Last revised and effective as of: February 6, 2020
TARGET PharmaSolutions, Inc. (“TARGET”, “we”, “us”, “our”) is committed to transparency regarding the collection of your personal information and data. This policy relates to the information collection and use practices in connection with our website (www.targetpharmasolutions.com) as well as the services offered by TARGET.
TARGET is a clinical data company utilizing innovative modes of data collection in order to develop Real-World Data (“RWD.”) RWD refers to health data collected on a routine basis which may include sources such as electronic health records, claims data, registries embedded within clinical practice or other sources that can inform on health status. According to the 21st Century Cures Act, the U.S. food and drug administration (FDA) has since developed a framework for evaluating the potential use of evidence generated from such RWD to support the approval of a new indication for already-approved drugs or to help support or satisfy postapproval study requirements. From RWD, Real-World Evidence (“RWE”), the clinical evidence about the usage and potential benefits of a medical product is derived from analysis of RWD. In order to develop this RWD, TARGET sponsors longitudinal, observational studies in order to gain insights about the natural history of diseases, including treatment outcomes.
Information collected about you during your visit to our website
The amount and type of information we collect depends on how you use this website. We may collect information about you from a variety of sources, including (a) information you provide directly; (b) information we collect about you when you visit our Website, use our services, or; and (c) information we receive from other sources.
- Information We Collect Directly From You. We may collect information directly from you when you visit our Website, choose to use services or participate in programs or otherwise provide information directly to us. Depending on your use of Website, we may collect two types of information: personally identifiable information and non-personally identifiable information.
Personally Identifiable Information: Personally identifiable information is information that identifies you or can be used to identify or contact you. The categories of personally identifiable information that may be collected through the Website include but are not limited to your name, email address, and telephone number.
Non-Personally Identifiable Information: Non-personally identifiable information is information, any single item of which, by itself, cannot be used to identify or contact you. The categories of non-personally identifiable information that may be collected through the Website include but are not limited to demographic information (such as age, profession, gender, location, zip code, birth date, or year of birth), responses to survey questions, queries, IP addresses, browser types, unique device identifiers, device types, requested URL, referring URL, browser language, the pages you view, the date and time of your visit, domain names, and other statistical data involving use of the Website. Certain non-personally identifiable information may be considered a part of your personally identifiable information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. However, the same pieces of information are considered non-personally identifiable information when they are taken alone or combined only with other non-personally identifiable information (for example, your viewing preferences).
We may collect the following information about you:
- Technical information, including your IP address, browser type and version, browser plug-in types and versions, operating system and platform, and device-specific information, such as time zone setting and mobile network information (including location information); and
- Information about your visit, including, web pages you view, links you click, language preferences web sites you visited before coming to our Website, page response times, download errors, page interaction information (such as lengths of visits to certain pages, scrolling, clicks and mouse-overs), or your destination when you leave the Website.
How We Use This Information
In general, we use the information collected through our Website to conduct our Business, to help us understand who uses the Website, to improve the Website, for internal operations, and, if you request information or request that we contact you, to respond to your requests. In addition, if you identify yourself to us by sending us an email with questions or comments, we may file your questions or comments (with your personally identifiable information) for future reference. We may also use the information gathered through the Website (including your personally identifiable information) to perform statistical analysis of user behavior or to evaluate and improve the Website and our Business. We may link some of this information to personally identifiable information for internal purposes.
Protection Of Children
We are committed to protecting the privacy of children. The Website is not designed for or directed to children under the age of 13. We do not collect personally identifiable information through the Website from any person we actually know is under the age of 13.
Sharing Your Information
- Laws and Legal Rights- Your information (including your personally identifiable information) may be disclosed upon a good faith belief that disclosure is required in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process. Your information may be disclosed in special circumstances upon a reasonable belief that disclosing this information is necessary to identify, contact, or bring legal action against someone, to detect fraud, or to protect our rights or property or the safety and/or security of our Website, our Business or the general public.
- Third Parties Generally- With respect to our Website, your non-personally identifiable information may be provided to third parties, including where such information is combined with similar information of other users of the Website. In addition to the above, when individuals use our Website, third parties (including without limitation third-party analytics and other service providers) may directly collect information about our Website visitors, including about our visitors’ online activities over time and across different websites. The third parties to which information may be provided, or who may directly collect information, may include analytics and other service providers, vendors and website tracking services, affiliates, actual or potential commercial partners, licensees, researchers, and other similar parties.
- Outside Contractors- We may employ independent contractors, vendors, and suppliers (collectively, “Outside Contractors”) to provide specific services and products related to the Website and/or our Business, including hosting, maintenance, auditing, monitoring, and other services. In the course of providing products or services to us, these Outside Contractors may have access to your information (including personally identifiable information). We use reasonable efforts to ascertain that these Outside Contractors are capable of protecting the privacy of your personally identifiable information.
