Bioclinica PRR Privacy Policy

This web site uses cookies and input forms to collect, process and store Personally Identifiable Information and Health Information from its users. This Policy outlines how this information is collected, stored and secured.

ATTENTION: Please read these terms carefully before using this web site. Using this web site indicates that you accept these terms. If you do not accept these terms, do not use this web site.

PRIVACY SHIELD: Bioclinica complies with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union to the United States. To learn more about our Privacy Shield compliance, view the Privacy Shield section.

This policy is effective: April 14, 2017

This policy was last modified: April 14, 2017

Data Owner and Processor

All data collected on this web site is owned and processed by Bioclinica, Inc and its affiliated companies, except as noted in the Summary and Details sections below. Please use the following contact information if you have any questions, complaints or requests regarding the handling of the data collected on this web site.

Bioclinica, Inc
800 Adams Ave
Audubon, PA 19403
PrivacyOfficer@bioclinicaprr.com

Summary of Personal Data Collection

Personal Data is collected via the following means, and for the following purposes:

Analytics

Google Analytics, Google Tag Manager, Piwik
Personal Data: Cookies, Usage Information (statistics)

User Communication

MailChimp, Mailing List, Tell A Friend
Personal Data: Email Address

Location Based Interactions

Non-continuous Geolocation
Personal Data: Rough Geographic Location

Audience Building

Facebook Remarketing, Google Remarketing
Personal Data: Cookies, Email Address, Usage Information (statistics)

Types of Data Collected

Among the types of information this application collects, by itself or through third party services, are: Cookies, Email Address, Rough Geographic Location, Usage Information (statistics)

Other personal information that is collected may be described elsewhere in this Privacy Policy or by dedicated explanation text contextually where the information is being collected. The Personal Data collected may be provided voluntarily by the user, or collected automatically during the use of this web site.

How the Collected Data is Used

Personal Information collected through this site may be used in the following ways:

  • To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
  • To improve our website in order to better serve you.
  • To evaluate your candidacy for clinical trials.
  • To follow up with you after correspondence (live chat, email or phone inquiries).

Storage, Processing and Security of Collected Data

Bioclinica, Inc and its affiliated companies process the data collected through this web site in a proper manner as dictated by national and international laws, regulations and industry best practices, and shall at all times take appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of the data.

The Data Processing is carried out using computers and/or IT enabled tools following organizational procedures and models strictly related to the purposes indicated. In addition to the Data Controller, in some cases the Data may be accessible to certain types of persons in charge, involved with the operation of this web site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.

Additional Information for Medical and Health Related Information

In the process of accessing this web site, you may be prompted to provide medical and health information so that medical professionals may evaluate your potential eligibility for clinical trials. The health information you provide will be handled in accordance with the Health Insurance Portability and Accountability Act of 1996, as amended, and applicable United States and International laws relating to the storage and security of this type of data.

Bioclinica, Inc and its affiliated companies are dedicated to ensuring the security, privacy and integrity of this data. The personally identifiable medical and health information provided are only accessible to medical professionals related to the specific clinical trial, and this information will only be shared with a study site to enable participation in the study, and as required by United States and International laws. This data will never be shared with, or sold to, any third party, except as strictly necessary for participation in the clinical trial.

Location of Storage of Collected Data

All data collected through this web site is stored at a secure data center or data centers located in the United States of America.

Verification and Validation of Collected Data

You have the right under the law to request, review and correct any personal information that has been collected by this web site, including Medical and Health Information, as well as to be informed of who has had access to this data. Additionally, you may request the secure destruction of Personal Information that has been collected. To do so, please contact us using the contact information at the top of this page.

Security of Collected Data

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user enters, submits or accesses their information to maintain the safety of your personal information. These measures may include, and are not limited to, multi-layer firewalls, adaptive scanning, and advanced intrusion detection systems.

Third-party Disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our web site, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when appropriate to comply with the law, enforce our site policies, or protect our or others' rights, property or safety.

However, non-personally identifiable (anonymous) visitor information may be provided to other parties for marketing, advertising, or other uses.

Details about the collection of Personal Data

Personal Information is collected for the following purposes, and through the following mechanisms:

Analytics

The services contained in this section enable Bioclinica, Inc and its affiliated companies to monitor and analyze web traffic and can be used to keep track of user behavior to improve the performance and functionality of this site.

