Veristat is committed to protecting your privacy online, and understands its responsibilities to protect the privacy and security of the Personal Data it collects from you or other sources.
Please read the information below to learn how we collect, use, and protect Personal Data that we obtain from your and other from other sources.
This section applies to all Personal Data collected through www.veristat.com.
The types of Personal Data that we may collect and receive while you use the site include both Personal Data that you provide to us, Personal Data that we collect automatically when you use the website and Personal Data that we receive from third parties. In particular:
Personal Data That You Provide Us
You provide Personal Data to us when you:
We might ask you to provide other information when necessary for a requested service, where an employment opportunity is being processed or where services as an Investigator in a clinical trial are being offered.
We collect Personal Data to support delivery of a diverse range of clinical research and consulting services in the pharmaceutical, biotechnology, diagnostic, and medical device industry. We may use Personal Data to further inform you about Company news, company experience, the service offering, industry trends, or other scientific or clinical development topics.
Depending upon the activity, some of the information we ask you to provide is identified as mandatory and some as voluntary. If you do not provide the mandatory information requested with respect to a particular activity, you will be unable to engage in that activity.
Data That May Be Collected Automatically
When you use the Veristat site, we also may collect certain usage and device data automatically, including:
We may record the Internet Protocol (“IP”) address of your computer or other electronic device when you visit the Veristat website. An IP address identifies the electronic device you use to access the site, which allows us to maintain communication with your computer as you move around the Veristat website and allows us to personalize the content.
Cookies and Other Tracking Technologies
Data Collected from Other Sources
We may combine Personal Data about you that is collected through the website with Personal Data that we have collected offline, as well as with Personal Data provided to us by third parties.
We may use your Personal Data to provide you the services you request, communicate with you, improve your experience on the Veristat website, process your job application, and for other internal business purposes, as described in more detail below:
Delivery of Services and Information about Veristat
If you choose to submit a website form, we use the Personal Data that you provide to respond to your questions and provide you the information or services that you request. We may use Personal Data to deliver information to you via the postal service, by email, by phone.
Creating and Publishing Content Relevant to You
In addition, we use your IP address to diagnose problems with our servers and software, to manage our website and to gather demographic information.
Analytics and performance
We may use the information that you provide and the information we collect automatically about your use of the Veristat website to monitor user traffic patterns and preferences for our legitimate business interests of improvement, analytics, and optimization.
Provide updated information about Veristat and Veristat Services
If you choose to subscribe to receive our newsletters, service updates, company news, or job alerts, we include your Personal Data in our contact database to send you communications. You may unsubscribe from receiving these communications at any time using the link in the emails we send or as described in section below “Your rights to your Personal Data”.
Users may apply for employment at Veristat through the Careers section of the website. The information supplied by candidates is collected and accessed by Veristat during the recruitment process.
We use your Personal Data to communicate with you and conduct the recruitment and selection process. If you create a job candidate profile from an existing profile on an external social account or job board such as LinkedIn, Indeed or Glassdoor, Veristat may collect relevant content from your application via those websites to build your candidate profile. If you register with external recruitment agencies, they may send us your job candidate profile in response to vacant positions Veristat has posted. If we are provided with your Personal Data from these external parties, we will upload your profile details into our recruitment database to progress our selection process and pre-employment steps, as appropriate.
Personal Data in our recruitment database may be used to contact you about future employment opportunities in which we think you may be interested.
Veristat may collect candidate feedback and opinions periodically (e.g., surveys) for business purposes, such as improving recruitment processes, subject to local legal requirements. You may respond to these surveys voluntarily or may elect not to respond and will not suffer any reprisals for your decision.
Legal and contractual obligations
Veristat takes appropriate technical and organizational measures, consistent with applicable laws and current industry standards, to prevent unauthorized access, accidental loss, destruction or damage to Personal Data and any unauthorized disclosure or processing. However, there is always some risk that an unauthorized third-party could intercept an Internet transmission, or that someone will find a way to thwart our security systems. We urge you to exercise caution when transmitting Personal Data over the Internet. Veristat cannot guarantee that unauthorized third parties will not gain access to your Personal Data; therefore, when submitting Personal Data to the website, you must weigh both the benefits and the risks.
