Privacy Policy

Introduction

Med Communications, Inc and Med Communications International SÀRL, including its wholly owned subsidiaries (together referred to as “Med Communications”), respects individual privacy and values the confidence of our contract clients, employees, business partners, and others. Med Communications is committed to protecting any Personal Information that is collected, transmitted, or stored. Med Communications strives at all times to maintain the highest business ethical standards and to comply with the applicable state, federal, and international requirements for the protection of personally identifiable information.

Med Communications will collect, use, and disclose Personal Information received from the EU or Switzerland only in accordance with the principles outlined in this Privacy Policy, the above-noted Principles, and legal requirements. Med Communications acknowledges that it is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC). Additionally, Med Communications follows the relevant regulations outlined in the United States Health information and Portability and Accountability Act of 1996 (HIPPA).

Scope

This Privacy Policy applies to Personal Information received by Med Communications (including Personal Information received by third-party organizations or individuals acting as agents of Med Communications) from health care professionals, customers, clinical trial participants, consumers, business partners, and other individuals, in any format, including electronic and paper, as part of company business operations. Types of third-party organizations include Med Communications subsidiaries, business partners, and contracted clients.

Definitions

For the purposes of this Privacy Statement, the following definitions shall apply:

“Affiliate” means any third party that is under common control with Med Communications.

“Agents” mean a third party who represents and acts for Med Communications pursuant to a duly executed contract or is otherwise duly authorized by Med Communications to perform such representation and acts.

“Service Provider” means any consultants and contractors (including temporary employees) about whom Med Communications has Personal Information, who are providing or have provided consulting or contracting services to Med Communications.

“Med Communications” means Med Communications, Inc, and Med Communications International SÀRL and subsidiaries.

“Med Communications website” means the website controlled by Med Communications and subject to the Med Communications Website Privacy Statement.

“Personal Information” means any information or set of information that relates to a data subject. Identification of an individual can be either direct or indirect and can be made by or on behalf of Med Communications.

“Pseudonymization” means the processing of Personal Information in such a manner that such information can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Information is not attributed to a data subject.

“Principles” means the EU – U.S. Privacy Shield and U.S. – Swiss Privacy Shield Principles.

“Sensitive Personal Information (SPI)” means a Med Communications-defined subset of Personal Information (similar to the EU-defined Sensitive Personal Data, with additional attributes). SPI includes information revealing unique government identifiers; financial information; racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data; biometric data; data concerning health, sex life, or sexual orientation; or any criminal offenses (alleged or otherwise).

Privacy Statement

The collection, processing, storage, use, and disclosure of Personal Information in the business context is essential to the conduct of many of the company’s business functions. Med Communications may collect, process, store, use, and disclose Personal Information from individuals directly and/or from third parties, subject to applicable law.

Med Communications processes Personal Information where you consent to us doing so. However, there are a number of instances where Med Communications does not require your consent to engage in the processing or disclosure of Personal Information. Med Communications may not solicit your consent for the processing or transfer of Personal Information for those purposes which have a statutory basis, such as:

  • The transfer or processing is necessary for the performance of a contract, concluded in your interest, between Med Communications and a third party;
  • The transfer or processing is necessary, or legally required, on important public interest grounds, for the establishment, exercise, or defense of legal claims, or to protect your vital interests; or
  • The transfer or processing is required by applicable law.

Med Communications collects, uses, and discloses your Personal Information in its normal course of business for the following purposes:

  • Establishing and maintaining communications with you;
  • Where you have requested participation in a clinical trial of a Med Communications-contracted client;
  • Disease management, education, or decision support systems related to the use of Med Communications or services;
  • Reporting of adverse events and product quality complaints as required for regulatory compliance;
  • Meeting legal, security, processing, and regulatory requirements;
  • Protecting against fraud, suspicious, or other illegal activities; and
  • Compiling statistics for analysis for our services.

What data we collect

For personal information collected on behalf of contracted clients:

Where you request medical information

If you contact us by any means to request information, we will request a name, contact phone number, and the reason for your communication; as well as information about your position, organization, and such other information as is reasonably necessary so that we can provide you with the service. Individuals should not provide Med Communications with any Personal Information that is not specifically requested.

Where you participate in clinical trials

If you participate in a clinical trial with one of our clients, we will collect Personal Information about you as is necessary to fulfill the purpose of the clinical trial. This can include SPI such as biological and medical information about you. However, as required by the Principles, Personal Information will be pseudonymized, as appropriate, to both protect your privacy as well as maintain the integrity of the clinical trial.

Where you report an adverse event or product quality complaint

If you contact us by any means to report an adverse event or product quality complaint, whether knowingly doing or not, we will request a name, contact phone number, and the reason for your communication; as well as information about your position, organization, and such other information as is reasonably necessary so that we can provide you with the service. For adverse events, we may also request a detailed history of the events, patient initials and date of birth, and medical history including concomitant medications. For product quality complaints, we will also request information on the product lot number, pharmacy name, and prescribing health care provider. Other information may be requested so that we may meet the expectations of our client and regulatory agencies.

