Medpace, Inc., Medpace Reference Laboratories, LLC, Medpace Bioanalytical Laboratories, LLC, Medpace Medical Device, Inc., Imagepace, LLC, and their global affiliates (the Medpace group of organizations, or Medpace) is a full service clinical research organization. Our mission is to accelerate the global development of safe and effective medical therapeutics.
Medpace is committed to respecting the privacy of individuals, and complies with the U.S. government Privacy Shield framework for all personal data collected from European Economic Area (E.E.A.) citizens, including personal data collected on our website, personal data that may be provided for clinical trials, personal data collected from employees, and personal data collected from investigators, their staff and any third party vendors. Medpace also maintains an affirmative commitment to the U.S.-Swiss Safe Harbor Framework and its principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. Medpace complies with laws around the globe relating to data protection and privacy.
CLINICAL TRIAL SUBJECTS: Medpace collects anonymized medical and health information about the individuals that take part in clinical trials through physician investigators. The physician investigators, who examine the individuals before and during the clinical trials, are responsible for ensuring that the individuals understand and consent to the gathering of sensitive personal data relating to an individual’s health and lifestyle, and the transfer of such anonymized information to third parties who may be providing services for the clinical trial. The requirements of data protection and data privacy laws generally mandate that consent must be obtained before any health or sensitive data is collected from individuals. These informed consent agreements state that data may be transferred to other countries and to other parties.
INVESTIGATOR PHYSICIANS: Medpace collects personal data about the investigator physicians and staff of such physicians in the hospitals and clinics that take part in a clinical study. This allows Medpace to quickly identify and contact physicians for participation in clinical studies. Medpace complies with data protection laws that require physician investigators to receive notice about the collection of their personal data and the right to access, modify or delete their personal data. If an investigator or any staff member wishes to modify, correct or delete its data from Medpace, they may contact us at firstname.lastname@example.org.
IT AND SECURITY: Medpace maintains a high level of information technology security, particularly in relation to all of the personal data we collect. Medpace has in place physical, electronic and managerial procedures to safeguard and secure the information we collect. Medpace’s data from clinical trials is stored in a special web-based proprietary software program known as ClinTrak®, to which only authorized personnel can access on a need to know basis. Access to other personal data is restricted to those authorized employees on a need to know basis depending what type of work they are performing for Medpace. All employees receive training, and are required to read and understand the Privacy Shield framework. Medpace deploys encryption, firewalls, access controls, and other procedures to protect data from loss, misuse, unauthorized access, disclosure, alteration and destruction. Medpace may at times be required to disclose personal information in response to lawful requests by legal or regulatory authorities.
TRANSFER TO THIRD PARTIES: To facilitate the purposes of clinical research, personal data may be shared in the normal course and scope of business with third parties to whom Medpace has chosen to outsource work. In the event that personal data is transferred to a third party, Medpace requires in its agreements with third parties that adequate privacy precautions are taken that provide the same level of privacy protection as is required by the Principles of the Privacy Shield. In certain circumstances, Medpace may remain responsible and liable under Privacy Shield Principles if such third parties process the personal data in a manner inconsistent with the Privacy Shield Principles.
ENFORCEMENT, RECOURSE AND LIABILITY: The Medpace group of organizations is subject to the Federal Trade Commission (FTC) investigatory and enforcement powers ensuring Medpace’s compliance with the Privacy Shield framework. E.E.A. citizens may contact Medpace to lodge a complaint about Medpace’s adherence to the Privacy Shield. Such complaints should be addressed to email@example.com or Privacy Officer, 5375 Medpace Way, Cincinnati, OH 45227. Medpace agrees to respond to the complaint within 45 days of its receipt. For any complaints that cannot be resolved with Medpace directly, Medpace has chosen as an independent recourse mechanism, to cooperate with the E.U. data protection authorities (DPAs) and comply with the information and advice provided in relation to such unresolved complaints. The DPAs can be found here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. The FTC has committed to reviewing on a priority basis referrals alleging non-compliance with the Principles of the Privacy Shield framework. If the complaint is not resolved using the independent recourse mechanism, as a last resort, the Privacy Shield framework provides for binding arbitration from a Privacy Shield Panel, made up of three neutral arbitrators.
E.E.A. citizens who pursue resolution of a data protection dispute will not be charged any costs by Medpace associated with resolution of the dispute. However, in pursuing the final option of binding arbitration, each party will bear its own legal fees.