SAFE HARBOR CERTIFICATION
Clinical Ink is a provider of software and services to life sciences companies for use in the conduct of clinical trials throughout the world. Acting as a third-party agent for our clients, for each clinical project Clinical Ink receives Personal Data (name, email, phone) from study sponsors, research site staff, study participants, various consultants/subcontractors, and employees. Additionally, as specifically authorized by our customers, Clinical Ink may also collect and store Clinical Study Data which is collected pursuant to a project-specific informed consent with our customer and may include detailed information regarding health status, medical assessments, test results, and other data required for a particular study. In all cases, Clinical Ink acts as an agent on behalf of our customer in the collection, storage, and transfer of Clinical Study Data. Detailed contractual arrangements, SOPs and business policies govern all our work with customer data. Clinical Ink’s internal policies are available for audit/review by our clients who determine the adequacy of our business practices and technical infrastructure. Consistent with principles outlined in both the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework, Clinical Ink institutes precautions to protect against reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of the Personal Data and Clinical Study Data. Clinical Ink has certified that it adheres to the Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Enforcement. To learn more about the Safe Harbor program and to view Clinical Ink’s certification, please visit http://www.export.gov/safeharbor/
DEFINITION OF TERMS
“Personal Data” means any data or combination of data that could potentially identify a specific individual and includes information such as Name, Email, Address, or any other data that could be linked to a particular person. Personal Data does not include information that is stored in an encrypted or anonymized format or is otherwise publicly available.
“Clinical Study Data” means the specific details of an identifiable individual with respect to medical history, prescription drug use, clinical observations or test results, and other medical records. Personal Data may also be considered Clinical Study Data if collected for the purpose of conducting a clinical trial.
Clinical Ink intends that its corporate privacy policies and internal SOPs and work practices are adequate to ensure compliance with applicable international laws and regulations including the US Health Insurance Portability and Accountability Act (HIPAA), the European Union’s Data Protection Directive (EUDP), and other similar guidelines.
Clinical Ink is a self-certifying participant in the U.S.-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework. We have developed our policies related to data collection, security, and privacy in a manner consistent with the requirements of the Safe Harbor certification process.
The Clinical Ink Privacy Policy is based upon the following required Safe Harbor Privacy Principles:
NOTICE
In all cases where Clinical Ink is acting on our own behalf, such as with employee or customer Personal Data, the collection vehicle will specifically provide notice stating the purpose for which the information is being collected and how that information will be stored. As a Software-as-a-Service (Saas) provider of clinical trial software and services, Clinical Ink acts as an agent on behalf of clients to collect Clinical Study Data. With respect to all Clinical Study Data, Clinical Ink shall act in a manner governed by the contractual relationship with each customer consistent with the notice provisions specified by the customer in their relationship with the individuals participating in the clinical study. Clinical Ink will disclose all information regarding how Clinical Study Data is secured in order to facilitate customer’s Notice responsibilities.
CHOICE
Clinical Ink will not share Personal Data with third parties except in cases where the third party is acting on behalf of Clinical Ink consistent with the purposes for which such Personal Data was originally obtained. All Clinical Study Data is owned by our customer who retains the responsibility to permit individuals to withdraw consent to have their personal Clinical Study Data used for purposes other than for the originally intended purpose.
ONWARD TRANSFER
Clinical Ink may share Clinical Study Data with agents, third-parties, or partners approved by our customers and as required by contract. Clinical Ink will not disclose any Clinical Study Data to third-parties without explicit approval from our Customer. In cases where Clinical Ink contracts with a third-party, then we will obtain assurances that they will safeguard Personal Data and Clinical Study Data in a manner consistent with this Policy.
DATA INTEGRITY
Clinical Ink facilitates the collection of Personal Data and Clinical Study Data as specified by our customer. It is the sole responsibility of our customer to collect only the information necessary for the specific clinical trial and to insure all trial participants adequately understand their rights as a clinical trial participant. Furthermore, customers must also receive the appropriate regulatory and oversight approvals (e.g. FDA, EMA, Institutional Review Boards, etc.) necessary to conduct the clinical trial. Clinical Ink does not own or have any rights to any Clinical Study Data and makes no decisions based on such data.
ACCESS
Clinical Ink will facilitate any Access requests received by our customer in the course of fulfilling our contractual obligations to collect and store Clinical Study Data. Clinical Ink does not work directly with clinical trial subjects or investigative sites to correct/modify Clinical Study Data. With respect to Personal Data maintained solely on behalf of Clinical Ink, upon request we will provide reasonable means to ensure such data is accurate. In particular, our employees have a responsibility to ensure that all Personal Data is updated regularly as changes occur.
SECURITY
Clinical Ink will employ reasonable safeguards to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Clinical Ink strictly controls access to Clinical Study Data through multiple security mechanisms and adheres to a Defense In Depth approach with regard to data security which includes the following: i) multiple physical data center security controls, ii) physical server rack controls, iii) environmental monitoring, iv) anti-virus software, v) permit-only firewalls, vi) database logging and auditing, vii) multi-factor authenticated VPN, viii) encrypted communications, and ix) anonymization of certain data elements.
ENFORCEMENT
Clinical Ink will fully cooperate with all customer requests to investigate potential violations related to Clinical Study Data. Individuals, including employees, who feel that Clinical Ink has violated this Policy in any way may contact the VP – Quality & Compliance directly to initiate a formal inquiry. Employees found willfully disregarding this Policy shall be terminated.
