Legal

e-RESEARCH TECHNOLOGY INC.
 WEB SITE TERMS OF USE

By accessing and using the eResearchTechnology Inc. web site, ert.com (the “Web Site”), you are agreeing to be legally bound by these Terms of Use. By using the eResearchTechnology Inc. Web Site, you represent that you are 16 years or older and agree to abide by the following Terms of Use. If any of these terms are unacceptable to you, you may not access the eResearchTechnology Inc. Website until agreement has been reached between you and eResearchTechnology Inc. as to the applicable terms of use. The terms “you” and “User” refer to anyone who accesses the eResearchTechnology Inc. Web Site. As you browse through the eResearchTechnology Inc. sites you may access other web sites that are subject to different terms of use. When you use those sites, you will be legally bound by the specific terms of use posted on such sites. If there is a conflict between these Terms of Use and the other terms of use, the other terms of use will govern with respect to use of such pages. eResearchTechnology Inc. (ERT) may change these Terms of Use at any time without notice. Changes will be posted at www.ert.com under “Terms of Use”. Your use of the Web Site after any changes have been posted will constitute your agreement to the modified Terms of Use and all of the changes. Therefore, you should read these Terms of Use from time to time for changes. It is advised that you also read the eRT Customer Privacy Policy. 1. Use of the eResearchTechnology Inc. Web Site eResearchTechnology Inc. hereby grants you a non-exclusive, non-transferable, limited license to access and use the Web Site for the fees, if applicable, and under the terms set forth below. The Web Site and the content, including, but not limited to, text, data, reports, ratings and other opinions, images, photos, graphics, graphs, charts, animations and video (the “Content”), displayed on the Web Site, may be used only for your personal and non-commercial use. Except as otherwise permitted under these Terms of Use, you agree not to copy, reproduce, modify, create derivative works from, or store any Content, in whole or in part, from the Web Site or to display, perform, publish, distribute, transmit, broadcast or circulate any Content to anyone, or for any commercial purpose, without the express prior written consent of eResearchTechnology Inc.. The Content is the property of eResearchTechnology Inc. or its licensors, and is protected by copyright and other intellectual property laws. All trade names, trademarks, service marks and other product and service names and logos on the Web Site and within the Content are proprietary to their respective owners and are protected by applicable trademark and copyright laws. Any of the trademarks, service marks or logos (collectively, the “Marks”) displayed on the Web Site may be registered or unregistered marks of eResearchTechnology Inc. or others. Nothing contained on this Web Site should be construed as granting any license or right to use any of the Marks displayed on the Web Site without the express written permission of eResearchTechnology Inc. or a third party owner of such Marks. Any unauthorized uses of the Marks or any other Content are strictly prohibited. You may, on an occasional and irregular basis, reproduce, distribute, display or transmit an insubstantial portion of Content, for a non-commercial purpose and without charge, to a limited number of individuals, provided you include all copyright and other proprietary rights notices with such portion of the Content in the same form in which the notices appear on the Web Site, the original source attribution, and the phrase “Used with permission from sandp.com, a web site eResearchTechnology Inc.”. However, you may not post any Content from the Web Site to forums, newsgroups, list serves, mailing lists, electronic bulletin boards, or other web sites, without the prior written consent of eResearchTechnology Inc.. To request consent for other matters, you may contact eResearchTechnology Inc. at info@ert.com. You may not use the Web Site for any unlawful purpose. You shall honor all reasonable requests by eResearchTechnology Inc. to protect eResearchTechnology Inc. proprietary interests in the eResearchTechnology Inc. website. 