PROMETRIKA’ s Notice of Certification Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Data Processed: PROMETRIKA complies with the Privacy Shield Framework in the collection, use, and retention of personal information transferred from EEA member countries and Switzerland to the U.S. from:
- Clinical research site staff, such as Investigators and Health Care Professionals;
- Potential and active clinical research participants and patients (to the extent the transferred data sets are not key-coded as outlined under the Privacy Shield Supplemental Principle 14. Pharmaceutical and Medical Products, g. Key-coded Data);
- Human resources, such as candidates (Please be advised that PROMETRIKA maintains an internal policy that addresses the compliance with the Privacy Shield Principles for employees.);
- Business partners;
- Vendors I suppliers.
Purposes of data processing: PROMETRIKA will collect use and retain personal information:
- as agent I data processor in order to host data on behalf of business partners and/or to provide clinical research services, clinical research management, consulting services, clinical research support activities, and statistical analysis of clinical studies on pharmaceutical products; and/or regulatory affairs services and/or pharmacovigilance services to business partners based on agreements executed between business partners and PROMETRIKA;
- as data controller in order to recruit potential clinical research participants and Investigators and for customer relationship management, customer service, social engagement, community building, and data analytics;
- as data controller in order to recruit, employ, and administer benefits to personnel.
Transfer to third parties: The Privacy Shield Principles describe PROMETRIKA’s accountability for personal information that it receives under the Privacy Shield and subsequently transfers to a third party. In particular, PROMETRIKA remains responsible and liable under the Privacy Shield Principles if third party agents that it engages process personal information on its behalf in a manner inconsistent with the Privacy Shield Principles, unless PROMETRIKA proves that it is not responsible for the event giving rise to the damage.
Compelled disclosure: PROMETRIKA may be required to disclose personal information received from EEA member countries and Switzerland under the Privacy Shield in response to lawful requests by U.S. public authorities, including to meet national security or law enforcement requirements.
Your rights: Inhabitants of EEA member countries and Switzerland have rights to access, and to limit use and disclosure of, their personal information. With our Privacy Shield certification, PROMETRIKA has committed to respect those rights. PROMETRIKA personnel have limited ability to access data research site staff and Investigators, or our business partners submit to our services. Therefore, if you wish to request access, to limit use, or to limit disclosure of your personal information, please provide the name of the research site staff and Investigators or PROMETRIKA business partner who submitted your personal information to us. We will refer your request to that research site staff and Investigators or business partner, and will support them as needed in responding to your request.
Inquiries and complaints: In compliance with the Privacy Shield Principles, PROMETRIKA commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact PROMETRIKA’s Privacy Officer by writing to us at: PROMETRIKA, LLC, 100 CambridgePark Drive, 2nd Floor, Cambridge, MA 02140, USA or by email to: moc.AKIRTEMORP@ycavirp.
PROMETRIKA has further committed to refer unresolved Privacy Shield complaints to the European Data Protection Authority, an alternative dispute resolution provider located in the European Union or to the Federal Data Protection and Information Commissioner of Switzerland. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en or https://www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows/transfer-of-data-to-the-usa.html for more information or to file a complaint. The services of the European Data Protection Authority and the Federal Data Protection and Information Commissioner of Switzerland are provided at no cost to you.
Enforcement: PROMETRIKA’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).