Global Data Transfer
Personally identifiable information collected on the Website may be transferred from time to time to TARGET offices or personnel, or to third parties, located throughout the world, including offices located outside the European Union and the European Economic Area, and the Website may be viewed and hosted anywhere in the world, including countries (such as the United States) that may not have laws of general applicability regulating the use and transfer of such data. Were this is the case, we will take reasonable steps to ensure that your information receives the necessary level of protection and comply with applicable law, including, but not limited to, the European Union General Data Protection Regulation (“GDPR”). By using the Website and submitting such information on it, you voluntarily consent to such transborder transfer and hosting of such information. For specific information regarding how we handle personal information and transfer data, please see the “Global Data Protection Statement.”
Is The Information Collected Through The Website Secure?
We want your information (including personally identifiable information) to remain secure. We strive to provide transmission of your information from your computer or mobile device to our servers through techniques that are consistent with industry standards and to employ administrative, physical, and electronic measures designed to protect your personally identifiable information from loss, misuse, and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved and the nature of the information. Notwithstanding the above, you should be aware that there is always some risk involved in transmitting information, both over the Internet and through other online and offline channels. There is also some risk that others could find a way to thwart our security systems. As a result, while we strive to protect your information, we cannot ensure or warrant the security or privacy of any information you transmit to us, and you do so at your own risk.
What Choices Do I Have Regarding The Collection, Disclosure And Distribution Of Personally Identifiable Information Collected Through The Website?
Do Not Track
The term “Do Not Track” refers to a HTTP header offered by certain web browsers to request that websites refrain from tracking the user. We take no action in response to Do Not Track requests.
Can I Update Or Correct My Personally Identifiable Information Collected Through The Website?
You should be aware that it is not technologically possible to update or change each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your personally identifiable information may exist in a form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, or change, as appropriate, all personally identifiable information collected through the Website and stored in databases we actively use and other readily searchable media, as appropriate, as soon as and to the extent reasonably practicable.
Without limitation of any other provision contained herein, access to personal information associated with research studies may be limited if necessary to maintain the integrity of the research effort.
How Long Will My Personal Data Be Stored?
We will only retain your Personal Data for as long as necessary to fulfil the purpose for which they were collected or to comply with legal or regulatory requirements.
Global Data Protection Statement
It is our policy to respect and protect personal information collected or maintained by or on behalf of TARGET—therefore, TARGET adheres to both the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and the EU-U.S. Privacy Shield Principles (“Privacy Shield”). In furtherance of this commitment, TARGET has certified to the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and the Federal Trade Commission (“FTC”). To learn more about Privacy Shield, and to view TARGET’s certification, please visit https://www.privacyshield.gov/participant?id=a2zt0000000TQHnAAO&status=Active.
This Statement describes the principles pursuant to which TARGET manages Personal Information received: (i) in the course of TARGET’s operations involving current, prospective and former strategic partners, clients, vendors and subcontractors (collectively, “Corporate Parties”); and (iI) physicians/investigators, health care professionals, and trial participants (collectively, “Clinical Parties”). In connection with TARGET’s operations, TARGET may now and/or in the future: (a) transfer Personal Information of Corporate Parties and/or Clinical Parties outside of the European Economic Area (“EEA”) to the United States; and/or (b) access Personal Information regarding Corporate Parties or Clinical Parties from the United States.
“Agent” or collectively, “Agents” means any third party that processes Personal Information pursuant to the instructions of, and solely for, TARGET or to which TARGET discloses Personal Information for use on its behalf.
“Citizen” or collectively, “Citizens” means a lawful citizen or citizens of any EEA country and includes Corporate and Clinical Parties.
“EEA” means the European Economic Area which is composed of the following thirty-one (31) countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Ireland, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and United Kingdom.
“Personal Information” means any information or set of information about an identified or identifiable Citizen, including, but not limited to: (a) first name or initial and last name; (b) home or other physical address; (c) telephone number; (d) email address or online identifier associated with the Citizen; (e) Social Security number or other similar identifier; (f) employment, financial or health information; or (g) any other information relating to a Citizen that is combined with any of the above. The term “Personal Information” does not include anonymized information or information that is reported in the aggregate (provided that such aggregated information is not identifiable to a natural person).
“Process” or “Processing” of Personal Information means any operation or set of operations which is performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
“Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic data, biometric data where Processed to uniquely identify a person, any information that concerns medical or health conditions or sex life, or information relating to the commission of a criminal offense.
“Statement” means this Global Data Protection Policy Statement.
Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”
We will only use your personal information to the extent that the law allows us to do so. Pursuant to the GDPR we rely on the following legal bases for processing your personally identifiable information:
- where you have given consent to the processing of your personal data;
- where it is necessary to perform a contract we have entered into or are about to enter into with you; and/or
- where it is necessary for the purposes of our legitimate interests, including where personal data are processed for a scientific research purpose under Art. 89 of the GDPR, and your interests or fundamental rights and freedoms do not override those legitimate interests.
