Privacy Policy

Effective as of November 16, 2018

This “Privacy Policy” describes the privacy practices of Medidata Solutions, Inc. and our subsidiaries and affiliates (collectively, “Medidata”, “we”, “us”, or “our”). This Privacy Policy describes how we collect, use, disclose and otherwise process personal information in connection with our websites, mobile apps, and other services, and explains the rights and choices available to individuals with respect to their information. For convenience, our websites and mobile apps are collectively referred to as the “Sites,” and, together with our other services, collectively referred to as the “Services.” This Privacy Policy governs any of the Services on which the Privacy Policy is posted.

Individuals located in the European Union should be sure to read the important information provided here

Summary of our Privacy Practices

  • The Types of Information We Collect About You: We collect information that your provide to us, such as your contact details, as well as information that is automatically collected by our Sites, such as your IP address and information collected by our use of Cookies.
  • Purposes of Processing Your Information: We process information about you in order to provide our Sites and Services; to communicate with you; to comply with law and prevent fraud; and for other reasons with your consent. We may also anonymize your data – which means the data can no longer be used to identify you – in order to perform analytics to learn how to better provide our Sites and Services.
  • Your Rights and Choices: Depending on your jurisdiction, you may have legal rights associated with our processing of your data, including rights to access, correct, delete, transfer, or object to the processing of your data. Regardless of where you live, we will honor your request to opt out of being contacted by us for marketing reasons.
  • How to Contact Us: Medidata is the controller of your information when it is processed in the context of our Sites and Services. Our Data Protection Officer may be contacted by emailing dataprivacy@mdsol.com. However, please note that Medidata’s customers are the controllers of your data when it is processed in Medidata’s platform, applications, and related services. For example, if you are a patient in a clinical trial, or an investigator who logs into our applications, your data controller is the Sponsor of that trial and/or the participating healthcare provider.

 

Medidata’s Platform, Applications, and Customer Data

As part of Medidata’s platform, applications and related services, our customer’s employees and authorized users may enter information from or about their authorized users, employees, and clinical trial subjects (collectively, “Customer Data”), into our servers.

This Privacy Policy does not apply to Customer Data, and we are not responsible for our customers’ handling of Customer Data. Our customers have their own policies regarding the collection, use and disclosure of your personal information. Our use of Customer Data is subject to the written agreement between Medidata and the customer. Medidata’s responsibility under that agreement – that we take very seriously – is the obligation to keep Customer Data safe and secure. To learn about how a particular customer handles your personal information, we encourage you to read that customer’s privacy statement or contact that customer. 

Medidata has no control or ownership of Customer Data. Please direct any questions regarding Customer Data to the customer for which you work or which collected your information using a Medidata platform or application.

 

Personal Information We Collect

We collect personal information about you in the following ways:

Information you give us

Personal information that you may provide through the Services or otherwise communicate with us includes:

  • Personal and Business Contact information, such as your first name, last name, postal address, email address, telephone number, job title, and employer name;
  • Profile information, such as your username and password, industry, interests and preferences; 
  • Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with the Sites, receive customer support or otherwise correspond with us; 
  • Transaction information, such details about any purchases you make through the Sites, event registrations you make through the Sites, and billing details;
  • Usage information, such as information about how you use the Sites and interact with us;
  • Marketing information, such your preferences for receiving marketing communications and details about how you engage with them.

We may combine other publicly available information, such as information related to the organization for which you work, with the personal information that you provide to us through our Sites or Services.

Information automatically collected

We may collect an IP address from visitors to our Sites. We use IP addresses to help diagnose problems with our server(s), to administer the Sites, and to monitor activities on and interactions with our Sites.

We may also automatically log information about you and your computer or mobile device when you access our Sites. For example, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our Sites, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Sites. We collect this information about you using cookies. Please refer to the Cookies and Similar Technologies section for more details. 

Changes to your personal information

It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us by updating your registration profile or emailing us at dataprivacy@mdsol.com.  

