By accessing and using the eResearchTechnology Inc. web site, (the “Web Site”), you are agreeing to be legally bound by these Terms of Use. By using the eResearchTechnology Inc. Web Site, you represent that you are 16 years or older and agree to abide by the following Terms of Use. If any of these terms are unacceptable to you, you may not access the eResearchTechnology Inc. Website until agreement has been reached between you and eResearchTechnology Inc. as to the applicable terms of use. The terms “you” and “User” refer to anyone who accesses the eResearchTechnology Inc. Web Site. As you browse through the eResearchTechnology Inc. sites you may access other web sites that are subject to different terms of use. When you use those sites, you will be legally bound by the specific terms of use posted on such sites. If there is a conflict between these Terms of Use and the other terms of use, the other terms of use will govern with respect to use of such pages. eResearchTechnology Inc. (ERT) may change these Terms of Use at any time without notice. Changes will be posted at under “Terms of Use”. Your use of the Web Site after any changes have been posted will constitute your agreement to the modified Terms of Use and all of the changes. Therefore, you should read these Terms of Use from time to time for changes. It is advised that you also read the eRT Customer Privacy Policy. 1. Use of the eResearchTechnology Inc. Web Site eResearchTechnology Inc. hereby grants you a non-exclusive, non-transferable, limited license to access and use the Web Site for the fees, if applicable, and under the terms set forth below. The Web Site and the content, including, but not limited to, text, data, reports, ratings and other opinions, images, photos, graphics, graphs, charts, animations and video (the “Content”), displayed on the Web Site, may be used only for your personal and non-commercial use. Except as otherwise permitted under these Terms of Use, you agree not to copy, reproduce, modify, create derivative works from, or store any Content, in whole or in part, from the Web Site or to display, perform, publish, distribute, transmit, broadcast or circulate any Content to anyone, or for any commercial purpose, without the express prior written consent of eResearchTechnology Inc.. The Content is the property of eResearchTechnology Inc. or its licensors, and is protected by copyright and other intellectual property laws. All trade names, trademarks, service marks and other product and service names and logos on the Web Site and within the Content are proprietary to their respective owners and are protected by applicable trademark and copyright laws. Any of the trademarks, service marks or logos (collectively, the “Marks”) displayed on the Web Site may be registered or unregistered marks of eResearchTechnology Inc. or others. Nothing contained on this Web Site should be construed as granting any license or right to use any of the Marks displayed on the Web Site without the express written permission of eResearchTechnology Inc. or a third party owner of such Marks. Any unauthorized uses of the Marks or any other Content are strictly prohibited. You may, on an occasional and irregular basis, reproduce, distribute, display or transmit an insubstantial portion of Content, for a non-commercial purpose and without charge, to a limited number of individuals, provided you include all copyright and other proprietary rights notices with such portion of the Content in the same form in which the notices appear on the Web Site, the original source attribution, and the phrase “Used with permission from, a web site eResearchTechnology Inc.”. However, you may not post any Content from the Web Site to forums, newsgroups, list serves, mailing lists, electronic bulletin boards, or other web sites, without the prior written consent of eResearchTechnology Inc.. To request consent for other matters, you may contact eResearchTechnology Inc. at You may not use the Web Site for any unlawful purpose. You shall honor all reasonable requests by eResearchTechnology Inc. to protect eResearchTechnology Inc. proprietary interests in the eResearchTechnology Inc. website. 2. Limitation On eResearchTechnology Inc. Warranties And Liability You are entirely liable for activities conducted by you or anyone else in connection with your browsing and use of the Web Site. If you are dissatisfied with the Content or the Web Site or with these Terms of Use, your sole and exclusive remedy is to stop using the Content and the Web Site. eResearchTechnology Inc. will not pay you any damages in connection with your browsing or use of the Web Site. THE CONTENT AND THE WEB SITE ARE PROVIDED “AS IS”, WITHOUT ANY WARRANTIES. NEITHER eResearchTechnology Inc. MAKES ANY GUARANTEES OR WARRANTIES AS TO THE ACCURACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM, ACCESSING AND USING THE eResearchTechnology Inc. WEBSITE, THE eResearchTechnology Inc. WEBSITE’S OWN CONTENT, THE OTHER CONTENT, NOR ANY MATERIAL THAT CAN BE ACCESSED (VIA A DIRECT OR INDIRECT HYPERLINK OR OTHERWISE) THROUGH THE eResearchTechnology Inc. WEBSITE. eResearchTechnology Inc. HEREBY DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND OF NONINFRINGEMENT. eResearchTechnology Inc. SHALL NOT BE LIABLE TO THE USER OR ANYONE ELSE FOR ANY INACCURACY, DELAY, INTERRUPTION IN SERVICE, ERROR OR OMISSION, REGARDLESS OF CAUSE, OR FOR ANY DAMAGES RESULTING THEREFROM. IN NO EVENT WILL eResearchTechnology Inc., NOR ANY OF ITS THIRD PARTY LICENSORS BE LIABLE FOR ANY INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO, LOST TIME, LOST MONEY, LOST PROFITS OR GOOD WILL, WHETHER IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE, AND WHETHER OR NOT SUCH DAMAGES ARE FORESEEN OR UNFORESEEN WITH RESPECT TO ANY USE OF THE eResearchTechnology Inc. WEBSITE. NEITHER eResearchTechnology Inc. NOR ANY OF ITS AFFILIATES, AGENTS OR LICENSORS WILL BE LIABLE TO YOU OR ANYONE ELSE FOR ANY LOSS OR INJURY RESULTING FROM USE OF THE WEB SITE, IN WHOLE OR PART, WHETHER CAUSED BY NEGLIGENCE, CONTINGENCIES BEYOND ITS CONTROL IN PROCURING, COMPILING, INTERPRETING, REPORTING OR DELIVERING THE WEB SITE AND ANY CONTENT AT THE WEB SITE OR OTHERWISE. IN NO EVENT WILL eResearchTechnology Inc., ITS AFFILIATES, AGENTS OR LICENSORS BE LIABLE TO YOU OR ANYONE ELSE FOR ANY DECISION MADE OR ACTION TAKEN BY YOU IN RELIANCE ON SUCH CONTENT OR THE WEB SITE. 3. Links To Other Web Sites You may, through hypertext or other computer links, gain access to web sites operated by persons other than eResearchTechnology Inc.. Such hyperlinks are provided for your reference and convenience only, and are the exclusive responsibility of such web sites’ owners. You agree that eResearchTechnology Inc. is not responsible for the content or operation of such web sites, and that eResearchTechnology Inc. shall have no liability to you or any other person or entity for the use of third party web sites. A hyperlink from this Web Site to another web site does not imply or mean that eResearchTechnology Inc. endorses the content on that web site or the operator or operations of that site. You are solely responsible for determining the extent to which you may use any content at any other web sites to which you link from eResearchTechnology Inc. Web Site. eResearchTechnology Inc. assumes no responsibility for the use of third party software on the eResearchTechnology Inc. site and shall have no liability whatsoever to any person or entity for the accuracy or completeness of any outcome generated by such software. 4. Timeliness Of Content The Content displayed on the Web Site, including, but not limited to, reports and other opinions, are current as of the date appearing on the report and are subject to change without notice. Unless indicated otherwise, ratings are updated periodically by eResearchTechnology Inc. to reflect changes in the market and other criteria. eResearchTechnology Inc. does not guarantee or warrant the accuracy, timeliness, or completeness of any ratings you receive using the Web Site. 5. Additional Legal Terms This Agreement will continue until terminated by either eResearchTechnology Inc. or you. Either party can terminate the Agreement by notifying the other party by telephone or electronic mail of the decision to terminate. eResearchTechnology Inc. may discontinue or change the eResearchTechnology Inc. Website, or its availability to you, at any time. This Agreement constitutes the entire agreement between the parties relating to the eResearchTechnology Inc. Website and supersedes any and all other agreements, oral or in writing, with respect to the eResearchTechnology Inc. Website. The failure of eResearchTechnology Inc. to insist upon strict compliance with any term of this Agreement shall not be construed as a waiver with regard to any subsequent failure to comply with such term or provision. This Agreement is personal to you, and you may not assign your rights or obligations to anyone. If any provision in this Agreement is invalid or unenforceable under applicable law, the remaining provisions will continue in full force and effect. This Agreement, your rights and obligations, and all actions contemplated by this Agreement shall be governed by the laws of the United States of America and New York State, as if the Agreement was a contract wholly entered into and wholly performed within New York State. All rights not expressly granted herein are reserved. 6. Anti-Hacking Provision You may not, nor may you allow others to, directly or indirectly, attempt or actually disrupt, impair or interfere with, alter or modify the Web Site or any Content. You may not, nor may you allow others to, directly, or indirectly, collect or attempt to collect any information about others, including passwords, account or other information.