Types of Personal Information Collected
Study Participants – The information collected from individuals participating in our research studies (“Participants”) is collected with written consent of the Participant, redacted at the respective research study site, and typically transferred as a de-identified data set in key-coded form as described in Privacy Shield Supplemental Principle 14 Pharmaceutical and Medical Products, subsection (g) “Key-coded Data”, and therefore does not constitute a transfer that would be subject to the Privacy Shield Principles. To the extent that such information is not key-coded, the types of personal information generally collected from individuals participating in our research studies include demographic information (such as year of birth, gender, race, ethnicity, country of birth); vital signs; information from Participants’ medical records; dates of service related to health care; information regarding medications, lifestyle, and health conditions; biopsy reports; results of tests, treatments, and procedures (such as transplants, blood tests, MRIs, and X-rays); medicines and the effects of medicines on Participants’ physical, mental, and social health and side effects.
Research Study Site Staff, Vendors, and Contractors – The types of personal information collected from research study site staff, vendors, and contractors generally include name, e-mail address, phone number, business or home address, and curriculum vitae.
Website Visitors – The types of personal information collected from visitors to our Website may generally include name, email address, telephone number, demographic information (such as age, profession, gender, location, zip code, birth date, or year of birth), IP addresses, browser types, unique device identifiers, device types, requested URL, referring URL, browser language, the pages you view, the date and time of your visit, domain names, and other statistical data involving use of the Website.
General Inquirers, Advisors, and Representatives of Our Business Partners and Clients – The types of personal information collected from individuals inquiring about our clinical data business and our research studies, from our advisors, and from individuals who represent our business partners and clients generally include name and contact information and queries.
Purposes for Which Personal Information is Collected and Used
Purposes of Information Collected From Study Participants – Personal information generally is collected from the Participant and used for the purposes of: contacting the Participant; conducting research studies; regulatory documentation and submissions to relevant agencies, ethics committees and competent authorities; responding to audit and inspection requests by relevant agencies, ethics committees, and competent authorities; community building and data analytics; and presenting and sharing the results and data from research studies. As examples, non-identifiable data associated with Participants is used as part of publications in medical journals in the form of summary statistics; figures included may show individual data points in scatter plots or non-identifiable Participant data may be presented in the form of a case study displaying key highlights of the patient record (such as medication, lab values, comorbidities over time, etc.). In addition to the above, personal information may be used in the future for new scientific, medical, and pharmaceutical research activities, including activities that are unanticipated. These activities may include, but are not limited to, periodic follow-up or related studies.
Purposes of Information Collected From Research Study Site Staff, Vendors, and Contractors - Personal information generally is collected from research study site staff, vendors, and contractors and used for the purposes of contacting such individuals; conducting research studies; ensuring appropriate qualifications and training; administering the receipt of services from such individuals; regulatory documentation and submissions to relevant agencies, ethics committees, and competent authorities; responding to audit and inspection requests by relevant agencies, ethics committees, and competent authorities; community building and data analytics; and presenting and sharing the results and data from research studies. In addition to the above, personal information may be used in the future for new scientific, medical, and pharmaceutical research activities, including activities that are unanticipated. These activities may include, but are not limited to, periodic follow-up and related studies.
Purposes of Information Collected Through Website - In general, the personal information collected through our Website is used to conduct and improve our Business, to help us understand who uses the Website, to improve the Website, for internal operations, and, if you request information or request that we contact you, to respond to your requests. We may also use the information gathered through the Website (including personal information) to perform statistical analysis of user behavior or to evaluate and improve the Website and our Business. Some of this information may be linked to personal information and personally identifiable information for internal purposes.
Purposes of Information Collected From General Inquirers, Advisors, and Representatives of Our Business Partners and Clients – Personal information generally is collected from inquirers, advisors, and representatives of our business partners and clients in order to respond to the relevant inquiry, to conduct our and improve our Business (including conducting research studies), to carry out our relationships with our business partners and clients, and for internal operations.
Privacy Shield Principles
The Privacy Shield Framework outlines the following seven “Privacy Shield Principles:”
- Notice: In the event that TARGET collects Personal Information from a Citizen, TARGET will furnish a notice to the Citizen (via an Informed Consent Form provided to each clinical study participant in the EEA) that describes: (i) the types of Personal Information that it collects about such Citizens; (ii) the purposes for which it collects such information; (iii) the types of third parties to which it discloses such information, and the purposes for which it does so; and (iv) how to contact TARGET with any inquiries or complaints. Notice will be provided in clear and conspicuous language at the time of collection, or as soon as reasonably practicable thereafter. In any event, notice will be provided before TARGET discloses the Personal Information or uses such information for a purpose other than that for which the Personal Information was originally collected or processed.
