Privacy Shield Policy
This Policy applies to IQVIA Inc. and its U.S. operating subsidiaries (including those entities listed in exhibit A) (collectively referred to as “IQVIA”, “Company”, “we” or “our”) when Personal Information is received from or about Individuals in the European Economic Area (“EEA”), in any format including electronic, paper or verbal. IQVIA respects the relationships we have with our customers and respects the privacy of all Individuals whose Personal Information (see Definitions) may be processed by IQVIA in the performance of our services and our business operations. To demonstrate our commitment to the protection of Personal Information, including Personal Information transferred out of the EEA and Switzerland for the performance of our services and business operations in the United States, we adhere to the Privacy Shield Principles and are certified to the EU-U.S. Privacy Shield Framework (“Privacy Shield”), as set forth by the U.S. Department of Commerce and the Federal Trade Commission. Further details of the Privacy Shield and the Privacy Shield Principles can be found on the website at https://www.privacyshield.gov. We also use model contractual clauses and other mechanisms approved by the European Union and Switzerland, respectively, for certain transfers of Personal Information to the United States from the EEA and Switzerland.
This Policy will help you understand how IQVIA collects, uses, shares and safeguards Individuals’ Personal Information, and how, in certain circumstances, you can elect whether or not to allow your Personal Information to be used or shared. IQVIA endeavors to collect, use and disclose Personal Information in a manner consistent with the laws of countries in which it does business, and also has a tradition of upholding the highest ethical standards in its business practices.
LIMITATIONS ON SCOPE:
Adherence to the Privacy Shield Principles may be limited (i) to the extent required or allowed by applicable law, rule or regulation; (ii) to the extent necessary to respond to lawful requests by public authorities, including to meet national security, law enforcement, legal or governmental requirements; and/or (iii) to protect the health or safety of an Individual. Also, this Policy may not apply or may be limited when Personal Information is collected or processed by the following:
- IQVIA, under an agreement that contains the requisite Model Contract Clauses approved by the European Commission with respect to the Personal Information;
- IQVIA, when necessary for the performance of a contract (e.g., an employment contract) between an Individual and IQVIA; or
- Any IQVIA affiliate, successor, subsidiary, business division or group that makes a separate certification to Privacy Shield, whether or not such certification covers only part of or all types of Personal Information in scope of this Policy.
DEFINITIONS: For purposes of this Policy, the following definitions shall apply:
- “Agent” means any third party that uses Personal Information provided to it by IQVIA to perform tasks on behalf of and/or under the instructions of IQVIA or to which IQVIA discloses Personal Information for use on its behalf.
- “European Economic Area” (EEA) means for the purposes of this Policy which is composed of the following thirty-one (31) countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Ireland, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and United Kingdom.
- “Individual” means any natural person located in the EEA or Switzerland whose Personal Information is shared with IQVIA in the United States.
- “Personal Information” means any information or set of information about an identified or identifiable individual, including, but not limited to: (a) first name or initial and last name; (b) home or other physical address; (c) telephone number; (d) email address or online identifier associated with the individual; (e) Social Security number or other similar identifier; (f) employment, financial or health information; or (g) any other information relating to an individual that is combined with any of the above. The term “Personal Information” does not include non-identified information or information that is reported in the aggregate (provided that such aggregated information is not identifiable to a natural person) and publicly available information that has not been combined with non-public personal information.
- “Personnel” includes, but is not limited to, any employee (permanent or temporary), director, officer, contractor, worker, temporary worker, job applicant, retiree of IQVIA and any and all of their respective dependents.
- “Privacy Shield Principles” collectively means the seven (7) privacy principles, as well as the supplemental privacy principles and the associated guidance, details of which can be found at https://www.privacyshield.gov.
- “Sensitive Personal Information” means Personal Information subject to specified extra protection under the EU Data Protection Directive of 95/46/EC, the European Union General Data Protection Regulation or any superseding legislation, such as race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data where Processed to uniquely identify a person, or that concerns medical or health conditions or sex life. In addition, IQVIA will treat as Sensitive Personal Information any information received from an employee or third party where that employee or third party treats and identifies the information as sensitive.
Capitalized terms not defined above have the definitions set forth in the respective paragraphs of this Policy.