In addition, your Personal Data resides on a secure server that only selected Veristat personnel and contractors have access to via password. We encrypt your Personal Data, as well, and thereby prevent unauthorized parties from viewing such information when it is transmitted to us.
We store the Personal Data you provide in a secure electronic database in order to provide you with the information and/or services you request or to comply with regulations and legal requirements. This site and the electronic database have security measures in place to protect the loss, misuse, unauthorized access or disclosure, alteration or destruction of the information under our control.
The handling of health/medical information obtained in clinical research is governed by national and international data protection regulations, laws and rules regarding the development of medicinal products and medical confidentiality. Any medical information collected is maintained under these regulations.
Veristat has put in place security measures to protect manual and electronic processing of Personal Data and prevent its misuse, subject to local legal requirements.
Veristat also ensures adequate security is observed by third parties and affiliates processing Personal Data on behalf of Veristat, subject to local legal requirements.
We will only keep Personal Data as long as necessary for the fulfilment of the purposes outlined above, except if otherwise required by applicable laws or court orders.
We will retain your Personal Data as necessary to comply with our legal obligations, process your job application, resolve disputes, and enforce our agreements; or to the extent otherwise permitted by applicable law.
At the end of the defined retention period, Veristat will delete your Personal Data unless Veristat has the right to keep your Personal Data under a different legal basis which allows a longer retention period.
Veristat is a United States headquartered global organization. To operate as a global business, it may be necessary to process and transfer Personal Data within Veristat’s group of companies. The Personal Data will be processed, transferred, and stored on servers in the European Economic Area (EEA), UK, Canada and in USA. This may include transferring Personal Data to countries that have different data protection regimes, and that are not deemed to provide an adequate level of protection for Personal Data. When Personal Data collected by our affiliates in the EEA or the UK is transferred outside the EEA or the UK, we use appropriate safeguards required by the EU Regulation 2016/679, the UK GDPR and the UK Data Protection Act 2018, as applicable, before the transfer of your Personal Data to a third country that does not provide the same level of protection of your Personal Data.
Please note that, currently, there is no EU Commission decision that the USA offers an adequate level of protection of Personal Data; therefore, the activation of the services and the associated transfer of your information to the USA, can only take place on the basis of your explicit consent. Since we are a USA based company and are acting locally through our affiliates around the world, if you do not grant your consent to the transfer of Personal Data, we will not be able to provide the services you have requested.
Please note there might be additional safeguards or other legal instruments which allows the transfer of Personal Data outside the EEA also without your express consent, for example the application of Standard Contractual Clauses (SCCs) and any additional safeguards which would allow Veristat to transfer data without the consent of the data subject. Veristat reserves the right to use those safeguards and legal instruments to transfer Personal Data abroad for its business purposes.
If you wish to know what safeguards we use to transfer your Personal Data, please contact us using the contact information set out below.
We do provide some of our services through contractual arrangements with third parties. In particular, we share your Personal Data with:
Veristat Group of Companies
We may share your Personal Data with Veristat affiliates, which adhere to our privacy and data-security requirements. In addition, during negotiations of corporate transactions, including any merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including as part of any bankruptcy or similar proceedings), we may transfer your Personal Data to third parties involved in these transactions. Under these circumstances, such third parties will enter into a confidentiality agreement with us and are obligated to protect any information and Personal Data provided as part of the transaction.
Third Parties Service Providers
We share certain information with selected service providers, vendors, hosting companies, consultants, and other providers that carry out functions or services on our behalf and that enable our business operations, including the protection and securing of our systems and services. Such service providers must abide by our privacy and data-security requirements and are not allowed to use Personal Data they receive from us for any other purpose.
Client Sponsor of Clinical Research Studies
If you apply to participate in a clinical research study as an investigator or a clinical site, we may share your Personal Data with our client sponsors, whose clinical research studies are within your stated area of interest, as part of the contracted services that we provide to them.
Disclosure to Protect Veristat and to Comply with Legal Requirements
Occasionally we may be required by law enforcement or judicial authorities to provide Personal Data to governmental authorities. We may disclose Personal Data upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation. We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful.
Veristat may be obliged to disclose certain Personal Data to third parties such as Government Authorities. It may also be necessary to disclose Personal Data so as to protect the legal interests and exercise other rights of Veristat, subject to local legal requirements.
A complete list of third parties to whom the Personal Data are shared can be obtained by contacting Veristat’s DPO at email@example.com.
