This policy was last updated on 22nd November, 2021

1. Addressing Privacy

2. What Personal Information is Handled by Oncacare and for What Purposes

2.1 Website Visitors

2.2 Potential Employees

2.3 Investigators, clinical site study team members and other healthcare professionals (HCPs)

2.4 Participants in Oncacare Patient Databases

2.5 Patients participating in clinical trials at one of our network Study Sites

2.6 Client Personnel

2.7 Vendor Personnel

3. More information

3.1 International and third party transfers of personal information

3.2 Legal Basis for use of your personal information

3.3 Your Personal Data Rights

3.4 Data Quality and record retention

3.5 Information security

3.6 Inquiries, complaints and requests to exercise rights

3.7 Legal status of policy and policy changes

Addressing Privacy

At Oncacare we are committed to protecting the privacy of all individuals whose information we handle.  This Global Privacy Policy (“Policy”) explains how we collect and use personal data about you in the performance of core services and business operations in connection with the Oncacare business e.g. services that support the oncology clinical trials that Oncacare oversees and manages for pharmaceutical companies and other parties who are trying to bring products to the market, including new drugs, therapies and medical devices (“Sponsor(s)”) or clinical research organisations (“CROs”). In this Policy both “personal data” and “personal information” will mean data that identifies a living person or relates to an identifiable living person.

Under data privacy laws, a “controller” makes decisions about how and why personal data is processed, while a “processor” processes personal data on behalf of the controller in accordance with their instructions. In some cases, we act as a “controller” in respect of certain processing activities that involve your personal data, while in others we act as a “processor." Throughout this Policy we explain whether we are acting as a "controller" or a "processor" in respect of a given activity so you can understand who is responsible for your rights in respect of your personal information.

Our processes and procedures are designed to support compliance with this Policy, our privacy notices and applicable international and local data protection laws and regulations, including but not limited to the European Union General Data Protection Regulation (the “GDPR”), the UK GDPR, the Health Insurance Portability and Accountability Act (“HIPAA”) and, the privacy and confidentiality requirements of Good Clinical Practice (“GCP”).

To help you navigate to the sections relevant to you, in section 2 “What Personal Information is Handled by Oncacare and for what Purposes” we have categorized our explanations based on the main categories of relationships between us and those we collect personal data from. In section 3 “More Information” we address issues that are relevant to most or all of the relationships between us and the individuals who share personal data with us, for example your rights as an individual who has shared personal data with us, who we may share personal data with and our obligations when sharing personal data with third parties internationally.

Additional privacy terms tailored for different methods of data collection and specific uses by certain of our business lines and operations may apply to personal information shared with us.  If alternative privacy terms are provided to you for a specific purpose those terms will govern the processing of personal data in relation to that purpose. For example, we maintain service specific privacy notices that may be provided to you for your review and consent in connection with the processing of personal data relating to those services and, if you are a participant in a research project for which Oncacare is providing services, there may be specific consent documentation addressing the disclosure of your personal information to us and clients who sponsor the research.

If you do not provide us with your personal data we may not be able to provide you with any of our services or respond to any questions or requests you submit to us via our websites. We will tell you when we ask for personal data which is a contractual requirement or is needed to perform our functions or is needed to comply with our legal obligations.

2. What Personal Information is Handled by Oncacare and for What Purposes

2.1 Website Visitors:

Sometimes we need personal data to deliver the information or services offered by our websites, including https://www.oncacare.com/ (the “Websites”). For example, we will use our Websites to collect information that is voluntarily submitted and which may be used by us to identify and contact you. Personal data that we ask you to provide on the Websites is often limited to e-mail address, phone number, country or location, but may include other information when needed to provide a requested service, where Oncacare needs to assess if there may be suitable trials for you to participate in, where an employment opportunity is being processed or where services as an Investigator in a clinical trial are being offered. We collect information in several ways, outlined below:

1. On some Website pages you may choose to provide personal information about yourself depending on your relationship or potential relationship with us e.g.:

if you are interested in pursuing an employment or service provider opportunity with us - see 2.2 Potential Employees

if you are interested in providing clinical trial Investigator or related services -see 2.3 Investigators, clinical site study team members and other healthcare professionals (HCPs)

if you are interested in registering your interest in participating in a clinical trial and being included in a database of potential study subjects -see 2.4 Participants in Patient Databases

if you are patient participating in an oncology research study at one of our network sites – see section 2.5 Patients participating in oncology clinical trials at one of our network Study Sites

if you are interested in obtaining services from or providing services to us- see sections 2.6 Client Personnel or Section 2.7 Vendor Personnel respectively.

