IVR Clinical Concepts Inc. (IVRCC) strongly respects individual privacy and strives to manage personal data in line with the laws and high ethical standards of IVRCC and countries in which IVRCC does business.
IVR Clinical Concepts Inc. (IVRCC) abides by a deep commitment to respect the privacy and the protection of any personal information submitted to, hosted at and transferred by IVRCC. IVRCC respects individual privacy and holds the confidence of its customers, employees, clinical trial participants, and others in the highest regard. IVRCC endeavors to collect and shepherd personal, private and metadata information in a manner that is consistent with the laws of the countries in which IVRCC applications and activities are present. Data Privacy is taken seriously and is implemented through company-wide policies and SOPs, while also taking into account regional office locations requirements.
As a condition of using the IVRCC website, you agree to be bound by the terms of this Policy.
INFORMATION COLLECTION, USE AND STORAGE
IVRCC refers to information that identifies an individual as “Personal Information”. In general, we collect Personal Information from users of the IVRCC website in connection with access to certain online areas or services, including during (i) registration for special communications, such as email updates, whitepapers and newsletters; (ii) subscription registration; and (iii) user surveys. Your Personal Information is stored on IVRCC computer servers (or those of its service providers) located in the United States. We are GDPR compliant.
We may gather data about the areas of the IVRCC website you visit or access. We do not share any of this data with third parties, however we may use and share navigational data in aggregate, non-personal form to understand how our users as a group use the IVRCC website.
Below are more details about the Personal Information we, or third parties may gather from you and how we may use it.
1. Email Newsletters. IVRCC offers email newsletters to its registered subscribers. We will use your email address to send you only the specific newsletter(s) that you signed up for. If you want to update your email address or stop receiving a newsletter, follow the procedures to unsubscribe at the bottom of any newsletter we send you.
2. Surveys and User Research. IVRCC conducts email and web-delivered surveys from time to time, to gather information about our users and sites. Taking these surveys and polls is entirely optional. You have no obligation to respond to them. We share only the aggregate results of these surveys, not Personal Information, with our partners to help them better understand our services and monitor the reach of our webpage.
INFORMATION STORAGE AND SECURITY
Your Personal Information is stored on IVRCC computer servers located in the United States. We protect your Personal Information with technical, administrative and physical safeguards to protect against loss, unauthorized access, destruction, misuse, modification and improper disclosure. No computer system or information can ever be fully protected against every possible hazard, however IVRCC is committed to providing reasonable and appropriate security controls to protect our website and all Personal Information against foreseeable hazards.
Notwithstanding these security measures, please be aware that when you submit Personal Information to the IVRCC website over the Internet, the information may travel over many systems that are not under the IVRCC’s control. We take the protection of user data very seriously and to that end take reasonable safeguards to prevent interception of any Personal Information.
IVR Clinical Concepts Inc. (“IVRCC”) provides software and services to life sciences companies for use in the conduct of clinical trials throughout the world. IVRCC is sub-contracted to provide interactive voice and web applications (IVR/IWR “IxR”) on behalf of clients and other third-party agents for the purpose of acting as a third-party agent for our clients. Detailed contractual arrangements, SOPs and business policies govern all our work with customer data. IVRCC’s internal policies are available for audit/review by our clients, per IVRCC’s responsibility to adequately maintain these business policies and IVRCC’s technology infrastructure, while maintaining data integrity security and privacy.
IVRCC may collect, process, store and distribute Personal Data (e.g., subject ID, initials, email address, phone number) from clients including study sponsors, research site staff, study participants, consultants/subcontractors, and other employees involved in clients’ clinical trials. Additionally, as requested and authorized by our clients, IVRCC may collect and store Clinical Study Data, which is collected pursuant to a project-specific informed consent (IC) with clinical research subjects, and may include detailed information regarding health status, test results, medical assessments, and other data required for a particular study, in order to support clients’ trials, develop programs for their products, develop reports or other assemblages of information, and monitor progress throughout a study. Typically, IVRCC generates, collects and stores investigative site and subject ID numbers to our database with no traceability back to a specific trial patient/subject. We transfer personal information data collected, for the purposes of the clinical trial, confidentially to third party electronic data bases.
IVRCC informs individuals about the purposes for which it collects and uses personal information. The notice is provided in clear language in a conspicuous manner. The use of the data is limited to the purpose identified, and no more information is collected than is required to satisfy the purpose. Data used for pharmaceutical research and other purposes when using IVRCC software products is anonymized as appropriate. Any personal information that is related to the use of the IVRCC clinical trial software products or personal data collected in specific medical or pharmaceutical research studies belongs to the client. IVRCC informs individuals about the type of third party to which IVRCC discloses information if any, and offers individuals the choices and means for limiting the use and disclosure of their personal information.
