Global Privacy Statement 

 Introduction  

Worldwide Clinical Trials (“Worldwide” or “We”) respects the privacy of all individuals whose personal data we process in the performance of our business operations (“Personal Data”) and are committed to protecting it through our compliance with this Global Privacy Policy. 

This Global Privacy Statement describes the types of information we may collect from our clients, personnel, clinical trial participants, patients, investigator site personnel, healthcare providers, service providers, suppliers and business partners and our practices for collecting, using, maintaining, protecting, and disclosing that information.  Together with additional implementing practices, this Global Privacy Statement supports Worldwide’s compliance with applicable international privacy laws and regulations. 

This Global Privacy Statement supplements our Privacy Shield Policy

Scope: 

This Global Privacy Statement applies to all Personal Data collected by or on behalf of Worldwide, including information collected while using Worldwide websites and mobile applications, that relates to our clients, personnel, clinical trial participants, patients, investigator site personnel, healthcare providers, service providers, suppliers and business partners.  This Global Privacy Statement supplements Worldwide’s Online Privacy Statement

Lawfulness of Processing:  In general, Worldwide uses Personal Data for its legitimate interests in compliance with applicable law and regulation.  In certain situations, Worldwide may rely on alternative lawful bases for using your Personal Data in specific situations.  In such cases, you will be notified with additional information on the lawful use of your Personal Data (see “Effect of Other Notices” below). 

Personal Data Collected, Purposes and Use: 

  • Clinical Trial Related Personal Data:  Personal Data may be collected from clients, personnel, clinical study participants (including patients, spouses, caregivers and legal guardians), investigator site personnel, healthcare providers, service providers, suppliers and business partners for Worldwide to carry out business, operational, and safety activities related to a clinical trial or research study.  Such Personal Data may be disclosed to other entities participating in the study, including the sponsor of the study, investigative sites, and third-party services providers and suppliers. 
  • Human Resources Personal Data:  Personal Data may be collected from job applicants, actual or past employees, consultants or independent contractor, in order to fulfil our Human Resources (HR) functions and administer potential, past or current employment with Worldwide.   Such Personal Data may be disclosed to Worldwide’s agents providing recruitment or employment services on our behalf. 
  • Business Contact Personal Data:  Personal Data may be collected from clients, service providers, suppliers, and business partners in order to discuss prospective business opportunities, Worldwide’s service offerings, or provide customer support. 
  • Prospective Study Participant Personal Data:  Personal Data may be collected from prospective study participants, including patients or healthy volunteers, in order to determine interest or eligibility to participate in a clinical research study.  Such Personal Data may be disclosed to other entities participating in prospective studies, including the sponsor of the study, investigative sites, and third-party services providers and suppliers. 
  • Web Visitor Personal Data:  Worldwide collects Personal Data from website visitors and mobile app users in accordance with, and for the purposes described in our Online Privacy Statement

Sensitive Personal Data: 

Worldwide may collect and use sensitive Personal Data including government issued ID numbers (including social security, drivers license and passport numbers) financial account information, reports of individual background information and information relating to a criminal offense.  Worldwide may also process Personal Data pertaining to race, ethnic origin, political opinions, sexual orientation, sex life, religious or philosophical beliefs, trade union membership, genetic data, biometric data where processed to uniquely identify a person, or that concerns medical or health conditions or sex life.  Worldwide shall only collect and use sensitive Personal Data where permitted, and subject to heightened restrictions, under applicable law (and only after obtaining your explicit consent or authorization where so required) and where we have provided you with specific notice of such processing.  For more information on privacy notices see “Notice” and “Effect of Other Notices”.

Privacy Principles

The following sets forth the privacy principles that Worldwide follows with respect to Personal Data we globally collect use, and disclose. 

