| Safe Harbor Privacy Policy |
CRF Inc. respects individual privacy and values the confidence
of its customers, employees, clinical trial participants, consumers,
business partners and others. Not only does CRF Inc strive to
collect, use and disclose personal information in a manner consistent
with the laws of the countries in which it does business, but
it also has a tradition of upholding the highest ethical standards
in its business practices. This Safe Harbor Privacy Policy (the
"Policy") sets forth the privacy principles that CRF
Inc follows with respect to personal information transferred
from the European Economic Area (EEA) (which includes the twenty
five member states of the European Union (EU) plus Iceland,
Liechtenstein and Norway) to the United States.
SAFE HARBOR
The United States Department of Commerce and the European Commission
have agreed on a set of data protection principles and frequently
asked questions (the "Safe Harbor Principles") to
enable U.S. companies to satisfy the requirement under European
Union law that adequate protection be given to personal information
transferred from the EU to the United States. The EEA also has
recognized the U.S. Safe Harbor as providing adequate data protection
(OJ L 45, 15.2.2001, p.47). Consistent with its commitment to
protect personal privacy, CRF Inc adheres to the Safe Harbor
Principles.
SCOPE
This Safe Harbor Privacy Policy (the "Policy") applies
to all personal information received by CRF Inc in the United
States from the European Economic Area, in any format including
electronic, paper or verbal.
DEFINITIONS
For purposes of this Policy, the following definitions shall
apply:
"Agent" means any third party that collects or uses
personal information under the instructions of, and solely for,
CRF Inc or to which CRF Inc discloses personal information for
use on CRF Inc's behalf.
"CRF Inc" means CRF Inc, its successors, subsidiaries,
divisions and groups in the United States.
"Personal information" means any information or set
of information that identifies or is used by or on behalf of
CRF Inc to identify an individual. Personal information does
not include information that is encoded or anonymized, or publicly
available information that has not been combined with non-public
personal information.
"Sensitive personal information" means personal information
that reveals race, ethnic origin, political opinions, religious
or philosophical beliefs, or trade union membership, or that
concerns health or sex life. In addition, CRF Inc will treat
as sensitive personal information any information received from
a third party where that third party treats and identifies the
information as sensitive.
PRIVACY PRINCIPLES
The privacy principles in this Policy are based on the Safe
Harbor Principles.
NOTICE: Where CRF Inc collects personal information
directly from individuals in the EEA, it will inform them about
the purposes for which it collects and uses personal information
about them, the types of non-agent third parties to which CRF
Inc discloses that information, and the choices and means, if
any, CRF Inc offers individuals for limiting the use and disclosure
of their personal information. Notice will be provided in clear
and conspicuous language when individuals are first asked to
provide personal information to CRF Inc, or as soon as practicable
thereafter, and in any event before CRF Inc uses or discloses
the information for a purpose other than that for which it was
originally collected.
Where CRF Inc receives personal information from its subsidiaries,
affiliates or other entities in the EEA, it will use and disclose
such information in accordance with the notices provided by
such entities and the choices made by the individuals to whom
such personal information relates.
CHOICE: CRF Inc will offer individuals the
opportunity to choose (opt-out) whether their personal information
is (a) to be disclosed to a non-agent third party, or (b) to
be used for a purpose other than the purpose for which it was
originally collected or subsequently authorized by the individual.
For sensitive personal information, CRF Inc will give individuals
the opportunity to affirmatively and explicitly (opt-in) consent
to the disclosure of the information to a non-agent third party
or the use of the information for a purpose other than the purpose
for which it was originally collected or subsequently authorized
by the individual.
CRF Inc will provide individuals with reasonable mechanisms
to exercise their choices.
DATA INTEGRITY: CRF Inc will use personal information
only in ways that are compatible with the purposes for which
it was collected or subsequently authorized by the individual.
CRF Inc will take reasonable steps to ensure that personal information
is relevant to its intended use, accurate, complete, and current.
TRANSFERS TO AGENTS: CRF Inc will obtain assurances
from its agents that they will safeguard personal information
consistently with this Policy. Examples of appropriate assurances
that may be provided by agents include: a contract obligating
the agent to provide at least the same level of protection as
is required by the relevant Safe Harbor Principles, being subject
to EU Directive 95/46/EC (the EU Data Protection Directive),
Safe Harbor certification by the agent, or being subject to
another European Commission adequacy finding. Where CRF Inc
has knowledge that an agent is using or disclosing personal
information in a manner contrary to this Policy, CRF Inc will
take reasonable steps to prevent or stop the use or disclosure.
ACCESS AND CORRECTION: Upon request, CRF Inc
will grant individuals reasonable access to personal information
that it holds about them. In addition, CRF Inc will take reasonable
steps to permit individuals to correct, amend, or delete information
that is demonstrated to be inaccurate or incomplete.
SECURITY: CRF Inc will take reasonable precautions
to protect personal information in its possession from loss,
misuse and unauthorized access, disclosure, alteration and destruction.
ENFORCEMENT: CRF Inc will conduct compliance
audits of its relevant privacy practices to verify adherence
to this Policy. Any employee that CRF Inc determines is in violation
of this policy will be subject to disciplinary action up to
and including termination of employment.
DISPUTE RESOLUTION: Any questions or concerns
regarding the use or disclosure of personal information should
be directed to the CRF Inc VP Quality Management & Regulatory
Affairs at the address given below. CRF Inc will investigate
and attempt to resolve complaints and disputes regarding use
and disclosure of personal information in accordance with the
principles contained in this Policy. For complaints that cannot
be resolved between CRF Inc and the complainant, CRF Inc has
agreed to participate in the dispute resolution procedures of
the panel established by the European data protection authorities
to resolve disputes pursuant to the Safe Harbor Principles.
LIMITATION ON APPLICATION OF PRINCIPLES
Adherence by CRF Inc to these Safe Harbor Principles may be
limited (a) to the extent required to respond to a legal or
ethical obligation; and (b) to the extent expressly permitted
by an applicable law, rule or regulation.
INTERNET PRIVACY
CRF Inc sees the Internet and the use of other technologies
as valuable tools for communicating and interacting with consumers,
employees, healthcare professionals, business partners, and
others. CRF Inc recognizes the importance of maintaining the
privacy of information collected online and has created a specific
Internet Privacy Policy governing the treatment of personal
information collected through web sites that it operates. With
respect to personal information that is transferred from the
European Economic Area to the U.S., the Internet Privacy Policy
is subordinate to this Policy. However, the Internet Privacy
Policy also reflects additional legal requirements and evolving
standards with respect to Internet privacy. CRF Inc’s
Internet Privacy Policy can be found at http://www.crfeducation.com/privacy.php.
CONTACT INFORMATION
Questions or comments regarding this Policy should be submitted
to the CRF Inc VP of Quality Management & Regulatory Affairs
by mail as follows:
CRF Inc
VP Quality Management & Regulatory Affairs
Suite 140
1690 Sumneytown Pike
Lansdale, Pennsylvania 19446
CHANGES TO THIS SAFE HARBOR PRIVACY POLICY
This Policy may be amended from time to time, consistent with
the requirements of the Safe Harbor Principles. A notice will
be posted on the CRF Inc web page ( http://www.crfhealth.com
) for 60 days whenever this Safe Harbor Privacy Policy is changed
in a material way. |
|
 |
|
