For years, Sara worked in a hospital, making care possible for others. Now, after being diagnosed with breast cancer, she was the one in need of care.
Effective as of September 2023
Parexel’s EU-U.S. Data Privacy Framework (EU-U.S. DPF) Policy sets forth the privacy principles that Parexel follows in connection with the transfer of personal information from European Economic Area (EEA)**. Parexel values the confidence of its customers and respects individual privacy, including personal information of business partners / customers, investors, patients, clinical research participants, Investigators and Health Care Professionals, and clinical research site staff.
Advisory: Parexel may continue to rely on alternative data transfer mechanisms deemed appropriate by the relevant authorities to transfer data collected from the EEA to the U.S., such as EU Standard Contractual Clauses. When Parexel is acting as an agent/data processor, Parexel will follow the instructions of the data controller on the mechanism relied upon for data transfers.
Data processed: Parexel complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) regarding the collection, use, and retention of directly or indirectly identifiable personal information transferred from the EEA to the U.S. pertaining to:
HR Data: Parexel’s EU-U.S. Data Privacy Framework (EU-U.S. DPF) certification does not apply to the transfer of human resource data.
Purposes of data processing: Parexel collects, uses and retains personal information:
Parexel’s role as a Clinical Research Organization (CRO) is that of an agent / data processor, and will be Parexel’s main role when transferring personal data from the EEA to the U.S.
Third parties who may receive personal information: Parexel’s accountability for personal information that it receives under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and subsequently transfers to a third party is described in the EU-U.S. Data Privacy Framework (EU-U.S. DPF) Principles. In particular, Parexel remains responsible and liable under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) Principles if third party agents that it engages to process the personal information on its behalf does so in a manner inconsistent with EU-U.S. Data Privacy Framework (EU-U.S. DPF) Principles, unless Parexel proves that it is not responsible for the event giving rise to the damage.
Compelled disclosure: Parexel may be required to disclose personal information received from the EEA in reliance on the EU-U.S. Data Privacy Framework (EU-U.S. DPF) in response to lawful requests by U.S. public authorities, including to meet national security or law enforcement requirements.
Your rights to access, to limit use, and to limit disclosure: Inhabitants of the EEA have rights to access personal information about them, and to limit use and disclosure of their personal information. Parexel’s EU-U.S. Data Privacy Framework (EU-U.S. DPF) certification shows Parexel’s commitment to respect those rights. Parexel personnel have limited ability to access personal data, because research site staff and Investigators or our business partners / customers retain the key to the key-coded data. If you believe Parexel has your data and wish to request access, to limit use, or to limit disclosure, please provide the name of the research site staff and Investigators or Parexel business partner / customer who submitted your personal information to our services. Parexel will refer your request to that research site staff and Investigators or business partner / customer and will support them as needed in responding to your request.
Inquiries and complaints: In compliance with the EU-U.S. DPF Parexel commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EEA individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact Parexel at: Parexel International Corporation, 2520 Meridian Parkway, Durham, NC 27713, USA or firstname.lastname@example.org.
In compliance with the EU-U.S. DPF Parexel commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF.
U.S. Federal Trade Commission enforcement: The Federal Trade Commission has jurisdiction over Parexel’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
** EEA consists of the 27 EU member countries plus Iceland, Liechtenstein and Norway