WIRB Copernicus Group, Inc. and its operating divisions, subsidiaries, affiliates and
branches (collectively, “WCG,” the “Company,” “we” or “us”) are sensitive to privacy issues, and
it is important to us to protect the information provided to us. Accordingly, WCG provides this
privacy and information practices policy to inform you about our online information practices, the kinds of information
we may collect, how we intend to use and share that information, and how you can correct or change such
course of our business, including on Company websites (together with any and all
future websites operated by or on behalf of WCG, the “Sites”). All individuals whose
responsibilities include the Processing of Personal Information on behalf of WCG are
WCG complies with the requirements of the EU-U.S. Privacy Shield Framework (“Privacy Shield”), as set forth
by the U.S. Department of Commerce and the Federal Trade Commission (“FTC”), regarding the collection,
use and retention of Personal Information from European Union Member States and European Economic Area
member countries, including the Privacy Shield Principles and Supplemental Principles. If there
Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view
WCG’s certification, please visit https://www.privacyshield.gov. Additionally, WCG
may endeavor to protect your data through other legally-valid methods, including international
data transfer agreements.
affiliates certified under the Privacy Shield, namely Western Institutional Review
Board, Inc. (“WIRB”), Copernicus Group Independent Review Board (“Copernicus IRB”),
Research Dataware, LLC, d/b/a IRBNet ("IRBNet") , Midlands Independent Review Board (“Midlands IRB”),
Aspire Independent Review Board (“Aspire IRB”),
New England Independent Review Board (“New England IRB”),
ePharmaSolutions LLC (“ePS”),
Clintrax Global, Inc. (“Clintrax”), and
CenterWatch LLC (“CenterWatch”), and any additional U.S. subsidiary,
affiliate or branch of WCG that we may subsequently form.
2.0 TRANSPARENCY/NOTICE–WHAT PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
The types of Personal Information we may collect (directly from you or from Third Party-sources) and our privacy
practices depend on the nature of the relationship you have with WCG and the requirements of applicable law. We
endeavor to collect information only relevant for the purposes of Processing. Below are the legal bases and some
of the ways we collect information and how we use it.
WCG collects Personal Information regarding its current, prospective and former clients, customers, visitors
and guests (collectively “Individuals”). The data we collect from Individuals includes information
such as title, name, address, phone number, email address, user name, answer to a security question and password,
government identification (driver’s license, passport), and credit card and other financial information related
to payments for services or goods. We may also collect demographic information you choose to provide, such as
your business or company information, professional experiences, educational background, nationality, ethnic origin,
age, gender, interests, preferences and favorites.
We acquire, hold, use and Process Personal Information about Individuals for a variety of business purposes including to:
- generally manage Individual information and accounts;
- respond to questions, comments and requests;
- provide access to certain areas and features of the WCG Sites;
- ensure internal quality control;
- verify Individual identity;
- enable Individuals to register for events or participate in webinars;
- communicate about Individual account and activities on WCG’s Sites and systems, and, in WCG’s discretion, changes to any WCG policy;
- tailor content, advertisements and offers we serve to Individuals;
- process payment for products or services purchased;
- measure interest in and improve WCG websites and systems;
- develop new products, processes and services;
- notify you about offers, products and services that may be of interest to you;
- process applications and transactions;
- prevent potentially prohibited or illegal activities;
- for purposes disclosed at the time that Individuals provide Personal Information or otherwise with consent.
2.2 General Information Collected & Used by WCG Companies
Depending on how you interact with WCG, we and our Third Party-service providers may also
collect and use information in a variety of ways, including:
- IRBs–Institutional Review Board Members. Our IRBs are dedicated to conducting a thorough review process,
utilizing expert board members who undergo rigorous regulatory training. From these board members,
we may collect contact and biographical information, including name, address, email address, telephone
number, date of birth, driver’s license and Social Security number; financial and other
employment-related information, including financial data related to credit checks, bank details
for payroll, contact information of third parties in case of an emergency, and beneficiaries under
any insurance policy; and professional and educational background and experience, such as information that may
be recorded on a CV or application form and language abilities.
