This Website Privacy Policy sets forth the privacy practices of Veristat LLC. and its affiliates (collectively referred to as “us” or “we” or “Veristat”) through the website www.veristat.com and relevant related services (together referred to as the “site”).
Veristat is committed to protecting your privacy online, and understands its responsibilities to protect the privacy and security of the Personal Data it collects from you or other sources.
Please read the information below to learn how we collect, use, and protect Personal Data that we obtain from your and other from other sources.
This Website Privacy Policy (together with Site Terms of Use and Cookies Policy) describes how we may use your Personal Data and how that information may be used or disclosed by us.
We reserve the right to change this Website Privacy Policy at any time. Such changes, modifications, additions or deletions will be immediately effective and will be made available on this page. We encourage you to review the Website Privacy Policy periodically to be informed of how we are using your Personal Data and to be aware of any changes. Where we are required to do so, we will communicate to you any changes to the Website Privacy Policy by sending a communication to the email address provided by the registered users.
This section applies to all Personal Data collected through www.veristat.com.
For purposes of this Privacy Policy, “Personal Data” means any data related to you as an identified or identifiable natural person. Personal Data that we collect about you includes:
The types of Personal Data that we may collect and receive while you use the site include both Personal Data that you provide to us, Personal Data that we collect automatically when you use the website and Personal Data that we receive from third parties. In particular:
Personal Data That You Provide Us
You provide Personal Data to us when you:
We might ask you to provide other information when necessary for a requested service, where an employment opportunity is being processed or where services as an Investigator in a clinical trial are being offered.
We collect Personal Data to support delivery of a diverse range of clinical research and consulting services in the pharmaceutical, biotechnology, diagnostic, and medical device industry. We may use Personal Data to further inform you about Company news, company experience, the service offering, industry trends, or other scientific or clinical development topics.
Depending upon the activity, some of the information we ask you to provide is identified as mandatory and some as voluntary. If you do not provide the mandatory information requested with respect to a particular activity, you will be unable to engage in that activity.
Data That May Be Collected Automatically
When you use the Veristat site, we also may collect certain usage and device data automatically, including:
IP Address
We may record the Internet Protocol (“IP”) address of your computer or other electronic device when you visit the Veristat website. An IP address identifies the electronic device you use to access the site, which allows us to maintain communication with your computer as you move around the Veristat website and allows us to personalize the content.
Cookies and Other Tracking Technologies
We use cookies (and equivalent technologies) to collect and analyze information on the performance of our website and to enable it to function better. Cookies also allow us and third parties to tailor the content and advertisements you see when you visit our website and other third-party websites in the same online network, including social networks. You can find out more information in our Cookie Policy.
Data Collected from Other Sources
We may combine Personal Data about you that is collected through the website with Personal Data that we have collected offline, as well as with Personal Data provided to us by third parties.
We may use your Personal Data to provide you the services you request, communicate with you, improve your experience on the Veristat website, process your job application, and for other internal business purposes, as described in more detail below:
Delivery of Services and Information about Veristat
If you choose to submit a website form, we use the Personal Data that you provide to respond to your questions and provide you the information or services that you request. We may use Personal Data to deliver information to you via the postal service, by email, by phone.
Creating and Publishing Content Relevant to You
We may use your IP address and the data that we obtain automatically through the use of cookies or similar tracking technologies to make our Veristat website easier to use and navigate, as well as to personalize the content provided on the site by anticipating the information and services that may be of interest to you.
In addition, we use your IP address to diagnose problems with our servers and software, to manage our website and to gather demographic information.
Analytics and performance
We may use the information that you provide and the information we collect automatically about your use of the Veristat website to monitor user traffic patterns and preferences for our legitimate business interests of improvement, analytics, and optimization.
Provide updated information about Veristat and Veristat Services
If you choose to subscribe to receive our newsletters, service updates, company news, or job alerts, we include your Personal Data in our contact database to send you communications. You may unsubscribe from receiving these communications at any time using the link in the emails we send or as described in section below “Your rights to your Personal Data”.
Careers
Users may apply for employment at Veristat through the Careers section of the website. The information supplied by candidates is collected and accessed by Veristat during the recruitment process.
