2.0 Transparency/Notice–What Personal Information We Collect and How We Use It
The types of Personal Information we may collect (directly from you or from Third Party-sources) and our privacy practices depend on the nature of the relationship you have with WCG and the requirements of applicable law. We endeavor to collect information only relevant for the purposes of Processing. Below are the legal bases and some of the ways we collect information and how we use it.
WCG collects Personal Information regarding its current, prospective and former clients, customers, visitors and guests (collectively “Individuals”). The data we collect from Individuals includes information such as title, name, address, phone number, email address, user name, answer to a security question and password, government identification (driver’s license, passport), and credit card and other financial information related to payments for services or goods. We may also collect demographic information you choose to provide, such as your business or company information, professional experiences, educational background, nationality, ethnic origin, age, gender, interests, preferences and favorites.
We acquire, hold, use and Process Personal Information about Individuals for a variety of business purposes including to:
- generally manage Individual information and accounts;
- respond to questions, comments and requests;
- provide access to certain areas and features of the WCG Sites;
- ensure internal quality control;
- verify Individual identity;
- enable Individuals to register for events or participate in webinars;
- communicate about Individual account and activities on WCG’s Sites and systems, and, in WCG’s discretion, changes to any WCG policy;
- tailor content, advertisements and offers we serve to Individuals;
- process payment for products or services purchased;
- measure interest in and improve WCG websites and systems;
- develop new products, processes and services;
- notify you about offers, products and services that may be of interest to you;
- process applications and transactions;
- prevent potentially prohibited or illegal activities;
- provide services to you and our sponsors;
- for purposes disclosed at the time that Individuals provide Personal Information or otherwise with consent.
2.2 General Information Collected & Used by WCG Companies
Depending on how you interact with WCG, we and our Third Party-service providers may also collect and use information in a variety of ways, including:
- IRBs–Institutional Review Board Members. Our IRBs are dedicated to conducting a thorough review process, utilizing expert board members who undergo rigorous regulatory training. From these board members, we may collect contact and biographical information, including name, address, email address, telephone number, date of birth, driver’s license and Social Security number; financial and other employment-related information, including financial data related to credit checks, bank details for payroll, contact information of third parties in case of an emergency, and beneficiaries under any insurance policy; and professional and educational background and experience, such as information that may be recorded on a CV or application form and language abilities.
- IRBs–Research Subject Information. When research subjects communicate with our IRBs, we obtain whatever information the research subject chooses to provide (including, e.g., name and email address), and use that information to respond to the subject’s request. Additionally, our IRBs receive information from investigators regarding unanticipated problems. We endeavor to instruct investigators to provide such records in de-identified form.
- Clintrax (and Others)–Investigator Information. In order to provide our services, some of our companies (e.g., Clintrax, IRBs) may collect and store investigator, sponsor, clinical research organization (“CRO”), and institutional employee contact information, including names, addresses, phone and fax numbers and email addresses.
- Clintrax–Contract and Banking Details. To facilitate its contract negotiation and site payment service offerings, Clintrax may handle contracts containing Personal Information (such as Social Security numbers) and collect payee bank account details and contact information through such contracts or separate banking documentation forms.
- CenterWatch Patient Notification Service. Registration for CenterWatch’s Patient Notification Service, which automatically emails you as soon as a clinical trial is posted that matches criteria you specify, only requires that one provide an email address and select a therapeutic area of interest; registrants may also choose to provide their location. CenterWatch utilizes subscriber email addresses strictly for troubleshooting and web-maintenance efforts.
- CenterWatch Clinical Trial Listings and Profile Pages. At the bottom of most trial listings, Research Center Profiles, and Industry Provider Profiles on CenterWatch’s website, you will find a submit template/form to submit a confidential posting to the company or individual you are contacting. The message will never go to any CenterWatch staff member. Furthermore, CenterWatch cannot access or retrieve any message that you submit using these forms; nor are we responsible for any of these messages. However, all messages will indicate to the receiver that the transmission originated at CenterWatch.com. The company or individual you contact will only receive the information that you provide in the form including, e.g., name, address, phone number, fax, email address, company (Profile Page forms only), and confidential message. To withhold information, simply leave the field blank.
