The Commission of the European Union and the U.S. Department of Commerce have negotiated and agreed on a set of personal data protection rules (the "Safe Harbor Principles"), allowing U.S. companies to comply with the EU requirement that adequate protection be given for the transfer of personal data out of the EU to the United States. Theorem adheres to the Safe Harbor Principles.
This Safe Harbor Policy applies to all personal information, whether from employees or non-employees such as investigators, received by Theorem in the United States from the EU, in any format, including without limitation electronically. For purposes hereof, "personal information" means any information or set of information that identifies or could be used by or on behalf of Theorem to identify an individual. Personal information does not include information that is encoded or made anonymous, or publicly available information that has not been combined with nonpublic personal information.
The privacy principles in this Safe Harbor Policy are based on the Safe Harbor Principles. If Theorem collects personal information directly from individuals in the EU, it will inform them about the purposes for which it collects and uses personal information about them, the types of non-agent third parties to which Theorem discloses that information, and the choices and means, if any, Theorem offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Theorem, or as soon as practicable thereafter, and in any event before Theorem uses the information for a purpose other than that for which it was originally collected.
If Theorem receives personal information from its subsidiaries, affiliates or other entities in the EU, it will use such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.
Theorem will offer individuals the opportunity to choose (opt out) whether their personal information can be: (a) disclosed to a non-agent third party, or (b) used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For sensitive personal information (i.e., personal information regarding race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life, or personal information treated and identified by a third party as sensitive), Theorem will give individuals the opportunity to affirmatively and explicitly (opt in) consent before the information will be disclosed to a non-agent third party or the information used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
Theorem will provide individuals with reasonable mechanisms to exercise their choices.
Theorem will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Theorem will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete and current.
Transfers to Agents
For purposes hereof, "agent" means any third party that uses personal information provided to Theorem to perform tasks on behalf of and under the instructions of Theorem. Theorem will obtain assurances from its agents that they will safeguard personal information consistently with this Safe Harbor Policy. Where Theorem has knowledge that an agent is using or disclosing personal information in a manner contrary to this Safe Harbor Policy, Theorem will take reasonable steps to prevent or stop the use or disclosure.
Access and Correction
Upon request, Theorem will grant individuals reasonable access to personal information that it holds about them. In addition, Theorem will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete.
Theorem will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Theorem will conduct compliance audits of its relevant privacy practices to verify adherence to this Safe Harbor Policy. Any employee that Theorem determines is in violation of this Safe Harbor Policy will be subject to disciplinary action up to and including termination of employment.
Any questions or concerns regarding the use or disclosure of personal information should be directed to the Theorem Clinical Research Privacy Office at the address given below. Theorem will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Safe Harbor Policy. For complaints that cannot be resolved between Theorem and the complainant, Theorem has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Safe Harbor Principles.
To learn more about the Safe Harbor program, and to view Theorem's certification, please visit export.gov/safeharbor.
Questions or comments regarding this Safe Harbor Policy should be submitted to the Theorem Clinical Research Privacy Office.
By email: firstname.lastname@example.org
Amy Staedtler, Esq.
Chief Legal Counsel
Theorem Clinical Research, Inc.
1016 West Ninth Avenue
King of Prussia, PA 19406
This Safe Harbor Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles. Appropriate notice will be given concerning such amendments.
Effective Date: June 2002. Last Review Date: June 2013