This Policy is effective as of 1 August 2021
Under data privacy laws, a “controller” makes decisions about how and why personal data is processed, while a “processor” processes personal data on behalf of the controller in accordance with their instructions. In some cases, we act as a “controller” in respect of certain processing activities that involve your personal data, while in others we act as a “processor." Throughout this Policy we explain whether we are acting as a "controller" or a "processor" in respect of a given activity so you can understand who is responsible for your rights in respect of your personal information. .
Our processes and procedures are designed to support compliance with this Policy, our privacy notices and applicable international and local data protection laws and regulations, including but not limited to the European Union General Data Protection Regulation (the “GDPR”), the Health Insurance Portability and Accountability Act (“HIPAA”) and, the privacy and confidentiality requirements of Good Clinical Practice (“GCP”).
To help you navigate to the sections relevant to you, in section 2 “What Personal Information is Handled by MRT and for what Purposes” we have categorized our explanations based on the main categories of relationships between us and those we collect personal data from. In section 3 “More Information” we address issues that are relevant to most or all of the relationships between us and the individuals who share personal data with us, for example your rights as an individual who has shared personal data with us, who we may share personal data with and our obligations when sharing personal data with third parties internationally.
Additional privacy terms tailored for different methods of data collection and specific uses by certain of our business lines and operations may apply to personal information shared with us. If alternative privacy terms are provided to you for a specific purpose those terms will govern the processing of personal data in relation to that purpose. For example, we maintain service specific privacy notices that may be provided to you for your review and consent in connection with the processing of personal data relating to those services and, if you are a participant in a research project for which MRT is providing services, there may be specific consent documentation addressing the disclosure of your personal information to us and clients who sponsor the research.
If you do not provide us with your personal data we may not be able to provide you with any of our services or respond to any questions or requests you submit to us via our websites. We will tell you when we ask for personal data which is a contractual requirement or is needed to perform our functions or is needed to comply with our legal obligations.
“Websites” means any MRT owned website:
The details below relates to any MRT owned website.
Personal data that we ask you to provide on the Websites and Apps is often limited to e-mail address, language preference, country or location, but may include other information when needed to provide a requested service. We collect information in several ways, outlined below.
2. On some Website pages you can register to receive information on an automated basis. The type of information you can register to receive in this manner includes general corporate information about us such as:
The personal information collected when you register to receive information on an automated basis includes your name, e-mail address, address, ISOQOL membership status, company name and occupation. You will have the option of cancelling your registration and removing your e-mail from the database on each occasion that you receive an automated e-mail alert, by clicking on an unsubscribe link on each e-mail alert message.
3. On some Website pages and Apps you may choose to provide personal information about yourself depending on your relationship or potential relationship with us e.g.:
if you are interested in obtaining services from or providing services to us- see sections 2.3 Client Personnel or Section 2.4 Vendor Personnel respectively.
4. On some Website pages or Apps you may choose to register to receive access to web casts, periodic updates or information on specific services. Generally the personal information collected in such cases is your name, title, company and e-mail address. This information is collected for qualification and aggregate measurement purposes and to provide you with the service.
5. On some Website pages and Apps you can register to receive customized information. This information is generally collected on 'Contact Us' forms where you may choose to be contacted by us. The personal information collected in these cases include your name, title, company, address, and contact details and e-mail address.
6. Websites and Apps also collect certain information about your computer hardware and software. This information may include; your IP address, browser type, operating system, domain name, access times and referring website addresses. This information is used for the operation of the service, to maintain and monitor quality of the service and to provide general statistics regarding use of Websites.
If you do not want non-essential cookies to be placed on your device, then you can easily accept or reject them in the cookie banners.
Website and App Security. Please be aware that whilst we do all that we can to safeguard the security of your personal information, the transmission of information over the internet is not completely secure and therefore you do this at your own risk. Once we receive your personal information we will implement strict security procedures with the objective of preventing unauthorized access.
Children. We do not knowingly collect any personal data through our Websites or Apps from individuals who are known to be under the age of 13, and no part of MRT’s Website or mobile Apps is directed towards anyone less than 13.
Certain MRT services involve the collating and maintenance of user databases of persons who may wish to procure free services for paid for services (“User Database”). Once a person is recorded in MRT’s User Database, we may contact them for further services or to respond to enquiries.
Your personal information may be collected through either volunteering it through one of our Websites or in the context of telephone calls or meetings with our representatives. Please be aware that by providing your personal information you consent to a member of our team contacting you directly by way of following-up with you, including contacting you directly by telephone or other means, including SMS text messages, and adding your personal information to our User Database.
In this context, we are the controller of the personal data.
Uses of your personal data. As discussed earlier, the main purpose of collecting personal data in the User Database is to provide services, including responding to enquiries.
We may use your Personal Information to respond to subsequent requests you may make of us, and from time to time, we may refer to your personal information to better understand your needs and how we can improve our websites, products and services on the basis of our legitimate interests in doing so. We may enhance or merge your personal information with data obtained from third parties for the same purposes. Any other information transferred by you which cannot be used to identify you (and which, therefore, does not constitute personal information) may be included in databases owned and maintained by us or our agents worldwide. We may also use anonymised personal data to run general statistical analysis in support of patient recruitment and similar analytical purposes.