We use your Personal Data to communicate with you and conduct the recruitment and selection process. If you create a job candidate profile from an existing profile on an external social account or job board such as LinkedIn, Indeed or Glassdoor, Veristat may collect relevant content from your application via those websites to build your candidate profile. If you register with external recruitment agencies, they may send us your job candidate profile in response to vacant positions Veristat has posted. If we are provided with your Personal Data from these external parties, we will upload your profile details into our recruitment database to progress our selection process and pre-employment steps, as appropriate.
Personal Data in our recruitment database may be used to contact you about future employment opportunities in which we think you may be interested.
Veristat may collect candidate feedback and opinions periodically (e.g., surveys) for business purposes, such as improving recruitment processes, subject to local legal requirements. You may respond to these surveys voluntarily or may elect not to respond and will not suffer any reprisals for your decision.
Legal and contractual obligations
We may also use your Personal Data to resolve disputes, troubleshoot problems and enforce our agreements with you, including our site Terms of Use and this Privacy Policy.
Veristat takes appropriate technical and organizational measures, consistent with applicable laws and current industry standards, to prevent unauthorized access, accidental loss, destruction or damage to Personal Data and any unauthorized disclosure or processing. However, there is always some risk that an unauthorized third-party could intercept an Internet transmission, or that someone will find a way to thwart our security systems. We urge you to exercise caution when transmitting Personal Data over the Internet. Veristat cannot guarantee that unauthorized third parties will not gain access to your Personal Data; therefore, when submitting Personal Data to the website, you must weigh both the benefits and the risks.
In addition, your Personal Data resides on a secure server that only selected Veristat personnel and contractors have access to via password. We encrypt your Personal Data, as well, and thereby prevent unauthorized parties from viewing such information when it is transmitted to us.
We store the Personal Data you provide in a secure electronic database in order to provide you with the information and/or services you request or to comply with regulations and legal requirements. This site and the electronic database have security measures in place to protect the loss, misuse, unauthorized access or disclosure, alteration or destruction of the information under our control.
The handling of health/medical information obtained in clinical research is governed by national and international data protection regulations, laws and rules regarding the development of medicinal products and medical confidentiality. Any medical information collected is maintained under these regulations.
Veristat has put in place security measures to protect manual and electronic processing of Personal Data and prevent its misuse, subject to local legal requirements.
Veristat also ensures adequate security is observed by third parties and affiliates processing Personal Data on behalf of Veristat, subject to local legal requirements.
We will only keep Personal Data as long as necessary for the fulfilment of the purposes outlined above, except if otherwise required by applicable laws or court orders.
We will retain your Personal Data as necessary to comply with our legal obligations, process your job application, resolve disputes, and enforce our agreements; or to the extent otherwise permitted by applicable law.
At the end of the defined retention period, Veristat will delete your Personal Data unless Veristat has the right to keep your Personal Data under a different legal basis which allows a longer retention period.
Veristat is a United States headquartered global organization. To operate as a global business, it may be necessary to process and transfer Personal Data within Veristat’s group of companies. The Personal Data will be processed, transferred, and stored on servers in the European Economic Area (EEA), UK, Switzerland and in the USA. This may include transferring Personal Data to countries that have different data protection regimes, and that are not deemed to provide an adequate level of protection for Personal Data. When Personal Data collected by our affiliates in the EEA, Switzerland, or the UK is transferred outside the EEA to a country that is not subject to an adequacy decision by the European Commission, the Swiss or UK governments we use appropriate safeguards required by the EU Regulation 2016/679, the Swiss nFADP, UK GDPR and the UK Data Protection Act 2018, as applicable, before the transfer of your Personal Data to a third country that does not provide the same level of protection of your Personal Data.
Veristat complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Veristat has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Veristat has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Please note there might be additional safeguards or other legal instruments which allows the transfer of Personal Data outside the EEA also without your express consent, for example the application of Standard Contractual Clauses (SCCs) and any additional safeguards which would allow Veristat to transfer data without the consent of the data subject. Veristat reserves the right to use those safeguards and legal instruments to transfer Personal Data abroad for its business purposes.
If you wish to know what safeguards we use to transfer your Personal Data, please contact us using the contact information set out below.