Google Analytics - Google, Inc

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network.

Personal Data Collected: Cookies, Usage Information (statistics)

Place of processing: us Privacy Policy

Piwik - This Web Site

Piwik is an analytics software used by this web site to analyze data directly without the help of third parties.

Personal Data Collected: Cookies, Usage Information (statistics)

Place of processing: us

Google Tag Manager - Google, Inc

Google Tag Manager is an analytics service provided by Google Inc.

Personal Data Collected: Cookies, Usage Information (statistics)

Place of processing: us Privacy Policy

User Communication

Information collected through this web site may be used by Bioclinica, Inc and its affiliated companies to contact you as part of the business purpose of this site.

MailChimp - The Rocket Science Group, LLC

MailChimp is an email address management and message sending service provided by The Rocket Science Group, LLC.

Personal Data Collected: Email Address

Place of processing: us

Mailing List - This Web Site

By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Application. Your email address might also be added to this list as a result of signing up to this Application or after making a purchase.

Personal Data Collected: Email Address

Place of processing: us

Tell A Friend - This Web Site

The Tell A Friend system provides a mechanism for users to e-mail friends about this web site.

Personal Data Collected: Email Address

Place of processing:

Location Based Interactions

Geolocation allows this web site to serve information about nearby service providers. Generally, data is anonymized before being shared with the geolocation provider to protect the user's privacy.

Non-continuous Geolocation - This Web Site

This Application may collect, use, and share User location Data in order to provide location-based services. Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, the User’s location data may be tracked by this Application. The geographic location of the User is determined in a manner that isn't continuous, either at the specific request of the User or when the User doesn't point out its current location in the appropriate field and allows the application to detect the position automatically.

Personal Data Collected: Rough Geographic Location

Place of processing: us

Audience Building

Audience Building or Remarketing is used to find new marketing audiences by analyzing the current audience of a web site by analyzing patterns in user behavior. Any demographic information about the users is owned and saved by the audience building or remarketing provider, and is not shared.

Facebook Remarketing - Facebook, Inc

Facebook uses information of the audience of a site to generate an audience of similar users who may be interested in that site. Facebook does not share information about the audience, but provides ads within its network to those potential users.

Personal Data Collected: Cookies, Email Address

Place of processing: us Privacy Policy

Google Remarketing - Google, Inc

Google uses information about the audience of a site, collected through cookies and other information, to generate a list of potential users that might be interested in that site or service, and targets ads to those potential users.

Personal Data Collected: Cookies, Usage Information (statistics)

Place of processing: us Privacy Policy

Cookies

Cookies are small data files stored on the hard drive of your computer. Usage of a cookie is in no way linked to any personally identifiable information while on this web site. Bioclinica, Inc and its affiliated companies use cookies on this web site in order to allow site visitors to personalize their experience by accessing information, products and services relevant to their areas of interest, (b) to track user sessions, and (c) to manage the functionality of interactive utilities such as surveys and polls.

The following table lists the individual cookies used by this web site, and the duration of the cookies:

Additional Legal Information

Information Not Contained in this Policy

More details concerning the collection or processing of Personal Data my be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.

The Rights of Users

Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy, or to ask for them to be supplemented, cancelled, updated, or corrected, or for their transformation into an anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out at the beginning of this document.

As part of this service, we may provide links to external web sites and applications. We are not responsible for the privacy practices employed by those web sites, or the information or content they contain. This Privacy Policy applies solely to information collected through this web site. Therefore, this Privacy Policy does not apply to your use of a third party web site accessed by selecting a link on our web site. To the extent that you access this web site through a third party web site or application, the Privacy Policy of that other web site or application will apply to your use of that site or application.

Changes to this Privacy Policy

Bioclinica, Inc and its affiliated companies reserve the right to change this Privacy Policy at any time by giving notice to its users on this page. It is strongly recommended to check this page often, referring to the date of the last modification at the top. If a User objects to any of the changes to the Privacy Policy, the User must cease using this Application and can request that the Data Controller remove the Personal Data. Unless stated otherwise, the then-current Privacy Policy applies to all Personal Data Bioclinica, Inc and its affiliated companies has about Users.

