PSI Pharma Support America, Inc. Data Protection Policy

This Data Privacy Policy was last revised 30 June 2017.

As a leading full-service global CRO specializing in clinical drug development, PSI has global capabilities in the Americas, South Africa, Western, Central and Eastern Europe, as well as in Asia Pacific. During the course of conducting our operations, PSI may need to process personal information pertaining to its staff (including contractors), job applicants, healthcare professionals, customers, and vendors. PSI may also process pseudonymized/key-coded personal information of study subjects. PSI CRO AG and its United States affiliate, PSI Pharma Support America, Inc. (collectively, “PSI”) have adopted this Data Privacy Policy to establish and maintain an adequate level of privacy protection for personal information in the United States.

COLLECTION AND USE OF PERSONAL INFORMATION

Due to the global nature of PSI’s business activities, and/or because PSI has affiliates located in Europe, personal information collected by them in the European Economic Area, European Union or Switzerland may be transferred to PSI Pharma Support America Inc. and/or PSI’s customers, clients, and business partners in the United States. Processing of this information is for specific, limited, and legitimate purposes necessary to carry out and support PSI’s provision of global services. Examples of such purposes include, but are not limited to:

  • Personal information of healthcare professionals engaged in clinical trials is processed to be able to ensure they are qualified to conduct clinical trials, as well as to identify and contact individual investigators to ascertain their interest in participating in future clinical trials in accordance with their experience, specialty, availability, and other factors; to enable communication; and to provide technical support for use of PSI information resources. Healthcare professionals selected to conduct clinical trials may also be required to provide additional information to facilitate reimbursement for their participation in clinical trials.

  • Personal information of job applicants is processed to enable screening, selection, and hiring of candidates and communication with them.

  • Personal information of staff is processed to make staffing decisions, manage payroll and benefits, and for other human resource administration and management purposes; and to provide technical support for use of PSI information resources.

  • Personal information of customers, potential customers and vendors is processed for business communication purposes; to enable prompt responses to requests for information, and to provide technical support for use of PSI information resources.

  • Pseudonymized/key coded data of study subjects is processed in order to manage clinical trials (which may include pharmacovigilance); and to analyze the results of trials necessary for clinical drug development, when commissioned by customers.

Categories of personal information collected for the purposes described above include contact details, information on education, work experience, skills and qualifications, resume and other data provided by job applicants, employee human resource information, payroll data, statutorily required employee health information, banking data necessary to make payments to individuals, education and training records, user data, information on joint projects of the affiliates, etc. Lists of personal information that PSI processes about individuals are communicated to them via appropriate means, for instance through data use notices.

PSI generally does not collect sensitive information, which may include information relating to an individual’s racial or ethnic origin, nationality, political opinion, religious and philosophical beliefs, membership of a trade union, physical or mental health conditions, biometric or genetic data, sexual life, ideological views or activities, or information on social security measures, administrative or criminal proceedings. In cases where the collection of sensitive information is required by law (for example, statutorily required employee health information for administrative purposes), PSI will obtain such information directly from individuals with notification given as appropriate.

CHOICE

PSI will inform individuals of the purpose for which it collects and uses their personal information, including whether their information may be shared with a third party, and will process the information only for such purposes. Sharing personal information with PSI is voluntary, and may result from the employment relationship or other contractual obligations. However, sharing of personal information with PSI may also in some instances be required by law.

You may decline to share certain personal data with PSI, or may limit the use and disclosure of your personal information. However, doing so may limit your relationship with PSI. Inquiries about limiting the information that we process about you should be forwarded electronically to privacy@psi-cro.com.

SECURITY MEASURES TO PROTECT PERSONAL INFORMATION

PSI employs reasonable organizational, physical, administrative and technical safeguards to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration, and destruction. PSI maintains secured corporate network to store and transmit electronic personal information. Both electronic and paper-based records holding personal information are maintained in access controlled facilities.

PSI’s employees are trained about the importance of confidentiality and maintaining the privacy and security of personal information. This way, PSI strives for ensuring that all those who process and/or have access to such information as part of their regular job functions are fully aware of their individual responsibilities and of PSI corporate objectives with respect to the protection of data privacy.

DISCLOSURES AND ONWARD TRANSFER OF PERSONAL INFORMATION

Access to personal information and equipment is restricted to appropriately trained and duly authorized parties having a business need to know such information.

The personal information provided to PSI may be available to other affiliated companies within the PSI corporate group located in different countries around the world. Doing international business, PSI has its customers, clients, business partners (e.g. sponsors of clinical trials) and third party suppliers located worldwide. In addition, applicable laws may require PSI to disclose some personal information to public authorities. This means that some personal information collected and used by PSI may be transferred from the home country of the person concerned to other countries around the world, including the United States. Business partners of PSI and third-party suppliers selected by PSI are committed to protecting information shared with them by PSI.

PSI is committed to ensuring all personal information received from the European Union and Switzerland is subject to the Privacy Shield Principles. In furtherance thereof, PSI has certified Privacy Shield compliance as detailed below. Additionally, all third parties receiving personal information from the European Union and/or Switzerland must agree to use such information only for the purposes for which they have been engaged by PSI and they must either: (1) comply with the Privacy Shield Principles or another mechanism permitted by the applicable European or Swiss data protection law(s) for transfers and processing of personal data; or (2) agree to provide adequate protection for the personal information that are no less protective than those set out in this Data Privacy Policy. PSI acknowledges its potential liability if these requirements are not met.

Under some circumstances, PSI may be required to release personal information to law enforcement agencies or judicial authorities in the United States. PSI is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement regulations.

PSI may also disclose personal information for other purposes or to other third parties when an individual has consented to or requested such disclosure.

ACCESS TO PERSONAL INFORMATION

As is your right, upon request, PSI will grant individuals reasonable access to personal information that we hold about them and will take reasonable steps to permit individuals to correct, amend, or delete inaccurate or incomplete information. Requests for accessing information that we process about you should be forwarded electronically for action or response to privacy@psi-cro.com.

EU-U.S. PRIVACY SHIELD AND SWISS-U.S. PRIVACY SHIELD COMPLIANCE

PSI complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce (collectively, the “Privacy Shield”) regarding the collection, use and retention of personal information from the European Union and Switzerland, respectively. PSI has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this Data Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles will govern. The United States Federal Trade Commission is the enforcement authority with jurisdiction over our compliance with the Privacy Shield. To learn more about the Privacy Shield, and to view our certification, you may visit https://www.privacyshield.gov/.

QUESTIONS AND CONCERNS

In compliance with the Privacy Shield Principles, we commit to resolve all complaints about your privacy and our collection or use of your personal information. All inquiries and complaints should be forwarded electronically for action or response to privacy@psi-cro.com.

Using reasonable efforts, we will promptly respond to any queries or complaints regarding the protection of personal information. We have committed to refer unresolved privacy complaints under the Privacy Shield to the panel established by the EU Data Protection Authorities or the Swiss Federal Data Protection and Information Commissioner, as applicable. Such resolution process is at no cost to the complaining individual. Under certain limited conditions, a binding arbitration option before a Privacy Shield Panel may be available to you.

NOTIFICATION AND CHANGES TO THIS POLICY

Click here to review PSI’s Data Protection Policy. 

PSI reserves the right to modify or amend this Data Privacy Policy. For instance, this Data Privacy Policy may be revised as new privacy legislation is introduced or as existing regulations are amended. Changes to this Data Privacy Policy will be posted on the PSI website. Please check back periodically for updates.