- CenterWatch–JobWatch User Information. Registrants for JobWatch, a source for clinical research jobs and career resources offered by CenterWatch, must provide only their email address, which may be used by member companies to find qualified job applicants. CenterWatch has access to subscriber email addresses and utilizes them for trouble-shooting and web-maintenance efforts. At times, CenterWatch may use this list to inform subscribers of a new service JobWatch is offering or a new product CenterWatch is introducing that may assist them in their career search. If you receive updates that you do not wish to receive, please contact us at firstname.lastname@example.org.
- FDAnews–Subscriber and Client Data Collected. As a leading provider of domestic and international regulatory, legislative and business news and information for industries regulated by the U.S. Food and Drug Administration, FDAnews offers a variety of products and services, many of which may involve the collection and use of Personal Information from subscribers and clients. Examples include:
- Free eNewsletters. FDAnews offers three free daily and weekly eNewsletters to subscribers. FDAnews has access to subscriber email addresses and utilizes them to send eNewsletters and other marketing material as well as for trouble-shooting and web-maintenance efforts.
- Subscription eNewsletters, Books, Whitepapers and Webinars. Personal Information from clients who purchase subscription eNewsletters, books, whitepapers and webinars may include name, job title, company name, phone number, mailing address and credit card and other financial information related to payments for services or goods. Payment and other Personal information will be collected by service providers to effectuate your order and may be stored for purposes of future orders. FDAnews has access to subscriber and client email addresses and utilizes them to send eNewsletters and other marketing material as well as for trouble-shooting and web-maintenance efforts.
- FDAnews–Conference Details.
- Registration. Registrants for FDAnews-sponsored conferences must provide Personal Information including name, job title, company name, phone number, email address and mailing address and credit card and other financial information related to conference registration.
- Registration Lists. FDAnews may provide requesting conference sponsors with a one-time marketing exception to contact registrants.
- ePS Products and Services–Patient, Provider, Trial Manager and Client Data Collected. As a leading provider of e-clinical solutions, ePS offers a variety of products and services to enhance clinical trial operations, many of which may involve the collection and use of Personal Information from patients, health care providers (“providers”), clinical trial managers and clients. Examples include:
- Wellness Programs. In order to assist participants enrolled in clinical trials that have a lifestyle (weight watching) component, ePS provides access to a dietician and, as part of that process, collects profile information from program participants that includes weight and behavior information; and
- Clinical Trial Portal. Personal Information from patients, providers, clinical trial managers and clients may also be stored in our ePS Clinical Trial Portal – a tool used to manage and track study-related content, tasks, activities, completion and communications between sponsors, site personnel and vendors involved in a study.
- To the extent Third Parties collect Personal Information of patients, ePS seeks to ensure that such Third Parties provide adequate privacy notices to the Data Subjects.
- MedAvante-ProPhase – Patient and Clinical Trial Data Collected. As global providers of specialty solutions in clinical trials, MedAvante – ProPhase endeavor to optimize the selection, use, and analysis of behavioral and physical endpoints to mitigate trial risk and maximize the likelihood of study success. Through collaboration with sponsors, CROs and sites, we may collect or Process information about clinical experts, regional clinical leads, reviewers and patients. Examples include:
- Electronic Capture of Assessments– (“eCOA” and “Virgil”). MedAvante – ProPhase’s proprietary solutions, eCOA, and Virgil, use a variety of modalities (e.g., tablet, handheld devices, and handwritten notes) to capture clinical outcome data, including audio, video and observational data, in a 21 CFR Part 11 compliant environment. Data collected may include Protected Health Information (such as treatment and assessment dates, patient initials and/or dates of birth) and/or other Personal Information of Data Subjects (such as patient gender, medical diagnosis or other biographical information).