- IRBs–Research Subject Information. When research subjects communicate with our IRBs, we obtain whatever information the research subject chooses to provide (including, e.g., name and email address), and use that information to respond to the subject’s request. Additionally, our IRBs receive information from investigators regarding adverse events. We endeavor to instruct investigators to provide such records in de-identified form.
- Clintrax (and Others)–Investigator Information. In order to provide our services, some of our companies (e.g., Clintrax, IRBs) may collect and store investigator, sponsor, clinical research organization (“CRO”), and institutional employee contact information, including names, addresses, phone and fax numbers and email addresses.
- Clintrax–Contract and Banking Details. To facilitate its contract negotiation and site payment service offerings, Clintrax may handle contracts containing Personal Information (such as Social Security numbers) and collect payee bank account details and contact information through such contracts or separate banking documentation forms.
- CenterWatch Patient Notification Service. Registration for CenterWatch’s Patient Notification Service, which automatically emails you as soon as a clinical trial is posted that matches criteria you specify, only requires that one provide an email address and select a therapeutic area of interest; registrants may also choose to provide their location. CenterWatch utilizes subscriber email addresses strictly for troubleshooting and web-maintenance efforts.
- CenterWatch Clinical Trial Listings and Profile Pages. At the bottom of most trial listings, Research Center Profiles, and Industry Provider Profiles on CenterWatch’s website, you will find a submit template/form to submit a confidential posting to the company or individual you are contacting. The message will never go to any CenterWatch staff member. Furthermore, CenterWatch cannot access or retrieve any message that you submit using these forms; nor are we responsible for any of these messages. However, all messages will indicate to the receiver that the transmission originated at www.CenterWatch.com. The company or individual you contact will only receive the information that you provide in the form, including, e.g., name, address, phone number, fax, email address, company (Profile Page forms only), and confidential message. To withhold information, simply leave the field blank.
- CenterWatch–JobWatch User Information. Registrants for JobWatch, a source for clinical research jobs and career resources offered by CenterWatch, must provide only their email address, which may be used by member companies to find qualified job applicants. CenterWatch has access to subscriber email addresses and utilizes them for trouble-shooting and web-maintenance efforts. At times, CenterWatch may use this list to inform subscribers of a new service JobWatch is offering or a new product CenterWatch is introducing that may assist them in their career search. If you receive updates that you do not wish to receive, please contact us at email@example.com.
- ePS Products and Services–Patient, Provider, Trial Manager and Client Data Collected. As a leading provider of e-clinical solutions, ePS offers a variety of products and services to enhance clinical trial operations, many of which may involve the collection and use of Personal Information from patients, health care providers (“providers”), clinical trial managers and clients. Examples include:
To the extent Third Parties collect Personal Information of patients, ePS seeks to ensure that such Third Parties provide adequate privacy notices to the Data Subjects.
- ePS’ Rater Services, which include Rater Certification (through which ePS offers documented participation in training programs, scale-specific scoring proficiency, and applied skills training) and Rater Video Monitoring Services (through which ePS clinicians provide raters with feedback on their ongoing performance) can involve sensitive discussions between providers and patients. Importantly, ePS seeks to anonymize the videos by removing facial features;
- Wellness Programs. In order to assist participants enrolled in clinical trials that have a lifestyle (weight watching) component, ePS provides access to a dietician and, as part of that process, collects profile information from program participants that includes weight and behavior information; and
- Clinical Trial Portal. Personal Information from patients, providers, clinical trial managers and clients may also be stored in our ePS Clinical Trial Portal – a tool used to manage and track study-related content, tasks, activities, completion and communications between sponsors, site personnel and vendors involved in a study.
