1. Addressing Privacy
1. Addressing Privacy
Under data privacy laws, a “controller” makes decisions about how and why personal data is processed, while a “processor” processes personal data on behalf of the controller in accordance with their instructions. In some cases, we act as a “controller” in respect of certain processing activities that involve your personal data, while in others we act as a “processor." Throughout this Policy we explain whether we are acting as a "controller" or a "processor" in respect of a given activity so you can understand who is responsible for your rights in respect of your personal information. .
Our processes and procedures are designed to support compliance with this Policy, our privacy notices and applicable international and local data protection laws and regulations, including but not limited to the European Union General Data Protection Regulation (the “GDPR”), the Health Insurance Portability and Accountability Act (“HIPAA”) and, the privacy and confidentiality requirements of Good Clinical Practice (“GCP”).
To help you navigate to the sections relevant to you, in section 2 “What Personal Information is Handled by Accellacare and for what Purposes” we have categorized our explanations based on the main categories of relationships between us and those we collect personal data from. In section 3 “More Information” we address issues that are relevant to most or all of the relationships between us and the individuals who share personal data with us, for example your rights as an individual who has shared personal data with us, who we may share personal data with and our obligations when sharing personal data with third parties internationally.
Additional privacy terms tailored for different methods of data collection and specific uses by certain of our business lines and operations may apply to personal information shared with us. If alternative privacy terms are provided to you for a specific purpose those terms will govern the processing of personal data in relation to that purpose. For example, we maintain service specific privacy notices that may be provided to you for your review and consent in connection with the processing of personal data relating to those services and, if you are a participant in a research project for which Accellacare is providing services, there may be specific consent documentation addressing the disclosure of your personal information to us and clients who sponsor the research.
If you do not provide us with your personal data we may not be able to provide you with any of our services or respond to any questions or requests you submit to us via our websites. We will tell you when we ask for personal data which is a contractual requirement or is needed to perform our functions or is needed to comply with our legal obligations.
2. What Personal Information is Handled by Accellacare and for What Purposes
2. What Personal Information is Handled by Accellacare and for What Purposes
2.1 Website Visitors and Mobile ApplicationUsers:
Personal data that we ask you to provide on the Websites and Apps is often limited to e-mail address, language preference, country or location, but may include other information when needed to provide a requested service, where an employment opportunity is being processed or where services as an Investigator in a clinical trial are being offered. We collect information in several ways, outlined below:
1. On some Website pages you can register to receive information on an automated basis. The type of information you can register to receive in this manner includes general corporate information about us such as:
- Press Releases
- News and presentations
- SEC Reports
- Investor Relations information
- Annual & Interim Reports and other public financial information
- Other General Information updates
The personal information collected when you register to receive information on an automated basis is your name, e-mail address, employer name and occupation. You will have the option of cancelling your registration and removing your e-mail from the database on each occasion that you receive an automated e-mail alert, by clicking on an unsubscribe link on each e-mail alert message.
2. On some Website pages and Apps you may choose to provide personal information about yourself depending on your relationship or potential relationship with us e.g. :
- if you are interested in pursuing an employment or service provider opportunity with us - see 2.2 Potential Employees
- if you are interested in providing clinical trial Investigator or related services -see 2.3 Investigators, clinical site study team members and other healthcare professionals (HCPs)
- if you are interested in registering your interest in participating in a clinical trial and being included in a database of potential study subjects -see 2.4 Participants in Patient Databases
- if you are interested in obtaining services from or providing services to us- see sections 2.6 Client Personnel or Section 2.7 Vendor Personnel respectively.
3. On some Website pages or Apps you may choose to register to receive access to web casts, periodic updates or information on specific services. Generally the personal information collected in such cases is your name, title, company and e-mail address. This information is collected for qualification and aggregate measurement purposes and to provide you with the service.
On some Website pages and Apps you can register to receive customized information. This information is generally collected on 'Contact Us' forms where you may choose to be contacted by us. The personal information collected in these cases include your name, title, company, address, and contact details and e-mail address.
