PRIVACY STATEMENT - PLEASE READ CAREFULLY
Identification of Data Controller
The Company legal entity that is the data controller of your personal data is the Company entity located in your jurisdiction and with which you interacted to provide your personal information and/or another Syneos Health legal entity with which you interacted to provide your personal information (if you did not interact with a local legal entity). A current list of all Syneos Health entities globally can be found at https:/www.syneoshealth.com/our-office-locations. Each Company entity acting as a data controller can be contacted via the Company’s Global Privacy and Data Protection Officer at firstname.lastname@example.org (additional contact details below).
The Information the Company Collects
The information collected by the Company is: name, contact details, information related to professional qualifications and experience, any significant financial relationship with the sponsor, and information needed for payment processing, and also any additional personal data you may have provided unsolicited in your curriculum vitae or other documents. The Company does not collect your sensitive personal information unless we are required or permitted to do so by applicable law, or you have, in accordance with applicable law, provided your explicit consent to the collection and processing of your sensitive personal data. Sensitive personal information means information relation to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, and genetic data and biometric data.
The Way the Company Uses the Personal Data
The personal information you provide will become part of the Company’s master databases and paper files, maintained for purposes of (1) managing the relationships between Syneos Health, you and the investigative site(s) at which you work, (2) assessing the investigative site’s capability to conduct, and your qualifications and eligibility to participate in, specific research studies, and (3) communicating with you and the investigative site in connection with the relationships between the parties and/or specific research studies. Failure or refusal to provide your information for these purposes could reduce the efficiencies in considering and confirming your eligibility to participate in research studies managed by Syneos Health on behalf of the study sponsors. The legal bases for the processing of your personal data as described in this paragraph are: (1) compliance with research study regulations such as those associated with the ICH/GCP Guidelines and those adopted by local jurisdictions obliging the Company and the Company’s clients (the research study sponsors) to collect personal data from individuals who participate in the conduct of a research study to prove their qualifications; and (2) the Company’s legitimate interests in (a) considering you for participation in future research studies and (b) contacting you in relation to such opportunities. The personal information you provide will also become part of research study databases and paper files for archiving purposes if you are considered for participation or do participate in a specific research study. For purposes of a specific research study, the Company will use this information only as needed for the implementation and the performance of that research study. Providing this information is necessary to conduct research studies and comply with applicable laws. Failure or refusal to provide your information relating thereto could make it impossible for you to take part in the research study. The above processing may be performed both electronically and in hard copies. Your personal data will not be used for any direct marketing purposes.
The Way the Company Secures the Personal Data
The Company maintains appropriate technical and organisational measures designed to protect your personal information against loss or accidental, unlawful or unauthorised, alteration, access, disclosure or use. If you wish to delegate or authorize any other person(s) to access and/or manage your individual or investigative site’s profile (each a “designee”), you will need to provide this designee’s information within the portal. Such designees’ information will be electronically stored by Syneos Health, for the purposes of (a) granting access to and (b) communication with the designee(s) in connection with the management of your individual or investigative site profile. The information may also be electronically transferred to contractors or service providers of Syneos Health who are involved in the management of the databases. You will be fully responsible and liable for any information entered, amended, blocked or deleted by your designee(s) and you agree to indemnify Syneos Health against any losses, damages or claims due to the actions, default or omissions of your designee(s). The Company will store your personal data for a period of five (5) years after you last participated in a research study managed by the Company or have otherwise been contacted for participation in a research study. This retention period may be extended if the Company is required to preserve your personal data in connection with litigation, investigations and proceedings, or if a longer retention period is required by applicable law.
Transferring the Personal Data to a Third Party
To enable us to effectively share your personal data with research study sponsors (including sponsors of potential research studies for which your participation is being considered), we ask you provide your consent at the end of this Notice to the extent required by your local data privacy laws.