2. Limitation On eResearchTechnology Inc. Warranties And Liability You are entirely liable for activities conducted by you or anyone else in connection with your browsing and use of the Web Site. If you are dissatisfied with the Content or the Web Site or with these Terms of Use, your sole and exclusive remedy is to stop using the Content and the Web Site. eResearchTechnology Inc. will not pay you any damages in connection with your browsing or use of the Web Site. THE CONTENT AND THE WEB SITE ARE PROVIDED “AS IS”, WITHOUT ANY WARRANTIES. NEITHER eResearchTechnology Inc. MAKES ANY GUARANTEES OR WARRANTIES AS TO THE ACCURACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM, ACCESSING AND USING THE eResearchTechnology Inc. WEBSITE, THE eResearchTechnology Inc. WEBSITE’S OWN CONTENT, THE OTHER CONTENT, NOR ANY MATERIAL THAT CAN BE ACCESSED (VIA A DIRECT OR INDIRECT HYPERLINK OR OTHERWISE) THROUGH THE eResearchTechnology Inc. WEBSITE. eResearchTechnology Inc. HEREBY DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND OF NONINFRINGEMENT. eResearchTechnology Inc. SHALL NOT BE LIABLE TO THE USER OR ANYONE ELSE FOR ANY INACCURACY, DELAY, INTERRUPTION IN SERVICE, ERROR OR OMISSION, REGARDLESS OF CAUSE, OR FOR ANY DAMAGES RESULTING THEREFROM. IN NO EVENT WILL eResearchTechnology Inc., NOR ANY OF ITS THIRD PARTY LICENSORS BE LIABLE FOR ANY INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO, LOST TIME, LOST MONEY, LOST PROFITS OR GOOD WILL, WHETHER IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT SUCH DAMAGES ARE FORESEEN OR UNFORESEEN WITH RESPECT TO ANY USE OF THE eResearchTechnology Inc. WEBSITE. NEITHER eResearchTechnology Inc. NOR ANY OF ITS AFFILIATES, AGENTS OR LICENSORS WILL BE LIABLE TO YOU OR ANYONE ELSE FOR ANY LOSS OR INJURY RESULTING FROM USE OF THE WEB SITE, IN WHOLE OR PART, WHETHER CAUSED BY NEGLIGENCE, CONTINGENCIES BEYOND ITS CONTROL IN PROCURING, COMPILING, INTERPRETING, REPORTING OR DELIVERING THE WEB SITE AND ANY CONTENT AT THE WEB SITE OR OTHERWISE. IN NO EVENT WILL eResearchTechnology Inc., ITS AFFILIATES, AGENTS OR LICENSORS BE LIABLE TO YOU OR ANYONE ELSE FOR ANY DECISION MADE OR ACTION TAKEN BY YOU IN RELIANCE ON SUCH CONTENT OR THE WEB SITE. 3. Links To Other Web Sites You may, through hypertext or other computer links, gain access to web sites operated by persons other than eResearchTechnology Inc.. Such hyperlinks are provided for your reference and convenience only, and are the exclusive responsibility of such web sites’ owners. You agree that eResearchTechnology Inc. is not responsible for the content or operation of such web sites, and that eResearchTechnology Inc. shall have no liability to you or any other person or entity for the use of third party web sites. A hyperlink from this Web Site to another web site does not imply or mean that eResearchTechnology Inc. endorses the content on that web site or the operator or operations of that site. You are solely responsible for determining the extent to which you may use any content at any other web sites to which you link from eResearchTechnology Inc. Web Site. eResearchTechnology Inc. assumes no responsibility for the use of third party software on the eResearchTechnology Inc. site and shall have no liability whatsoever to any person or entity for the accuracy or completeness of any outcome generated by such software. 4. Timeliness Of Content The Content displayed on the Web Site, including, but not limited to, reports and other opinions, are current as of the date appearing on the report and are subject to change without notice. Unless indicated otherwise, ratings are updated periodically by eResearchTechnology Inc. to reflect changes in the market and other criteria. eResearchTechnology Inc. does not guarantee or warrant the accuracy, timeliness, or completeness of any ratings you receive using the Web Site. 5. Additional Legal Terms This Agreement will continue until terminated by either eResearchTechnology Inc. or you. Either party can terminate the Agreement by notifying the other party by telephone or electronic mail of the decision to terminate. eResearchTechnology Inc. may discontinue or change the eResearchTechnology Inc. Website, or its availability to you, at any time. This Agreement constitutes the entire agreement between the parties relating to the eResearchTechnology Inc. Website and supersedes any and all other agreements, oral or in writing, with respect to the eResearchTechnology Inc. Website. The failure of eResearchTechnology Inc. to insist upon strict compliance with any term of this Agreement shall not be construed as a waiver with regard to any subsequent failure to comply with such term or provision. This Agreement is personal to you, and you may not assign your rights or obligations to anyone. If any provision in this Agreement is invalid or unenforceable under applicable law, the remaining provisions will continue in full force and effect. This Agreement, your rights and obligations, and all actions contemplated by this Agreement shall be governed by the laws of the United States of America and New York State, as if the Agreement was a contract wholly entered into and wholly performed within New York State. All rights not expressly granted herein are reserved. 6. Anti-Hacking Provision You may not, nor may you allow others to, directly or indirectly, attempt or actually disrupt, impair or interfere with, alter or modify the Web Site or any Content. You may not, nor may you allow others to, directly, or indirectly, collect or attempt to collect any information about others, including passwords, account or other information.

