Personal Information Definition: Personal Information is (1) any nonpublic data that (2) identifies or may identify an individual, as set forth under the Data Protection Directive 95/46/EC, the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, or any successor laws or regulations.
Contact Information – Some areas of our Sites request or require contact and other information. During the registration process and in other instances, we may collect information such as your name, mailing address and email address.
Internet Protocol (IP) Address – We may collect an IP address from visitors to our Sites. We may use IP address to help diagnose problems with our server(s), to administer our Websites, and to monitor activities on and interactions with our Websites, user preferences, and other computer and connection information relating to your use of our Sites. We may also use log files, cookies and similar technologies (described below) to collect information about the pages you view, links you click on, and other actions you may take when accessing our Sites.
We may combine other publicly available information, such as information related to the organization for which you work, with the Personal Information that you provide to us through our Sites.
Use and Sharing of Your Personal Information – Medidata uses the Personal Information we collect from you:
Medidata does not not share, sell, rent, or trade your Personal Information collected through our Sites with third parties for their sole promotional purposes without your express consent. As set forth above, Medidata may share your personal information with third party service providers contracted by us to provide services on our behalf; these providers may only use information we provide to them as instructed by us.
Our Site has security measures in place to protect against the loss, misuse and alteration of the information under our control. However, it is not possible to guaranty the security or integrity of information you disclose online since a sufficiently powerful attack from an unauthorized third party could compromise your data.
You may, at any time, “opt out” of receiving communications from us related to our products and services and/or to request the removal of your contact information from our database by writing to us at the postal or email address set forth below. However, Medidata cannot withdraw any previous disclosures made with your authorization, and we reserve the right to retain and disclose your information as permitted or required by law or regulation. You may also at any time request access to your personal data by writing to us at the postal or email address set forth below.
Medidata Solutions, Inc.
350 Hudson Street, 9th Floor New York, NY 10014
If any of your contact information changes or is incorrect, please email firstname.lastname@example.org with your new, correct information.
Medidata Solutions, Inc.
350 Hudson Street, 9th Floor New York, NY 10014
+1 212 918 1800
+1 212 918 1818 (Fax)
You can also email email@example.com.
As part of Medidata’s platform, applications and services, our customer’s employees and authorized users may enter Personal Information, including Personal Information from or about their authorized users, employees, and clinical trial subjects (together, “Customer Data”), into our servers.
Medidata processes Customer Data as instructed by our customers, and has no direct control or ownership of the Personal Information it processes. Our customers are responsible for complying with regulations or laws regarding notice, disclosure and/or obtaining consent prior to transferring the data to Medidata for processing purposes.
Medidata will not share or distribute Customer Data except as provided in the contractual agreements between Medidata and our customers. These agreements may provide Medidata with the rights to process or use Personal Information for Medidata’s business purposes including providing or developing the Medidata platform and applications, preventing or addressing service issues, support or technical problems, responding to our customer’s instructions, or as may be required by law.
Please direct any questions regarding access, correction, amendment, or deletion of your Personal Information to the customer (the data controller) for which you work or which collected your Personal Information using our platform or applications. If our customer requests us to remove the Personal Information to comply with data protection regulations, Medidata will respond to their request within 30 business days. We will refer any request for disclosure of Personal Information by a law enforcement authority to our customer unless prohibited by law, and will make such disclosures where we conclude that we are legally obligated to do so.
Medidata complies with the US-Swiss Safe Harbor Framework as set forth by the United States Department of Commerce regarding the collection, use and retention of personal information from Switzerland. Medidata adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. Learn more about the Safe Harbor program and view Medidata's certification.
In compliance with the Privacy Shield Principles, Medidata commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union with inquiries or complaints regarding our Private Shield policy should first contact Medidata at: firstname.lastname@example.org.
As set forth in our Privacy Shield Notice, Medidata has selected a third party to serve as its independent recourse mechanism (IRM) for dispute resolution arising from certain transfers or processing of Personal Information (non-HR data) under Privacy Shield. Medidata has further committed to refer unresolved Privacy Shield complaints to the Council of Better Business Bureaus (CBBB), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the CBBB at http://www.bbb.org/EU-privacy-shield/bbb-eu-safe-harbor-dispute-resolution/ for more information or to file a complaint. The services of CBBB are provided at no cost to you.
Medidata has further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/bbb-eu-safe-harbor-dispute-resolution/ for more information and to file a complaint.
The EU Data Protection Authorities (DPAs) or the Swiss Federal Data Protection and Information Commissioner (FDPIC) will be used for dispute resolution for unresolved complaints involving human resources data. Medidata commits to cooperate with the EU DPAs and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
Last updated: September 30, 2016