Websites and Apps also collect certain information about your computer hardware and software. This information may include; your IP address, browser type, operating system, domain name, access times and referring website addresses. This information is used for the operation of the service, to maintain and monitor quality of the service and to provide general statistics regarding use of Websites.
If you don’t want non-essential cookies to be placed on your device, then you can easily accept or reject them in the cookie banners.
Website and App Security. Please be aware that whilst we do all that we can to safeguard the security of your personal information, the transmission of information over the internet is not completely secure and therefore you do this at your own risk. Once we receive your personal information we will implement strict security procedures with the objective of preventing unauthorized access.
Children. We do not knowingly collect any personal data through our Websites or Apps from individuals who are known to be under the age of 13, and no part of Accellacare’s Website or mobile Apps is directed towards anyone less than 13.
2.2 Potential Employees
We may process your personal data in our capacity as data controller. This section describes how we handle and protect your personal data in connection with our recruiting processes and programs. This section only applies to the personal data of job applicants, potential candidates for employment or as freelancers, and our optional recruiting programs and events. It does not apply to our employees, other contractors or clients, or other personal data that we collect for other purposes.
We will process your personal data in accordance with this Policy, unless such processing conflicts with the requirements of applicable law, in which case, applicable law will prevail.
You are not required to provide any requested information to us, but failing to do so may result in us not being able to continue your candidacy for the job for which you have applied.
Personal data we collect: The types of personal data that we request from you and the ways that we process it are determined by the requirements of the country in which the position is located, and not the country in which you reside. Should you apply to more than one location or should the role to which you apply be available in more than one country, the types of personal data we request from you and the ways that we process it are determined by the requirements of all the countries in which the position is located. We usually collect personal data directly from you when you apply for a role with us, such as your name, photo, address, contact information, work and educational history, references, achievements, copies of identification documents, CVs, diversity information (if required for compliance reasons) and test results. We also may collect personal data about you from third parties, such as your references, prior employers, our employees with whom you have interviewed, publicly available websites and employment background check providers, to the extent this is permitted by applicable law.
Use of your personal data: We collect and use your personal data for legitimate human resources and business management reasons including: identifying and evaluating candidates for potential employment, as well as for future roles that may become available; record keeping in relation to recruiting and hiring; ensuring compliance with legal requirements, including diversity and inclusion requirements and practices; conducting background and criminal history checks as permitted by applicable law. We may also analyze your personal data or aggregated/pseudonymized data to improve our recruitment and hiring process and augment our ability to attract successful candidates.
We may desire to retain your personal data to consider you for future employment opportunities. In such an event, we will seek your consent, either prior to or after you formally apply for a job opportunity, to be part of our future job alerts that provides you ways to further learn about our current and future employment opportunities. These future job alerts are entirely optional.
If you consent to future job alerts, but subsequently wish to withdraw, please contact us at the following emails addresses:
- if you are based in ASIAPAC at APACTalentAcquisition@iconplc.com
- if you are based in EMEA at EU.Recruitment@iconplc.com
- if you are based in the Americas at MyHR.USRecruitment@iconplc.com
Data recipients and international data transfers: Your personal data may be accessed by recruiters and interviewers working in the country where the position for which you are applying is based, as well as by recruiters and interviewers working in different countries within our organization.
Individuals performing administrative functions and IT personnel within our organization may also have a limited access to your personal data in order to perform their jobs. We have put in place legal mechanisms designed to ensure adequate data protection of your personal data that is processed by us, including the transfer of your personal data to countries other than the one in which you reside.
We may use third party service providers to provide a recruiting software system. We may also share your personal data with other third party service providers that may assist us in recruiting talent, administering and evaluating pre-employment screening, background checks and testing, and improving our recruiting practices.
We maintain processes designed to ensure that any processing of personal data by third party service providers is consistent with this Policy and protects the confidentiality, availability, and integrity of your personal data.
We may also share your personal data with any client of ours that you are proposed to be assigned to in connection with a position.