CODE OF ETHICS AND BUSINESS CONDUCT

This Code of Ethics and Business Conduct (this “Code”) applies to all directors, officers and full-time, part-time, temporary/intermittent and contract employees (collective, “Employee or Employees”) of Explorer Holdings, Inc., eResearchTechnology, Inc. and its subsidiaries (collectively, “ERT”). We require the highest standards of professional and ethical conduct. Our reputation for honesty and integrity among our customers, employees, vendors, and stockholders is key to the success of our business. This Code reflects our commitment to a culture of honesty, integrity and accountability and outlines the basic principles and policies with which all employees, officers and directors are expected to comply. Please read this Code carefully. Your cooperation is necessary to the continued success of our business and the cultivation and maintenance of our reputation as a good corporate citizen. Any questions or concerns regarding anything contained in or referenced by this Code should be directed to eResearchTechnology, Inc.’s Vice President, Human Resources (”VP-HR”) or your local office designee who is responsible for administering the Code. You may have an employment agreement with ERT, or have otherwise signed confidentiality or other agreement with ERT (collectively, the “Agreements”). You have been provided an employee handbook, policies and standard operating procedures from ERT (collectively, the “Documents”). This Code does not replace the Agreements or Documents, and the Agreements and Documents remain in full force and effect. If anything contained in the Agreements or Documents conflict with this Code, this Code shall govern. Click here for ERT’s Code of Ethics and Business Conduct.

ERT Statement on compliance to the data protection regulations covered by the General Data Protection Regulation (GDPR) and the Health Information Portability and Accountability Act (HIPAA)

The following statement details the method by which eResearch Technologies (ERT) is compliant with the controls to protect personal data processed and retained by ERT. ERT is a global company with offices in but not limited to the EU and USA.

This covers data entered, maintained, retained and reported using the ERT systems in providing its services to its clients. These services are provided in accordance with the guidelines of DHHS (45 CFR Parts 160, 162 & 164 (HIPAA)) and international privacy and data protection legislation, namely the European General Data Protection Regulation (EU) 2016/679 (GDPR).

ERT acts as the Data Processor for clients and contracted client projects. As such, any data transfers, pursuant to contractual terms, are purely for the purposes of processing data as ‘data processor’ and are fully compliant with the requirements of European and international data protection law for processing ‘sensitive personal data’. With respect to ERT staff and staff data, ERT is a data controller registered with the Information Commissioner’s Office in the UK under the Data Protection Act 2018. ERT is independently audited for compliance with HIPAA and data protection legislation, with particular emphasis on physical, organisational and technical security controls.

ERT operates a Privacy Policy in line with GDPR and HIPAA and supported by the EU Privacy Shield and Swiss Privacy Shield Principles and associated FAQs and is self-certified with the US Department of Commerce. This voluntary membership demonstrates ERT’s commitment to observing ‘best practice’ privacy and data protection requirements wherever ERT processes data on behalf of its clients.

ERT has been compliant to the HIPAA requirements since 2013 with annual external assessments to ensure compliance has been maintained.

