Effective Date: March 30, 2015
Prelude Dynamics is a Software as a Service (SaaS) provider who develops VISION™, an electronic data capture (EDC) software system for the conduct of clinical trials. Our clients are pharmaceutical companies and Contract Research Organizations (CROs), hereinafter referred to as “Sponsors”, who contract with us to implement EDC systems that collect, store, report on, analyze and export clinical trial information for sponsor-specific projects. The information collected by VISION™ is digitally transferred to, and stored in, an SSAE-16 compliant data center located in Austin, TX, and can be accessed by our Sponsors and other authorized users via the Internet. The information gathered is used solely for the purpose of the Sponsor’s clinical trials and is ultimately transferred to our Sponsors, who hold rights and responsibilities with respect to that information. Per contract, Prelude Dynamics is explicitly prohibited from disclosing any trial-related information to third parties without explicit authorization or as required by law.
“Sponsor” means any individual, corporation, or other entity which contracts with Prelude Dynamics to perform services involving the transfer, processing, or reporting of clinical trial information on behalf of and under the instructions of said ”Sponsor”.
“Personal Information” or “Information” means information that (1) is transferred from the European Union (“EU”) to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.
As a SaaS provider, it is the duty and responsibility of our Sponsors to notify individuals of how their information will be used and/or distributed to third parties. As a contracted agent of the Sponsor, we have no authority, and in fact are prohibited from, distributing data concerning an individual to anyone other than the Sponsor (or their agents as directed). Should the EDC be used in any way to document or provide notice, we will work with the Sponsor to ensure that the notification provided is complete and easily understood, and refrain from allowing the trial to register any individuals until we feel that the notification provided sufficiently complies with this principle.
Trial participants, by their participation, are volunteering to supply certain medical information to support the Sponsor’s study goals. Participants may or may not be compensated by the Sponsor for participation. The Sponsor determines the Study design, content, goals, and end usage of collected information.
Our contractual Sponsors are obligated to provide individuals with the ability to choose whether their Personal Information will to be disclosed to a third party or used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Individuals will typically opt out by communicating directly with our Sponsors. When notified by a client that an individual has chosen not to give permission, or revoked their permission for our Sponsors to use their Personal information, we will remove (electronically delete) the individual’s information from the VISION system.
Should an individual contact us directly with an opt-out request, we will notify the Sponsor on the individual’s behalf.
It will not be possible to remove an individual’s data when a trial has already been completed (locked and archived).
The Sponsor retains all rights and responsibilities with respect to onward transfers. Our Sponsors transfer data to Prelude Dynamics for storage and processing, but we are contractually prohibited from releasing this information to anyone other than the Sponsor unless specifically authorized to do so, or are obligated to do so for legal reasons.
All requests for access to personal information should be directed to the appropriate Sponsor. When necessary, Prelude Dynamics will assist the Sponsor in compiling a read-only copy of the personal information requested.
Prelude Dynamics hosts its EDC systems in an SSAE-16 compliant data center hosted in Austin, TX. All communications with our servers are implemented via secure, encrypted https protocol and a dedicated firewall appliance. The data center itself is manned 24/7/365 and stringent authorization and entry procedures are in place. The VISION™ system itself requires a role-permission based user ID/password combination to be entered before access to the system is granted. Issuance of such user IDs and passwords is the responsibility of the Sponsor and sponsor representatives with strict need-to-know for a specific trial. While every effort has been made to reasonably safeguard Personal Information, we cannot absolutely guarantee the security of Information transmitted via the Internet. All participants using the VISION™ system, regardless of role, are expected to have and maintain anti-malware software on their local computers.
Our Sponsor organizations are responsible for assuring data integrity at the time of data entry or in a contemporaneous monitor review. Prelude Dynamics adds to this assurance by providing a comprehensive audit trail of data entered, and VISION utilizes comprehensive error and constraint checking to encourage correctness at data entry time. In addition, the data transmission protocol utilizes advanced technology to guarantee that the data transmitted to our secure server is identical to the data entered. If any participant believes information collected is in error, they should contact their Sponsor representative as soon as possible.
After communicating with the Sponsor, Prelude Dynamics encourages individuals to raise complaints directly with us prior to proceeding to an independent recourse mechanism for resolution. We agree to give prompt and courteous attention to complaints about an individual’s privacy, and to address them in a timely manner.
In addition to self-assessment, Prelude Dynamics commits to cooperate and comply with both European Data Protection Authorities (DPAs) and the Federal Data Protection and Information Commissioner of Switzerland in the investigation and resolution of complaints brought under Safe Harbor. We will comply with any advice given by these authorities where the authorities take the view that our organization needs to take specific action to comply with the Safe Harbor Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide these authorities with written confirmation that such action has been taken.
The contact information for the above-mentioned authorities can be found at:
EU DPAs: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
Swiss FDPIC: http://www.edoeb.admin.ch/kontakt/index.html?lang=en
Questions, comments or complaints regarding the Prelude Dynamics’ Safe Harbor Policy or data collection and processing practices can be communicated using one of the methods below.
Attn: VP Quality Assurance
3906 Manchaca Rd
Austin, TX 78704