2. On some Website pages you may choose to contact us to enquire about our services or receive information on our business. This information is generally collected on 'Contact Us' forms where you may choose to be contacted by us. The personal information collected in these cases includes the personal data you may voluntarily enter through the ‘Contact Us’ form, your name, phone number, e-mail address and country. The Websites also collect certain information about your computer hardware and software. This information may include; your IP address, browser type, operating system, domain name, access times and referring website addresses. This information is used for the operation of the service, to maintain and monitor quality of the service and to provide general statistics regarding use of Websites.

Third Party Websites.  The Website may contain links to third party websites. Links to these websites are not under the control of or endorsed by us. This Policy does not apply to such websites. It is recommended that visitors review the privacy policy of each such website before submitting any personal data to those websites.

Cookies. Oncacare’s Websites use cookies. A cookie is a data file that is placed by a website or mobile application operator on the hard drive of a visitor to their website. We, and third parties with whom we work, may place cookies with the following functions on the computers of visitors to Oncacare Website: to allow the Website to deliver the service requested by the visitor; to remember repeat visitors; to improve the user experience of the Website; to allow us to perform Website analytics; and to serve and help tailor our marketing messages on our Website and elsewhere on the internet based on the visitor’s previous browsing activity.

We only use cookies based on your consent, with the exception of cookies that are strictly necessary to provide you with the services that you have requested. 

If you don’t want non-essential cookies to be placed on your device, then you can easily accept or reject them in the cookie banners.

Otherwise, most browsers will allow a visitor to choose which cookies can be placed on his/her computer and to delete or disable cookies. Please note that disabling cookies may prevent a visitor from using certain features on Oncacare Website. For more information, please refer to the applicable cookie policy on the Website.

Website Security. Please be aware that whilst we do all that we can to safeguard the security of your personal information, the transmission of information over the internet is not completely secure and therefore you do this at your own risk. Once we receive your personal information we will implement strict security procedures with the objective of preventing unauthorized access.

Children. We do not knowingly collect any personal data through our Websites from individuals who are known to be under the age of 13, and no part of Oncacare Website is directed towards anyone less than 13. 

2.2 Potential Employees

We may process your personal data in our capacity as data controller. This section describes how we handle and protect your personal data in connection with our recruiting processes and programs. This section only applies to the personal data of job applicants, potential candidates for employment or as freelancers, and our optional recruiting programs and events. It does not apply to our employees, other contractors or clients, or other personal data that we collect for other purposes.

We will process your personal data in accordance with this Policy, unless such processing conflicts with the requirements of applicable law, in which case, applicable law will prevail.

You are not required to provide any requested information to us, but failing to do so may result in us not being able to continue your candidacy for the job for which you have applied.

 Personal data we collect: The types of personal data that we request from you and the ways that we process it are determined by the requirements of the country in which the position is located, and not the country in which you reside. Should you apply to more than one location or should the role to which you apply be available in more than one country, the types of personal data we request from you and the ways that we process it are determined by the requirements of all the countries in which the position is located. We usually collect personal data directly from you when you apply for a role with us, such as your name, photo, address, contact information, work and educational history, references, achievements, copies of identification documents, CVs, diversity information (if required for compliance reasons) and test results. We also may collect personal data about you from third parties, such as your references, prior employers, our employees with whom you have interviewed, publicly available websites and employment background check providers, to the extent this is permitted by applicable law.

Use of your personal data: We collect and use your personal data for legitimate human resources and business management reasons including: identifying and evaluating candidates for potential employment, as well as for future roles that may become available;  recordkeeping in relation to recruiting and hiring; ensuring compliance with legal requirements, including diversity and inclusion requirements and practices; conducting background and criminal history checks as permitted by applicable law. We may also analyze your personal data or aggregated/pseudonymized data to improve our recruitment and hiring process and augment our ability to attract successful candidates.