Veristat ensures special protection for Sensitive or Special Category of Personal Data. This includes Personal Data relating to:
Veristat may process this type of Personal Data for the purposes of equal opportunities monitoring, or if it is prescribed by applicable law, or it is needed for the protection of life, health or freedom, or if it is required for the performance of your employment contract, subject to appropriate security safeguards and local legal requirements.
If required by local law, your explicit consent may be obtained to the processing of this type of Personal Data.
Except as described herein, we will not otherwise use or disclose any of your Personal Data, except to the extent reasonably necessary:
When you use our website, we will store cookies on your computer in order to facilitate and customize your use of our website. A cookie is a small data text file, which a website stores on your computer's hard drive (if your web browser permits) that can later be retrieved to identify you. Our cookies store randomly assigned user identification numbers and identify the country where you are located, The cookies make your use of the site easier, make the site run more smoothly and help us to maintain a secure site. You are free to decline cookies, but some parts of our site may not work properly in that case.
You may contact Veristat to ask questions, discuss privacy matters, exercise your rights (to the extent applicable) or report your concerns. In particular, you may contact us by email at firstname.lastname@example.org or in writing to:
134 Turnpike Road, Suite 200
Southborough, MA 01772
For the attention of the Data Privacy Officer (“DPO”).
Please provide sufficient detail for Veristat to properly assess and respond to your request. Veristat may be unable to respond to incomplete or vague requests. Veristat will require you to provide a proof of identity and a proof of address before proceeding with your request. If more information is required, such as the provision of one or more forms of valid government identification, we will contact you and request additional verification.
You may authorize a third-party representative to make a request on your behalf. Any third-party representative making a request on your behalf must indicate that he/she is acting as your representative and provide the name, email address and description of the relationship with you, and a certification that he/she has permission to submit a request on your behalf. Veristat may require proof of the delegation of authority to the third-party representative, including your written permission to the third-party representative, and/or a valid power of attorney. Veristat reserves the right not to respond to requests that failed to show a valid proof of identity, address and/or delegation of authority.
Veristat does not knowingly collect or use any Personal Data directly of children on www.veristat.com. We do not knowingly allow children to communicate with us, or to use any of our online services. It is Veristat’s view that the nature of the subject matter is unlikely to be of general interest to children. If you are a minor, please do not use the site or send any Personal Data about yourself to us. If you are a parent or the authorized legal guardian of a minor and become aware that your child has provided us with Personal Data or other information, please contact us using one of the methods specified in the section “Your Privacy Choices”, and we will work with you to address this issue.
The graphics, documents and articles contained on this website are the copyrighted work of Veristat and contain proprietary trademarks and trade names of Veristat. We reserve the right to take appropriate legal action, including without limitation, referral to law enforcement, for any illegal or unauthorized use of this website. We also reserve to right take any action to prevent the unauthorized use of our intellectual property rights.
The Data Controller of your Personal Data, meaning the person who determines purposes and means of data processing, is Veristat LLC, with a registered office at 134 Turnpike Road, Suite 200, Southborough, MA 01772.
Veristat has also appointed a Data Privacy Officer (“DPO”), who is responsible for overseeing compliance with the EU Regulation 2016/679, the UK GDPR and the UK Data Protection Act 2018, in relation to the personal data processed by Veristat. You can contact the DPO by email at email@example.com or by writing to:
134 Turnpike Road, Suite 200
Southborough, MA 01772
For the attention of Data Privacy Officer (DPO).
Veristat International Limited
27 Old Gloucester Street
London, United Kingdom, WC1N 3AX
For the attention of Data Privacy Officer (DPO).
Data Privacy Officers: Vincent Hughes, Senior Director, Information Technology/Lisa Pitler, Senior Director, QA & Compliance firstname.lastname@example.org
We rely on different legal basis for the processing of your Personal Data, which also depend on the context of your interactions with Veristat. Such legal basis may be your consent, a company legitimate business interest, a legal or contractual obligations.
In some cases, we process your Personal Data to comply with a contractual obligation we have with you, or to take steps that you request before we enter into that contract. We may also process your Personal Data where necessary for our compliance with a legal obligation.