Data retention: If you accept an offer of employment, any relevant personal data collected during your pre-employment period will become part of your personnel records and will be retained in accordance with specific country requirements and our Data Protection and other workplace policies which will be provided to you at that time. If we do not employ you, we may nevertheless continue to retain and use your personal data for a period of time (which may vary depending on the country) for system administration purposes, to consider you for potential future roles, and to perform research. If you elect to join a recruiting program, we may retain your personal data to consider you for future employment opportunities.
2.3 Investigators, clinical site study team members and other healthcare professionals (HCPs)
We collect the names, contact details, and professional information of clinical trial investigators, study researchers, data safety monitoring board members, and other HCPs for the purpose of identifying and assessing suitability to assist in clinical trials and research studies and to provide services. We collect your personal data when you provide it to us directly, for example such as when you express or register an interest to participate in a study through our Websites, and also, either directly or indirectly, from publicly available sources, such as websites, directories and industry networks etc. For further information on our collection activities and uses of personal information through our Websites please refer to section 2.1 “Website Visitors and Mobile Application Users”. If you subsequently participate in a trial or study we manage or provide services for, we will also collect information relating to the involvement and performance of HCPs. Further information is available in our Site Data Protection Notice and Consent Form available here https://www.accellacare.com/privacy/.
2.4 Participants in Accellacare Patient Databases
Certain Accellacare services involve the development and maintenance of databases of persons who may be eligible to and may wish to participate in clinical trials and medical research studies (“Patient Recruitment Databases”) managed by Sponsors. Once a person is recorded in Accellacare’s Patient Recruitment Databases, we may contact them for further screening and potentially refer them to potentially suitable clinical trials or research studies matched to their areas of medical interest.
In order to match such persons’ entered into Patient Recruitment Databases to appropriate clinical trials or research studies we will, on a need to know basis, request, collect and process suitable personal data on the basis of the person’s explicit consent, such as names, addresses and contact information, which may be collected on voice recordings, as well as sensitive personal information.
Examples of sensitive personal data we collect include:
- Healthcare information e.g. height and weight, physical and mental health or conditions, medical records, disabilities
- Race and ethnicity information
- Areas of interest in medical research
- Genetic data.
Your personal information may be collected through either volunteering it through one of our Websites or in the context of live interview or screening telephone calls or meetings with our representatives. Please be aware that by providing your personal information you consent to a member of our team contacting you directly by way of following-up with you, including contacting you directly by telephone or other means, including SMS text messages, and adding your personal information to our Patient Recruitment Databases.
In this context, we are the controller of the personal data.
Uses of your personal data. As discussed earlier, the main purpose of collecting personal data in Patient Recruitment Data Bases is to match patients to suitable clinical trials and research projects based on the individuals’ areas of medical interest. For example, if an individual with type II diabetes expresses a desire to participate in clinical research or avail of novel treatments for type II diabetes or associated symptoms:
- they may volunteer their contact information and relevant health information to us for inclusion in a Patient Recruitment Database
- an Accellacare client or Sponsor who is developing novel treatments for type II Diabetes or symptoms may engage us to help refer interested potential patients who are willing to try an experimental treatment in a controlled clinical trial environment
- if the Accellacare client’s or Sponsor’s clinical trial eligibility criteria align with the individual’s information stored in our Patient Recruitment Database and it is being conducted within their geographical reach, we can contact the individual and refer them to a suitable clinic where medical screening of potential clinical trial participants is being performed. Please be aware the screening process is generally done face-to-face and will require you to supply additional personal information to us and/or the parties managing the study and separate privacy terms may apply to additional personal information collected at that stage.
We may use your Personal Information to respond to subsequent requests you may make of us, and from time to time, we may refer to your personal information to better understand your needs and how we can improve our websites, products and services on the basis of our legitimate interests in doing so. We may enhance or merge your personal information with data obtained from third parties for the same purposes. Any other information transferred by you which cannot be used to identify you (and which, therefore, does not constitute personal information) may be included in databases owned and maintained by us or our agents worldwide. We may also use anonymised personal data to run general statistical analysis in support of patient recruitment and similar analytical purposes.