We do provide some of our services through contractual arrangements with third parties. In particular, we share your Personal Data with:
Veristat Group of Companies
We may share your Personal Data with Veristat affiliates, which adhere to our privacy and data-security requirements. In addition, during negotiations of corporate transactions, including any merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including as part of any bankruptcy or similar proceedings), we may transfer your Personal Data to third parties involved in these transactions. Under these circumstances, such third parties will enter into a confidentiality agreement with us and are obligated to protect any information and Personal Data provided as part of the transaction.
Third Parties Service Providers
We share certain information with selected service providers, vendors, hosting companies, consultants, and other providers that carry out functions or services on our behalf and that enable our business operations, including the protection and securing of our systems and services. Such service providers must abide by our privacy and data-security requirements and are not allowed to use Personal Data they receive from us for any other purpose.
Client Sponsor of Clinical Research Studies
If you apply to participate in a clinical research study as an investigator or a clinical site, we may share your Personal Data with our client sponsors, whose clinical research studies are within your stated area of interest, as part of the contracted services that we provide to them.
Disclosure to Protect Veristat and to Comply with Legal Requirements
Occasionally we may be required by law enforcement or judicial authorities to provide Personal Data to governmental authorities. We may disclose Personal Data upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation. We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful.
Veristat may be obliged to disclose certain Personal Data to third parties such as Government Authorities. It may also be necessary to disclose Personal Data so as to protect the legal interests and exercise other rights of Veristat, subject to local legal requirements.
A complete list of third parties to whom the Personal Data are shared can be obtained by contacting Veristat’s DPO at data_privacy@veristat.com.
Veristat ensures special protection for Sensitive or Special Category of Personal Data. This includes Personal Data relating to:
Veristat may process this type of Personal Data for the purposes of equal opportunities monitoring, or if it is prescribed by applicable law, or it is needed for the protection of life, health or freedom, or if it is required for the performance of your employment contract, subject to appropriate security safeguards and local legal requirements.
If required by local law, your explicit consent may be obtained to the processing of this type of Personal Data.
Except as described herein, we will not otherwise use or disclose any of your Personal Data, except to the extent reasonably necessary:
When you use our website, we will store cookies on your computer in order to facilitate and customize your use of our website. A cookie is a small data text file, which a website stores on your computer's hard drive (if your web browser permits) that can later be retrieved to identify you. Our cookies store randomly assigned user identification numbers and identify the country where you are located, The cookies make your use of the site easier, make the site run more smoothly and help us to maintain a secure site. You are free to decline cookies, but some parts of our site may not work properly in that case.
Veristat may use social media plug-ins (e.g., the Facebook “Like” button, “Share to Twitter” button) to enable you to easily share information with others. When you visit our Veristat site, the owner or service provider of the social plug-in can place a cookie on your computer or other electronic device that enables that operator to recognize individuals who have previously visited our site. If you are logged into a social media website (e.g. Facebook, LinkedIn, Twitter) while browsing on our site, the social media plug-in allows that social media website to receive information that you have visited our Veristat site. The social media plug-in also allows the social media website to share information about your activities on our Veristat site with other users of their social media website. These sharing settings are managed by the social media website and governed by its privacy policy.
For detailed information on the cookies used by Veristat site and purposes for which they are used, please our Cookie Policy.
You may contact Veristat to ask questions, discuss privacy matters, exercise your rights (to the extent applicable) or report your concerns. In particular, you may contact us by email at data_privacy@veristat.com or in writing to:
Veristat
134 Turnpike Road, Suite 200
Southborough, MA 01772
For the attention of the Data Privacy Officer (“DPO”).
Please provide sufficient detail for Veristat to properly assess and respond to your request. Veristat may be unable to respond to incomplete or vague requests. Veristat will require you to provide a proof of identity and a proof of address before proceeding with your request. If more information is required, such as the provision of one or more forms of valid government identification, we will contact you and request additional verification.
You may authorize a third-party representative to make a request on your behalf. Any third-party representative making a request on your behalf must indicate that he/she is acting as your representative and provide the name, email address and description of the relationship with you, and a certification that he/she has permission to submit a request on your behalf. Veristat may require proof of the delegation of authority to the third-party representative, including your written permission to the third-party representative, and/or a valid power of attorney. Veristat reserves the right not to respond to requests that failed to show a valid proof of identity, address and/or delegation of authority.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Veristat commits to refer unresolved complaints concerning our handling of non-HR Personal Data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to the International Centre for Dispute Resolution-American Arbitration Association (ICDR-AAA), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.
