Privacy Shield Notice

PAREXEL’s Notice of Certification Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Effective as of May 8, 2017

PAREXEL’s Privacy Policy sets forth the privacy principles that PAREXEL follows in connection with the transfer of personal information from European Economic Area (EEA) member countries and Switzerland  to the United States of America (U.S.). PAREXEL values the confidence of its customers and respects individual privacy, including personal information of candidates, employees, business partners / customers, investors, patients, clinical research participants, clinical research site staff, Investigators and Health Care Professionals.

Scope: PAREXEL International Corporation and its controlled U.S. subsidiaries (PAREXEL)* has certified to the U.S. Department of Commerce (DoC) that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability to all personal information received from EEA member countries and Switzerland in reliance on the Privacy Shield. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.

Data processed: PAREXEL comply with the Privacy Shield Framework regarding the collection, use, and retention of personal information transferred from EEA member countries and Switzerland to the U.S. pertaining to:

  • clinical research site staff such as Investigators and Health Care Professionals
  • potential and active clinical research participants and patients (to the extent the transferred data sets are not key-coded as outlined under the Privacy Shield Supplemental Principle 14. Pharmaceutical and Medical Products, g. Key-coded Data) **
  • human resources such as candidates (Please be advised that PAREXEL maintains an internal policy that addresses the compliance with the Privacy Shield Principles for employees)
  • business partners / customers
  • vendors / suppliers
  • investors.

Purposes of data processing: PAREXEL collects, uses and retains personal information:

  • as agent / data processor for the purpose to host it on behalf of business partners / customers and/or to provide clinical research services, clinical research management, consulting services, clinical research support activities, and statistical analysis of clinical studies on pharmaceutical products and/or regulatory affairs services and/or pharmacovigilance services to business partners / customers based on agreements executed between business partners / customers and PAREXEL;
  • as data controller for the purpose to recruit potential clinical research participants, Investigators and for customer relationship management, customer service, social engagement, community building and data analytics purposes;
  • as data controller for the purpose to recruit personnel and for the purpose of administering and carrying out the employment or personnel relationship.

Third parties who may receive personal information: PAREXEL’s accountability for personal information that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, PAREXEL remains responsible and liable under the Privacy Shield Principles if third party agents that it engages to process the personal information on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless PAREXEL proves that it is not responsible for the event giving rise to the damage.

Compelled disclosure: PAREXEL may be required to disclose personal information received from EEA member countries and Switzerland  in reliance on the Privacy Shield in response to lawful requests by U.S. public authorities, including to meet national security or law enforcement requirements.

Your rights to access, to limit use, and to limit disclosure: Inhabitants of EEA member countries and Switzerland have rights to access personal information about them, and to limit use and disclosure of their personal information. With our Privacy Shield certification, PAREXEL has committed to respect those rights. Because PAREXEL personnel have limited ability to access data research site staff and Investigators or our business partners / customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the research site staff and Investigators or PAREXEL business partner / customer who submitted your personal information to our services. We will refer your request to that research site staff and Investigators or business partner / customer, and will support them as needed in responding to your request.

Inquiries and complaints: In compliance with the Privacy Shield Principles, PAREXEL commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact PAREXEL’s Americas Regional Privacy Officer by writing to us at: PAREXEL International Corporation, 195 West Street, Waltham, MA 02451, USA or privacy@parexel.com.

PAREXEL has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means.

U.S. Federal Trade Commission enforcement: PAREXEL`s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

* The following subsidiaries are included in PAREXEL's Privacy Shield Certification:

ClinPhone California LLC

Datafarm Acquisition LLC

DataLabs LLC

EP Technical, Inc.

ExecuPharm Holding Company, Inc.

ExecuPharm International, LLC

ExecuPharm Payroll Company, Inc.

ExecuPharm, Inc.

Health Advances LLC

HERON Evidence Development LLC

Informatics Blocker Corp.

Liquent LLC

PAREXEL (IMC), Inc.

PAREXEL International Corporation

PAREXEL International Dutch Holding LLC

PAREXEL International Holding Corporation

PAREXEL International, LLC

PAREXEL Medical Marketing Services (NJ), LLC

Perceptive Informatics LLC

Perceptive Informatics, LP

Perceptive Services LLC

PPSI, Inc.

The Center for Bio-Medical Communication, Inc.

The Medical Affairs Company LLC

TMAC Direct, LLC

West Street Blocker LLC

West Street Holdings, Inc.

West Street Intermediate Holdings Corp.

** Please be advised that in respect to the collection, use, and retention of Key-coded Data of clinical research participants and patients PAREXEL is committed to the confidentiality, integrity and availability of such personal information as well and is putting in place other mechanisms to ensure a compliant transfer of such personal information from EEA member countries to the U.S.