VERIFICATION
Clinical Ink has specifically designated the VP – Quality & Compliance to oversee adherence to this Privacy Policy and to maintain our Safe Harbor Certification. This Policy is reviewed by the Board of Directors annually and may be revised at any time. Clinical Ink self-certifies with respect to the Safe Harbor Framework.
DISPUTE RESOLUTION
Clinical Ink has specifically Clinical Ink shall work directly with affected individuals and customers to resolve all complaints and disputes regarding the handling of non-employee Personal Data and Clinical Study Data in accordance with the principles outlined in this Policy. Unresolved complaints may be referred to the American Arbitration Association for resolution pursuant to the Safe Harbor Principles and industry standard practices. Disputes involving the handling of employee Personal Data shall be handled through an internal review process according to the severity of the complaint.
RESERVATION OF RIGHTS
Clinical Ink reserves the right to share Personal Data as required by law in order to respond to duly authorized information requests of government authorities. For requests involving Clinical Study Data, Clinical Ink shall provide notice to affected customers, but shall not necessarily seek permission, prior to disclosing any data to regulatory agencies.
WEB SITE PRIVACY POLICY
Clinical Ink is strongly committed to protecting the privacy of your personal information. This privacy statement explains Clinical Ink's data collection and use practices with respect to its website (the "Site"). By using the pages in this site, you agree to the information collection and use practices described in this privacy statement.
COLLECTION OF PERSONAL INFORMATION
We may ask you for information that personally identifies you (personal information) or allows us to contact you to provide a service or carry out a transaction that you have requested, including requests for information about Clinical Ink's products and services, requests for e-mail newsletters or purchases and/or registrations of Clinical Ink's products. The personal information we collect may include your name, your address, your other contact information and other information about products and/or services requested through the Site.
The Site may also collect certain information about your visit, such as the name of the Internet service provider and the Internet Protocol (IP) address through which you access the Internet; the date and time you access the Site; the pages that you access while at the Site and the Internet address of the website from which you linked directly to the Site. This information is used, among other things, to help improve the Site, analyze use trends and administer the Site.
USE OF PERSONAL INFORMATION
Except as otherwise required or permitted by law, the personal information collected on this Site will be used solely to operate the Site and to provide the service(s) or carry out the transaction(s) you have requested or authorized. In support of these purposes, Clinical Ink may use personal information to provide you with more effective customer service, to improve the Site and any related Clinical Ink products or services, and to make the Site easier to use by eliminating the need for your repeated entry of the same information. In order to offer you a more consistent experience in your interactions with Clinical Ink, information collected by the Site may be combined with information collected in connection with other Clinical Ink products and services.
Note that if you request information about products and/or services that are provided directly only by resellers of products and/or services provided by Clinical Ink, we will forward your contact information on to the reseller assigned to your region. Clinical Ink occasionally hires other companies to provide limited services on our behalf, such as website hosting, packaging, mailing, answering customer questions about products and services, and sending information about our products, special offers, and other services. We will only provide those companies the personal information they need to deliver the service. They are required to maintain the confidentiality of the information and are prohibited from using that information for any other purpose.
Clinical Ink may disclose personal information if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the edicts of the law or comply with legal process served on Clinical Ink or the Site; or (b) protect and defend the rights or property of Clinical Ink and the Site.
CONTROL OF PERSONAL INFORMATION
Except as otherwise described in this privacy statement, your personal information will not be shared outside of Clinical Ink and its subsidiaries and affiliates without your permission. You can access your personal information and make choices about how you wish to be contacted by contacting Clinical Ink as described at the bottom of this statement, or through alternative means of access described by the Site.
SECURITY OF PERSONAL INFORMATION
Clinical Ink is strongly committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect personal information from unauthorized access, use, or disclosure.
COOKIES
A cookie is a small text file that is placed on your hard disk by a web page server and that helps the site to recall your specific information on subsequent visits. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
The use of cookies simplifies the process of delivering relevant content, eases site navigation, and provides other similar benefits to users of the Site. When you return to the Site, the information you previously provided can be retrieved, so you can easily use the Site's features. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Site. This site doesn't store user specific information.
CHANGES TO THIS STATEMENT
We reserve the right to update this privacy statement from time to time. We encourage you to periodically review this privacy statement to stay informed about how we are helping to protect the personal information we collect. Your continued use of the service constitutes your agreement to this privacy statement, as amended from time to time.
LIMITATIONS OF PRIVACY STATEMENT
This privacy statement explains only data collection and use practices related to Clinical Ink's website; it does not apply to other Clinical Ink products or services. Please be aware that this privacy statement and any choices you make on the Site will not necessarily apply to personal information you may have provided to Clinical Ink in the context of other, separately provided, Clinical Ink products or services.
COORDINATION WITH TERMS AND CONDITIONS
This privacy statement is intended solely to clarify Clinical Ink's practices with respect to personal information and shall not in any way modify or limit the legal effect of the Terms and Conditions to the use of the Site. In the event of any conflict between this privacy statement and the Terms and Conditions, the Terms and Conditions shall control. In particular, Clinical Ink will not be liable for any damages or injury (including, without limitation, incidental and consequential damages, personal injury/wrongful death, lost profits, or damages resulting from lost data or business interruption) that result from your use of the Site or your submission of personal information to the Site, even if there is negligence on the part of Clinical Ink or its employees. In addition, you agree to defend, indemnify, and hold Clinical Ink, its officers, directors, employees, agents, licensors, and suppliers, harmless from and against any claims, actions or demands, liabilities and settlements including without limitation, reasonable attorneys' fees, resulting from, or alleged to result from, your submission of personal information to the Site or your unlawful collection of personal information of others through use of the Site.
This Policy is effective as of January 1, 2012.