- WCG–Pseudonymous Data. Including as discussed infra at §2.8.3, WCG may use and share your anonymized or aggregated information within the WCG family of companies or with Third Parties for public health, research, analytics and any other legally permissible purposes.
2.3 Human Resources Data
WCG collects Personal Information from current, prospective and former Employees, their contact points in case of a medical emergency, and beneficiaries under any insurance policy (“Human Resources Data”). The Human Resources Data we collect may include title, name, address, phone number, email address, date of birth, passport number, driver’s license number, Social Security number, financial information related to credit checks, bank details for payroll, information that may be recorded on a CV or application form, language abilities, contact information of third parties in case of an emergency and beneficiaries under any insurance policy. We may also collect Sensitive Human Resources Data such as details of health and disability, including mental health, medical leave, and maternity leave.
We acquire, hold, use and Process Human Resources-related Personal Information for a variety of business purposes including:
- Workflow management, assigning, managing and administering projects;
- Human Resources administration and communication;
- payroll and the provision of benefits;
- compensation, including bonuses and long-term incentive administration, stock plan administration, compensation analysis, including monitoring overtime and compliance with labor laws, and company recognition programs;
- job grading activities;
- performance and employee development management;
- organizational development and succession planning;
- benefits and personnel administration;
- absence management;
- helpdesk and IT support services;
- regulatory compliance;
- internal and/or external or governmental compliance investigations;
- internal or external audits;
- litigation evaluation, prosecution and defense;
- diversity and inclusion initiatives;
- restructuring and relocation;
- emergency contacts and services;
- Employee safety, including monitoring compliance with safety regulations by confirming Employees are not speeding or otherwise violating traffic laws;
- compliance with statutory requirements;
- processing of employee expenses and travel charges; and
- acquisitions, divestitures and integrations.
2.4 Social Media and Interest-Based Advertising
Generally, online social media resources are interactive tools that enable Data Subjects to collaborate and
share information with others. Social media resources include, but are not limited to, social networks,
discussion boards, bulletin boards, blogs, wikis, and referral functions to share web site content and
tools with a friend or colleague. WCG may collect Personal Information to enable Data Subjects to
use online social media resources. We may also enable you to use these social media resources to
post or share Personal Information with others. When using social media resources, you should take
into careful consideration what Personal Information they share with others. WCG will comply with
Through our Sites, WCG may in the future allow Third-Party advertising partners to set tracking tools
(e.g., cookies) to collect anonymous, non-Personal Information regarding your activities (e.g., your IP
address, page(s) visited, time of day). We may also share such information we have collected with
Third-Party advertising partners. These advertising partners may use this information (and similar
information collected from other websites) for purposes of delivering future targeted advertisements to
you when you visit non-WCG related websites within their networks. This practice is commonly referred to as
"interest-based advertising" or "online behavioral advertising."
2.5 Information from Third-Party Sources
WCG may collect information about you from Third-Party sources to supplement information provided by you. This supplemental information allows us to verify information that you have provided to WCG and to enhance our ability to provide you with information about our business, products and services. WCG’s agreements with these Third Party-sources typically limit how the Company may use this supplemental information.
2.6 Direct Mail, Email and Outbound Telemarketing
Individuals who provide us with Personal Information, or whose Personal Information we obtain from Third Parties, may receive periodic emails, newsletters, mailings or phone calls from us with information on WCG or our business partners’ products and services or upcoming special offers/events we believe may be of interest. We offer our Individuals the option to decline these communications at no cost to the individual.
2.7 Research/Survey Solicitations
From time to time, WCG may perform research (online and offline) via surveys. We may engage Third Party-service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us to better serve Individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Sites, various types of communications, advertising campaigns and/or promotional activities. If an Individual participates in a survey, the information given will be used along with that of other study participants. We may share anonymous individual and aggregate data for research and analysis purposes.