  • Notice: Worldwide informs individuals in accordance with applicable law, regulation or policy, about the purposes for which we collect and uses Personal Data about them, the people or types of people who will have access to it, including the types of non-agent third parties to which Worldwide discloses that information, and the choices and means, if any, Worldwide offers individuals for limiting the use and disclosure of Personal Data.  Where Worldwide is processing Personal Data as a data processor (for example, as a CRO on behalf of client or sponsor), we will only use your Personal Data according to the privacy notices and instructions issued by those entities.  For more information on privacy notices see “Effect of Other Notices”. 
  • Choice: Worldwide secures, when required by applicable law, regulation or policy, the consent of the individual to collection, use or disclosure of their Personal Data. Worldwide endeavours to offer individuals the opportunity to choose whether Personal Data about them is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual, or (c) to continue to be used for certain types of ongoing processing, such as ongoing commercial e-mail, facsimile, telemarketing, or direct mail communications.  Where Worldwide is processing Personal Data on behalf of a data controller (for example, as a CRO on behalf of client or sponsor), Worldwide will act according to the instructions of and contractual terms in place with the controller to support the data controller’s obligations under the Choice principle. 
  • Accountability for Onward transfer:
    • Agents/Service Providers:  Worldwide may transfer Personal Data to our third-party agents or service providers who perform functions on our behalf.  We take reasonable and appropriate steps, including execution of written contracts, to require third-party agents and service providers process Personal Data in accordance with applicable law and the principles contained in this Global Privacy Statement and to stop and remediate any unauthorized processing. 
    • Third-Party Controllers:  In some cases, we may transfer Personal Data to unaffiliated third-party data controllers, including clients sponsors of clinical trials for commercial and research purposes. These third parties do not act as agents or service providers and are not performing functions on our behalf.  We enter into written contracts with any unaffiliated third-party data controllers requiring them to provide adequate levels of data protection in accordance with applicable law.

In addition, Worldwide may share Personal Data with third parties if:  

    1. Worldwide sells or buy any business or assets, in which case Worldwide may disclose a limited amount of Personal Data to the prospective seller or buyer of such business or assets;  
    2. if Worldwide or substantially all of Worldwide’s assets are acquired by a third party, in which case Personal Data Worldwide holds may be one of the transferred assets; or  
    3. if Worldwide is under a duty to disclose or share Personal Data to comply with any legal obligation as required by law or in response to request from a regulatory or enforcement authority, to enforce any contract with individuals to which the Personal Data relates, or to protect Worldwide’s rights, property, or safety of Worldwide’s employees, clients, or others.

Worldwide shall only carry out international transfers of Personal Data within or outside of Worldwide or its group of affiliated companies and agents where we have implemented reasonable, adequate protection for such information in compliance with applicable laws.  For additional information on transfers made subject to the EU-US and Swiss-US Privacy Shield please refer to Worldwide’s Privacy Shield Policy.

  • Security: Worldwide implements appropriate administrative, physical, and technical safeguards to protect Personal Data in its possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Worldwide evaluates any potential security incident/personal data breach, and reports any unauthorized disclosure of Personal Data as required by and in accordance with applicable laws.  
  • Data Use, Integrity & Retention: Worldwide uses Personal Data only in ways that are compatible with the legitimate business purposes for which it was collected or subsequently authorized by the individual. Worldwide ensures that Personal Data is accurate, complete and relevant to its intended use. Worldwide checks the accuracy of any Personal Data at the point of collection and at regular intervals afterwards. Worldwide takes all reasonable steps to destroy or amend inaccurate or out-of-date Personal Data.  Where Worldwide is processing Personal Data on behalf of a data controller (for example, as a CRO on behalf of client or sponsor), Worldwide will act according to the instructions of and contractual terms in place with the data controller to support the data controller’s obligations under the Data Use, Integrity & Retention principle. 
  • Purpose Limitation: Worldwide collects, uses, and discloses Personal Data only in such manner as is necessary for its business purposes, and for no other purposes, and retains the information in identifiable form only as long as necessary and / or in accordance with retention periods identified in specific privacy notices. Worldwide uses best efforts to procure that clinical sites send any Personal Data relating to patients to Worldwide in a de-identified form wherever possible, and where not possible, to procure that the clinical sites obtain the explicit consent of the relevant patients to send their Personal Data to Worldwide in identifiable form. Where Worldwide is processing Personal Data on behalf of a data controller (for example, as a CRO on behalf of client or sponsor), Worldwide will act according to the instructions of and contractual terms in place with the data controller to support the data controller’s obligations under the Purpose Limitation principle. 
  • Access: Worldwide processes all Personal Data in line with individuals’ rights, such as, in accordance with applicable laws, by granting individuals reasonable access to Personal Data that Worldwide holds about them, and enabling them to question, correct, amend or delete their Personal Data. Where permissible by law, Worldwide may charge a fee for access or apply exemptions to withhold information if it deems appropriate. Where Worldwide is processing Personal Data on behalf of a data controller (for example, as a CRO on behalf of client or sponsor), Worldwide will act on the instructions of the data controller and assist the data controller in responding to any access requests.  Employees and any other individuals should submit any questions or comments regarding this Global Privacy Statement or any Personal Data that Worldwide holds about them to:  