2.5 Patients participating in clinical trials at one of our owned Study Sites
Certain Accellacare services involve us acting as a clinic or similar medical site (referred to as a “Study Site”). Study Sites may be owned by us, or they may be independent Study Sites with which we have a contractual relationship. Patients and other individuals (for convenience referred to as “Study Participants”) participating in a clinical trial or other medical research study (each a “Study”) may attend or share information with Study Sites for various Study related reasons. These reasons include activities such as medical screening to check if being a Study Participant is appropriate for a particular individual. After an individual has undergone a medical screening and provided their informed consent to participate in a Study, an individual may be enrolled in that Study.
Purposes and uses of personal data. The personal data and purposes for which Study Participants’ personal data will be used by Study Sites and Sponsors will depend on the nature of the Sponsor’s study and will be addressed in more detail in Study specific consent documentation. As such, Study Participants should look to that documentation to understand how their personal data is processed.
To give an overview, generally, if enrolled in a Study, Study Participants will likely attend the Study Site to be prescribed, provided with or administered with a Study drug, treatment or device that is the subject of the Study. Study Participants might attend the Study Site or be in contact with Study Site representatives at regular intervals throughout the Study to enable the Study Site to collect health information from them that is relevant to the study or in order to monitor their health during the Study. During a Study, Study Participants may be in communication with a Study Site and other representatives for reasons such as scheduling follow up visits or referrals to other medical appointments associated with the Study. Study Participants may also share information with Study sites remotely through mobile applications e.g. where regular patient status updates are needed for the particular Study. Study Sites may also, to the extent necessary, process personal data relating to Study Participants’ spouses, partners, care givers, and relatives if they are involved in the participants’ participation in a Study at the Study Site e.g. parents involved in decision making of child participants or spouses involved in the care of an incapacitated participant.
- Depending on the nature of the Study, usually these activities are overseen by a medical doctor known as a “Principal Investigator” who is responsible for Study Participants’ medical care at the Study Site. These activities and related data collection may also be administered by other members of the Study team at the Study Site who operate under the Principal Investigator’s supervision e.g. Study coordinators, nurses and other medical professionals.
Certain personal data will be made accessible to the Study Sponsor and its agents in accordance with the Sponsor’s study protocol (“Sponsor Data”). Sponsor Data is used by the Sponsor to make decisions about the Study, to perform research or analysis relating to the Study and to make decisions about the drug, device or treatment that is the subject of the Study. Study Data is generally pseudonymised, meaning names and other information that could identify a Study Subject is not included in the Sponsor Data. Instead, Study Participants’ are typically identified by a code. Principal Investigators, members of the Principal Investigators’ Study team and authorized personnel, including Contract Research Organisations appointed by Sponsors to monitor Study Sites’ compliance with the Protocol and other auditors, may access Study Participant identifying records in certain circumstances.
Who is the controller? Depending on the processing activity, the relevant controller may be the Study Site or the Sponsor. As the Study Site is responsible for the medical care of Study Participants and the Sponsor is responsible for the medical research the Study concerns, we generally regard the Sponsor as the controller of activities in respect of Sponsor Data, and the Study Site as the controller of activities in respect of medical records which are kept by the Study Site.
2.6 Client Personnel
Client business representatives and agents. For Individuals sharing personal Information with us in order to inquire about, engage or otherwise make use of Accellacare services or purchase, receive or seek information from us, including about any Accellacare products and services, vendors or opportunities to participate in clinical research, we will use such personal information in order to provide the requested information, products, and/or services and to process requested transactions. We may also use this personal data to improve the quality of our services, send and receive communications about the products and services available through us, and to enable our business partners and agents to perform certain activities on our behalf.
Use of personal information of client business representatives and agents in relation to Accellacare activities. For individuals engaged by our clients and collaborating with us in connection with projects for which we are providing services, including client employees, study personnel, and other consultants, contractors, managers, and agents (who are natural persons) of the client and its corporate affiliates, business partners and third-party service providers, personal information may be used by us in order to carry out the applicable services and related activities. This may include the transfer of such personal information to the applicable vendors, its corporate affiliates, business partners and third-party service providers performing services related to the project (e.g., study data management, clinical research monitoring services, safety monitoring, etc.).
