Effective Date: March 30, 2015


Introduction

Prelude Dynamics is a Software as a Service (SaaS) provider who develops VISION™, an electronic data capture (EDC) software system for the conduct of clinical trials. Our clients are pharmaceutical companies and Contract Research Organizations (CROs), hereinafter referred to as “Sponsors”, who contract with us to implement EDC systems that collect, store, report on, analyze and export clinical trial information for sponsor-specific projects. The information collected by VISION™ is digitally transferred to, and stored in, an SSAE-16 compliant data center located in Austin, TX, and can be accessed by our Sponsors and other authorized users via the Internet. The information gathered is used solely for the purpose of the Sponsor’s clinical trials and is ultimately transferred to our Sponsors, who hold rights and responsibilities with respect to that information. Per contract, Prelude Dynamics is explicitly prohibited from disclosing any trial-related information to third parties without explicit authorization or as required by law.

Definitions

“Sponsor” means any individual, corporation, or other entity which contracts with Prelude Dynamics to perform services involving the transfer, processing, or reporting of clinical trial information on behalf of and under the instructions of said ”Sponsor”.

“Personal Information” or “Information” means information that (1) is transferred from the European Union (“EU”) to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

Prelude Dynamics Privacy Policy

Prelude Dynamics is dedicated to ensuring the privacy of Sponsors, their staff members, and clinical trial participants. We adhere to the Safe Harbor Agreement concerning the transfer of personal data from the EU and Switzerland to the United States of America. Accordingly, we follow the Safe Harbor Principles published by the U.S. Department of Commerce (the “Principles”) with respect to all such data. If there is any conflict between the policies in this privacy policy and the Principles, the Principles shall govern. This privacy policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it, and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This privacy policy applies to all personal information received by Prelude Dynamics. All such information is received in electronic format.

U.S./ EU and U.S./Swiss Safe Harbor Privacy Statement For personal information of healthcare professionals, medical research subjects and investigators, pharmaceutical companies and CROs that the Company receives from the European Economic Area and Switzerland, has committed to handling such personal information in accordance with the Safe Harbor Principles. Prelude Dynamics’ Safe Harbor certification can be found at https://safeharbor.export.gov/list.aspx. For more information about the Safe Harbor Principles, please visit the U.S. Department of Commerce’s Website at http://export.gov/safeharbor/. Our Privacy Policy is available online at http://www.preludedynamics.com/safe-harbor.

Privacy Principles

Notice

As a SaaS provider, it is the duty and responsibility of our Sponsors to notify individuals of how their information will be used and/or distributed to third parties. As a contracted agent of the Sponsor, we have no authority, and in fact are prohibited from, distributing data concerning an individual to anyone other than the Sponsor (or their agents as directed). Should the EDC be used in any way to document or provide notice, we will work with the Sponsor to ensure that the notification provided is complete and easily understood, and refrain from allowing the trial to register any individuals until we feel that the notification provided sufficiently complies with this principle.

Choice

Trial participants, by their participation, are volunteering to supply certain medical information to support the Sponsor’s study goals. Participants may or may not be compensated by the Sponsor for participation. The Sponsor determines the Study design, content, goals, and end usage of collected information.

Our contractual Sponsors are obligated to provide individuals with the ability to choose whether their Personal Information will to be disclosed to a third party or used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Individuals will typically opt out by communicating directly with our Sponsors. When notified by a client that an individual has chosen not to give permission, or revoked their permission for our Sponsors to use their Personal information, we will remove (electronically delete) the individual’s information from the VISION system.

Should an individual contact us directly with an opt-out request, we will notify the Sponsor on the individual’s behalf.

It will not be possible to remove an individual’s data when a trial has already been completed (locked and archived).

Onward Transfers

The Sponsor retains all rights and responsibilities with respect to onward transfers. Our Sponsors transfer data to Prelude Dynamics for storage and processing, but we are contractually prohibited from releasing this information to anyone other than the Sponsor unless specifically authorized to do so, or are obligated to do so for legal reasons.

Access

All requests for access to personal information should be directed to the appropriate Sponsor. When necessary, Prelude Dynamics will assist the Sponsor in compiling a read-only copy of the personal information requested.

Data Security

Prelude Dynamics hosts its EDC systems in an SSAE-16 compliant data center hosted in Austin, TX. All communications with our servers are implemented via secure, encrypted https protocol and a dedicated firewall appliance. The data center itself is manned 24/7/365 and stringent authorization and entry procedures are in place. The VISION™ system itself requires a role-permission based user ID/password combination to be entered before access to the system is granted. Issuance of such user IDs and passwords is the responsibility of the Sponsor and sponsor representatives with strict need-to-know for a specific trial. While every effort has been made to reasonably safeguard Personal Information, we cannot absolutely guarantee the security of Information transmitted via the Internet. All participants using the VISION™ system, regardless of role, are expected to have and maintain anti-malware software on their local computers.

Data Integrity

Our Sponsor organizations are responsible for assuring data integrity at the time of data entry or in a contemporaneous monitor review. Prelude Dynamics adds to this assurance by providing a comprehensive audit trail of data entered, and VISION utilizes comprehensive error and constraint checking to encourage correctness at data entry time. In addition, the data transmission protocol utilizes advanced technology to guarantee that the data transmitted to our secure server is identical to the data entered. If any participant believes information collected is in error, they should contact their Sponsor representative as soon as possible.

Enforcement

Prelude Dynamics uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with Safe Harbor Principles. We provide training to our employees on an annual basis, and are prepared to take disciplinary action with employees in the event they fail to comply with the Principles.

After communicating with the Sponsor, Prelude Dynamics encourages individuals to raise complaints directly with us prior to proceeding to an independent recourse mechanism for resolution. We agree to give prompt and courteous attention to complaints about an individual’s privacy, and to address them in a timely manner.

In addition to self-assessment, Prelude Dynamics commits to cooperate and comply with both European Data Protection Authorities (DPAs) and the Federal Data Protection and Information Commissioner of Switzerland in the investigation and resolution of complaints brought under Safe Harbor. We will comply with any advice given by these authorities where the authorities take the view that our organization needs to take specific action to comply with the Safe Harbor Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide these authorities with written confirmation that such action has been taken.

The contact information for the above-mentioned authorities can be found at:
EU DPAs: http://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm
Swiss FDPIC: http://www.edoeb.admin.ch/kontakt/index.html?lang=en

Amendments

This privacy policy may be amended from time to time in order to remain consistent and compliant with the most recent Safe Harbor guidelines. Revisions to our Privacy Policy will be posted on this Website.

Contact

Questions, comments or complaints regarding the Prelude Dynamics’ Safe Harbor Policy or data collection and processing practices can be communicated using one of the methods below.

Prelude Dynamics
Attn: VP Quality Assurance
3906 Manchaca Rd
Austin, TX 78704
512-476-5100
info@PreludeDynamics.com