Where IQVIA collects Personal Information directly from Individuals, it will explain the purposes for which it collects and uses Personal Information about the Individuals, the types of third parties to which IQVIA discloses that information, and the choices and means, if any, IQVIA offers Individuals for limiting the use and disclosure of Personal Information about them. Notice will be provided in clear and conspicuous language. This explanation will be provided as soon as practicable and, in any event, before IQVIA discloses the Personal Information or uses such information for a purpose materially different than that for which it was originally collected or processed. Where IQVIA receives Personal Information from its subsidiaries, affiliates or other entities, including when acting as a Contract Research Organization (CRO) processing Personal Information under the direction of a customer, it will use such information in accordance with the notices provided by such entities and the choices made by the Individuals to whom such Personal Information relates.
In circumstances in which IQVIA obtains personal data as a service provider for its clients or affiliates, IQVIA’s clients or affiliates are responsible for providing appropriate notice to the Individuals whose personal data are transferred to the U.S. and obtaining any requisite consent (unless this function has been delegated to IQVIA).
Types of Personal Information collected, Purposes of Collection and Uses of Personal Information:
- Research Studies-Related Information. For Individuals participating in research studies being managed by IQVIA as a CRO or in other situations where IQVIA is participating in research studies, including patients, their spouses/partners, care givers, and relatives, clinical investigators or other study personnel, and other consultants, contractors, managers, and agents (who are natural persons) of the study sponsor and its corporate affiliates, business partners and third-party service providers, Personal Information may be used in order to carry out the applicable studies and other study-related services and/or pharmacovigilance. This may include the transfer of such Personal Information to the applicable study sponsor, its corporate affiliates, business partners and third-party service providers performing services related to the study (e.g., study data management, clinical research monitoring services, safety monitoring, etc.).
- Business Contacts. For Individuals who are business contacts of IQVIA, IQVIA may collect personal information concerning contact information for such business contacts. This information may be used for purposes consistent with the provision of information by these contacts, which may include marketing activities focused on sales of new products and services, requests to participate in market research that enhance IQVIA’s product offerings and other business activities.
- Health Care Professionals. IQVIA collects information about health care professionals directly from the health care professionals, from public sources and from business partners. We use this information in connection with various health care activities, including clinical trials, real world studies of patient treatment, health care outcomes analysis, market research activities, and other situations where primary intelligence from health care professionals is applicable.
- Customers and Program Participant Information. For Individuals sharing Personal Information with IQVIA in order to inquire about or otherwise make use of our services or purchase, receive or seek information, including about any health care products and services, opportunities to participate in clinical research, health care education and patient support programs which may be available through IQVIA, we will use such Personal Information in order to provide the requested information, products, and/or services. Such uses may include but is not limited to processing requested transactions, improving the quality of our services, sending communications about the products and services available through IQVIA, and enabling our business partners and Agents to perform certain activities on our behalf.
- Data Analytics Functions. In certain situations, IQVIA obtains and processes information about Individuals for various data analytics purposes. In most situations, this data has been anonymized or de-identified and is no longer Personal Information when it is obtained by IQVIA (or when it is transferred to the United States). In some situations, IQVIA receives Personal Information from a customer or other data supplier for the purpose of such anonymization or de-identification. In other situations, the data that is obtained and processed by IQVIA is pseudonymous. This pseudonymous information may be used for research purposes, primarily in connection with academic partners, with academia, and may be transferred by IQVIA to the United States as part of these research-related activities. For all of these situations, IQVIA’s activities are consistent with the notice and choice provided by these customers or data suppliers to Individuals, and IQVIA’s use of this information is consistent with IQVIA’s obligation to provide services to these entities. In those situations, and where such information is transferred to the United States, IQVIA uses such information only in manners consistent with the Privacy Shield Principles and the manner in which this data was obtained.
IQVIA may also use the Personal Information collected above to comply with our legal and regulatory obligations, policies and procedures, and for internal administrative purposes.
IQVIA will offer Individuals the opportunity, where practical and appropriate, to choose (opt-out) whether their Personal Information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the Individual.