Since 2017, ERT has had a dedicated team comprising of data privacy, protection specialists and legal experts (internal staff and consultants) who have worked to ensure that ERT is GDPR and HIPAA compliant.  This team has reviewed existing processes and data specifically for each of our European sites but also across the global business.  If any process were found not to be compliant these have been updated, most of this work involved updating internal i.e. staff rather than client specific processes. This work involved the following:

  • Creation of new or updates to existing Data & HR Policies and Standard Operating Procedures covering:
    • Breach identification, notification and remediation
    • Data request receipt, confirmation and response
    • Data portability request receipt, confirmation and response
    • Data retention confirmation and data archiving
    • Data deletion request receipt, confirmation and response
  • Established Contracting & Data Transfer Agreements / Corporate Registrations
    • Contract Templates (Client, Vendor & Assessment)
    • Data Processing Agreement (DPA)
    • Transfer Agreements between ERT entities (ERT Ltd, GmbH, Inc).
    • ICO Corporate Registration (ERT Inc, ERT Limited)
  • Personnel
    • Hiring of a full-time Data Privacy Officer (DPO) (N.B. ERT’s consulting DPO will be retained as an in country presence in our Estenfeld, Germany Office location.)
  • Employee Training
    • Employee training was initially deployed for EU Locations followed by global distribution.
    • Expansion and training for the dedicated internal team.

In addition, ERT will provide guidance in the form of templated documents for use by clients and ensure operation staff in conjunction with the dedicated team can provide guidance and support for ERT clients. ERT has a Data Protection Officer (DPO), who will lead the maintenance, monitoring and process improvement of the data compliance for ERT global privacy and security.

As identified by the ICO (UK) the following steps were performed to ensure compliance to GDPR.

1. Awareness

 

 

 

All ERT staff are required to undergo induction qualification, including GXP, HIPAA and Security training, prior to being granted access to the ERT services. Access to subject data is highly restricted on an as needs basis.   Additional training specific to GDPR was generated and provided to all staff and added to the induction training. Existing annual refresher training is to be updated to include GDPR.

Internally the HIPAA Policy has been supplemented with a GDPR Policy, both are included in mandatory training for all staff.

 

2. Information Held

 

 

 

All data has been assessed to identify the personal data held by ERT. This indicated the data held, where it was obtained, what use was made of the data and whom it was shared with.

 

3. Communicating Privacy Information

 

Existing Privacy Policies were reviewed and updated to ensure compliance with GDPR and HIPAA. An updated Privacy Policy has been uploaded to the ERT corporate web-site along with this document.

 

4. Individual Rights

 

A review of the existing processes and procedures was completed to determine that these individual’s rights were covered. It was confirmed that these already cover individual’s rights.   However, the procedures have been expanded to apply these requirements to ERT globally.
5. Subject Access Requests

 

A review of the existing subject data access request processes and procedures determined that these already covered subject access requests. However, the procedures have been expanded to apply these requirements to ERT globally.

 

6. Legal Basis for Processing Personal Data

 

 

 

The legal basis for the capture, processing and retention of personal data by ERT for and on behalf of it clients was reviewed and found to be compliant with the requirements of GDPR, HIPAA and Good Clinical Practices. All data processed and retained is for supporting Clinical Research, contact information and staff data required to run the business and meet legal requirements.

Guidance documentation to support this processing and retention will be generated and provided to clients as appropriate.

 

7. Consent

 

 

A review of the existing data consent processes and procedures determined that these already covered subject consent. However, the procedures have been expanded to apply these requirements to ERT globally.

 

8. Children

 

 

A review of the existing data consent processes determined that these already covered parental /guardian consent. However, the procedures have been expanded to apply these requirements to ERT globally.
9. Data Breaches A review of the existing data breach processes and procedures was conducted which determined that these processes were adequate. However, the procedures have been expanded to apply these requirements to ERT globally.

 

10. Data Protection by Design and Data Protection Impact Assessments

 

A review of the existing software programming processes and procedures was conducted which determined that these processes were adequate, already ensuring software considered data protection within the design.

Data Protection Impact Assessments were performed where necessary. Existing client data protection was assessed as already compliant. However, this indicated changes were needed for internal staff personal data.   The existing procedures have been expanded and new procedures generated to apply these requirements to ERT globally

 

11. Data Protection Officer

 

An internal Data Protection Officer (DPO) has been recruited and will be supported by the existing internal privacy team.
12. International A review of the data transfer processes and controls indicated that except for two remote sites all data transfers are already covered by existing corporate policies and Privacy Shield. In the case of the two remote sites Data Transfer Agreements have been generated and implemented.

ERT is registered and compliant to the ICO (UK) and with Privacy Shield (US).

 

Following the work done ERT claim that its processes and procedures are compliant with data protection and data privacy in accordance with both GDPR and with HIPAA regulations.