- Independent Clinical Assessments– MedAvante – ProPhase’s global clinicians perform remote clinical assessments, capturing patient and clinical trial-related data, potentially including similar Personal Information and/or Protected Health Information.
- MedAvante-ProPhase – Rater Services. MedAvante – ProPhase’s also enhances clinical trial operations by offering Rater Services, including (i) Rater Certification, through which they offer documented participation in training programs, scale-specific scoring proficiency and applied skills training; and (ii) Ratings Quality Assurance (Audio/Video Monitoring) Services, through which expert clinicians provide raters with feedback on their ongoing performance as well as review of endpoint data (e.g., diagnostic adjudication, patient selection, endpoint adjudication and quality monitoring). These Rater Services can involve sensitive discussions between providers and patients, including potentially Personal Information.
- ThreeWire – Patient Recruitment, Enrolment and Retention Services. ThreeWire provides clinical trial recruitment and direct-to-patient marketing services to help pharmaceutical, medical device and biotech companies achieve their patient recruitment, enrolment and retention goals (collectively, the “Services”). Through onsite clinical trial recruitment efforts conducted with healthcare facilities and direct-to-patient marketing campaigns, ThreeWire accesses and stores relevant patient Personal Information to (i) assess the suitability of potential patients for clinical trials or physician services, (ii) contact, schedule and/or enrol pre-qualified patient referrals with study sites and (iii) other related recruitment, enrolment and retention Services. The patient Personal Information collected and utilized may include name, phone number, email address, mailing address, diagnosis and other contact information. ThreeWire also collects contact Personal Information (e.g., name, email address, phone number and/or other) of staff members of the healthcare facilities with whom they work and of trials sites for which patients are being recruited.
- WCG – Pseudonymous Data. Including as discussed below in § 2.8.3, WCG may use and share your anonymized or aggregated information within the WCG family of companies or with Third Parties for public health, research, analytics and any other legally permissible purposes.
2.3 Human Resources Data
WCG collects Personal Information from current, prospective and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number, financial information related to credit checks, bank details for payroll, information that may be recorded on a CV or application form, language abilities, contact information of third parties in case of an emergency and beneficiaries under any insurance policy. We may also collect Sensitive Human Resources Data such as details of health and disability, including mental health, medical leave, and maternity leave.
We acquire, hold, use and Process Human Resources-related Personal Information for a variety of business purposes including:
- workflow management, assigning, managing and administering projects;
- Human Resources administration and communication;
- payroll and the provision of benefits;
- compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
- job grading activities;
- performance and employee development management;
- organizational development and succession planning;
- benefits and personnel administration;
- absence management;
- helpdesk and IT support services;
- regulatory compliance;
- internal and/or external or governmental compliance investigations;
- internal or external audits;
- litigation evaluation, prosecution and defense;
- diversity and inclusion initiatives;
- restructuring and relocation;
- emergency contacts and services;
- Employee safety, including monitoring compliance with safety regulations by confirming Employees are not speeding or otherwise violating traffic laws;
- compliance with statutory requirements;
- Processing of employee expenses and travel charges; and
- acquisitions, divestitures and integrations.
2.4 Social Media and Interest-Based Advertising
Through our Sites, WCG may in the future allow Third-Party advertising partners to set tracking tools (e.g., cookies) to collect anonymous, non-Personal Information regarding your activities (e.g., your IP address, page(s) visited, time of day). We may also share such information we have collected with Third-Party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering future targeted advertisements to you when you visit non-WCG related websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising.”
2.5 Information from Third-Party Sources
WCG may collect information about you from Third-Party sources to supplement information provided by you. This supplemental information allows us to verify information that you have provided to WCG and to enhance our ability to provide you with information about our business, products and services. WCG’s agreements with these Third Party-sources typically limit how the Company may use this supplemental information.
2.6 Direct Mail, Email and Outbound Telemarketing
Individuals who provide us with Personal Information, or whose Personal Information we obtain from Third Parties, may receive periodic emails, newsletters, mailings or phone calls from us with information on WCG or our business partners’ products and services or upcoming special offers/events we believe may be of interest. We offer the option to decline these communications at no cost to the individual by following the instructions in Section 3 below.
