Med Communications, Inc and Med Communications International SÀRL, including its wholly owned subsidiaries (together referred to as “Med Communications”), respects individual privacy and values the confidence of our contract clients, employees, business partners, and others. Med Communications is committed to protecting any Personal Information that is collected, transmitted, or stored. Med Communications strives at all times to maintain the highest business ethical standards and to comply with the applicable state, federal, and international requirements for the protection of personally identifiable information.
For the purposes of this Privacy Statement, the following definitions shall apply:
“Affiliate” means any third party that is under common control with Med Communications.
“Agents” mean a third party who represents and acts for Med Communications pursuant to a duly executed contract or is otherwise duly authorized by Med Communications to perform such representation and acts.
“Service Provider” means any consultants and contractors (including temporary employees) about whom Med Communications has Personal Information, who are providing or have provided consulting or contracting services to Med Communications.
“Med Communications” means Med Communications, Inc, and Med Communications International SÀRL and subsidiaries.
“Med Communications website” means the website controlled by Med Communications and subject to the Med Communications Website Privacy Statement.
“Personal Information” means any information or set of information that relates to a data subject. Identification of an individual can be either direct or indirect and can be made by or on behalf of Med Communications.
“Pseudonymization” means the processing of Personal Information in such a manner that such information can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Information is not attributed to a data subject.
“Principles” means the EU – U.S. Privacy Shield and U.S. – Swiss Privacy Shield Principles.
“Sensitive Personal Information (SPI)” means a Med Communications-defined subset of Personal Information (similar to the EU-defined Sensitive Personal Data, with additional attributes). SPI includes information revealing unique government identifiers; financial information; racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data; biometric data; data concerning health, sex life, or sexual orientation; or any criminal offenses (alleged or otherwise).
The collection, processing, storage, use, and disclosure of Personal Information in the business context is essential to the conduct of many of the company’s business functions. Med Communications may collect, process, store, use, and disclose Personal Information from individuals directly and/or from third parties, subject to applicable law. Med Communications does not sell Personal Information.
Med Communications processes Personal Information where you consent to us doing so. However, there are a number of instances where Med Communications does not require your consent to engage in the processing or disclosure of Personal Information. Med Communications may not solicit your consent for the processing or transfer of Personal Information for those purposes which have a statutory basis, such as:
- The transfer or processing is necessary for the performance of a contract, concluded in your interest, between Med Communications and a third party;
- The transfer or processing is necessary, or legally required, on important public interest grounds, for the establishment, exercise, or defense of legal claims, or to protect your vital interests; or
- The transfer or processing is required by applicable law.
Med Communications collects, uses, and discloses your Personal Information in its normal course of business for the following purposes:
- Establishing and maintaining communications with you;
- Where you have requested participation in a clinical trial of a Med Communications-contracted client;
- Disease management, education, or decision support systems related to the use of Med Communications or services;
- Reporting of adverse events and product quality complaints as required for regulatory compliance;
- Meeting legal, security, processing, and regulatory requirements;
- Protecting against fraud, suspicious, or other illegal activities; and
- Compiling statistics for analysis for our services.
Med Communications commits to cooperating with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship.
What data we collect
For personal information collected on behalf of contracted clients:
Where you request medical information
If you contact us by any means to request information, we will request a name, contact phone number, and the reason for your communication; as well as information about your position, organization, and such other information as is reasonably necessary so that we can provide you with the service. Individuals should not provide Med Communications with any Personal Information that is not specifically requested.
Where you participate in clinical trials
If you participate in a clinical trial with one of our clients, we will collect Personal Information about you as is necessary to fulfill the purpose of the clinical trial. This can include SPI such as biological and medical information about you. However, as required by the Principles, Personal Information will be pseudonymized, as appropriate, to both protect your privacy as well as maintain the integrity of the clinical trial.
