to business partners based on agreements executed between business partners and PROMETRIKA;
  • as data controller in order to recruit potential clinical research participants and Investigators and for customer relationship management, customer service, social engagement, community building, and data analytics;
  • as data controller in order to recruit, employ, and administer benefits to personnel.

Transfer to third parties: PROMETRIKA may disclose data to third party contractors or organizations who provide services to PROMETRIKA to assist PROMETRIKA in the data processing described above. The Data Privacy Framework Principles describe PROMETRIKA’s accountability for personal information that it receives under the Data Privacy Framework and subsequently transfers to a third party. In particular, PROMETRIKA remains responsible and liable under the Data Privacy Framework Principles if third party agents that it engages process personal information on its behalf in a manner inconsistent with the Data Privacy Framework Principles, unless PROMETRIKA proves that it is not responsible for the event giving rise to the damage.

Compelled disclosure: PROMETRIKA may be required to disclose personal information received from EEA member countries, the UK and Switzerland under the Data Privacy Framework in response to lawful requests by U.S. public authorities, including to meet national security or law enforcement requirements.

Your rights: Inhabitants of EEA member countries, the UK and Switzerland have rights to access, and to limit use and disclosure of, their personal information. With our Data Privacy Framework certification, PROMETRIKA has committed to respect those rights. PROMETRIKA personnel have limited ability to access and/or identify the data that research site staff and Investigators or our business partners submit to us for our services. Therefore, if you wish to request access, to limit use, or to limit disclosure of your personal information, please provide the name of the research site staff and Investigators or PROMETRIKA business partner who submitted your personal information to us. We will refer your request to that research site staff and Investigators or business partner, and will support them as needed in responding to your request.

Inquiries and complaints:  In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, PROMETRIKA commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

EU, UK and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact PROMETRIKA’s Privacy Officer by writing to us at: PROMETRIKA, LLC, 100 CambridgePark Drive, 2nd Floor, Cambridge, MA 02140, USA or by email to: .

PROMETRIKA has further committed to refer unresolved Data Protection Framework complaints to the European Data Protection Authority, an alternative dispute resolution provider located in the European Union or to the Federal Data Protection and Information Commissioner of Switzerland. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit one of the following for more information or to file a complaint.

https://edps.europa.eu/data-protection/our-role-supervisor/complaints/edps-complaint-form_en

https://ico.org.uk/make-a-complaint/

https://www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows/transfer-of-data-to-the-usa.html

The services of the European Data Protection Authority, the UK Information Commissioner’s Office, and the Federal Data Protection and Information Commissioner of Switzerland are provided at no cost to you.

Arbitration: Under certain circumstances you may have the right to invoke binding arbitration with regard to claims of whether PROMETRIKA has violated its obligations under the Data Privacy Framework Principles as to you, and whether any such violation remains fully or partially unremedied. The Recourse, Enforcement and Liability Principles, available at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction  provide further information regarding your rights and the procedures to be followed. 

Enforcement: The Federal Trade Commission has jurisdiction over PROMETRIKA’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).