If we process your Personal Data under consent provided by you, you have the right to withdraw that consent at any time as set out in the section below “Data Subjects Rights”. Your withdrawal of consent, however, will not affect the lawfulness of any processing we have undertaken before the withdrawal.
Finally, we process Personal Data we collect through the site for certain legitimate business interests. These legitimate interests relate to conducting and managing our business. When we process Personal Data for these purposes, we will ensure that we take into account your interests and privacy rights. You can object to this processing as described in section below “Data Subjects Rights”.
Personal Data will be adequate, relevant and not excessive and relating to the purposes for which they are processed.
Personal Data will be as accurate as possible and, where necessary, kept up to date.
Personal Data will not be kept longer than is appropriate or necessary for the purposes for which it is being processed or local legal requirements.
Personal Data will be collected, used and retained in accordance with the legal rights available to the data subjects.
Veristat would like to make sure you are fully aware of all of your data protection rights. In particular, you are entitled to the following:
Under the European Data Protection Regulation 2016/679 and the UK Data Protection Act 2018, you have also the right to lodge a complaint directly with the Supervisory Authority of the country where you live, work or where an alleged infringement has occurred.
Please see the Your Privacy Choices section if you would like to exercise any of your rights.
When contacting us, please make sure that you include your name, email address, postal address and/or telephone number to make sure we can handle your request correctly.
If you exercise any of your rights, we have one month to respond to you. If Veristat is unable to provide the requested information or make the change you request, you will be provided with reasons for such decision.
Please be advised that if you are a patient in a clinical trial, Veristat has no means by which to identify you and therefore cannot respond to privacy rights request. You should contact the doctor/medical provider who is treating you from the clinical trial site for any requests.
Consistent with the information provided in the section “Collection of Your Personal Information from this Website” above, we collect certain information about individuals that are considered Personal Information under CCPA. As detailed above, we may collect such Personal Information directly from you, automatically or from third parties. We collect, use and disclose Personal Data for the business and commercial purposes. Veristat does not rent or sell your Personal Information to others.
CCPA Rights of California Consumers
CCPA provides California Consumers with certain rights relating to their Personal Information. Veristat will honour verified requests to exercise those rights, and will not unlawfully deny you services, charge you different prices, or provide you a different quality of service for exercising those rights. In particular, you have the right to:
Please see the Your Privacy Choices section if you have questions or would like to make a request to exercise any of your rights.
Specifically, this includes the following:
Data Security Breaches Involving Confidential Information Owned or Licensed by a Third Party
For data security breaches involving confidential information that is owned or licensed by a third-party, Veristat DPO shall provide prompt written notice to the affected owners and licensors when Veristat knows or has reason to know of a breach of Veristat’s security measures or upon learning that confidential information of a resident of the Commonwealth of Massachusetts has been acquired or used by an unauthorized person or used for an unauthorized purpose. Said written notice to the affected owner/licensor shall include the following information:
In providing notice to affected owners and licensors of the confidential information, Veristat is not required to disclose confidential business information or trade secrets or to provide notice to any affected resident of the Commonwealth of Massachusetts who may be affected by the data security breach or unauthorized acquisition or use of his or her confidential information.
Data Security Breaches Involving Confidential Information Owned or Licensed by Veristat
For data security breaches involving confidential information that is owned or licensed by Veristat, Veristat shall provide prompt written notice to the Massachusetts Attorney General, the Director of Consumer Affairs and Business Regulation, and to any affected resident of the Commonwealth of Massachusetts, when Veristat knows or has reason to know of a data security breach or that the confidential information of a resident of the Commonwealth of Massachusetts was acquired or used by an unauthorized person or for an unauthorized purpose.
The notice to the Attorney General and Director of Consumer Affairs and Business Regulation shall include the following information:
The notice to be provided to the resident of the Commonwealth of Massachusetts shall include the following information:
The notice to affected residents shall not include the nature of the data security breach or the number of affected residents of the Commonwealth of Massachusetts.
Notification during Criminal Investigation
If a law enforcement agency responding to a data security breach incident determines that the provision of the above notices would impede an ongoing criminal investigation, Veristat shall delay notification until informed by law enforcement that notification no longer poses a risk of impeding the investigation.
Veristat shall cooperate with law enforcement in its investigation of any data security breach incident and shall share all information relevant to the incident, with the exception of confidential business information and trade secrets.
Effective Date 1 March 2021