This Code of Ethics and Business Conduct (this “Code”) applies to all directors, officers and full-time, part-time, temporary/intermittent and contract employees (collective, “Employee or Employees”) of Explorer Holdings, Inc., eResearchTechnology, Inc. and its subsidiaries (collectively, “ERT”). We require the highest standards of professional and ethical conduct. Our reputation for honesty and integrity among our customers, employees, vendors, and stockholders is key to the success of our business. This Code reflects our commitment to a culture of honesty, integrity and accountability and outlines the basic principles and policies with which all employees, officers and directors are expected to comply. Please read this Code carefully. Your cooperation is necessary to the continued success of our business and the cultivation and maintenance of our reputation as a good corporate citizen. Any questions or concerns regarding anything contained in or referenced by this Code should be directed to eResearchTechnology, Inc.’s Vice President, Human Resources (”VP-HR”) or your local office designee who is responsible for administering the Code. You may have an employment agreement with ERT, or have otherwise signed confidentiality or other agreement with ERT (collectively, the “Agreements”). You have been provided an employee handbook, policies and standard operating procedures from ERT (collectively, the “Documents”). This Code does not replace the Agreements or Documents, and the Agreements and Documents remain in full force and effect. If anything contained in the Agreements or Documents conflict with this Code, this Code shall govern. Click here for ERT’s Code of Ethics and Business Conduct.