 

How We Use Your Personal Information

To provide our Services

If you have a Medidata account or use our Sites, we use your personal information to:

  • Operate, maintain, administer and improve the Sites;
  • Manage and communicate with you regarding your Medidata account, if you have one, including by sending you service announcements, technical notices, updates, security alerts, and support and administrative messages;
  • Process and manage registrations you make through the Sites, including to track and administer trainings or events you have registered for and attended, and to subscribe you to our Developer Central community forum;
  • Better understand your needs and interests, and personalize your experience with the Sites; and
  • Provide support and maintenance for the Sites and our Services;
  • Respond to your service-related requests, questions and feedback.

To communicate with you

If you request information from us, register on the Sites, or participate in our surveys, promotions or events, we may send you Medidata-related marketing communications as permitted by law. You will have the ability to opt out of such communications. 

To comply with law 

We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

With your consent

We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Sites, you instruct us to take a specific action with respect to your personal information, or you opt into marketing communications. 

To create anonymous data for analytics

We may create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information that makes the data personally identifiable to you, so that it is no longer reasonably possible to ever use the data to identify you. We use this anonymized data for lawful business purposes, such as improving our Sites and Services.

For compliance, fraud prevention and safety

We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our Services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

 

How We Share your Personal Information

Except as described in this Privacy Policy, we do not share the personal information that you provide to us with other organizations. We disclose personal information to third parties under the following circumstances:

  • Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Policy;
  • Service Providers. We may employ third party companies and individuals to administer and provide the Services on our behalf (such as training, customer support, hosting, email delivery and database management services). These third parties may use your information only as directed by Medidata and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose;
  • Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us;
  • Compliance with Laws and Law Enforcement; Protection and Safety. Medidata may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our Services; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity;
  • Business Transfers. Medidata may sell, transfer or otherwise share some or all of its business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy. 

 

Your Choices

Access, Update, Correct or Delete Your Information

All Medidata account holders may review, update, correct or delete the personal information in their registration profile by logging into their account. Medidata account holders may also contact us at dataprivacy@mdsol.com to accomplish the foregoing or if you have additional requests or questions. 

Marketing communications

You may opt out of marketing-related emails by logging in and changing your account settings, by clicking on a link at the bottom of each such email, or by contacting us at dataprivacy@mdsol.com. You may continue to receive service-related and other non-marketing emails. 

Testimonials

If you gave us consent to post a testimonial on our Sites, but wish to update or delete it, please contact dataprivacy@mdsol.com

Choosing not to share your personal information

Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Services to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with the Services and may need to close your account. We will tell you what information you must provide to receive the Services by designating it as required in our Sites and Services or through other appropriate means. 

 

Cookies and Similar Technologies

What are cookies?

We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Site. 

We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Site; and (2) third party cookies, which are served by service providers on our Site, and can be used by such service providers to recognise your computer or mobile device when it visits other websites. 

Cookies we use

Our Site uses the following types of cookies for the purposes set out below: 

  • Essential Cookies. These cookies are essential to provide you with services available through our Site and to enable you to use some of its features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services. These are primarily used by our employees and contractors.

  • Functionality Cookies. These cookies allow our Site to remember choices you make when you use our Site. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-select your preferences or re-enter information every time you visit our Site.
  • Analytics and Performance Cookies. These cookies are used to collect information about traffic to our Site and how users use our Site. The information gathered may include the number of visitors to our Site, the websites that referred them to our Site, the pages they visited on our Site, what time of day and duration they visited our Site, whether they have visited our Site before, and other similar information. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site. We primarily use Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how our Site works. You can find out more information about Google Analytics cookies here and about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our Site by downloading and installing the browser plugin available here.
  • Targeted and Advertising Cookies. These cookies track your browsing habits to enable us to show advertising on a third party site which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. You can disable certain cookies which remember your browsing habits and target advertising at you by visiting this site. If you choose to remove targeted or advertising cookies, you will still see advertisements but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioural advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.

Disabling cookies

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings. 

Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.

If you do not accept our cookies, you may experience some inconvenience in your use of our Site. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Site. 