We may desire to retain your personal data to consider you for future employment opportunities. In such an event, we will seek your consent, either prior to or after you formally apply for a job opportunity, to be part of our future job alerts that provides you ways to further learn about our current and future employment opportunities. These future job alerts are entirely optional.

If you consent to future job alerts, but subsequently wish to withdraw, please contact us at the following email address: careers@oncacare.com.

Data recipients and international data transfers: Your personal data may be accessed by recruiters and interviewers working in the country where the position for which you are applying is based, as well as by recruiters and interviewers working in different countries within our organization.

Individuals performing administrative functions and IT personnel within our organization may also have a limited access to your personal data in order to perform their jobs. We have put in place legal mechanisms designed to ensure adequate data protection of your personal data that is processed by us, including the transfer of your personal data to countries other than the one in which you reside.

We may use third party service providers to provide a recruiting software system. We may also share your personal data with other third party service providers that may assist us in recruiting talent, administering and evaluating pre-employment screening, background checks and testing, and improving our recruiting practices.

We maintain processes designed to ensure that any processing of personal data by third party service providers is consistent with this Policy and protects the confidentiality, availability, and integrity of your personal data.

We may also share your personal data with any client of ours that you are proposed to be assigned to in connection with a position.

Data retention: If you accept an offer of employment, any relevant personal data collected during your pre-employment period will become part of your personnel records and will be retained in accordance with specific country requirements and our Data Protection and other workplace policies which will be provided to you at that time. If we do not employ you, we may nevertheless continue to retain and use your personal data for a period of time (which may vary depending on the country) for system administration purposes, to consider you for potential future roles, and to perform research. If you elect to join a recruiting program, we may retain your personal data to consider you for future employment opportunities.

2.3 Investigators, clinical site study team members and other healthcare professionals (HCPs)

We collect the names, contact details, and professional information of clinical trial investigators, study researchers, data safety monitoring board members, and other HCPs for the purpose of identifying and assessing suitability to assist in oncology clinical trials and research studies and to provide services. We collect your personal data when you provide it to us directly, for example such as when you express or register an interest to participate in a study through our Websites, and also, either directly or indirectly, from various sources such as websites, directories and industry networks etc. For further information on our collection activities and uses of personal information through our Websites please refer to section 2.1 “Website Visitors”. If you subsequently participate in a trial or study we manage or provide services for, we will also collect information relating to the involvement and performance of HCPs.  Further information is available in our Site Data Protection Notice and Consent Form available here https://www.oncacare.com/privacy/.

2.4 Participants in Oncacare Patient Databases

Certain Oncacare services involve the development and maintenance of databases of persons who may be eligible to and may wish to participate in oncology clinical trials and medical research studies (“Patient Recruitment Databases”).

In order to match such persons’ entered into Patient Recruitment Databases to appropriate oncology clinical trials or research studies we will, on a need to know basis, request, collect and process suitable personal data on the basis of the person’s explicit consent, such as names, addresses and contact information, which may be collected on voice recordings, as well as sensitive personal information.

Screening data may include healthcare and sensitive information including:  healthcare information such as your cancer diagnosis and previous treatments, family histories, gender, age and race and ethnicity. We only accept and store data into our Patient Recruitment Databases that has been volunteered by the individual. We can only hold information on behalf of someone else when a child under the age of 18 is registered by their parent or legal guardian.

Once your details are recorded in Oncacare’s Patient Recruitment Databases, a member of our team may contact you for further screening directly by telephone, email or other means, including SMS. Our standard process is, where possible, to email ahead of any calls regarding eligibility for clinical trials.

If an Oncacare trial eligibility criteria provided by a Sponsor or Clinical Research Organisation align with your information stored in our Patient Recruitment Databases, we may contact you and potentially refer you to a contracted clinic for further medical screening. If you decide to take part in a trial, the personal data required will vary between studies depending on their nature. Details will be addressed in the study specific consent documentation.