Veristat does not knowingly collect or use any Personal Data directly of children on www.veristat.com. We do not knowingly allow children to communicate with us, or to use any of our online services. It is Veristat’s view that the nature of the subject matter is unlikely to be of general interest to children. If you are a minor, please do not use the site or send any Personal Data about yourself to us. If you are a parent or the authorized legal guardian of a minor and become aware that your child has provided us with Personal Data or other information, please contact us using one of the methods specified in the section “Your Privacy Choices”, and we will work with you to address this issue.
Except as otherwise discussed in this Website Privacy Policy, this document only addresses the use and disclosure of information we collect from you. Other sites accessible through our site have their own privacy policies and data collection, use and disclosure practices. Please consult each site’s privacy policy if you want to receive information on third parties’ online activities.
Additionally, our website may provide links to other sites. When you click on one of these links, you are leaving our site and entering another site that we do not control and for which we cannot be responsible. The companies linked or referenced on our site may collect Personal Data and other information about you when you view or click on their sites through the use of cookies. You should contact these companies directly if you have any questions about their use of the information that they collect.
The graphics, documents and articles contained on this website are the copyrighted work of Veristat and contain proprietary trademarks and trade names of Veristat. We reserve the right to take appropriate legal action, including without limitation, referral to law enforcement, for any illegal or unauthorized use of this website. We also reserve to right take any action to prevent the unauthorized use of our intellectual property rights.
This section supplements the Website Privacy Policy and applies solely to residents of the European Economic Area (“EEA”) and UK residents.
The Data Controller of your Personal Data, meaning the person who determines purposes and means of data processing, is Veristat LLC, with a registered office at 134 Turnpike Road, Suite 200, Southborough, MA 01772.
Veristat has also appointed a Data Privacy Officer (“DPO”), who is responsible for overseeing compliance with the EU Regulation 2016/679, the UK GDPR and the UK Data Protection Act 2018, in relation to the personal data processed by Veristat. You can contact the DPO by email at data_privacy@veristat.com or by writing to:
Veristat LLC
134 Turnpike Road, Suite 200
Southborough, MA 01772
For the attention of Data Privacy Officer (DPO).
Veristat International Limited
27 Old Gloucester Street
London, United Kingdom, WC1N 3AX
For the attention of Data Privacy Officer (DPO).
Data Privacy Officer: Joe Deus, Senior Vice President, Information Technology data_privacy@veristat.com
We rely on different legal basis for the processing of your Personal Data, which also depend on the context of your interactions with Veristat. Such legal basis may be your consent, a company legitimate business interest, a legal or contractual obligations.
In some cases, we process your Personal Data to comply with a contractual obligation we have with you, or to take steps that you request before we enter into that contract. We may also process your Personal Data where necessary for our compliance with a legal obligation.
If we process your Personal Data under consent provided by you, you have the right to withdraw that consent at any time as set out in the section below “Data Subjects Rights”. Your withdrawal of consent, however, will not affect the lawfulness of any processing we have undertaken before the withdrawal.
Finally, we process Personal Data we collect through the site for certain legitimate business interests. These legitimate interests relate to conducting and managing our business. When we process Personal Data for these purposes, we will ensure that we take into account your interests and privacy rights. You can object to this processing as described in section below “Data Subjects Rights”.
Personal Data will be collected for the purposes specified in this Privacy Policy and used accordingly. The collection and processing of Personal Data will be limited to what is strictly necessary to fulfil these purposes and you are hereby informed in advance of the purposes and uses of such data.
Personal Data will be adequate, relevant and not excessive and relating to the purposes for which they are processed.
Personal Data will be as accurate as possible and, where necessary, kept up to date.
Personal Data will not be kept longer than is appropriate or necessary for the purposes for which it is being processed or local legal requirements.
Personal Data will be collected, used and retained in accordance with the legal rights available to the data subjects.