2.8 All Internet Users – Cookies, Pixel Tags, Web Beacons and Aggregate Information
Like many other websites, WCG or its business partners may employ a cookie, or small piece of computer code that enables Web servers to “identify” visitors, each time an Individual initiates a session on the Company’s Sites. A cookie is set in order to identify Data Subjects; tailor our Sites to you; measure and research the effectiveness of our Sites’ features, offerings and advertisements; and authenticate users for registered services. Cookies can only access Personal Information that you have provided on our Sites and cannot be accessed by other sites. We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some our Sites, and to develop website content. This analytics data is not tied to any Personal Information. At any time, visitors may choose to opt-out of Google Analytics tracking with the Google Analytics opt-out browser add-on.
Data Subjects also have the ability to delete cookie files from their own hard drive at any time. However, please also be advised that cookies may be necessary to provide access to much of the content and many of the features of WCG’s Sites.
2.8.2 Pixel Tags/Web Beacons
WCG may use “pixel tags,” also known as “web beacons,” which are small graphic files that allow us to monitor the use of our Sites. A pixel tag can collect information such as the Internet Protocol (“IP”) address of the computer that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time the page containing the pixel tag was viewed; the browser type and language; the device type; geographic location; and the identification number of any cookie on the computer previously placed by that server. When corresponding with you via HTML capable email, we or our Third Party-service providers may use "format sensing" technology, which allows pixel tags to let us know whether you received and opened our email.
2.8.3 Anonymous and Aggregated Information
Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Sites. Anonymized or aggregated information is not Personal Information, and WCG may use such information in a number of ways, including research, internal analysis, analytics and any other legally permissible purposes. We may share this information within WCG and with Third Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
2.9 Mobile Computing
3.0 CHOICE/MODALITIES TO OPT OUT
Where you have consented to WCG’s Processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and opt out. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out.
Prior to disclosing Sensitive Data to a Third Party or Processing Sensitive Data for a purpose other than its original purpose or the purpose authorized subsequently by the Data Subject, WCG will endeavor to obtain each Data Subject’s explicit consent (opt-in). Where consent of the Data Subject for the Processing of Personal Information is otherwise required by law or contract, WCG will comply with the law or contract.
3.2 Email and Telephone Communications
An "Unsubscribe" button will be provided at the top or bottom of each email communications sent by WCG so that you can opt-out. However, we will continue to send transaction-related emails regarding products or services you have requested.
Additionally, those registered for CenterWatch’s Patient Notification Service who no longer wish to receive updates may contact firstname.lastname@example.org or follow the unsubscribe instructions at http://www.centerwatch.com/clinical-trials/pns/.
We maintain telephone “do not call” lists and “do not mail” lists as mandated by law. We process requests to be placed on do not mail, do not phone and do not contact lists within 60 days after receipt, or such shorter time as may be required by law.
3.3 Human Resources Data
With regard to Personal Information that WCG receives in connection with the employment relationship, WCG will use such Personal Information only for employment-related purposes as more fully described in section 2.3 above. If WCG intends to use this Personal Information for any other purpose, the Company will provide the Data Subject with an opportunity to opt-out of such uses.
3.4 “Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. WCG does not recognize or respond to browser-initiated DNT signals.
3.5 Advertising Choices
3.6 Compliance with the Digital Advertising Alliance
Should WCG engage in interest-based advertising, it will endeavor to comply with the cross-industry Self-Regulatory Program for Online Behavioral Advertising as managed by the Digital Advertising Alliance (DAA) (http://aboutads.info). As part of this service, WCG’s online advertisements may sometimes be delivered with icons that help Individuals understand how their data are being used and provide choice options to Individuals that want more control. The list of our advertising partners may be updated from time to time. To opt-out of internet-based advertising by all DAA-participating companies, please visit http://www.aboutads.info/choices/.