Where you report an adverse event or product quality complaint
If you contact us by any means to report an adverse event or product quality complaint, whether knowingly doing or not, we will request a name, contact phone number, and the reason for your communication; as well as information about your position, organization, and such other information as is reasonably necessary so that we can provide you with the service. For adverse events, we may also request a detailed history of the events, patient initials and date of birth, and medical history including concomitant medications. For product quality complaints, we will also request information on the product lot number, pharmacy name, and prescribing health care provider. Other information may be requested so that we may meet the expectations of our client and regulatory agencies.
For Personal Information collected for business development:
Where you request information about our services
If you request further information about our services, we require you to submit your name, e-mail address, the name of your organization, and the country in which you are based so we may send you the material you have requested and to enable us to identify whether you have an existing relationship with Med Communications.
Disclosure of Personal Information to others
Third parties to whom we disclose information are required by law and contractual undertakings to keep your Personal Information confidential and secure and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances, in compliance with all applicable legislation. Examples of appropriate purposes include:
- As is necessary to meet requirements of a clinical trial to which you are a participant or would like to be a participant;
- To provide the services you have requested from us;
- For legal, regulatory, and related purposes; and
- To process transactions through data processing service providers.
If these third parties wish to use your Personal Information for any other purpose, they will have a legal obligation to notify you of this and, where required, to obtain your consent. Contact us at firstname.lastname@example.org for more information on these third parties.
Internal sharing and client sharing
Any Personal Information collected by Med Communications on behalf of contracted clients is the property of that contracted client. The contracted client is responsible for ensuring that the data subjects are notified about the identity of the data controller or its representatives, the purposes for which it is collecting, processing, or maintaining the data, and any further information that may be required by the circumstances under which the data is collected. Where agreed between Med Communications and the contracted client, Med Communications will use and disclose such information in accordance with the notices provided by the contracted client and the choices made by the data subject whom such Personal Information relates.
Other legally required disclosures
Med Communications reserves the right to disclose without your prior permission any Personal Information about you if Med Communications has a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of Med Communications, employees, other users of the website, or the public; (b) enforce the terms and conditions that apply to use of the Med Communications website; (c) as required by a legally valid request from a competent governmental authority and/or to comply with a judicial proceeding, court order, or legal process; or (d) respond to claims that any content violates the rights of third parties. We may also disclose Personal Information as we deem necessary to satisfy any applicable law, regulation, legal process, or governmental request.
Where Med Communications relies on consent for the fair and lawful processing of Personal Information, the opportunity to consent will be provided prior to when the Personal Information in question is collected. Your consent may be given through your authorized representative such as a legal guardian, agent, or holder of a power of attorney. Where Med Communications relies on consent, you will be entitled to withdraw that consent at any time. The contracted client will be responsible for offering the data subjects the opportunity to choose the option (opt-in/opt-out) for use and disclosure of Personal Information. Where agreed between Med Communications and the contracted client, Med Communications will use and disclose such information in accordance with the notices provided by the contracted client and the choices made by the data subject to whom such Personal Information relates.
For SPI, Med Communications will provide individuals the opportunity to affirmatively and explicitly authorize or consent to the collection, processing, transfer, or disclosure of their SPI to a non-agent third party or the use of their SPI for a purpose other than the one for which the individual originally consented.
Med Communications has implemented reasonable physical, technical, and managerial controls and safeguards to keep your Personal Information protected from unauthorized access, disclosure, alteration, and destruction. Such measures may include, but are not limited to, the encryption of communications via secure sockets layer (SSL), encryption of information while it is in storage, firewalls, access controls, separation of duties, and similar security protocols.
Data Integrity and Purpose Limitation
Med Communications will use Personal Information only in ways that are compatible with the purposes for which it was collected, or consented to by the individual. Med Communications will have appropriate steps in place to ensure that Personal Information is relevant to its intended use, accurate, complete, and current. Med Communications will only store Personal Information for as long as it is needed to fulfill the purposes for which it was collected, subject to applicable data retention periods imposed upon Med Communications by applicable law. This may mean that your Personal Information is stored by Med Communications for a number of years, depending on the purpose and need for that data to be processed. For more information about retention periods for Personal Information, please refer to the contact information section below.