Veristat would like to make sure you are fully aware of all of your data protection rights. In particular, you are entitled to the following:
Under the European Data Protection Regulation 2016/679, the Swiss nFADP, the UK GDPR and the UK Data Protection Act 2018, you have also the right to lodge a complaint directly with the Supervisory Authority of the country where you live, work or where an alleged infringement has occurred.
Please see the Your Privacy Choices section if you would like to exercise any of your rights.
When contacting us, please make sure that you include your name, email address, postal address and/or telephone number to make sure we can handle your request correctly.
If you exercise any of your rights, we have one month to respond to you. If Veristat is unable to provide the requested information or make the change you request, you will be provided with reasons for such decision.
Please be advised that if you are a patient in a clinical trial, Veristat has no means by which to identify you and therefore cannot respond to privacy rights request. You should contact the doctor/medical provider who is treating you from the clinical trial site for any requests.
This section supplements the Website Privacy Policy and applies solely to residents of the State of California, to the extent the California Consumer Privacy Act of 2018 (“CCPA”) applies to Veristat’s for the processing of their Personal Information (these individuals are referred to in this section as “California Consumers”). Specific privacy requirements under CCPA that are not addressed in other sections of this Privacy Notice are described in this section.
As it relates to California Consumers: the term “Personal Information,” when used in this CCPA section of the Website Privacy Policy, should be interpreted to have the same meaning as specified in the CCPA. Personal Information does not include de-identified or aggregated information, or any other information the CCPA excludes from its scope.
Consistent with the information provided in the section “Collection of Your Personal Information from this Website” above, we collect certain information about individuals that are considered Personal Information under CCPA. As detailed above, we may collect such Personal Information directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. Veristat does not rent or sell your Personal Information to others.
CCPA Rights of California Consumers
CCPA provides California Consumers with certain rights relating to their Personal Information. Veristat will honour verified requests to exercise those rights, and will not unlawfully deny you services, charge you different prices, or provide you a different quality of service for exercising those rights. In particular, you have the right to:
Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.
This Website Privacy Policy will also ensure that timely notice is provided whenever confidential information (including, but not limited to, “Personal Information” protected under applicable data security laws such as M.G.L. c. 93H and 201 CMR 17.00 et seq.) has been compromised as a result of a breach of Veristat’s internal and external data security measures.
Specifically, this includes the following:
Data Security Breaches Involving Confidential Information Owned or Licensed by a Third Party
For data security breaches involving confidential information that is owned or licensed by a third-party, Veristat DPO shall provide prompt written notice to the affected owners and licensors when Veristat knows or has reason to know of a breach of Veristat’s security measures or upon learning that confidential information of a resident of the Commonwealth of Massachusetts has been acquired or used by an unauthorized person or used for an unauthorized purpose. Said written notice to the affected owner/licensor shall include the following information:
In providing notice to affected owners and licensors of the confidential information, Veristat is not required to disclose confidential business information or trade secrets or to provide notice to any affected resident of the Commonwealth of Massachusetts who may be affected by the data security breach or unauthorized acquisition or use of his or her confidential information.
Data Security Breaches Involving Confidential Information Owned or Licensed by Veristat
For data security breaches involving confidential information that is owned or licensed by Veristat, Veristat shall provide prompt written notice to the Massachusetts Attorney General, the Director of Consumer Affairs and Business Regulation, and to any affected resident of the Commonwealth of Massachusetts, when Veristat knows or has reason to know of a data security breach or that the confidential information of a resident of the Commonwealth of Massachusetts was acquired or used by an unauthorized person or for an unauthorized purpose.
The notice to the Attorney General and Director of Consumer Affairs and Business Regulation shall include the following information:
The notice to be provided to the resident of the Commonwealth of Massachusetts shall include the following information:
The notice to affected residents shall not include the nature of the data security breach or the number of affected residents of the Commonwealth of Massachusetts.
Notification during Criminal Investigation
If a law enforcement agency responding to a data security breach incident determines that the provision of the above notices would impede an ongoing criminal investigation, Veristat shall delay notification until informed by law enforcement that notification no longer poses a risk of impeding the investigation.
Veristat shall cooperate with law enforcement in its investigation of any data security breach incident and shall share all information relevant to the incident, with the exception of confidential business information and trade secrets.
Effective Date 18 January 2024.