We Respect Your Privacy

1. Introduction

  • 1.1 Our mission is to exceed the expectations of sponsors and CROs by completing studies on time, accurately, and in compliance with clinical research protocols and regulations. Pursuant to this mission, Epic Medical Research conducts clinical trials on behalf of Sponsors. At all times Epic Medical Research is committed to conducting clinical trials in a manner that strictly adheres to all national and international ethical requirements and clinical trial regulations. Effective adherence to clinical trial regulations requires the gathering, recording, processing, storing, and transmitting of personal data of clinical trial participants, clinical trial investigators, vendors, support staff, and employees.

  • 1.2 Epic Medical Research is committed to respecting the privacy of individuals of all nationalities in the processing of their personal data, recognizing the fundamental rights to lawfulness, fairness, and transparency. Epic Medical Research adheres to the principles of data privacy by design and by default, including data minimization to the extent possible. Epic Medical Research adheres to laws relating to data protection in all jurisdictions in which it conducts business, including but not limited to HIPAA, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Protection Act, and the United Kingdom Data Protection Act of 2018.

2. Personal Data of Clinical Trial Subjects

  • 2.1 Epic Medical Research processes pseudonymized medical and health information about the individuals who take part in clinical trials. This information is collected by investigators and their staff at the study sites. Epic Medical Research may transmit this data from the jurisdiction in which it was collected to Epic Medical Research headquarters in the United States. When consent is required for the processing of personal data, the physician investigators overseeing the trial are responsible for ensuring that the individuals understand and consent to the gathering of sensitive personal data relating to their health, including the transfer of such pseudonymized information to third parties who may be providing services for the clinical trial.

  • 2.2 Pursuant to Opinion 03/2019 of the European Data Protection Board, Epic Medical Research declares that the processing of personal data of EU citizens participating in a clinical trial is necessary for the performance of a task carried out in the public interest. Specifically, the processing of sensitive categories of data is carried out for reasons of public interest in the area of public health, and/or for scientific purposes in accordance with Article 89(1) of the GDPR.

3. Personal Data of Business Partners

  • 3.1 Epic Medical Research collects personal data from business partners and vendors who are providing services to a clinical trial. This processing is necessary for the fulfillment of Epic Medical Research’s contracts with these individuals and their employers, and may be required for submission of clinical trial data to governmental and regulatory authorities, IRBs, and ethical committees. The basis for collection of physician investigator data is the fulfillment of a legal obligation related to ensuring that investigators are qualified to oversee a clinical trial. The basis for collecting site and investigator staff information is the fulfillment of a contract between Epic Medical Research (directly or on behalf of the Sponsor) and the site. When applicable, Epic Medical Research complies with all obligations to provide transparency notices about the processing or transfer of this personal data.

4. IT and Security Procedures

  • 4.1 Epic Medical Research has in place physical, electronic and organizational procedures to safeguard and secure personal data stored on its systems. Epic Medical Research deploys encryption, firewalls, access controls, and other procedures to protect data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Access to Epic Medical Research facilities is controlled via a combination of technical and physical controls. Epic Medical Research maintains a disaster recovery plan and system back up plan in the event that its systems are damaged or destroyed. All employees receive training on security and are required annually to review and understand global data protection standards applicable to Epic Medical Research.

  • 4.2 Personal data of clinical trial subjects is stored password secured computer system which only authorized individuals can access on a need to know basis. Access to other personal data is restricted to authorized employees on a need to know basis.

  • 4.3 Epic Medical Research may store some business records or clinical trial documents in hard copy (paper or disk) format, as required by law or regulation, or pursuant to the fulfilment of a legitimate business purpose. Epic Medical Research has in place a document retention policy, pursuant to which documents are retained for the minimum time necessary, and then securely destroyed. Long-term storage of hard copy documents may be carried out by a qualified third-party vendor.

5. Transfer of Personal Data

  • 5.1 Transfer to Third Parties

  • – 5.1.1 Personal data may be shared with third parties to fulfill the purposes for which the data was originally collected. Personal data is transferred to third parties pursuant to contractual obligations consistent with Article 28(4) of GDPR when applicable, and with this Global Privacy Policy.

  • 5.2 Transfer to Third Countries

  • – 5.2.1 Epic Medical Research has self-certified its compliance with the E.U.-U.S. and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. This includes personal data collected on our website, personal data that may be provided for clinical trials, personal data collected from employees, and personal data collected from investigators, their staff, and third-party vendors. Epic Medical Research adheres to the seven Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity, Access, and Recourse, Enforcement and Liability as they relate to personal data. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

6. Rights to Access and Choice

  • 6.1 Epic Medical Research is committed to cooperating to the full extent of applicable law in the exercise of the rights of data subjects. Any data subject who wishes to exercise his or her rights under applicable data privacy law, or to inquire about the processing of his or her data by Epic Medical Research, should contact Epic Medical Research pursuant to Section 8 of this Global Privacy Policy.

  • 6.2 Clinical trial participants should contact the study site at which they participated in the clinical trial, or the Principal Investigator of the study, to enquire about their rights under applicable data privacy laws. The rights available to a clinical trial participant may be limited pursuant to an exception to the applicable data privacy law to preserve the integrity or scientific value of the data collected.

7. Rights to Enforcement and Recourse

  • 7.1 In compliance with the Privacy Shield Principles, Epic Medical Research commits to resolve complaints about our collection or use of personal information.

  • 7.2 Epic Medical Research adheres to the applicable provisions of the California Consumer Protection Act. Residents of California may have a private right of action in the event of a data breach. Pursuant to California law, affected individuals must first notify Epic Medical Research of the alleged violation and provide Epic Medical Research 30 days to cure the violation.

8. How to Contact Epic Medical Research

  • 8.1 For more information about Epic Medical Research’s commitment to protecting data privacy, or to exercise any rights you may have under applicable data privacy laws, please contact Epic Medical Research at info@Epicmedresearch.com, by telephone at 972-777-6956, or by mail at 106 Plaza Drive, Red Oak, TX 75154 United States of America.