For Personal Information collected for business development:

Where you request information about our services

If you request further information about our services, we require you to submit your name, e-mail address, the name of your organization, and the country in which you are based so we may send you the material you have requested and to enable us to identify whether you have an existing relationship with Med Communications.

Disclosure of Personal Information to others

We do not disclose any Personal Information about you to any third parties except as stated in this Privacy Policy or as notified to you, or as otherwise permitted by law, or authorized by you.

Third parties to whom we disclose information are required by law and contractual undertakings to keep your Personal Information confidential and secure and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances, in compliance with all applicable legislation. Examples of appropriate purposes include:

  • As is necessary to meet requirements of a clinical trial to which you are a participant or would like to be a participant;
  • To provide the services you have requested from us;
  • For legal, regulatory, and related purposes; and
  • To process transactions through data processing service providers.

If these third parties wish to use your Personal Information for any other purpose, they will have a legal obligation to notify you of this and, where required, to obtain your consent. Contact us at quality@medcomminc.com for more information on these third parties.

Internal sharing and client sharing

Any Personal Information collected by Med Communications on behalf of contracted clients is the property of that contracted client. The contracted client is responsible for ensuring that the data subjects are notified about the identity of the data controller or its representatives, the purposes for which it is collecting, processing, or maintaining the data, and any further information that may be required by the circumstances under which the data is collected. Where agreed between Med Communications and the contracted client, Med Communications will use and disclose such information in accordance with the notices provided by the contracted client and the choices made by the data subject whom such Personal Information relates.

In the normal course of performing services for our clients, Personal Information may be shared within Med Communications for statistical purposes, drug safety and efficacy purposes, disease management, system administration and crime prevention or detection, or any purpose otherwise identified in this Privacy Policy. Med Communications maintains servers and other storage facilities in the United States, Switzerland, and the European Union. Med Communications may transfer Personal Information outside of its country of origin for the purposes, and in the manner, set out above; including for processing and storage by service providers and clients in connection with such purposes. In all situations, Med Communications takes reasonable steps to ensure that your privacy is protected. Such steps include, but are not limited to, implementing privacy, security, and contractual controls; as well as steps noted above, as required by applicable law. To the extent that any Personal Information is sent out of an individual’s country, it is subject to the laws of the country in which it is held, and it may be subject to disclosure to the governments, courts, or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country, consistent with the Principles.

Service providers

Med Communications will obtain assurances from its service providers that they will safeguard Personal Information consistent with this Privacy Policy. An example of appropriate assurances that may be provided by service providers and affiliates includes a contractual obligation that they provide at least the same level of protection as is required by privacy principles set out in this Privacy Policy. Where Med Communications has knowledge that a service provider or affiliate is using or disclosing Personal Information in a manner contrary to this Privacy Policy, Med Communications will take appropriate steps to prevent or stop the use or disclosure. Med Communications also complies with the Privacy Shield Principle regarding liability for onward transfers.

Other legally required disclosures

Med Communications reserves the right to disclose without your prior permission any Personal Information about you if Med Communications has a good faith belief that such action is necessary to: (a) protect and defend the rights, property, or safety of Med Communications, employees, other users of the website, or the public; (b) enforce the terms and conditions that apply to use of the Med Communications website; (c) as required by a legally valid request from a competent governmental authority and/or to comply with a judicial proceeding, court order, or legal process; or (d) respond to claims that any content violates the rights of third parties. We may also disclose Personal Information as we deem necessary to satisfy any applicable law, regulation, legal process, or governmental request.

Consent

Where Med Communications relies on consent for the fair and lawful processing of Personal Information, the opportunity to consent will be provided prior to when the Personal Information in question is collected. Your consent may be given through your authorized representative such as a legal guardian, agent, or holder of a power of attorney. Where Med Communications relies on consent, you will be entitled to withdraw that consent at any time. The contracted client will be responsible for offering the data subjects the opportunity to choose the option (opt-in/opt-out) for use and disclosure of Personal Information. Where agreed between Med Communications and the contracted client, Med Communications will use and disclose such information in accordance with the notices provided by the contracted client and the choices made by the data subject to whom such Personal Information relates.

For SPI, Med Communications will provide individuals the opportunity to affirmatively and explicitly authorize or consent to the collection, processing, transfer, or disclosure of their SPI to a non-agent third party or the use of their SPI for a purpose other than the one for which the individual originally consented.

Security

Med Communications has implemented reasonable physical, technical, and managerial controls and safeguards to keep your Personal Information protected from unauthorized access, disclosure, alteration, and destruction. Such measures may include, but are not limited to, the encryption of communications via secure sockets layer (SSL), encryption of information while it is in storage, firewalls, access controls, separation of duties, and similar security protocols.

Access to Personal Information is limited to a restricted number of Med Communications employees and contracted client employees whose duties reasonably require such information, agents with whom Med Communications contracts to carry out business activities for Med Communications, and, with an individual’s consent, certain companies with which Med Communications may conduct joint programs. Med Communications trains its employees on the importance of privacy and how to handle and manage Personal Information appropriately and securely. Personal Information handled by agents, or companies with which Med Communications may conduct joint programs, is governed by this Privacy Policy and the Principles.