2.7 Vendor Personnel
ICON operates contact centers on behalf of our clients for the purpose of providing medical information to health professionals, patients and other interested parties on specific pharmaceutical and other medical products sold by our clients and our clients’ clinical and research studies. ICON acts as a data processor in this scenario. Some of these contact centers also collect adverse event information and deliver this to relevant pharmacovigilance professionals for processing and reporting as required by applicable regulations. Personal data on those who call or email our contact centers are only collected to process requests for information and allow adverse event reporting. Calls may be recorded for quality assurance purposes. Callers (inbound and outbound) are notified if their call is recorded.
2.8 Client Personnel
Client business representatives and agents. For Individuals sharing personal Information with ICON in order to inquire about, engage or otherwise make use of ICON services or purchase, receive or seek information from ICON, including about any ICON products and services, vendors or opportunities to participate in clinical research, we will use such personal information in order to provide the requested information, products, and/or services and to process requested transactions. We may also use this personal data to improve the quality of our services, send and receive communications about the products and services available through ICON, and to enable our business partners and agents to perform certain activities on our behalf.
Use of personal information of client business representatives and agents in relation to ICON activities. For individuals engaged by ICON’s clients and collaborating with ICON in connection with projects for which ICON is providing services, including client employees, study personnel, and other consultants, contractors, managers, and agents (who are natural persons) of the client and its corporate affiliates, business partners and third-party service providers, personal information may be used by ICON in order to carry out the applicable services and related activities. This may include the transfer of such personal information to the applicable vendors, its corporate affiliates, business partners and third-party service providers performing services related to the project (e.g., study data management, clinical research monitoring services, safety monitoring, etc.).
2.9 Vendor Personnel
Vendor business representatives and agents. Vendor representatives may share personal information with us in order to provide us information about services e.g. business support services, health care products and services, opportunities to participate in clinical research, health care education and patient related programs which may be available through a vendor. We will use any personal information provided by the vendor and its representatives in order to receive and assess the vendor related information, products, and/or services and potentially close associated contracts. Uses may include processing for requested transactions, reviewing the quality of the vendor’s services, sending and receiving communications about the products and services available through the vendor, and enabling our business partners, clients and agents to perform activities and make decisions in relation to the vendor.
Use of personal information of vendor business representatives and agents in relation to activities performed by vendors for us and our clients. For vendors engaged by us to perform services for us, including in relation to research studies being managed by us and our clients your personal information may be used by us in order to carry out the projects, activities and other related services in connection with which the vendor is engaged by us. This may include the transfer of such personal information to the applicable our study sponsor or client, other vendors involved in a project for which a vendor is engaged and such parties’ respective corporate affiliates, business partners and third-party service providers performing services or activities related to the project or activities for which a vendor is engaged by us (e.g., study data management, clinical research monitoring services, safety monitoring, etc.).
3. More Information
3. More Information
3.1 International and third party transfers of personal information
To operate as a global business it may be necessary to process and transfer personal information within our businesses and with agents, contractors or partners of ours in connection with services that these individuals or entities perform for, or with, us. This may involve transferring personal information outside the European Economic Area (EEA) to the USA and elsewhere. These agents, contractors or partners are restricted from using this information in any way other than to provide services for us, or services for the collaboration in which they and us are engaged. We may, for example, provide your information to agents, contractors or partners for hosting our databases, for data processing services, or so that they can send you information that you requested.
Regardless of whether the transfer is within our group or to a third party, we will apply appropriate safeguards to such transfers as required by applicable law. For example, transfers to non-EEA countries will usually be governed by EU-approved “standard contractual clauses” where appropriate and will be subject to other appropriate technical and organisational measures having regard to the nature of the personal data. For more information, please contact us.
3.2 Legal Basis for use of your personal information
3.2.1. With your Consent: In cases where we need your consent to process your information, we will ask you to make a positive indication (e.g. to tick a box, sign a document, provide confirmation) that you agree to the processing. By actively providing consent, you are stating that you have been informed as to the type of information that will be processed, the reasons for such processing and how it will be used and for how long it will be kept and who else has access to it. Where we may rely on consent to process your information, you have the right to withdraw that consent for that activity at any time.