We may use your Personal Information to respond to subsequent requests you may make of us, and from time to time, we may refer to your personal information to better understand your needs and how we can improve our websites, products and services on the basis of our legitimate interests in doing so. Any other information transferred by you which cannot be used to identify you (and which, therefore, does not constitute personal information) may be included in databases owned and maintained by us or our agents worldwide.   We may also use anonymised personal data to run general analysis to report on and improve our performance.  We will never sell your data to third parties. In addition to sending you general health news information, information on our services you may have used (product communications), where we have your permission, or where we are relying on our legitimate interest, we may send you direct marketing communications about our clinical trials, and patient surveys.

Direct marketing communications may be sent by post, email, telephone, SMS and MMS including push text notifications to your mobile devices.

We may send you direct marketing while you have an ongoing relationship with us and for a reasonable time after you have enquired about or participated in one of our clinical trials or used one of our or services where we feel we have a legitimate interest.

You will be able to opt-out of direct marketing by following the instructions in the communications you receive or contacting us below. Alternatively, you can contact a member of clinical research team who will be able to update your marketing preferences.

2.5 Patients participating in clinical trials at one of our network Study Sites

Oncacare has a number of collaboration arrangements in place with oncology trial sites (referred to as a “Study Site”). Patients and other individuals (for convenience referred to as “Study Participants”) participating in an oncology research study (each a “Study”) may attend or share information with Study Sites for various Study related reasons. These reasons include activities such as medical screening to check if being a Study Participant is appropriate for a particular individual. After an individual has undergone a medical screening and provided their informed consent to participate in a Study, an individual may be enrolled in that Study.

Purposes and uses of personal data. The personal data and purposes for which Study Participants’ personal data will be used by Study Sites and Sponsors will depend on the nature of the Sponsor’s study and will be addressed in more detail in Study specific consent documentation. As such, Study Participants should look to that documentation to understand how their personal data is processed.

To give an overview, generally, if enrolled in a Study, Study Participants will likely attend the Study Site to be prescribed, provided with or administered with a Study drug, treatment or device that is the subject of the Study. Study Participants might attend the Study Site or be in contact with Study Site representatives at regular intervals throughout the Study to enable the Study Site to collect health information from them that is relevant to the study or in order to monitor their health during the Study. During a Study, Study Participants may be in communication with a Study Site and other representatives for reasons such as scheduling follow up visits or referrals to other medical appointments associated with the Study. Study Participants may also share information with Study sites remotely through mobile applications e.g. where regular patient status updates are needed for the particular Study. Study Sites may also, to the extent necessary, process personal data relating to Study Participants’ spouses, partners, care givers, and relatives if they are involved in the participants’ participation in a Study at the Study Site e.g. parents involved in decision making of child participants or spouses involved in the care of an incapacitated participant. 

Depending on the nature of the Study, usually these activities are overseen by a medical doctor known as a “Principal Investigator” who is responsible for Study Participants’ medical care at the Study Site. These activities and related data collection may also be administered by other members of the Study team at the Study Site who operate under the Principal Investigator’s supervision e.g. Study coordinators, nurses and other medical professionals. 

Certain personal data will be made accessible to the Study Sponsor and its agents in accordance with the Sponsor’s study protocol (“Sponsor Data”).  Sponsor Data is used by the Sponsor to make decisions about the Study, to perform research or analysis relating to the Study and to make decisions about the drug, device or treatment that is the subject of the Study. Study Data is generally pseudonymised, meaning names and other information that could identify a Study Subject is not included in the Sponsor Data. Instead, Study Participants’ are typically identified by a code. Principal Investigators, members of the Principal Investigators’ Study team and authorized personnel, including Contract Research Organisations appointed by Sponsors to monitor Study Sites’ compliance with the Protocol and other auditors, may access Study Participant identifying records in certain circumstances.

Who is the controller? Depending on the processing activity, the relevant controller may be the Study Site or the Sponsor. As the Study Site is responsible for the medical care of Study Participants and the Sponsor is responsible for the medical research the Study concerns, we generally regard the Sponsor as the controller of activities in respect of Sponsor Data, and the Study Site as the controller of activities in respect of medical records which are kept by the Study Site.