2.7 Research/Survey Solicitations
From time to time, WCG may perform research (online and offline) via surveys. We may engage Third Party-service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve Individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Sites, various types of communications, advertising campaigns and/or promotional activities. If an Individual participates in a survey, the information given will be used along with that of other study participants. We may share anonymous individual and aggregate data for research and analysis purposes.
2.8 All Internet Users – Cookies, Pixel Tags, Web Beacons and Aggregate Information
Like many other websites, WCG or its business partners may employ a cookie, or small piece of computer code that enables Web servers to “identify” visitors, each time an Individual initiates a session on the Company’s Sites. A cookie is set in order to identify Data Subjects; tailor our Sites to you; measure and research the effectiveness of our Sites’ features, offerings and advertisements; and authenticate users for registered services. Cookies can only access Personal Information that you have provided on our Sites and cannot be accessed by other sites. We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some our Sites, and to develop website content. This analytics data is not tied to any Personal Information. At any time, visitors may choose to opt-out of Google Analytics tracking with the Google Analytics opt-out browser add-on found at www.tools.google.com/dlpage/gaoptout. Data Subjects also have the ability to delete cookie files from their own hard drive at any time by clicking on the Privacy or History tab typically found on the Settings or Options menu in your internet browser. However, please also be advised that cookies may be necessary to provide access to much of the content and many of the features of WCG’s Sites.
2.8.2 Pixel Tags/Web Beacons
WCG may use “pixel tags,” also known as “web beacons,” which are small graphic files that allow us to monitor the use of our Sites. A pixel tag can collect information such as the Internet Protocol (“IP”) address of the computer that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time the page containing the pixel tag was viewed; the browser type and language; the device type; geographic location; and the identification number of any cookie on the computer previously placed by that server. When corresponding with you via HTML capable email, we or our Third Party-service providers may use “format sensing” technology, which allows pixel tags to let us know whether you received and opened our email.
2.8.3 Anonymous and Aggregated Information
Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Sites. Anonymized or aggregated information is not Personal Information, and WCG may use such information in a number of ways, including research, internal analysis, analytics and any other legally permissible purposes. We may share this information within WCG and with Third Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
2.9 Mobile Computing
3.0 Choice/Modalities to Opt Out
Where you have consented to WCG’s Processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and opt out by following the instructions in this Section 3. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out.
Prior to disclosing Sensitive Data to a Third Party or Processing Sensitive Data for a purpose other than its original purpose or the purpose authorized subsequently by the Data Subject, WCG will endeavor to obtain each Data Subject’s explicit consent (opt-in). Where consent of the Data Subject for the Processing of Personal Information is otherwise required by law or contract, WCG will comply with the law or contract.
3.2 Email and Telephone Communications
An “Unsubscribe” button will be provided at the top or bottom of each email communications sent by WCG so that you can opt-out. However, we will continue to send transaction-related emails regarding products or services you have requested.
Additionally, those registered for CenterWatch’s Patient Notification Service who no longer wish to receive updates may contact email@example.com or follow the unsubscribe instructions at http://www.centerwatch.com/clinical-trials/pns/.
Those registered for FDAnews’ eNewsletters who no longer wish to receive emails may contact firstname.lastname@example.org or follow the unsubscribe instructions at http://www.fdanews.com/.
We maintain telephone “do not call” lists and “do not mail” lists as mandated by law. We process requests to be placed on do not mail, do not phone and do not contact lists within 60 days after receipt, or such shorter time as may be required by law.
3.3 Human Resources Data
With regard to Personal Information that WCG receives in connection with the employment relationship, WCG will use such Personal Information only for employment-related purposes as more fully described in section 2.3 above. If WCG intends to use this Personal Information for any other purpose, the Company will provide the Data Subject with an opportunity to opt-out of such uses.
3.4 “Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. WCG does not recognize or respond to browser-initiated DNT signals.