- Choice: In the event that Personal Information is to be used for a new purpose that is materially different from the purpose(s) for which the Personal Information was originally collected or subsequently authorized, or transferred to a non-Agent third party, Citizens will be provided, where practical and appropriate, with an opportunity to decline to have their Personal Information so used or transferred. In the event that the Personal Information used for a purpose other than that for which it was originally collected or subsequently authorized or transferred to the control of a non-Agent third party is Sensitive Personal Information, the Citizen’s affirmative express consent will be obtained prior to the use or transfer of the Sensitive Personal Information or as otherwise permitted in accordance with the Privacy Shield Principles.
- Accountability for Onward Transfer: Before we disclose any of your transfer data to a third party we will require that such third party provide the same level of privacy protection as is required by the Privacy Shield Principles. TARGET’s accountability for transfer data that it receives under the Privacy Shield and transfers to a third party is outlined in the Privacy Shield Principles. In particular, TARGET remains liable under the Privacy Shield Principles if third-party agents that it retains to process transfer data on TARGET’s behalf process such transfer data in a manner inconsistent with the Privacy Shield Principles, unless TARGET can prove that it is not responsible for the event giving rise to the damage.
- Security: TARGET takes reasonable and appropriate administrative, technical and physical precautions designed to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, regardless of whether such Personal Information is in electronic or tangible, hard copy form.
- Data Integrity and Purpose Limitation: TARGET endeavors to limit the collection, usage, and retention of Personal Information to that which is relevant for the intended purposes of Processing, and takes reasonable steps designed to ensure that all Personal Information is reliable for its intended use, accurate, complete and current.
- Access: Citizens may seek confirmation regarding whether TARGET is Processing Personal Information about them, request access to their Personal Information and ask that the Company correct, amend or delete that information, where it is inaccurate or has been processed in violation of the Privacy Shield Principles. Although TARGET makes good faith efforts to provide Citizens with access to their Personal Information, we reserves the right to limit or deny such access where the burden or expense of providing access would be disproportionate to the risks to the Citizen’s privacy, where the rights of Citizens other than the subject Citizen would be violated, where the information is commercially proprietary or where doing so is otherwise consistent with the Privacy Shield Principles. If TARGET determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries.
- Recourse, Enforcement and Liability: TARGET has implemented mechanisms to verify its ongoing compliance with the Privacy Shield Principles and this Statement.
In compliance with the Privacy Shield Principles, TARGET commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our privacy team at: firstname.lastname@example.org.
TARGET commits to cooperate with the panel established by the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (Commissioner), as applicable, to investigate unresolved disputes/complaints and comply with the advice given by the panel and/or Commissioner. With respect to the application of Privacy Shield Principles to transfer data, the panel established by the DPAs and/or the Commissioner, as applicable, is the independent dispute resolution body designed to address complaints and provide appropriate recourse to you free of charge.
As further described in the Privacy Shield Principles, a binding arbitration option will be made available to you in order to address residual complaints regarding transfer data that have not been resolved by other means. See Section C of Annex I to the Privacy Shield Principles at https://www.privacyshield.gov/article?id=C-Pre-Arbitration-Requirements and http://trade.gov/td/services/odsi/swiss-us-privacyshield-framework.pdf . The Federal Trade Commission has jurisdiction over TARGET’s compliance with the Privacy Shield.
Adherence by TARGET to the Privacy Shield Principles and the above-set forth provisions regarding transfer data may be limited (a) to the extent necessary to meet national security, public interest or law enforcement requirements; (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations; or (c) if the effect of the GDPR or Member State law is to allow exceptions or derogations, provided that such exceptions or derogations are applied in comparable contexts.
Third Parties in Connection with Research Studies
With respect to our research studies, your personal information may be disclosed to a variety of third parties, including third parties that purchase a research study database and third parties with which we have contracted to provide access to our databases, including research study databases. The results of our research studies also may be presented at meetings or in publications, but your identity will not be disclosed in those presentations or publications.
Limitation on Scope
Adherence to these GDPR and Privacy Shield Principles may be limited (i) to the extent required or allowed by applicable law, rule or regulation; (ii) to the extent necessary to respond to lawful requests by public authorities, including to meet national security, law enforcement, legal or governmental requirements; and/or (iii) to protect the health or safety of a Citizen.
If you have any concerns or questions about this Privacy Statement, and the privacy practices set forth herein, including your dealings with this Web Site, please contact us directly as follows:
TARGET PharmaSolutions, Inc.
2520 Meridian Parkway, Ste 105
Durham, NC 27713
Phone: (984) 234-0268
Attention: Allison Chandler, Sr. Director, Legal Affairs