(THE REMAINDER OF THIS SECTION IS ONLY APPLICABLE TO DATA SUBJECTS LOCATED IN THE EU)
In addition, the Company may engage service providers (so-called “processors”), such as outsourced service providers, which may receive access to your information. The Company in all such cases will make sure that (i) it diligently chooses the relevant service provider, (ii) the service provider will only handle your information in accordance with the Company’s instructions, (iii) the service provider adopts adequate technical and organizational measures to protect your personal data, and (iv) the service provider does not retain your personal data upon completion of its services. Details of service providers and the countries in which they are based are available from the Company by contacting its Global Privacy and Data Protection Officer. To the extent that your personal data is shared with service providers, Company affiliates or other third parties processing personal data on the Company’s behalf which are located outside your country of residence, the Company will also ensure an adequate level of data protection as required by your country’s data protection laws. With respect to personal data stored or processed by Syneos Health in the United States, the Syneos Health legal entity INC Research, LLC has certified its participation with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield frameworks by adopting the Privacy Shield Principles to its Data Privacy policies and practices. INC Research, LLC is committed to subject to the Privacy Shield Principles all personal data it receives from the EU in reliance of the Privacy Shield. You may find INC Research LLC’s certification to the Privacy Shield at https://www.privacyshield.gov/list. Related to its participation in the Privacy Shield program, INC Research, LLC is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). INC Research, LLC will cooperate in investigations by, and comply with the advice of, the panel established by the applicable data protection authority in the event of your complaint. Further, you may seek the possibility, under certain circumstances, for binding arbitration to resolve your complaint. When data is stored or processed by Syneos Health legal entities that have not certified participation with the EU-U.S. and Swiss-US Privacy Shield programs and are based in countries whose data protection laws may not be as extensive as those in the EU, Syneos Health uses alternative means of meeting the adequacy requirements of the applicable data protection laws, such as executing EU Standard Contractual Clauses, to ensure that your personal data is adequately protected. You may obtain a copy of the relevant data transfer mechanisms that we have put in place by contacting us as stated below.
How Your Dispute or Complaint May Be Resolved
Any questions, concerns or complaints regarding the use of your personal data should be directed to the Company’s Global Privacy and Data Protection Officer using the contact information presented below. If you are located in the EU, have a complaint about the collection or use of your personal data and would like to seek an independent recourse mechanism, you may contact your local Data Protection Authority (DPA). A listing of each EU country’s DPA may be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm .
Your Rights as a Data Subject
If you are a resident of the EU or another country that specifically provides these specific rights for data subjects, you can ask the Company to confirm whether your personal data is processed by the Company and for access to your personal data it processes. You may also request the Company to: correct, amend, block or delete your personal data; verify their content, origin and/or accuracy; ask for a restriction on processing; or object to their processing, in all cases except where the rights of other persons would be violated, where any other legal exemptions to subject access requests may apply, where your request is not legitimate or applicable, or where it is required to conduct company business to the extent allowed by applicable data protection laws. To protect your privacy and the security of your information, the Company will take reasonable steps to verify your identity before updating or removing your information. For individuals located in the EU: Under the EU General Data Protection Regulation, which goes into effect as of 25 May 2018, you can also ask the Company to provide you your personal data for transmission to, or to directly transmit to, another data controller. If the sole legal basis for the processing of your personal data pursuant to this Notice is your consent, you have the right to withdraw consent at any time, but such withdrawal will not affect the lawfulness of the processing based on your consent prior to the withdrawal. Should you withdraw consent to future processing of your personal data, this could (1) reduce the efficiencies in considering and confirming your eligibility to participate in research studies managed by Syneos Health on behalf of the study sponsors and/or (2) make it impossible for you to be considered for participation in a research study.
Should you have questions about the information about you that the Company holds and all communications, queries and subject access requests that are related to data protection issues, please contact the Company’s Global Privacy and Data Protection Officer as follows: Global Privacy and Data Protection Officer Syneos Health 3201 Beechleaf Court Suite 600 Raleigh, NC 27604-1547 USA or e-mailed to Data.Privacy@syneoshealth.com for action or response on behalf of the Company.
Changes to This Privacy Notice
This notice may be amended from time to time to ensure consistency and compliance with changes in the statutory requirements. The current version can be obtained by contacting the Company’s Global Privacy and Data Protection Officer using the contact information presented above.