Medpace, Inc., and its global affiliates (the Medpace group of organizations, or Medpace) is a full service clinical research organization. Our mission is to accelerate the global development of safe and effective medical therapeutics.
CLINICAL TRIAL SUBJECTS: Medpace collects anonymized medical and health information about the individuals who take part in clinical trials through physician investigators. The physician investigators, who examine the individuals before and during the clinical trials, are responsible for ensuring that the individuals understand and consent to the gathering of sensitive personal data relating to an individual’s health and lifestyle, and the transfer of such anonymized information to third parties who may be providing services for the clinical trial. The requirements of data protection and data privacy laws generally mandate that consent must be obtained before any health or sensitive data is collected from individuals. These informed consent agreements state that data may be transferred to other countries and to other parties.
INVESTIGATOR PHYSICIANS: Medpace collects personal data about the investigator physicians and staff of such physicians in the hospitals and clinics that take part in a clinical study. This allows Medpace to quickly identify and contact physicians for participation in clinical studies. Medpace complies with data protection laws that require physician investigators to consent to the collection of their personal data and receive notice of their data protection rights. If an investigator or any staff member wishes to exercise its data protection rights, they may contact us at firstname.lastname@example.org.
IT AND SECURITY: Medpace maintains a high level of information technology security, particularly in relation to all of the personal data we collect. Medpace has in place physical, electronic and managerial procedures to safeguard and secure the information we collect. Medpace’s data from clinical trials is stored in a special web-based proprietary software program known as ClinTrak®, which only authorized individuals can access on a need to know basis. Access to other personal data is restricted to those authorized employees on a need to know basis depending what type of work they are performing for Medpace. All employees receive training, and are required to review and understand global data protection requirements. Medpace deploys encryption, firewalls, access controls, and other procedures to protect data from loss, misuse, unauthorized access, disclosure, alteration and destruction. Medpace may at times be required to disclose personal information in response to lawful requests by legal or regulatory authorities.
TRANSFER TO THIRD PARTIES: To facilitate the purposes of clinical research, personal data may be shared in the normal course and scope of business with third parties to whom Medpace has chosen to outsource work. In the event that personal data is transferred to a third party, Medpace requires in its agreements with third parties that adequate privacy precautions are taken that provide the same level of privacy protection as is required by the Principles of the Privacy Shield. In certain circumstances, Medpace may remain responsible and liable under Privacy Shield Principles if such third parties process the personal data in a manner inconsistent with the Privacy Shield Principles.
ENFORCEMENT, RECOURSE AND LIABILITY: The Medpace group of organizations is subject to the Federal Trade Commission (FTC) investigatory and enforcement powers ensuring Medpace’s compliance with the Privacy Shield framework. In compliance with the Privacy Shield Principles, Medpace commits to resolve complaints about our collection or use of personal information. E.E.A. and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should contact Medpace’s Data Protection Officer at email@example.com or at 5375 Medpace Way, Cincinnati, OH 45227. Medpace agrees to respond to the complaint within 30 days of its receipt. For any complaints that cannot be resolved with Medpace directly, Medpace commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner, and comply with the advice given by the panel and the Commissioner with regard to data transferred from the EU and Switzerland. The DPAs can be found here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm, and the Swiss Federal Data Protection and Information Commissioner can be found here: https://www.edoeb.admin.ch/?lang=en. The FTC has committed to reviewing on a priority basis referrals alleging non-compliance with the Principles of the Privacy Shield framework. If the complaint is not resolved using the independent recourse mechanism, as a last resort, the Privacy Shield framework provides for binding arbitration from a Privacy Shield Panel, made up of three neutral arbitrators.
E.E.A. and Swiss citizens who pursue resolution of a data protection dispute will not be charged any costs by Medpace associated with resolution of the dispute. However, in pursuing the final option of binding arbitration, each party will bear its own legal fees.