Subscribers/Users/Members of MRT services. For Individuals sharing personal Information with us in order to inquire about, engage or otherwise make use of MRT and ePROVIDETM services or purchase, receive or seek information from us, including about any MRT and ePROVIDE™ products and services, vendors or opportunities, we will use such personal information in order to provide the requested information, products, and/or services and to process requested transactions. We may also use this personal data to improve the quality of our services, send and receive communications about the products and services available through us, and to enable our business partners and agents to perform certain activities on our behalf.
Use of personal information of client business representatives and agents in relation to MRT and ePROVIDE™ activities. For individuals engaged by our clients and collaborating with us in connection with projects for which we are providing services, including client employees, study personnel, and other consultants, contractors, managers, and agents (who are natural persons) of the client and its corporate affiliates, business partners and third-party service providers, personal information may be used by us in order to carry out the applicable services and related activities. This may include the transfer of such personal information to the applicable vendors, its corporate affiliates, business partners and third-party service providers.
Vendor business representatives and agents. Vendor representatives may share personal information with us in order to provide us information about services e.g. business support services, health care products and services, opportunities to participate in clinical research, health care education and patient related programs which may be available through a vendor. We will use any personal information provided by the vendor and its representatives in order to receive and assess the vendor related information, products, and/or services and potentially close associated contracts. Uses may include processing for requested transactions, reviewing the quality of the vendor’s services, sending and receiving communications about the products and services available through the vendor, and enabling our business partners, clients and agents to perform activities and make decisions in relation to the vendor.
Use of personal information of vendor business representatives and agents in relation to activities performed by vendors for us and our clients. For vendors engaged by us to perform services for us, including in relation to research studies being managed by us and our clients your personal information may be used by us in order to carry out the projects, activities and other related services in connection with which the vendor is engaged by us. This may include the transfer of such personal information to the applicable our study sponsor or client, other vendors involved in a project for which a vendor is engaged and such parties’ respective corporate affiliates, business partners and third-party service providers performing services or activities related to the project or activities for which a vendor is engaged by us.
To operate as a global business it may be necessary to process and transfer personal information within our businesses and with agents, contractors or partners of ours in connection with services that these individuals or entities perform for, or with, us. This may involve transferring personal information outside the European Economic Area (EEA) to the USA and elsewhere. These agents, contractors or partners are restricted from using this information in any way other than to provide services for us, or services for the collaboration in which they and us are engaged. We may, for example, provide your information to agents, contractors or partners for hosting our databases, for data processing services, or so that they can send you information that you requested.
Regardless of whether the transfer is within our group or to a third party, we will apply appropriate safeguards to such transfers as required by applicable law. For example, transfers to non-EEA countries will usually be governed by EU-approved “standard contractual clauses” where appropriate and will be subject to other appropriate technical and organisational measures having regard to the nature of the personal data. For more information, please contact us.
3.2.1. With your Consent: In cases where we need your consent to process your information, we will ask you to make a positive indication (e.g. to tick a box, sign a document, provide confirmation) that you agree to the processing. By actively providing consent, you are stating that you have been informed as to the type of information that will be processed, the reasons for such processing and how it will be used and for how long it will be kept and who else has access to it. Where we may rely on consent to process your information, you have the right to withdraw that consent for that activity at any time.
3.2.2. To fulfill a contract: In other cases we process your personal data because it is necessary to deliver a service you have requested.
3.2.3. For a Legitimate Interest: We may process your personal data on the basis of our legitimate interests in using your data for the purposes described in this Policy. Examples of our legitimate interests include the following:
You can object to us relying on our legitimate interest to use your personal data in these ways at any time as described under “Your Personal Data Rights” below.
3.2.4. To comply with Legal Obligations: There may be situations where we need to use your information to comply with legal obligations, applicable regulation and judicial process. For example, we are required by law to keep certain records for specific periods of time.
You have certain rights in respect of the personal data that we hold about you. Subject to certain exemptions and local law, these rights may include the following:
To exercise any of the above rights, please notify us at the address provided in section 3.6. “Inquiries, complaints and requests to exercise rights” below, unless you are a patient in a Study Site in which case please notify the relevant Study Site you are attending. We may request proof of identification to verify your identity. Where we are the relevant data controller, we will carefully assess your request and, subject to applicable laws and exceptions, will respond within the relevant legal time limits.
We ensure appropriate technical and organizational measures are taken to protect the personal and sensitive data you provide us with from unauthorized or unlawful processing and to protect against accidental loss, destruction or damage. Our Websites, Apps and electronic databases have security measures in place to protect the loss, misuse, unauthorized access or disclosure, alteration or destruction of the information under our control. However, as effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet.
The responsible data controller for MRT is ICON Clinical Research Limited. If you feel your data protection rights have been infringed by us, you have the right to complain to your local data protection supervisory authority. Our lead supervisory authority in Europe is the Data Protection Commission in Ireland (see www.dataprotection.ie).
Questions, comments or requests to exercise your rights should be submitted to our Global Data Protection Officer as follows:
Global Data Protection Officer
South County Business Park
By Email: Data_Privacy_Officer@iconplc.com.
This Policy is not a contract, and it does not create any legal rights or obligations. We reserves the right to modify or amend this Policy. For instance, the Policy may need to change as new legislation is introduced or as legislation is amended. Where we have your contact details, we will notify you of any material changes. The updated Policy will be posted on 1 August 2021. Last Updated: July 2021.