4.0 ONWARD TRANSFER
4.1 Information We Share
We may disclose information about you: (i) if we are required to do so by law, court order or legal process; (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (iii) under the discovery process in litigation; (iv) to enforce WCG policies or contracts; (v) to collect amounts owed to WCG; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) in the good faith believe that disclosure is otherwise necessary or advisable. In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Sites. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
4.2 Data Transfers
All Personal Information sent or collected via by WCG may be stored anywhere in the world, including but not limited to, in the United States, on the cloud, our servers, the servers of our affiliates or the servers of our service providers. By providing information to WCG, you consent to the storage of your Personal Information in these locations.
5.0 RIGHTS OF ACCESS, RECTIFICATION, ERASURE AND RESTRICTION
The security of all Personal Information provided to WCG is important to us, and WCG takes reasonable steps designed to protect your Personal Information. Unfortunately, no data transmission over the Internet or storage of information can be guaranteed to be 100% secure. As a result, while WCG strives to protect your Personal Information, we cannot ensure or warrant the security of any information you transmit to WCG, and you do so at your own risk.
8.0 REDRESS / COMPLIANCE AND ACCOUNTABILITY
WIRB Copernicus Group, Inc.
Attn: David Forster, Chief Compliance Officer
1019 39th Avenue SE
Puyallup, WA 98374
Phone: (360) 252-2428
WCG will address your concerns and attempt to resolve any privacy issues in a timely manner. If you are an EU
Privacy Shield Principles, please contact WCG at the contact information provided above. In addition, WCG has agreed to refer
unresolved complaints related to Individual data to JAMS Privacy Shield Dispute Resolution Program and has committed to cooperate
with the panel established by local data protection authorities and comply with the advice given by the panel with respect to
Employee and human resources data. For more information and to submit a complaint regarding Individual data to JAMS, a
dispute resolution provider which has locations in the United States and EU, visit
https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. Such independent dispute resolution mechanisms
are available to Citizens free of charge. If any request remains unresolved, you may contact the national data protection
authority for your EU Member State. You may also have a right, under certain conditions, to invoke binding arbitration under
Privacy Shield; for additional information, see https://www.privacyshield.gov/article?id=ANNEX-I-introduction. The FTC has jurisdiction over
WCG’s compliance with the Privacy Shield.
9.0 OTHER RIGHTS AND IMPORTANT INFORMATION
9.1 Information Regarding Children
Due to the nature of WCG’s business, services and benefits are not marketed to minors. WCG does not knowingly solicit or collect Personal Information from children under the age of 13. If we learn that we have collected Personal Information from a child under the age of 13, we will promptly delete that information.
9.2 California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. WCG does not share Personal Information with third parties for their own marketing purposes.
9.3 Links to Third-Party Websites
“Agent” means any third party that processes Personal Information pursuant to the instructions of, and solely for, WCG or to which WCG discloses Personal Information for use on its behalf.
“Data Subject” is an identified or identifiable natural person.
“Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker or retiree of WCG or its subsidiaries worldwide.
“Personal Information” is any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Privacy Shield Principles” collectively means the seven (7) privacy principles as described in the Privacy Shield: (1) notice, (2) choice, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access, and (7) recourse, enforcement and liability. Additionally, it includes the sixteen (16) supplemental principles described in the Privacy Shield: (1) sensitive data, (2) journalistic exceptions, (3) secondary liability, (4) performing due diligence and conducting audits, (5) the role of the data protection authorities, (6) self-certification, (7) verification, (8) access, (9) human resources data, (10) obligatory contracts for onward transfers, (11) dispute resolution and enforcement, (12) choice – timing of opt-out, (13) travel information, (14) pharmaceutical and medical products, (15) public record and publicly available information and (16) access requests by public authorities.
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Information includes Personal Information regarding EU-residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the individual’s sex life or (8) information relating to the commission of a criminal offense.
“Third Party” is any natural or legal person, public authority, agency or body other than the Data Subject, WCG or WCG’s agents.