Privacy Shield Policy

This Privacy Shield Policy (this “Policy”) applies to Personal Information transferred to Science 37, Inc. (“Science 37”) in the United States from individuals in the European Economic Area (EEA), the United Kingdom (“UK”) and Switzerland.  This Policy sets out our practices for collecting, using, maintaining, protecting and disclosing that Personal Information. Please see our Privacy Policy for an explanation of how we collect, use, store, and disclose information about visitors to our website.

Definitions

For purposes of this Policy, the following definitions shall apply:

“Agent” means any third party that collects or uses Personal Information under the instructions of, and solely for, Science 37 or to which Science 37 discloses Personal Information for use on Science 37’s behalf.

“Personal Information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Information does not include information that is anonymized or aggregated.

“Sensitive Information” means any Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information that concerns health or sex life, and information about criminal or administrative proceedings and sanctions.

Privacy Shield Principles

Science 37 participates in and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the EEA, UK and Switzerland to the United States, respectively. Science 37 has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the Privacy Shield program, and to view Science 37’s certification, visit https://www.privacyshield.gov/.

Notice

Science 37 may receive Personal Information from potential and enrolled clinical trial participants in the EEA, UK and Switzerland.  This information includes basic contact information like name and email address, and demographic information such as age, race and sex.  Science 37 uses this information to recruit interested and eligible individuals for clinical trials.  Science 37 also may receive health information from clinical trial participants for the purpose of providing services necessary for the clinical trial.  Personal Information is also received from clinical trial investigators and staff located in the EEA, UK and Switzerland.  Science 37 is committed to the confidentiality of Personal Information received by clinical trial participants and we may put in place other data transfer mechanisms such as model contractual clauses, at the request of our sponsors to ensure a compliant transfer of such Personal Information.  Science 37 receives Personal Information received from our business partners, including sponsors, vendors and suppliers, and uses this to manage the customer relationship, provide client services, and oversees third parties providing services for clinical trials.  Science 37 also receives Personal Information about employees of Science 37 who are located in the EEA, UK or Switzerland that is transferred in the context of the employment relationship.  Science 37 uses this information for internal employment and human resources purposes.

Science 37 will subject all Personal Information of EEA, UK and Switzerland residents to the EU-U.S. and Swiss-U.S. Privacy Shield Principles.  Science 37 is subject to the investigative and enforcement authority of the Federal Trade Commission (FTC).  Science 37 may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  Science 37 has liability for onward transfers to third parties unless we can prove we were not a party to the event(s) giving rise to the damages.  Additionally, an individual may be allowed to invoke binding arbitration to resolve disputes under certain limited conditions.

Choice

Science 37 offers EEA, UK and Swiss individuals whose Personal Information has been transferred to us the opportunity to choose whether such Personal Information may be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt out of such uses of their Personal Information by contacting us at the address given below.

Science 37 will not use sensitive Personal Information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless Science 37 has received the individual’s affirmative and explicit consent (opt-in).

Data Integrity and Purpose Limitation

Science 37 will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual.  Science 37 will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete and current.

 Transfers to Agents

Science 37 may disclose Personal Information to Agents who perform functions on our behalf such as providing services to recruit for or conduct a clinical trial.  Any such third party is bound by contractual obligations to safeguard Personal Information using at least the same level of protective measures as is required by the EU-U.S. and Swiss-U.S. Privacy Shield Principles. Science 37 is liable for onward transfers of Personal Information where its Agent processes Personal Information in a manner that is inconsistent with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, unless Science 37 proves that it is not responsible for the event(s) giving rise to the damages.

Access and Correction

Science 37 acknowledges the right of individuals to access their personal data pursuant to the Privacy Shield and will grant individuals reasonable access to Personal Information it received pursuant to these Principles.  In addition, Science 37 will take reasonable steps to permit individuals to correct, amend, or delete such information that is demonstrated to be inaccurate or incomplete.  An individual may request to access his or her information, or otherwise correct, amend, or delete his or her information pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Principles by contacting us at the address given below.

We may not be able to accommodate a request from an individual to change or delete information if the individual is enrolled in a clinical trial or if the change would violate any legal or regulatory requirement.

Security

Science 37 will take reasonable and appropriate precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Enforcement

Science 37 will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy.  Any employee that Science 37 determines is in violation of this Policy will be subject to disciplinary action. 

Dispute Resolution

In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, Science 37 commits to resolve complaints about data privacy and our collection or use of Personal Information. EEA, UK or Swiss individuals with inquiries or complaints regarding this Policy should first contact Science 37 at the address given below. Science 37 will investigate and attempt to resolve complaints regarding use and disclosure of Personal Information by reference to the principles contained in this Policy.

Science 37 has further committed to refer unresolved non-employee privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, Judicial Arbitration and Mediation Services (JAMS).  An individual who is unsatisfied with the resolution of his or her complaint, may contact JAMS at https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for further information and assistance.

Where applicable to the employment relationship, Science 37 agrees to cooperate and comply with the EU data protection authorities, the UK Information Commissioner, or the Swiss Federal Data Protection and Information Commissioner.  EU, UK, or Swiss individuals may direct complaints about their Personal Information to their respective authority. For the contact information for the appropriate authority, please contact us at the address given below. Alternatively, EU individuals may go to https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm to ascertain a comprehensive list of EU DPA’s. Swiss individuals can go to https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html for the list of Federal Data Protection and Information Commissioners by canton.

If a Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, an individual may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Contact Information

Questions regarding this Policy should be submitted to Science 37:

Privacy@Science37.com

ATTN: Legal Department

12121 Bluff Creek Drive, Suite 100

Los Angeles, CA 90094

 

Changes to this Policy

This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. The amended Policy will be made publicly available via Science 37’s website.

 

 

Effective:  March 12, 2020