ERT Statement – Compliance with applicable data privacy and security laws and regulations

This statement (“Statement”) gives an overview about how eResearch Technologies, Inc., on behalf of itself and each of its affiliates (collectively “ERT”), complies with data privacy laws and regulations to protect personal data processed and retained by it. ERT is a global company with offices located in, without limitation: in the EU, USA, and Japan.

This Statement applies to data entered, maintained, retained and reported, using the ERT systems, for providing services to its clients. Such services are provided, in accordance with applicable data privacy laws and regulations, including without limitation: the guidelines of FDA (21 CFR Part 11) and DHHS (45 CFR Parts 160, 162 & 164 (HIPAA)) and the European General Data Protection Regulation (EU) 2016/679 (GDPR).

ERT acts as the Data Processor (as defined under GDPR) for its clients and contracted client projects. As such, any applicable data transfers, required are for data processing purposes as a ‘data processor’ and are compliant with the requirements of European and international data protection laws for processing ‘sensitive personal data.’

Regarding ERT staff and staff data, ERT is a data controller registered with the Information Commissioner’s Office in the UK under the Data Protection Act 2018. ERT is independently audited for compliance with data protection legislation, with particular emphasis on administrative, physical, and technical security controls.

ERT maintains a privacy policies in line with applicable data privacy laws and regulations, supported by the EU Privacy Shield and Swiss Privacy Shield Principles and associated FAQs, and is self-certified with the US Department of Commerce. This voluntary membership demonstrates ERT’s commitment to observing ‘best practices’ around data privacy protection requirements wherever ERT processes data on behalf of its clients.