    Worldwide Clinical Trials 
    Attention: Global Data Protection Officer 

600 Park Offices Drive, Suite 200
Research Triangle Park, NC 27560
USA

or 

Data.Protection@worldwide.com 

  • Recourse, Enforcement and Liability: 
    Any questions or concerns regarding the use or disclosure of Personal Data should be directed to the Worldwide’s Global Data Protection Officer. Worldwide will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy. 

Any personnel Worldwide determines is in violation will be subject to disciplinary action up to an including termination of employment, where applicable.

If you are a citizen of the European Union (EU), United Kingdom (UK) or Switzerland, you may address any unresolved complaints with your respective data protection authority. 

Contact details for the EU data protection authorities, the UK Information Commissioner, or the Swiss Federal Data Protection and Information Commissioner as applicable at: 

EU Data Protection Authorities:  https://edpb.europa.eu/about-edpb/board/members_en

UK Information Commissioner:  https://ico.org.uk/make-a-complaint/ 

Swiss Data Protection and Information Commissioner:  https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html 

If you are a citizen of the European Union (EU), United Kingdom (UK) or Switzerland, you may address any unresolved complaints with your local data protection authority 

For questions or complaints related to processing of your Personal Data on the basis of Privacy Shield, please refer to Worldwide’s Privacy Shield Policy

Where Worldwide is processing Personal Data on behalf of a data controller (for example, as a CRO on behalf of client or sponsor), you may submit complaints concerning the processing of Personal Data to the relevant controller, in accordance with the controller’s dispute resolution process.  Worldwide will act according to the instructions of and contractual terms in place with the data controller to support the data controller’s obligations under the Recourse, Enforcement and Liability  principle. 

Effect of Other Notices: 

Worldwide utilizes additional privacy notices to explain how we use your personal data in specific situations. Where Worldwide collects Personal Data from you directly as a data controller, these notices include information relating to lawful basis, how and for what purpose(s) we process your Personal Data, the types of Personal Data collected, third parties to whom we disclose the Personal, our data security measures, and any choice or rights you may have to limit our use and disclosure of your Personal Data.  If you receive a privacy notice tailored for a specific purpose, the terms of the more specific privacy notice will control your interactions with Worldwide to the extent there is a conflict with this Global Privacy Statement.  Where Worldwide is processing Personal Data as a data processor (for example, as a CRO on behalf of client or sponsor), we will only use your Personal Data according to the privacy notices and instructions issued by those entities. 

GDPR:  Where applicable, Worldwide conducts its processing activities in compliance with the GDPR and national implementing legislation.   

Enforcement: Worldwide conducts compliance audits, reviews, and assessments of its practices to verify adherence to this Global Privacy Statement. Training is required to be completed annually by all employees. Any employee that Worldwide determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.  

Changes to Our Privacy Policy 

It is our policy to post any changes we make to our Global Privacy Statement on this page.  The date the Global Privacy Statement was last revised is identified at the bottom of the page. You are responsible for periodically visiting our Website and this privacy policy to check for any changes. 

Effective Date: 07April2020 

Last modified: 07April2020