2.6 Client Personnel

Client business representatives and agents. For Individuals sharing personal Information with us in order to inquire about, engage or otherwise make use of Oncacare services or purchase, receive or seek information from us, including about any Oncacare products and services, vendors or opportunities to participate in clinical research, we will use such personal information in order to provide the requested information, products, and/or services and to process requested transactions. We may also use this personal data to improve the quality of our services, send and receive communications about the products and services available through us, and to enable our business partners and agents to perform certain activities on our behalf.

Use of personal information of client business representatives and agents in relation to Oncacare activities. For individuals engaged by our clients and collaborating with us in connection with projects for which we are providing services, including client employees, study personnel, and other consultants, contractors, managers, and agents (who are natural persons) of the client and its corporate affiliates, business partners and third-party service providers, personal information may be used by us in order to carry out the applicable services and related activities. This may include the transfer of such personal information to the applicable vendors, its corporate affiliates, business partners and third-party service providers performing services related to the project (e.g., study data management, clinical research monitoring services, safety monitoring, etc.).  

2.7 Vendor Personnel

Vendor business representatives and agents. Vendor representatives may share personal information with us in order to provide us information about services e.g. business support services, health care products and services, opportunities to participate in clinical research, health care education and patient related programs which may be available through a vendor. We will use any personal information provided by the vendor and its representatives in order to receive and assess the vendor related information, products, and/or services and potentially close associated contracts. Uses may include processing for requested transactions, reviewing the quality of the vendor’s services, sending and receiving communications about the products and services available through the vendor, and enabling our business partners, clients and agents to perform activities and make decisions in relation to the vendor.

Use of personal information of vendor business representatives and agents in relation to activities performed by vendors for us and our clients. For vendors engaged by us to perform services for us, including in relation to research studies being managed by us and our clients your personal information may be used by us in order to carry out the projects, activities and other related services in connection with which the vendor is engaged by us. This may include the transfer of such personal information to the applicable our study sponsor or client, other vendors involved in a project for which a vendor is engaged and such parties’ respective corporate affiliates, business partners and third-party service providers performing services or activities related to the project or activities for which a vendor is engaged by us (e.g., study data management, clinical research monitoring services, safety monitoring, etc.).

3. More information

3.1 International and third party transfers of personal information

To operate as a global business it may be necessary to process and transfer personal information within our businesses and with agents, contractors or partners of ours in connection with services that these individuals or entities perform for, or with, us.  This may involve transferring personal information outside the European Economic Area (EEA) to the USA and elsewhere. These agents, contractors or partners are restricted from using this information in any way other than to provide services for us, or services for the collaboration in which they and us are engaged. We may, for example, provide your information to agents, contractors or partners for hosting our databases, for data processing services, or so that they can send you information that you requested.

Regardless of whether the transfer is within our group or to a third party, we will apply appropriate safeguards to such transfers as required by applicable law. For example, transfers to non-EEA countries will usually be governed by EU-approved “standard contractual clauses” where appropriate and will be subject to other appropriate technical and organisational measures having regard to the nature of the personal data. For more information, please contact us.

We reserve the right to share personal information in response to duly authorized information requests of governmental authorities or where required by law. We may also provide personal information to a third party in connection with the sale, assignment, or other transfer of the business to which the information relates, in which case we will require any such third party to agree to treat personal information in accordance with any applicable terms of use agreed by you and us. We may disclose personal data where necessary for our legitimate business interests to protect our rights, property or safety or that of others or for the purposes of fraud protection. Such disclosure may, as appropriate, include exchanging information with other organisations, companies, auditors and Government Departments.

3.2 Legal Basis for use of your personal information

3.2.1. With your Consent: In cases where we need your consent to process your information, we will ask you to make a positive indication (e.g. to tick a box, sign a document, provide confirmation) that you agree to the processing.  By actively providing consent, you are stating that you have been informed as to the type of information that will be processed, the reasons for such processing and how it will be used and for how long it will be kept and who else has access to it.  Where we may rely on consent to process your information, you have the right to withdraw that consent for that activity at any time. 

3.2.2. To fulfill a contract: In other cases we process your personal data because it is necessary to deliver a service you have requested.