IQVIA will not process Sensitive Personal Information about Individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the Individual unless the Individual explicitly consents to the processing (“opt-in”), or as required or permitted, or where not prohibited by law or regulation.
In some cases, even if an Individual opts-out of disclosures of their Personal Information, IQVIA may still disclose such Personal Information (i) if we are required to do so by law, court order or legal process; (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (iii) under the discovery process in litigation; (iv) to enforce IQVIA policies or contracts; (v) to collect amounts owed to IQVIA; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) in the good faith believe that disclosure is otherwise necessary or advisable. IQVIA also may transfer Personal Information when a material event concerning its business operation(s), assets or shares, such as purchase, disposal, merger, joint venture or acquisition, is proposed or occurs. In such an event, IQVIA will endeavor to direct the transferee to use Personal Information in a manner that is consistent with this Policy. IQVIA will provide Individuals with reasonable mechanisms to exercise their choices to the extent required by applicable law.
In most situations, transfers to third parties are covered by the provisions in this Policy regarding notice and choice.
IQVIA will endeavor to only transfer Personal Information to a third party/Agent where such third party/Agent has given assurances that it provides at least the same level of privacy protection as required by the Privacy Shield Principles and this Policy and will notify IQVIA if it makes a determination it can no longer meet this obligation. IQVIA may, for example, provide an Individual's Personal Information to Agents to host our databases, for data processing services, or to send to that Individual the information that he or she requested. Where IQVIA has knowledge that an Agent is using or disclosing Personal Information in a manner contrary to the Privacy Shield Principles and/or this Policy, IQVIA will take reasonable steps to prevent or stop the use or disclosure. With respect to onward transfers to Agents, Privacy Shield requires that, to the extent it is responsible for the event, IQVIA shall remain liable should its Agents Process Personal Information in a manner inconsistent with the Privacy Shield Principles, and IQVIA accepts and shall follow this principle.
Where IQVIA knows that any third party to whom it has provided Personal Information is using or disclosing Personal Information in a manner contrary to this Policy and/or the Privacy Shield Principles, IQVIA will take reasonable steps to prevent or stop the use or disclosure. With respect to such onward transfers to Agents, and to the extent IQVIA is responsible for the event, IQVIA shall remain liable should its Agents process Personal Information in a manner inconsistent with the Privacy Shield Principles and this Policy.
In circumstances in which IQVIA obtains personal data as a service provider for its clients or affiliates, IQVIA’s clients or affiliates are responsible for protecting individual rights with respect to onward transfers.
IQVIA will endeavor to take reasonable and appropriate technical, administrative and physical precautions designed to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Personal Information IQVIA is processing, and regardless of whether such Personal Information is in electronic or tangible, hard copy form.
DATA INTEGRITY AND PURPOSE LIMITATION
IQVIA endeavors to use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the Individual. IQVIA will take reasonable steps designed to ensure that only Personal Information that is relevant to its intended use, accurate, complete, current, and otherwise reliable in relation to the purposes for which the information was obtained is used by IQVIA for as long as IQVIA retains possession of such information. IQVIA’s Personnel have a responsibility to assist IQVIA in maintaining accurate, complete and current Personal Information. When acting as a CRO or in other situations where IQVIA acts on behalf of another entity, IQVIA endeavors only to process Personal Information that is relevant to the services it provides, and only for purposes compatible with those for which the Personal Information was collected. Where IQVIA processes Personal Information as a CRO or otherwise acts under the direction of its customers, IQVIA works with such customers so that the customers can provide a way for Individuals to correct or update their Personal Information.
IQVIA will, on request, provide an Individual with confirmation regarding whether IQVIA is processing Personal Information about them. In addition, upon request of an Individual, IQVIA will take reasonable steps to correct, amend, or delete their Personal Information that is found to be inaccurate, incomplete or processed in a manner non-compliant with this Policy or the Privacy Shield Principles, except where the burden or expense of providing access would be disproportionate to the risks to that Individual’s privacy, where the rights of persons other than the Individual would be violated or where doing so is otherwise consistent with Privacy Shield Principles. Unless prohibited by applicable law, IQVIA reserves the right to charge a reasonable fee to cover costs for providing copies of Personal Information requested by Individuals. IQVIA, when acting as a CRO, has no direct relationship with medical research subjects participating in a clinical trial and any such Individuals who seek access, or who seek to correct, amend, or delete their inaccurate Personal Information should direct his or her query to the relevant study sponsor or investigator which has transferred such Personal Information to IQVIA for processing.
