Medone Approach to Privacy
Medone Clinical Research processes personal information from many countries, which have a diversity of privacy-related laws and regulations. Medone takes its responsibility to protect the personal information it processes seriously. Medone has policies, standard operating procedures, and training that support Medone compliance with applicable laws and regulations in each region.
Types of Personal Information Processed by Medone and the Purposes for Processing
Pseudonymized Data from Subjects in Clinical Trials
Medone collects and further processes personal information from subjects in clinical trials. Virtually all of this personal information is health-related and is thus sensitive personal information, belonging to a special category (in the language of the Global Data Protection Regulation [GDPR]. In such clinical trials, the individuals whose personal information is processed are identified only by a coded identifier. The link between these coded identifiers and actual identifiers such as name and contact information is held only by personnel of the relevant study clinical site. For such clinical trial data, Medone processes the data as stipulated by contract with the sponsoring pharmaceutical or device company, which determines the purpose and means of the processing. Medone carries out such processing to carry out the legitimate business purposes specified in the contract.
Non-pseudonymized Data from Subjects in Clinical Trials
ForMedone Home Trial Services, Medone also collects non-pseudonymized clinical trial subject contact information in order to conduct subject visits in locations other than clinical trial investigative sites. These data are encrypted in transit and at rest.
Data from Professional Contacts from Medone Clinical Trial Work
Integral to its clinical trial work, Medone collects personal information from many sources, including investigative site staff, sponsor (client) staff, home health agency staff, staff from other Medone vendors, staff from other contract research organizations, and consultants.
Employment-related Personal Information Within Medone
Medonecollects and otherwise processes sensitive employment-related personal information from applicants to Medone positions (including background checks) as well as from Medone employees and contractors. Medone uses these data to carry out vital human resource functions.
Personal Information from Business Development Contacts
When Medone personnel carry out their business development and marketing functions, they contact a variety of individuals, from whom they collect names and contact information in the ordinary course of business.
Personal Information from Visitors to the Medone Web Site
Disclosures of Personal Information
- Medone does not sell personal information.
- Medone shares personal information within Medone itself, with service providers to Medone, and with other third parties only as necessary to achieve our contractually-obligated business purposes.
- Companies working as service providers to Medone are required to sign “processor” and/or confidentiality contracts in which they commit to process personal information from Medone according to their contractual obligations, using appropriate technical and organizational security measures.
- Medone discloses personal data to those of our clients who contract with us for our clinical trial services. We also disclose these clinical trial data in regulatory submissions. In such disclosures, the individuals whose personal information is disclosed are identified only by a coded identifier. The link between these coded identifiers and actual identifiers such as name and contact information is held only by personnel of the relevant study clinical site.
- Medone may be required to disclose personal information by actions of law enforcement, for example, in response to a subpoena or court order.
- Medone may disclose personal information in relation to potential or actual business transactions, such as a merger or sale of our business or assets.
International Transfers of Personal Information
Medone collects personal information from many countries. As necessary in our work, we may transfer personal information from one country to another, including to third countries, such as the United States, which are not judged by the European Union as having adequate privacy safeguards for personal information. As legal protections of personal information differ among countries, Medone takes appropriate safeguards to ensure that such data transfers are made safely and legally.
Notice and Consent
For Medone clinical trial work, notice and consent for the clinical trial subjects are the responsibility of our Clients, the sponsors of the study, who determine the purposes and means of the processing of personal data by Medone.
When Medone is responsible for providing notice, Medone provides relevant notice as soon as reasonably practicable for the following particulars:
- Under whose authority the personal information is being collected;
- The purpose for collecting the personal information and the legal basis for doing so;
- The recipients of the personal information;
- If applicable, the fact that it is planned that the personal information be transferred to a third country and whether that country is judged by the European Commission to protect personal information adequately, and, if not judged adequate, the safeguards to ensure personal information’s protection;
- The period of data storage or the criteria to determine such;
- The individual’s personal information-related rights, such as the rights to access, correction, and deletion of personal information, and the right to complain to a supervisory authority competent to receive such complaints.
When required by law, Medone discloses personal information without consent.
Medonehas comprehensive procedural safeguards in place designed to ensure the high quality of its data, consistent with good clinical practice and other legal and regulatory requirements.
Consistent with regulations, Medone collects personal information that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. The retention period for personal information within Medone varies by category, but is consistent with relevant legal, regulatory, and contractual requirements.
Individuals’ Rights Related to Their Personal Data
Medone ensures that individuals can exercise all legal or contractually-obligated rights with respect to their personal information processed by the company, including the following rights:
- the right to be informed of all information necessary to ensure fair and transparent processing;
- the right of access to her/his personal information; [since the personal information processed for subjects in clinical trials has been coded to hide the subjects’ identity, to access study-related data the subjects must contact the study site to obtain the code used in the study for her/his identity
- the right to rectification (correction) of her/his personal information and completion of any incomplete personal information;
- the right to erasure of her/his personal information upon request (“the right to be forgotten”);
- the right to restrict processing under certain circumstances (for example, if the accuracy of the personal information is contested);
- the right to data portability in a structured, commonly used and machine-readable format for transmission to her/him or another organization;
- the right to object to processing her/his personal information, for example for purposes of direct marketing;
- the right to not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, unless certain criteria are met, such as the subject having given explicit consent to such automated processing;
- the right to withdraw, at any time, previously given consent [however, when such withdrawal occurs, the personal information previously collected under valid consent will not be expunged].
Medone Information Security
Medone employs technical and organizational security measures designed to protect personal information against a personal data breach, defined broadly as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Such security measures, including encryption of data at rest and in transit, are designed to ensure the confidentiality, integrity, availability and resilience of Medone processing systems and services.
Medone has a comprehensive procedure in place for responding to any security breach of personal information, including criteria for when notification of regulatory authorities and/or individuals whose personal information has been breached is required.
Medone Website Considerations
Your relationship to cookies on theMedone web site can generally be adjusted through your browser settings.
If you leave the Medone web site by clicking on a link, please note that Medone does not control any web sites linked to the Medone web site.
Children’s Online Privacy Protection
Medone web site is not directed at children less than 13 years old. Also, Medone does not knowingly collect information from such children.
Questions, Complaints and Request to Exercise Rights
Please direct such communications to the Medone Chief Privacy Officer, using either of the following methods:
- Send an e-mail to firstname.lastname@example.org
- Send conventional mail to the following address:
Medone Clinical Research
If you are in the EEA and have a question or complaint about the handling of your personal data , you also have a right to complain to the supervisory authority of your Member State, which is competent to monitor and enforce the application of the GDPR. Please refer to the list of all EU supervisory authorities, organized by Member State, on the European Data Protection Board website: https://edpb.europa.eu/