Company
Our Compliance Policy
Clinsys ALTERNA™, a division of Clinsys Clinical Research, Inc.®, is committed to conducting business in an ethical manner and complying with state, federal and local laws and regulations. Clinsys has established Codes of Conduct for all employees and provides necessary training to ensure compliance. In addition, an email address (compliance@clinsys.com) has been established to field complaints and concerns from employees and third parties. Investigation of all suspected non-compliance offenses will be documented and reported, as necessary, and prompt corrective action will be taken as warranted.
Purpose
This policy's purpose is to inform employees of the principles under with Clinsys processes personal information received from countries belonging to the European Union (EU). This policy complies with the U.S. Department of Commerce Safe Harbor framework, which has been approved by the EU as an adequate way for Clinsys to demonstrate that it complies with the protections outlined in the EU Directive on Data Privacy. More information about the Safe Harbor Program is available at: http://export.gov/safeharbor/.
Scope
This policy applies to all employees of Clinsys.
Responsibility
The Information Services Department and the Legal Department are responsible for implementation of and compliance with this policy.
Definitions
Personal Data and Personal Information: data about an identified or identifiable individual, received by Clinsys in the United States from the EU, and recorded in any form.
A Data Subject: the individual who is the subject of personal data or information.
Processing: any online and offline processing, including activities such as copying, filing, and inputting personal information into a database.
Sensitive Data: data that pertains to racial or ethnic origins, political or religious beliefs, or health or sex life. Sensitive data may not be processed at all, unless the individual has given explicit consent.
Procedure
In processing personal data, Clinsys complies with the following Safe Harbor Principles:
1. Notice: Clinsys notifies all identified EU data subjects about the purpose for which personal information is collected and used.
2. Choice: Clinsys gives each data subject the opportunity to opt out from allowing Clinsys to use his/her personal information for a purpose incompatible with the purpose for which it was originally collected or authorized. For sensitive data, affirmative choice (opt in) must be given if the data is to be used for a purpose other than its original purpose or the purpose authorized.
3. Onward Transfer: Clinsys does not do this.
4. Security: Clinsys takes reasonable precautions to protect personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction. These precautions include password protections for online information systems and databases, restricted access to personal data and encryption of sensitive data.
5. Data Integrity: Clinsys takes reasonable steps to ensure personal data is accurate, complete and current.
6. Access: Upon request, data subjects may access personal information about them, and are able have inaccurate information corrected.
7. Enforcement: Data subjects may contact compliance@clinsys.com to register complaints, access requests or address any other issues arising under Safe Harbor Principles. In addition, Clinsys self-certifies annually with the U.S. Department of Commerce as a data controller, and the U.S. Federal Trade Commission has been empowered to investigate complaints and to obtain redress for individuals in case of Clinsys' non-compliance with the Safe Harbor Principles that are not related to HR. For HR-related non-compliance issues with the Safe Harbor Principles Clinsys submits to the authority of the European Data Protection Authorities.