3.2.3. For a Legitimate Interest: We may process your personal data on the basis of our legitimate interests in using your data for the purposes described in this Policy. Examples of our legitimate interests include the following:

Processing your information in relation to investigator opportunities with us;

To improve our services;

To protect the security and integrity of our websites and mobile applications;

To protect any of our property or rights or obligations and/or the property, rights or obligations of third parties where we may have an obligation or liability in respect of these;

To take precautions against potential liability on our part;

To analyze therapeutic trends and gather anonymized geographic statistics; and

To correct technical errors and to technically process your personal data.

You can object to us relying on our legitimate interest to use your personal data in these ways at any time as described under “Your Personal Data Rights” below.

3.2.4. To comply with Legal Obligations:  There may be situations where we need to use your information to comply with legal obligations, applicable regulation and judicial process. For example, we are required by law to keep certain records for specific periods of time.

3.3 Your Personal Data Rights

You have certain rights in respect of the personal data that we hold about you. Subject to certain exemptions and local law, these rights may include the following:

Right to withdraw consent – if we are processing your personal data on the basis of your consent, you are entitled to withdraw your consent to that processing at any time (see contact details section). However, the withdrawal of your consent will not invalidate any processing we carried out prior to the withdrawal of your consent.

The right of access to your personal data – you can request a copy of the personal data we hold about you.

The right to rectification – you have the right to request that we correct any inaccuracies in the personal data we hold about you and complete any personal data where this is incomplete.

Right to erase your personal data (right to be forgotten) - You have the right to be forgotten in certain circumstances including, for example, where the personal data are no longer needed for the purpose for which they were collected. However, this right does not apply where, for example, processing is necessary to comply with a legal obligation, or for the establishment, exercise or defense of legal claims.

The right to restrict the processing of your personal data - You have the right to ask us to restrict certain processing activities in some circumstances, including, for example, where the accuracy of the data in question is contested. Where processing has been restricted, we can only process it for limited purposes such as, for example, the establishment, exercise or defense of legal claims.

The right of data portability - You have the right to have your data returned to you or to a third party in certain cases.

The right to object – You have a right to object to the processing of your personal data in certain cases. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interest.

To exercise any of the above rights, please notify us at the address provided in section 3.6.  “Inquiries, complaints and requests to exercise rights” below, unless you are a patient in a Study Site in which case please notify the relevant Study Site you are attending. We may request proof of identification to verify your identity. Where we are the relevant data controller, we will carefully assess your request and, subject to applicable laws and exceptions, will respond within the relevant legal time limits.

3.4 Data Quality and record retention

We retain personal information for as long as is necessary in accordance with its data retention, contractual, legal and regulatory requirements.

If your personal information is no longer required in connection with such purpose(s), or we are no longer lawfully entitled to process it, or you validly exercise your right of erasure, we will remove it from our records at the relevant time. In the event that you ask us to stop sending you direct marketing/other electronic communications, we will keep your name on our internal suppression list to ensure that you are not connected again.

 Where appropriate and consistent with regulatory requirements, we engage our professional quality assurance department to safeguard the accuracy of data. In general, our privacy policy, notices and procedures provide individuals easy means of validating, correcting errors and updating information.

3.5 Information security

We ensure appropriate technical and organizational measures are taken to protect the personal and sensitive data you provide us with from unauthorized or unlawful processing and to protect against accidental loss, destruction or damage. Our Websites and electronic databases have security measures in place to protect the loss, misuse, unauthorized access or disclosure, alteration or destruction of the information under our control. However, as effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet.

3.6 Inquiries, complaints and requests to exercise rights

If you feel your data protection rights have been infringed by us, you have the right to complain to your local data protection supervisory authority. Our lead supervisory authority in Europe is the Data Protection Commission in Ireland (see www.dataprotection.ie).

Questions, comments or requests to exercise your rights should be submitted to our Global Data Protection Officer as follows:  

By Mail:

Global Data Protection Officer
Oncacare Limited
South County Business Park
Leopardstown
Dublin 18
D18 X5R3
Ireland

By Email: Data_Privacy_Officer_Global@oncacare.com

3.7 Legal status of policy and policy changes

This Policy is not a contract, and it does not create any legal rights or obligations. We reserve the right to modify or amend this Policy. For instance, the Policy may need to change as new legislation is introduced or as legislation is amended. Where we have your contact details, we will notify you of any material changes.

22nd November, 2021