Data Integrity and Purpose Limitation

Med Communications will use Personal Information only in ways that are compatible with the purposes for which it was collected, or consented to by the individual. Med Communications will have appropriate steps in place to ensure that Personal Information is relevant to its intended use, accurate, complete, and current. Med Communications will only store Personal Information for as long as it is needed to fulfill the purposes for which it was collected, subject to applicable data retention periods imposed upon Med Communications by applicable law. This may mean that your Personal Information is stored by Med Communications for a number of years, depending on the purpose and need for that data to be processed. For more information about retention periods for Personal Information, please refer to the contact information section below.

Your Rights

Where individuals have rights under laws applicable to them and upon written request, Med Communications will grant individual’s access to Personal Information that it holds about them, subject to any legal restrictions. In addition, Med Communications will permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete or to object to certain types of processing of such information or to data portability, in certain circumstances and subject to certain exceptions provided by law. Med Communications may not be able to comply with a request where Personal Information has been destroyed, erased, or made anonymous in accordance with company record retention obligations and practices. In the event that Med Communications cannot provide an individual with access to his/her Personal Information, Med Communications will endeavor to provide the individual with an explanation, subject to any legal or regulatory restrictions.

Recourse, Enforcement and Liability

Individual Complaint

Individuals may contact Med Communications regarding any question or complaint regarding the collection, processing, and transfer of their Personal Information by emailing quality@medcomminc.com. Med Communications will promptly investigate and respond to complaints within 45 calendar days of their receipt. Med Communications will attempt to resolve complaints, disputes, and requests to revoke consent regarding collection, processing, transfer, and disclosure of Personal Information in accordance with the principles contained in this Privacy Statement and the Principles. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our Leadership Team at info@medcomminc.com.

Binding Arbitration

In the event that you cannot fully resolve your complaint through the above mechanisms, it is possible that you may use binding arbitration as a final resort. In order to invoke this arbitration option, you must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with Med Communications and afford us an opportunity to respond to the issue within 45 days; (2) contact a member of our Leadership Team (info@medcomminc.com); and (3) raise the issue through your Data Protection Authority and afford the agency an opportunity to resolve the issue.

This arbitration option may not be invoked if your same claimed violation (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which you were a party; or (3) was previously settled by you and us. In addition, you may not invoke this option where the Data Protection Authority of the country of your residence already has jurisdiction to resolve your complaint.

You may initiate binding arbitration, subject to the pre-arbitration requirements provision above, by delivering a “Notice” to the organization. The Notice shall contain a summary of steps taken to resolve the claim, a description of the alleged violation, and, at the choice of the individual, any supporting documents and materials and/or a discussion of law relating to the alleged claim. For more information on how to invoke arbitration under the Privacy Shield Framework, visit this website: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Finally, you may only use binding arbitration to ensure Med Communications follows the data handling practices set out in this Privacy Policy. No other form of remedy is available by any arbitration under this section.

Contact Information

Any questions or concerns regarding handling of Personal Information by Med Communications, or related to revocation of consent to collect, process, transfer, or disclose of your Personal Information should be directed by email to quality@medcomminc.com. Any requests to opt-out of future communications from Med Communications, or to opt-out of a particular Med Communications service should be directed to Med Communications by e-mail at quality@medcomminc.com, or by phone at +1 (877) 477-0977 or +1 (901) 578-3200. Alternatively, letters may be sent to the following address:

Med Communications, Inc.
Attn: Privacy
20 Dudley Street, Suite 700
Memphis, TN 38103 USA

All communications to Med Communications should include the individual’s name and contact information (such as e-mail address, phone number, or mailing address), and a detailed explanation of the request. E-mail requests to delete, amend, or correct Personal Information should include “Deletion Request” or “Amendment/Correction Request,” as applicable, in the subject line of the e-mail. Med Communications will endeavor to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable local law.

Changes to Med Communications Privacy Statements

Med Communications reserves the right to amend this Privacy Policy to reflect technological advancements, legal and regulatory changes, and company business practices, subject to applicable laws. If Med Communications changes its privacy practices, an updated version of this Privacy Policy will reflect those changes. Med Communications will provide notice of such changes by updating the effective date listed on this Privacy Policy. It is your responsibility to check this Privacy Policy frequently to view any amendments. Your continued interaction with Med Communications, in the activities covered above, will be subject to the then-current Privacy Policy.

European Union Supplement

If you are a European Union citizen and/or accessing the Med Communications website in the European Economic Area, then this Supplement may apply in addition to the above.

Transfers of your Personal Information may be made to entities located outside the European Economic Area, including entities located in the United States, for processing consistent with the purposes above. Med Communications will implement appropriate contractual measures (including our standard data protection clauses and/or binding corporate rules, a copy of which you can obtain by contacting quality@medcomminc.com) to ensure that the relevant Med Communications companies and third parties outside the European Economic Area provide an adequate level of protection to your Personal Information as set out in this notice and as required by applicable law.

If the company’s processing of your Personal Information is covered by EU law, you may lodge a complaint with the corresponding data protection supervisory authority in your country of residence. You can find the relevant supervisory authority name and contact details on this website: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Last Updated: 09 January, 2019