Where individuals have rights under laws applicable to them and upon written request, Med Communications will grant individual’s access to Personal Information that it holds about them, subject to any legal restrictions. In addition, Med Communications will permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete or to object to certain types of processing of such information or to data portability, in certain circumstances and subject to certain exceptions provided by law. Med Communications may not be able to comply with a request where Personal Information has been destroyed, erased, or made anonymous in accordance with company record retention obligations and practices. In the event that Med Communications cannot provide an individual with access to his/her Personal Information, Med Communications will endeavor to provide the individual with an explanation, subject to any legal or regulatory restrictions.
Recourse, Enforcement and Liability
Individuals may contact Med Communications regarding any question or complaint regarding the collection, processing, and transfer of their Personal Information by emailing email@example.com. Med Communications will promptly investigate and respond to complaints within 45 calendar days of their receipt. Med Communications will attempt to resolve complaints, disputes, and requests to revoke consent regarding collection, processing, transfer, and disclosure of Personal Information in accordance with the principles contained in this Privacy Statement and the Principles. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our Leadership Team at firstname.lastname@example.org.
In the event that you cannot fully resolve your complaint through the above mechanisms, it is possible that you may use binding arbitration as a final resort. In order to invoke this arbitration option, you must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with Med Communications and afford us an opportunity to respond to the issue within 45 days; (2) contact a member of our Leadership Team (email@example.com); and (3) raise the issue through your Data Protection Authority and afford the agency an opportunity to resolve the issue.
This arbitration option may not be invoked if your same claimed violation (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which you were a party; or (3) was previously settled by you and us. In addition, you may not invoke this option where the Data Protection Authority of the country of your residence already has jurisdiction to resolve your complaint.
You may initiate binding arbitration, subject to the pre-arbitration requirements provision above, by delivering a “Notice” to the organization. The Notice shall contain a summary of steps taken to resolve the claim, a description of the alleged violation, and, at the choice of the individual, any supporting documents and materials and/or a discussion of law relating to the alleged claim. For more information on how to invoke arbitration under the Privacy Shield Framework, visit this website: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Any questions or concerns regarding handling of Personal Information by Med Communications, or related to revocation of consent to collect, process, transfer, or disclose of your Personal Information should be directed by email to firstname.lastname@example.org. Any requests to opt-out of future communications from Med Communications, or to opt-out of a particular Med Communications service should be directed to Med Communications by e-mail at email@example.com, or by phone at +1 (877) 477-0977 or +1 (901) 578-3200. Alternatively, letters may be sent to the following address:
Med Communications, Inc.
20 Dudley Street, Suite 700
Memphis, TN 38103 USA
All communications to Med Communications should include the individual’s name and contact information (such as e-mail address, phone number, or mailing address), and a detailed explanation of the request. E-mail requests to delete, amend, or correct Personal Information should include “Deletion Request” or “Amendment/Correction Request,” as applicable, in the subject line of the e-mail. Med Communications will endeavor to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable local law.
Changes to Med Communications Privacy Statements
European Union Supplement
If you are a European Union citizen and/or accessing the Med Communications website in the European Economic Area, then this Supplement may apply in addition to the above.
Transfers of your Personal Information may be made to entities located outside the European Economic Area, including entities located in the United States, for processing consistent with the purposes above. Med Communications will implement appropriate contractual measures (including our Privacy Shield certification and standard data protection clauses, a copy of which you can obtain by contacting firstname.lastname@example.org) to ensure that the relevant Med Communications companies and third parties outside the European Economic Area provide an adequate level of protection to your Personal Information as set out in this notice and as required by applicable law.
If the company’s processing of your Personal Information is covered by EU law, you may lodge a complaint with the corresponding data protection supervisory authority in your country of residence. You can find the relevant supervisory authority name and contact details on this website: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Last Updated: 06 November 2019