EU-US Privacy Shield

Bioclinica complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Bioclinica has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Bioclinica is an EU-US Privacy Shield certified entity and is required to ensure 1) subject Protected Health Information (PHI) 2) trial participant Personally Identifiable Information (PII) 3) employee, sponsor personnel, investigative site and vendor contact information is confidential and their identities remain private. The EU-US Privacy Shield is a framework for transatlantic exchanges of personal data between the European Union (EU) and the United States (US). One of its purposes is to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens.

As an EU-US Privacy Shield certified entity, Bioclinica adheres to the following principles:

  • Notice - Individuals must be informed that their data is being collected and about how it will be used.
  • Choice - An organization must offer individuals the opportunity to choose (opt out) whether their personal information is used.
  • Accountability for Onward Transfer - Transfers of data to sub-processors or third parties may only occur to other organizations that follow adequate data protection principles.
  • Security - Organizations creating, maintaining, using or disseminating personal information must take reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction.
  • Organizations creating, maintaining, using or disseminating personal information must take reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction. - Consistent with the Principles, personal information must be limited to the information that is relevant for the purposes of processing.
  • Access - Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.
  • Resource, Enforcement and Liability - Effective privacy protection must include robust mechanisms for assuring compliance with the Principles, recourse for individuals.

Personally identifiable information (PII), or sensitive personal information (SPI), as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. When identification is impossible, i.e. where the data can be anonymized by permanently disassociating the information from the individual, such data is not considered to be personal data and therefore not subject to data protection rules. Bioclinica does not disclose personal information to third parties unless requested to or supported by trial contract. Bioclinica is subject to the investigatory and enforcement powers of the Federal Trade Commission and Food and Drug Administration. If there is an occurrence where a Bioclinica employee learns of any breach of Client Confidentiality, trial participant PHI, or PII, investigative site, employee or vendor personnel contact information breaches, it is the responsibility of that employee to immediately follow critical issue escalation procedures.

In compliance with the Privacy Shield Principles, Bioclinica commits to resolve complaints about our collection or use of personal information. EU individuals with inquiries or complaints regarding Bioclinica’s Privacy Shield policy should first contact Bioclinica at 2005 S. Easton Rd Suite 304, Doylestown, PA 18901

Bioclinica has chosen the EU DPAs to serve as an independent recourse mechanism (IRM) for dispute resolution (i.e., have agreed to participate in the dispute resolution procedures of the panel established by the EU DPAs to resolve disputes pursuant to the Privacy Shield Framework). Bioclinica has further committed to cooperate with EU data protection authorities (DPAs) with regards to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship. Bioclinica maintains liability in cases of onward transfers to third parties if not supported by informed consent or contract. However, Bioclinica may be required to provide personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you. There is a possibility, under certain conditions, for individuals to invoke binding arbitration. Bioclinica Quality Assurance and Regulatory Compliance will follow Bioclinica’s standard compliance reporting strategy to ensure each incident, associated resolution and disposition pathways are documented.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

  • Notify affected users via e-mail within 7 business days.

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

California Online Privacy Protection Act (CalOPPA)

CalOPPA is the first state law in the nation to require commercial web sites and online services to post a Privacy Policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates web sites collection Personally Identifiable Information from California consumers to post a conspicuous Privacy Policy on its web site stating exactly the information being collected and those individuals or companies with whom it is being shared. See more at http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf.

According to CalOPPA, we agree to the following:

  • Users can visit our site anonymously.
  • Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website.
  • Our Privacy Policy link includes the word "Privacy" and can easily be found on the page specified above.
  • You will be notified of any Privacy Policy changes:
    • On our Privacy Policy page
  • You can change your personal information:
    • By emailing us
    • By calling us
    • By chatting with us or by sending us a support ticket

Children Online Privacy Protection Act (COPPA)

When it comes to the collection of personal information from children under the age of 13, the Children's Online Privacy Protection Act puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of web sites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under the age of 13 years old. We do not collect or maintain information at our web site from those we know are under 13 years of age, and no part of our web site is structured to attract anyone under 13 years of age.

Frequently Asked Questions

How does our site handle Do Not Track signals?

We honor Do Not Track signals and do not track, plant tracking cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third party behavioral tracking?

Our site does not allow any third party behavioral tracking.