Effective Date: 6 May 2019
Syneos Health LLC (formerly INC Research, LLC), a Syneos Health™ company (“SHLLC"), “we,” “us,” or “our”) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of certain Personal Data (as described below) transferred from the European Union, the United Kingdom, and/or Switzerland, as applicable, to the United States. SHLLC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (“Principles”) with respect to such information. If there is any conflict between the terms in this statement and the Principles, the Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Types of Data Collected
This statement applies to Personal Data within the scope of SHLLC Privacy Shield certification:
- Human Resources Data regarding current, former, and prospective (1) Officers, directors, employees, contract laborers, or temporary employees (collectively, “Associates”); (2) Agents of SHLLC, including consultants or representatives; (3) Beneficiaries identified by Associates; and (4) Retirees located in the European Union, United Kingdom, or Switzerland, which we process for the purpose of operating and managing SHLLC, performing human resource administration, and maintaining contact with individuals.
- Personal Data regarding clinical research participants; study investigators and their staff; medical and healthcare professionals; pharmaceutical industry experts and opinion leaders; customers, such as pharmaceutical, medical device, and biotechnology companies; vendors; contractors; consultants; and consumers for the purposes of marketing and business development activities, managing ongoing business relationships and delivering SHLLC services.
For the purposes of this statement, “Personal Data” means information that relates to a natural person (a “Data Subject”) and can be linked either directly or indirectly to that Data Subject. In addition, certain Personal Data covered by SHLLC’s Privacy Shield certification may be subject to more specific privacy policies of SHLLC or to contracts. For example:
- Certain Syneos Health websites maintain their own privacy policies that apply to Personal Data collected via those sites. Where the website pertains to the business of SHLLC, those privacy policies apply to SHLLC. Such policies may be accessed through those websites.
- Personal Data obtained from or relating to employees or Syneos Health group companies or the staff of study investigators or sponsors may be further subject to the terms of specific Privacy otices provided to Data Subjects, to contractual arrangements, and to and applicable laws and professional standards.
In the case of any conflict between these policies and contracts and the Principles, the Principles will control.
Jurisdiction of the FTC
SHLLC is committed to upholding the Principles and confirms that it is subject to the investigatory and enforcement powers of the FTC.
We collect and process Personal Data from certain Data Subjects and for the purposes described in this statement, which is designed to inform Data Subjects about the Personal Data collected from them and how that information is used may be provided through this statement, other Syneos Health group website notices, or other direct forms of communication with appropriate parties, such as contracts or agreements.
SHLLC will not process Personal Data covered by this statement for purposes other than those for which the information was originally obtained or subsequently authorized by the Data Subject unless the Data Subject consents to the processing, or unless an exception (including another lawful basis for such processing) under applicable law applies. SHLLC also provides Data Subjects with the opportunity to withdraw consent at any time, as stated in its Privacy Notice.
Disclosures & Accountability for Onward Transfers
SHLLC may transfer Personal Data to third parties, including transfers from one country to another. SHLLC may disclose a Data Subject’s Personal Data to third parties under one or more of the following conditions:
- To (a) another member of a Syneos Health group company, in connection with the operation of our business; (b) third-party service providers to SHLLC, such as vendors, consultants, and advisors, in connection with the operation of our business (including to establish, maintain ,or defend legal claims); (c) customers and prospective customers, such as sponsors, in the course of pursuing business opportunities and performing our services; and (d) newly-formed or acquiring organizations in the event of a merger, sale, or a transfer of some or all of SHLLC’s business. We maintain written contracts with these third parties that are designed to provide the same level of privacy protection and security as required by the Principles. To the extent provided by the Principles, SHLLC remains responsible and liable under the Principles if a third party it engaged processes Personal Data in a manner that is inconsistent with the Principles, unless SHLLC proves that it is not responsible for the matter giving rise to the damage;
- To third parties with the Data Subject’s consent;
- To public authorities when SHLLC receives lawful requests by public authorities (such as court orders, or government inquiries), including to meet national security or law enforcement requirements.
Data Subjects in the European Union, the United Kingdom, and Switzerland have the right to access data about them, and may have the right under certain circumstances to correct, amend, restrict, port, or delete Personal Data. Where we are the Data Controller, we will honor such rights, subject to the limitations and exclusions provided by law. Where we are processing the Personal Data of such individuals for our customers, we will refer any requests to access, correct, amend, restrict, port or delete Personal Data to the applicable Data Controller, if we have appropriate information to do so, and will provide reasonable support to the Data Controller in responding to your request. To convey your request to the relevant customer, we will need your name and contact information, the name of the customer to whom you provided your data, and whether you are making the request on your own behalf or on behalf of another person. All requests to exercise any of the foregoing rights should be sent to firstname.lastname@example.org.
SHLLC has employed reasonable and appropriate measures designed to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
Data Integrity and Purpose Limitation
SHLLC collects and processes Personal Data only to the extent that it is compatible with the purposes for which it was collected or subsequently authorized by the Data Subject. SHLLC does not retain Personal Data after it no longer serves the purposes for which it was collected or subsequently authorized. SHLLC takes reasonable steps designed to ensure that Personal Data is accurate, complete, current, and reliable for its intended use.
Contacting Us; Dispute Resolution
SHLLC is committed to addressing questions and resolving complaints about our collection and/or use of your Personal Data. Should you have any questions about this statement or SHLLC’s compliance with the Principles, or if you wish to raise a complaint, please contact us at email@example.com. We will respond to your complaint within 45 days of its receipt. If your inquiry or complaint is not addressed satisfactorily, you may contact the relevant EU/UK or Swiss supervisory authorities and SHLLC will cooperate with such authorities with regard to the investigation in an effort to resolve the complaint. In certain cases, you may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint. For further information, please see the Privacy Shield website.
SHLLC may update this statement from time to time by publishing an updated version to this site.