3.5 Advertising Choices
3.6 Compliance with the Digital Advertising Alliance
Should WCG engage in interest-based advertising, it will endeavor to comply with the cross-industry Self-Regulatory Program for Online Behavioral Advertising as managed by the Digital Advertising Alliance (DAA) (http:///aboutads.info). As part of this service, WCG’s online advertisements may sometimes be delivered with icons that help Individuals understand how their data are being used and provide choice options to Individuals that want more control. The list of our advertising partners may be updated from time to time. To opt-out of internet-based advertising by all DAA-participating companies, please visit http://www.aboutads.info/choices/.
4.0 Onward Transfer
4.1 Information We Share
We may disclose information about you: (i) if we are required to do so by law, court order or legal process; (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (iii) under the discovery process in litigation; (iv) to enforce WCG policies or contracts; (v) to collect amounts owed to WCG; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) in the good faith believe that disclosure is otherwise necessary or advisable. In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Sites. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
4.2 Data Transfers
All Personal Information sent or collected via or by WCG may be stored anywhere in the world, including but not limited to, in the United States, in the cloud, our servers, the servers of our affiliates or the servers of our service providers. By providing information to WCG, you consent to the storage of your Personal Information in these locations.
5.0 Rights of Access, Rectification, Erasure and Restriction
The security of all Personal Information provided to WCG is important to us, and WCG takes reasonable steps designed to protect your Personal Information. Unfortunately, no data transmission over the Internet or storage of information can be guaranteed to be 100% secure. As a result, while WCG strives to protect your Personal Information, we cannot ensure or warrant the security of any information you transmit to WCG, and you do so at your own risk.
8.0 Redress / Compliance and Accountability
WIRB Copernicus Group, Inc.
Attn: David Forster, Chief Compliance Officer
1019 39th Avenue SE
Puyallup, WA 98374
Phone: (360) 252-2428
9.0 Other Rights and Important Information
9.1 Information Regarding Children
Due to the nature of WCG’s business, services and benefits are not marketed to minors. WCG does not knowingly solicit or collect Personal Information from children under the age of 13. If we learn that we have collected Personal Information from a child under the age of 13, we will promptly delete that information.
9.2 California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. WCG does not share Personal Information with third parties for their own marketing purposes.
9.3 Links to Third-Party Websites
“Agent” means any third party that processes Personal Information pursuant to the instructions of, and solely for, WCG or to which WCG discloses Personal Information for use on its behalf.
“Data Subject” is an identified or identifiable natural person.
“Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker or retiree of WCG or its subsidiaries worldwide.
“Personal Information” is any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Privacy Shield Principles” collectively means the seven (7) privacy principles as described in the Privacy Shield: (1) notice, (2) choice, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access, and (7) recourse, enforcement and liability. Additionally, it includes the sixteen (16) supplemental principles described in the Privacy Shield: (1) sensitive data, (2) journalistic exceptions, (3) secondary liability, (4) performing due diligence and conducting audits, (5) the role of the data protection authorities, (6) self-certification, (7) verification, (8) access, (9) human resources data, (10) obligatory contracts for onward transfers, (11) dispute resolution and enforcement, (12) choice – timing of opt-out, (13) travel information, (14) pharmaceutical and medical products, (15) public record and publicly available information, and (16) access requests by public authorities.
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Protected Health Information” is a subset of Personal Information and has the meaning set out in the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”), and in particular at 45 C.F.R. § 160.103, as it may be amended from time to time.
“Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding EU-residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the individual’s sex life; or (8) information relating to the commission of a criminal offense.
“Third Party” is any natural or legal person, public authority, agency or body other than the Data Subject, WCG or WCG’s agents.
11.0 Superseded Documents
Title (Effective Date)
WIRB Privacy Statement (Effective: April 2005)
12.0 REVISION HISTORY
1.1 Edition 002: Incorporation of FDAnews, MedAvante-ProPhase, and ThreeWire; Swiss Privacy Shield (effective 05 Sep 2017)
1.2 Edition A: Initial version (effective September 30, 2016)