Medpace, Inc., and its global affiliates (the Medpace group of organizations, or Medpace) is a full service clinical research organization. Our mission is to accelerate the global development of safe and effective medical therapeutics.
Medpace is committed to respecting the privacy of individuals, and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, including personal data collected on our website, personal data that may be provided for clinical trials, personal data collected from employees, and personal data collected from investigators, their staff and any third party vendors. Medpace has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Medpace complies with laws around the globe relating to data protection and privacy.
PRIVACY SHIELD: Medpace adheres to the seven Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity, Access, and Recourse, Enforcement and Liability as they relate to personal data. Medpace has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. Medpace verifies compliance to the Principles through self-assessment. The Privacy Policy covering human resources data can be accessed on our intranet website by all employees.
CLINICAL TRIAL SUBJECTS: Medpace collects anonymized medical and health information about the individuals that take part in clinical trials through physician investigators. The physician investigators, who examine the individuals before and during the clinical trials, are responsible for ensuring that the individuals understand and consent to the gathering of sensitive personal data relating to an individual’s health and lifestyle, and the transfer of such anonymized information to third parties who may be providing services for the clinical trial. The requirements of data protection and data privacy laws generally mandate that consent must be obtained before any health or sensitive data is collected from individuals. These informed consent agreements state that data may be transferred to other countries and to other parties.
INVESTIGATOR PHYSICIANS: Medpace collects personal data about the investigator physicians and staff of such physicians in the hospitals and clinics that take part in a clinical study. This allows Medpace to quickly identify and contact physicians for participation in clinical studies. Medpace complies with data protection laws that require physician investigators to receive notice about the collection of their personal data and the right to access, modify or delete their personal data. If an investigator or any staff member wishes to modify, correct or delete its data from Medpace, they may contact us at privacy@medpace.com.
IT AND SECURITY: Medpace maintains a high level of information technology security, particularly in relation to all of the personal data we collect. Medpace has in place physical, electronic and managerial procedures to safeguard and secure the information we collect. Medpace’s data from clinical trials is stored in a special web-based proprietary software program known as ClinTrak®, to which only authorized personnel can access on a need to know basis. Access to other personal data is restricted to those authorized employees on a need to know basis depending what type of work they are performing for Medpace. All employees receive training, and are required to read and understand the Privacy Shield framework. Medpace deploys encryption, firewalls, access controls, and other procedures to protect data from loss, misuse, unauthorized access, disclosure, alteration and destruction. Medpace may at times be required to disclose personal information in response to lawful requests by legal or regulatory authorities.
TRANSFER TO THIRD PARTIES: To facilitate the purposes of clinical research, personal data may be shared in the normal course and scope of business with third parties to whom Medpace has chosen to outsource work. In the event that personal data is transferred to a third party, Medpace requires in its agreements with third parties that adequate privacy precautions are taken that provide the same level of privacy protection as is required by the Principles of the Privacy Shield. In certain circumstances, Medpace may remain responsible and liable under Privacy Shield Principles if such third parties process the personal data in a manner inconsistent with the Privacy Shield Principles.
RIGHT OF ACCESS AND CHOICE: In accordance with Privacy Shield, E.E.A. and Swiss citizens whose data is collected have a right to access, modify or suppress personal data, or to elect not to have personal data disclosed to a third party, or used for any purpose materially different from the purposes stated within this Privacy Policy, by contacting the Medpace Privacy Officer at privacy@medpace.com or Privacy Officer, 5375 Medpace Way, Cincinnati, OH 45227. Please note that a clinical trial participant may not access its data during the clinical trial if the disclosure of such information would jeopardize the integrity of the research effort. Following the conclusion of the trial, participants may have access to their data if they so request it. It should be requested first from the physician or health care provider from whom they received treatment.
ENFORCEMENT, RECOURSE AND LIABILITY: The Medpace group of organizations is subject to the Federal Trade Commission (FTC) investigatory and enforcement powers ensuring Medpace’s compliance with the Privacy Shield framework. In compliance with the Privacy Shield Principles, Medpace commits to resolve complaints about our collection or use of your personal information. E.E.A. and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact privacy@medpace.com or Privacy Officer, 5375 Medpace Way, Cincinnati, OH 45227. Medpace agrees to respond to the complaint within 30 days of its receipt. For any complaints that cannot be resolved with Medpace directly, Medpace commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner, and comply with the advice given by the panel and the Commissioner with regard to data transferred from the EU and Switzerland. The DPAs can be found here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm, and the Swiss Federal Data Protection and Information Commissioner can be found here: https://www.edoeb.admin.ch/?lang=en. The FTC has committed to reviewing on a priority basis referrals alleging non-compliance with the Principles of the Privacy Shield framework. If the complaint is not resolved using the independent recourse mechanism, as a last resort, the Privacy Shield framework provides for binding arbitration from a Privacy Shield Panel, made up of three neutral arbitrators.
E.E.A. and Swiss citizens who pursue resolution of a data protection dispute will not be charged any costs by Medpace associated with resolution of the dispute. However, in pursuing the final option of binding arbitration, each party will bear its own legal fees.
COOKIES: This website uses “cookies,” which is information that our web server sends to your computer when you access a website. This information enables our website to track where you go on our website. The cookies help us analyze how our website is used, and help us to improve it. You may refuse the use of cookies by selecting a setting on this website. Please note that if you choose to refuse cookies you may not be able to use certain features of this website. In some cases, your IP address, which is a number assigned to your computer by your internet service provider, may be collected. The cookies we send and the IP address does not allow us to identify you, it only allows us to identify the computer you are using.
HOW TO CONTACT US: To ask questions about this Privacy Policy or to exercise any rights you may have under privacy or data protection laws, you may contact us at 5375 Medpace Way, Cincinnati, Ohio 45227 Attention: Privacy Officer, or privacy@medpace.com.
Effective Date of this Global Privacy Policy: as of August 1, 2016, modified on 9/19/2016, 4/10/17 and 12/6/17
