Medpace Safe Harbor Privacy Policy

Medpace, Inc. (Medpace) is committed to respecting the privacy of clinical research subjects. Not only does Medpace strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices. The Safe Harbor Privacy Policy (the "Policy") sets forth the privacy principles that Medpace follows with respect to personal information transferred from the European Economic Area (EEA) which includes the member states of the European Union (EU) plus Iceland, Liechtenstein and Norway, to the United States.

This Policy applies to all personal information received by Medpace from the EEA in any format, including electronic, paper, or verbal.

Medpace is committed to respecting the privacy of individuals. Medpace has enacted internal procedures to repeatedly review and monitor the use of personal information and to ensure it is used responsibly and that we comply with internationally recognized standards of privacy protection. Internationally recognized standards require that the processing of personal data, both automated and manual, meet the following data protection principles:

1) NOTICE: When personal information is collected from individuals in the EEA, they will be informed of the purpose for which the information is collected and how the information will be used. The third parties to whom any information may be disclosed will be disclosed to the individual. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information.

2) CHOICE: Organizations must give individuals the opportunity to choose (opt out) if their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. Affirmative or explicit (opt in) choice must be given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized by the individual.

3) DATA INTEGRITY: Medpace will use personal information in ways that are compatible with the purpose for which the data was collected. Medpace will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete and current.

4) TRANSFER TO AGENTS: Medpace will obtain assurances from its agents that the agents will safeguard personal information consistently with this Policy. Where Medpace has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, Medpace will take reasonable steps to prevent or stop the use or disclosure.

5) ACCESS AND CORRECTION: Medpace will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy or where the rights of persons other than the individual would be violated.

6) SECURITY: Medpace maintains a high level of security, particularly in relation to data. Computer equipment, networks, programs, data and documentation are maintained to a high standard, and precautions to protect personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration, and/or destruction.

7) ENFORCEMENT: Medpace will ensure adherence to this Policy by ensuring (a) readily available and affordable independent recourse mechanisms so that each individual's complaints and disputes can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide; (b) procedures for verifying that the commitments companies make to adhere to the Safe Harbor Principles have been implemented; and (c) obligations to remedy problems arising out of a failure to comply with the principles exist. Sanctions must be sufficiently rigorous to ensure compliance by the organization. Medpace will provide an annual self certification letter to ensure appearance on the list of Safe Harbor participants.

Any questions or concerns regarding the use or disclosure of personal information should be directed to the Medpace Privacy Officer. Medpace will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of personal information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between Medpace and the complainant, Medpace has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Safe Harbor Principles.

Medpace has provided its employees with appropriate training to ensure that all individuals who process personal information are fully aware of their responsibility with respect to data protection.

Adherence by Medpace to these Safe Harbor Principles may be limited (a) to the extent require to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule or regulation.

Medpace sees the Internet and other advanced electronic technology as valuable tools for communicating and interacting with others. Medpace recognizes the importance of maintaining the privacy of information collected online. Some of our Web pages may contain links to Web sites outside the Medpace organization. Linked Web sites are not under the control of or endorsed by Medpace. This Policy does not apply to linked Web sites outside the Medpace organization.

Medpace reserves the right to change, modify or amend this Policy at anytime. If you have questions regarding this privacy policy, please send your inquiries to privacy@medpace.com.