Flash Technology

We may use supporting technologies for our Sites that use Flash cookies (which are also known as Flash Local Shared Object (“LSOs”)) on our Site to collect and store information about your use of our Site. Unlike other cookies, Flash cookies cannot be removed or rejected via your browser settings. If you do not want Flash cookies stored on your computer or mobile device, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel at this website. You can also control Flash LSOs by going to the Global Storage Settings Panel at this website and following the instructions. Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our Site.

On-Site Tracking

We may also use tracking tags (which are also known as web beacons) on our Site to track the actions of users while on our Site. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, tracking tags are embedded on webpages. Tags compile statistics about usage of the Site, so that we can manage our content more effectively. The information we collect using tracking tags is not linked to our users’ personal data.

Do Not Track Signals

Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not currently respond to do not track signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

 

Security

The security of your personal information important to us. We take a number of organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information. 

 

International Transfer 

Medidata is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction. 

European Union users should read the important information provided here about transfer of personal information outside of the European Economic Area.

 

Other Sites and Services

The Sites may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.

 

User Generated Content

We may make available on our Sites, or link to, features that allow you to share information online (e.g., on message boards, in chat areas, in file uploads, through events, etc.). Please be aware that whenever you voluntarily disclose personal information online, that information becomes public and can be collected and used by others. We have no control over, and take no responsibility for, the use, storage or dissemination of such publicly-disclosed personal information. By posting personal information online in public forums, you may receive unsolicited messages from other parties.

 

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Policy you will be notified via the contact information you have provided to us or another manner that we believe reasonably likely to reach you. This may include posting a specific announcement on our Sites.

Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes in the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Sites and Services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

 

Contact Us

If you have any questions or concerns at all about our Privacy Policy, please feel free to email us at dataprivacy@mdsol.com, or write to us at:

Medidata Solutions, Inc.
350 Hudson Street
New York, New York 10014 USA
Attention: Data Protection Officer

Additional Information for European Union Users

Personal information

References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation. 

Controller and Data Protection Officer

Medidata Solutions, Inc. is the controller of your personal information for purposes of European data protection legislation. Our Data Protection Officer can be reached at dataprivacy@mdsol.com. See the “Contact Us” section above for additional contact details.

Legal bases for processing

We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the list below. If you have questions about the legal basis of how we process your personal information, contact us at dataprivacy@mdsol.com.  

  • To provide the Services. Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services.
  • To communicate with you; To create anonymous data for analytics; and For compliance, fraud prevention and safety. These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • To comply with law. Processing is necessary to comply with our legal obligations.
  • With your consent. Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at dataprivacy@mdsol.com.

Use for new purposes

We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis. 

Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Information) for seven years after they cease being customers for financial and tax purposes.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Your Rights

European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

  • Opt-out. Stop sending you direct marketing communications. You may continue to receive service-related and other non-marketing emails;
  • Access. Provide you with information about our processing of your personal information and give you access to your personal information;
  • Correct. Update or correct inaccuracies in your personal information;
  • Delete. Delete your personal information;
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice;
  • Restrict. Restrict the processing of your personal information;
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights. 

You can submit these requests by email to dataprivacy@mdsol.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here

Cross-Border Data Transfer

Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on one of the following safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation:

  • Contracts approved by the European Commission which impose data protection obligations on the parties to the transfer. For further details, see European Commission Model contracts for the transfer of personal information to third countries.
  • For transfers to third parties in the United States, ensuring they participate in the EU-US Privacy Shield Framework.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.

EU-U.S. Privacy Shield and Swiss-US Privacy Shield

Medidata complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Medidata has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Click here to view our Privacy Shield Notice (which is part of this Privacy Policy) and learn more about Medidata's obligations and your rights under the Privacy Shield. 

In compliance with the US-EU and Swiss-US Privacy Shield Principles, Medidata commits to resolve complaints about our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding our Private Shield policy should first contact Medidata at: dataprivacy@mdsol.com

Medidata has selected a third party to serve as its independent recourse mechanism (IRM) for dispute resolution arising from certain transfers or processing of Personal Information (non-HR data) under Privacy Shield. Medidata has further committed to refer unresolved Privacy Shield complaints under the EU-US and Swiss-US Privacy Shield Principles to the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the CBBB at http://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information or to file a complaint. The services of CBBB are provided at no cost to you. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.