ERT has had a dedicated team comprising of data privacy, protection specialists and legal experts (internal staff and consultants) who have worked to ensure ERT is compliant with applicable data privacy laws and regulations across its organization. This team has reviewed existing processes for each of its European sites, but also across the global business. If any process was found to not be compliant, steps were taken to remediate gaps identified. Process review included the following:

  • Creation of new, or updates to existing, data and HR Policies and Standard Operating Procedures covering::
    • Breach notification and remediation;
    • Data request receipt, confirmation; and response;
    • Data portability request receipt, confirmation, and response;
    • Data retention confirmation and archiving; and
    • Data deletion request receipt, confirmation, and response.
  • Established Contracting and Data Transfer Agreement / Corporate Registrations
    • Contract Templates (Client, Vendor and Assessment);
    • Data Processing Agreement (DPA);
    • Transfer Agreements among ERT entities (ERT Ltd, GmbH, Inc); and
    • ICO Corporate Registration (ERT Inc., ERT Limited).
  • Personnel
    • Hiring of a full-time Data Privacy Officer (DPO) (N.B. ERT’s consulting DPO will be retained as an in-country presence in our Estenfeld, Germany Office location).
  • Employee Training
    • Employee training was initially deployed for EU Locations followed by global distribution.
    • Expansion and training for the dedicated internal team.

ERT’s Data Protection Officer (DPO), and security management team are responsible for data privacy maintenance, monitoring, and process improvement for ERT’s global privacy and security compliance.

The following steps were performed to ensure data privacy and security compliance:

1. Awareness




All ERT staff are required to undergo compliance training, including GXP, HIPAA and Security training, prior to being granted access to the ERT services. Access to subject data is highly restricted on an “as-needed” basis. Additional GDPR training was generated and provided to all ERT staff and added to the onboarding training. Existing annual compliance training will be updated to include GDPR requirements.

Internally the HIPAA Policy has been supplemented with a GDPR Policy, both are included in mandatory training for all staff.


2. Information Held




All data has been assessed to identify personal data held by ERT. Such analysis identified data held, where it is obtained, use, and access.


3. Communicating Privacy Information


Existing privacy policies were reviewed and updated to ensure compliance with applicable data privacy laws and regulations. Updated privacy policies have been uploaded to the ERT corporate website along with this document.


4. Individual Rights


A review of the existing processes and procedures were completed to determine data subjects’ rights were covered. It was confirmed ERT is in compliance with these requirements. However, the procedures have been expanded to apply these requirements to ERT globally.
5. Subject Access Requests


A review of existing data subject access request processes and procedures were completed to determine this topic was covered. It was confirmed ERT is in compliance with these requirements. However, the procedures have been expanded to apply these requirements to ERT globally.


6. Legal Basis for Processing Personal Data




The legal basis for the capture, processing and retention of personal data by ERT for and on behalf of it clients was reviewed and found to be compliant with the requirements of GDPR, HIPAA and Good Clinical Practices. All data processed and retained is for supporting clinical research, contact information and staff data required to run the business and meet legal requirements.

Guidance documentation to support this processing, and retention, will be generated and provided to clients, as appropriate.


7. Consent



A review of the existing data consent processes and procedures determined that these already covered subject consent. However, the procedures have been expanded to apply these requirements to ERT globally.


8. Children



A review of the existing data consent processes determined that these already covered parental /guardian consent. However, the procedures have been expanded to apply these requirements to ERT globally.
9. Data Breaches A review of the existing data breach processes and procedures were conducted, which determined the processes are adequate. However, the procedures have been expanded to apply these requirements to ERT globally.


10. Data Protection by Design and Data Protection Impact Assessments


A review of the existing software programming processes and procedures were conducted, which determined that these processes were adequate, ensuring privacy and security data protection within the design.

Data protection impact assessments were performed, where necessary. Existing client data protection was assessed as already compliant. However, this indicated changes were needed for internal staff personal data. The existing procedures have been expanded and new procedures generated to apply these requirements to ERT globally.


11. Data Protection Officer and Security Management


ERT’s Data Protection Officer (DPO) and security management team are responsible for data privacy maintenance, monitoring, and process improvement for ERT’s global privacy and security compliance.
12. International A review of the data transfer processes and controls indicated that except for two remote sites all data transfers are already covered by existing corporate policies and Privacy Shield. In the case of the two remote sites Data Transfer Agreements have been generated and implemented.

ERT is registered and compliant to the ICO (UK) and with Privacy Shield (US).


Based on the foregoing initiatives, ERT’s processes and procedures are compliant with applicable data privacy laws and regulations.