IVRCC offers individuals the option of choice as to whether their personal information is disclosed to a third party. Individuals can also choose to not have their data shared if the purpose is incompatible with the original purpose of data collection or has not been subsequently authorized by the individuals. IVRCC provides individuals with reasonable mechanisms with which to exercise their choices.
For sensitive personal information, IVRCC gives individuals explicit (opt in) choice if the information is to be disclosed to a third party or is to be used other than the purpose that was originally authorized, or has been subsequently authorized. IVRCC will disclose the information only after explicit consent of the individual.
IVRCC may share personal data with agents, third-parties, or partners explicitly approved by our clients and as required by contract. In the context of an onward transfer, IVRCC has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. By contract IVRCC ensures for all onward transfers of personal data that IVRCC will take reasonable and appropriate steps to ensure that recipients effectively process the IVRCC’s obligations under the Principles. Recipients will notify IVRCC if they make a determination that they can no longer meet this obligation. IVRCC shall remain liable under the Principles if our agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage. The contract shall provide that when such a determination is made, the recipients will cease processing or take other reasonable and appropriate steps to remediate.
IVRCC protects confidentiality, integrity and availability of personal information by physical, electronic and logical security measures. IVRCC has written procedures in place regulating the protection of confidential data from loss, misuse and unauthorized access, disclosure, alteration and destruction.
IVRCC takes reasonable steps to ensure that personal information is relevant for the purposes of its use, and that the data is accurate, complete and current. IVRCC complies with the current data retention principle, with making individual identifiable only for as long as it serves a purpose of processing. Such processing would reasonably serve the purpose of archiving in the public interest, journalism, literature and art, scientific or historic research and statistical analysis, while maintaining adherence to the provisions of the Principles and the Framework.
Upon request, individuals will be granted reasonable access to personal information that IVRCC holds about them. In response to lawful request by public authorities, including to meet national security or law enforcement requirements, IVRCC is required to disclose personal information, per the enforcement authority which has jurisdiction over IVRCC’s compliance with the Framework. Personal/sensitive personal data is held by IVRCC as data controller and we ensure such data is accurate and relevant for the purposes for which we collected it. IVRCC will take reasonable steps to allow individuals to correct, amend, or delete information that is found to be inaccurate or incomplete. Exceptions could include where the burden of providing access is disproportionate to the risk to the individual’s privacy or where violation of another person’s rights would occur. Where IVRCC is a data processor, we will direct individuals to the relevant client/sponsor third party who is the data controller of the personal/sensitive personal data.
IVRCC has written procedures in place that regulate regular internal compliance audits of the Privacy Principles. Internal audits are conducted by the QA Department or by a third party as delegated by the QA Department. The QA Department is comprised of QA Department Head and additional company representatives, who have authority to enforce the policies that are created. The company President has the ultimate responsibility and authority of managing Quality Systems. Non-compliance issues are investigated and rigorous corrective actions are put in place and followed up until resolution for any problems arising out of failure to comply with the Principles. Remedy actions could include disciplinary actions. The U.S. Federal Trade Commission (FTC) has jurisdiction over IVR Clinical Concepts Inc.’s compliance with the Privacy Shield Principles.
Individual complaints will be investigated and remedy actions performed in the same rigorous way as described for non-compliance detected during internal audits (see above, Enforcement). An independent recourse mechanism by which each individual’s complaints and disputes can be investigated and expeditiously resolved is at no cost to the individual and by reference to the Principles. IVRCC also commits to a binding arbitration at the request of the individual to address any complaint that has not been resolved by other recourse and enforcement mechanisms.
IVRCC has committed to cooperate with data protection authorities (DPAs) by declaring our self-certification submission to the Department of Commerce.
IVR Clinical Concepts Inc.
Attention: Compliance Department
358 Broadway, Suite 201
Saratoga Springs, NY 12866
Email address: firstname.lastname@example.org
Phone: (518) 583-0095
Fax: (518) 583-0394
Per the Privacy Shield Framework, IVRCC must respond to all complaints within 45 days of receipt of a complaint related to an individuals’ personal data.
For any Privacy Shield complaints or questions that cannot be resolved with IVRCC directly, we commit to cooperate with the panel established by EU data protection authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner. and comply with the advice given by the panel with regard to data transferred from the EU or Switzerland.
If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs or the Swiss Federal Data Protection and Information Commissioner (FDPIC) for more information or to file a complaint.
Note that an individual also has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding EU Privacy Shield or Swiss Privacy Principles not resolved by any of the other Privacy Shield mechanisms.
For additional information: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
NOTIFICATION OF POLICY CHANGES