In circumstances in which IQVIA maintains personal data as a service provider for its clients or affiliates, IQVIA ’s clients or affiliates are responsible for providing Individuals with access to their personal data and the right to correct, amend or delete the data where it is inaccurate. In these circumstances, Individuals should direct their questions to the appropriate IQVIA client or affiliate. If they do not receive a response, IQVIA will provide reasonable assistance in forwarding the Individual’s request.
RECOURSE, ENFORCEMENT AND LIABILITY
IQVIA encourages Individuals covered by this Policy to raise questions about the processing of Personal Information about them by contacting IQVIA through the contact information provided below. Any Personnel that IQVIA determines is in violation of the Privacy Shield Principles and/or this Policy will be subject to disciplinary action up to and including termination of employment, where applicable, in accordance with IQVIA’s disciplinary procedures.
In accordance with the Privacy Shield Principles, IQVIA commits to resolve complaints about Individuals’ collection or use of your Personal Information. Any Individuals with inquiries or complaints regarding this Policy or the use or disclosure of Personal Information in accordance with the Privacy Shield Principles should first contact IQVIA using the contact information given below. IQVIA will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles contained in this Policy. In addition, IQVIA has further committed to cooperate with the panel established by the EU data protection authorities (“DPAs”) and comply with the advice given by the panel with respect to unresolved Privacy Shield complaints related to Individuals’ human resources data transferred from the EEA in the context of the employment relationship. IQVIA commits to cooperate with the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from Switzerland in the context of the employment relationship. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs or Swiss FDPIC, as applicable, for more information or to file a complaint. The services of EU DPAs and Swiss FDPIC are provided at no cost to Individuals. If any request remains unresolved, Individuals may, under certain circumstances, have a right to invoke binding arbitration under Privacy Shield; for additional information, see https://www.privacyshield.gov. The Federal Trade Commission has jurisdiction over IQVIA’ compliance with the Privacy Shield Principles.
In addition, IQVIA has agreed to cooperate with JAMS with respect to complaints of Individuals that are not Personnel of the Company and with the local data protection authorities with respect to Personnel and human resources related information. For more information and to submit a complaint to JAMS, visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim. Such independent dispute resolution mechanisms are available to Individuals free of charge. If any request remains unresolved, Individuals may have a right to invoke binding arbitration under Privacy Shield.
In circumstances in which IQVIA obtained or maintains Personal Information as a CRO or other Service Provider, Individuals may submit complaints concerning the processing of their Personal Information to the relevant client, in accordance with the client’s dispute resolution process. IQVIA will participate in this process at the request of the client or the Individual. IQVIA will take steps to remedy any issues arising out of potential failure to comply with the Privacy Shield Principles.
CONTACT INFORMATION: Questions, comments, concerns or complaints regarding this Policy or IQVIA’s processing of Personal Information should be submitted to IQVIA by clicking here.
RESERVATION OF RIGHTS: IQVIA reserves the right to share an Individual’s Personal Information and contracts with Agents as required or authorized by law or regulation or in response to duly authorized information requests of government authorities.
Data Niche Associates, Inc.
159 Solutions, Inc.
Highpoint Solutions, LLC
IQVIA Government Solutions Inc.
IQVIA Transportation Services Corp.
Cambridge Pharma Consultancy, Inc.
Intercontinental Medical Statistics International, Ltd. (DE)
Polaris Solutions LLC
The Amundsen Group, Inc.
Themis North America Inc.
Drug Dev Inc.
Clinical Financial Services, LLC
IQVIA RDS Consulting Inc.
IQVIA Market Intelligence LLC
Qcare Site Services, Inc.
IQVIA RDS Inc.
Outcome Sciences LLC
IQVIA Phase One Services LLC
Targeted Molecular Diagnostics, LLC
Q Squared Solutions Holdings LLC
IQVIA RDS Latin America LLC
Quintiles Commercial US. Inc.