3.2.2. To fulfill a contract: In other cases we process your personal data because it is necessary to deliver a service you have requested.
3.2.3. For a Legitimate Interest: We may process your personal data on the basis of our legitimate interests in using your data for the purposes described in this Policy. Examples of our legitimate interests include the following:
- Processing your information in relation to investigator opportunities with us;
- To improve our services;
- To protect the security and integrity of our websites and mobile applications;
- To protect any of our property or rights or obligations and/or the property, rights or obligations of third parties where we may have an obligation or liability in respect of these;
- To take precautions against potential liability on our part;
- To analyze therapeutic trends and gather anonymized geographic statistics; and
- To correct technical errors and to technically process your personal data.
You can object to us relying on our legitimate interest to use your personal data in these ways at any time as described under “Your Personal Data Rights” below.
3.2.4. To comply with Legal Obligations: There may be situations where we need to use your information to comply with legal obligations, applicable regulation and judicial process. For example, we are required by law to keep certain records for specific periods of time.
3.3 Your Personal Data Rights
You have certain rights in respect of the personal data that we hold about you. Subject to certain exemptions and local law, these rights may include the following:
- Right to withdraw consent – if we are processing your personal data on the basis of your consent, you are entitled to withdraw your consent to that processing at any time (see contact details section). However, the withdrawal of your consent will not invalidate any processing we carried out prior to the withdrawal of your consent.
- The right of access to your personal data – you can request a copy of the personal data we hold about you.
- The right to rectification – you have the right to request that we correct any inaccuracies in the personal data we hold about you and complete any personal data where this is incomplete.
- Right to erase your personal data (right to be forgotten) - You have the right to be forgotten in certain circumstances including, for example, where the personal data are no longer needed for the purpose for which they were collected. However, this right does not apply where, for example, processing is necessary to comply with a legal obligation, or for the establishment, exercise or defense of legal claims.
- The right to restrict the processing of your personal data - You have the right to ask us to restrict certain processing activities in some circumstances, including, for example, where the accuracy of the data in question is contested. Where processing has been restricted, we can only process it for limited purposes such as, for example, the establishment, exercise or defense of legal claims.
- The right of data portability - You have the right to have your data returned to you or to a third party in certain cases.
- The right to object – You have a right to object to the processing of your personal data in certain cases. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interest.
To exercise any of the above rights, please notify us at the address provided in section 3.6. “Inquiries, complaints and requests to exercise rights” below, unless you are a patient in a Study Site in which case please notify the relevant Study Site you are attending. We may request proof of identification to verify your identity. Where ICON is the relevant data controller, we will carefully assess your request and, subject to applicable laws and exceptions, will respond within the relevant legal time limits.
3.4 Data Quality and record retention
3.5 Information security
We ensure appropriate technical and organizational measures are taken to protect the personal and sensitive data you provide us with from unauthorized or unlawful processing and to protect against accidental loss, destruction or damage. Our Websites, Apps and electronic databases have security measures in place to protect the loss, misuse, unauthorized access or disclosure, alteration or destruction of the information under our control. However, as effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet.
3.6 Inquiries, complaints and requests to exercise rights
The responsible data controller for Accellacare is ICON Clinical Research Limited. If you feel your data protection rights have been infringed by us, you have the right to complain to your local data protection supervisory authority. Our lead supervisory authority in Europe is the Data Protection Commission in Ireland (see www.dataprotection.ie).
Questions, comments or requests to exercise your rights should be submitted to our Global Data Protection Officer as follows:
Global Data Protection Officer
South County Business Park
By Email: Data_Privacy_Officer@iconplc.com.
3.7 Legal status of policy and policy changes
This Policy is not a contract, and it does not create any legal rights or obligations. We reserves the right to modify or amend this Policy. For instance, the Policy may need to change as new legislation is introduced or as legislation is amended. Where we have your contact details, we will notify you of any material changes.
10 February, 2021