PAREXEL’s Notice of Certification Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
Effective as of May 8, 2017
Data processed: PAREXEL comply with the Privacy Shield Framework regarding the collection, use, and retention of personal information transferred from EEA member countries and Switzerland to the U.S. pertaining to:
- clinical research site staff such as Investigators and Health Care Professionals
- potential and active clinical research participants and patients (to the extent the transferred data sets are not key-coded as outlined under the Privacy Shield Supplemental Principle 14. Pharmaceutical and Medical Products, g. Key-coded Data) **
- human resources such as candidates (Please be advised that PAREXEL maintains an internal policy that addresses the compliance with the Privacy Shield Principles for employees)
- business partners / customers
- vendors / suppliers
Purposes of data processing: PAREXEL collects, uses and retains personal information:
- as agent / data processor for the purpose to host it on behalf of business partners / customers and/or to provide clinical research services, clinical research management, consulting services, clinical research support activities, and statistical analysis of clinical studies on pharmaceutical products and/or regulatory affairs services and/or pharmacovigilance services to business partners / customers based on agreements executed between business partners / customers and PAREXEL;
- as data controller for the purpose to recruit potential clinical research participants, Investigators and for customer relationship management, customer service, social engagement, community building and data analytics purposes;
- as data controller for the purpose to recruit personnel and for the purpose of administering and carrying out the employment or personnel relationship.
Third parties who may receive personal information: PAREXEL’s accountability for personal information that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, PAREXEL remains responsible and liable under the Privacy Shield Principles if third party agents that it engages to process the personal information on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless PAREXEL proves that it is not responsible for the event giving rise to the damage.
Compelled disclosure: PAREXEL may be required to disclose personal information received from EEA member countries and Switzerland in reliance on the Privacy Shield in response to lawful requests by U.S. public authorities, including to meet national security or law enforcement requirements.
Your rights to access, to limit use, and to limit disclosure: Inhabitants of EEA member countries and Switzerland have rights to access personal information about them, and to limit use and disclosure of their personal information. With our Privacy Shield certification, PAREXEL has committed to respect those rights. Because PAREXEL personnel have limited ability to access data research site staff and Investigators or our business partners / customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the research site staff and Investigators or PAREXEL business partner / customer who submitted your personal information to our services. We will refer your request to that research site staff and Investigators or business partner / customer, and will support them as needed in responding to your request.
Inquiries and complaints: In compliance with the Privacy Shield Principles, PAREXEL commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact PAREXEL’s Americas Regional Privacy Officer by writing to us at: PAREXEL International Corporation, 195 West Street, Waltham, MA 02451, USA or email@example.com.
PAREXEL has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means.
U.S. Federal Trade Commission enforcement: PAREXEL`s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
* The following subsidiaries are included in PAREXEL's Privacy Shield Certification:
ClinPhone California LLC
Datafarm Acquisition LLC
EP Technical, Inc.
ExecuPharm Holding Company, Inc.
ExecuPharm International, LLC
ExecuPharm Payroll Company, Inc.
Health Advances LLC
HERON Evidence Development LLC
Informatics Blocker Corp.
PAREXEL (IMC), Inc.
PAREXEL International Corporation
PAREXEL International Dutch Holding LLC
PAREXEL International Holding Corporation
PAREXEL International, LLC
PAREXEL Medical Marketing Services (NJ), LLC
Perceptive Informatics LLC
Perceptive Informatics, LP
Perceptive Services LLC
The Center for Bio-Medical Communication, Inc.
The Medical Affairs Company LLC
TMAC Direct, LLC
West Street Blocker LLC
West Street Holdings, Inc.
West Street Intermediate Holdings Corp.
** Please be advised that in respect to the collection, use, and retention of Key-coded Data of clinical research participants and patients PAREXEL is committed to the confidentiality, integrity and availability of such personal information as well and is putting in place other mechanisms to ensure a compliant transfer of such personal information from EEA member countries to the U.S.