PROMETRIKA’ s Notice of Certification Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Data Processed: PROMETRIKA complies with the Privacy Shield Framework in the collection, use, and retention of personal information transferred from EEA member countries and Switzerland to the U.S. from:
- Clinical research site staff, such as Investigators and Health Care Professionals;
- Potential and active clinical research participants and patients (to the extent the transferred data sets are not key-coded as outlined under the Privacy Shield Supplemental Principle 14. Pharmaceutical and Medical Products, g. Key-coded Data);
- Human resources, such as candidates (Please be advised that PROMETRIKA maintains an internal policy that addresses the compliance with the Privacy Shield Principles for employees.);
- Business partners;
- Vendors I suppliers.
Purposes of data processing: PROMETRIKA will collect use and retain personal information:
- as agent / data processor in order to host data on behalf of business partners and/or to provide clinical research services, clinical research management, consulting services, clinical research support activities, and statistical analysis of clinical studies on pharmaceutical products; and/or regulatory affairs services and/or pharmacovigilance services to business partners based on agreements executed between business partners and PROMETRIKA;
- as data controller in order to recruit potential clinical research participants and Investigators and for customer relationship management, customer service, social engagement, community building, and data analytics;
- as data controller in order to recruit, employ, and administer benefits to personnel.
Transfer to third parties: The Privacy Shield Principles describe PROMETRIKA’s accountability for personal information that it receives under the Privacy Shield and subsequently transfers to a third party. In particular, PROMETRIKA remains responsible and liable under the Privacy Shield Principles if third party agents that it engages process personal information on its behalf in a manner inconsistent with the Privacy Shield Principles, unless PROMETRIKA proves that it is not responsible for the event giving rise to the damage.
Compelled disclosure: PROMETRIKA may be required to disclose personal information received from EEA member countries and Switzerland under the Privacy Shield in response to lawful requests by U.S. public authorities, including to meet national security or law enforcement requirements.
Your rights: Inhabitants of EEA member countries and Switzerland have rights to access, and to limit use and disclosure of, their personal information. With our Privacy Shield certification, PROMETRIKA has committed to respect those rights. PROMETRIKA personnel have limited ability to access data research site staff and Investigators, or our business partners submit to our services. Therefore, if you wish to request access, to limit use, or to limit disclosure of your personal information, please provide the name of the research site staff and Investigators or PROMETRIKA business partner who submitted your personal information to us. We will refer your request to that research site staff and Investigators or business partner, and will support them as needed in responding to your request.
Inquiries and complaints: In compliance with the Privacy Shield Principles, PROMETRIKA commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact PROMETRIKA’s Privacy Officer by writing to us at: PROMETRIKA, LLC, 100 CambridgePark Drive, 2nd Floor, Cambridge, MA 02140, USA or by email to: moc.AKIRTEMORP@ycavirp.
PROMETRIKA has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. As further explained in the Privacy Shield Principles, you will be offered binding arbitration to address residual complaints not resolved by any other means.
Enforcement: PROMETRIKA’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).