Privacy Policy

Privacy Policy

CTI Clinical Trials and Consulting Global Privacy Policy

CTI Clinical Trials and Consulting, operating through its affiliates/subsidiaries located throughout the world (CTI) is strongly committed to protecting your privacy and ensuring all personal data is protected. Clinical and medical research rely on the collection and analysis of the most confidential and personal data. Personal data can be any information relating to an identified or identifiable natural person (data subject), such as name, physical address, email address, phone number, date of birth, etc. This policy explains how we collect, use and protect your personal information and how we comply with laws on data privacy and confidentiality.

CTI is responsible for controlling and processing the personal information it obtains.

Our global headquarters address is: CTI Clinical Trial and Consulting, Inc. | 100 East RiverCenter Boulevard | Covington, KY | 41011 | USA | 1.513.598.9290 | info@ctifacts.com | www.ctifacts.com

CTI’s Chief Privacy Officer can be contacted at: dataprotection@ctifacts.com.

The (external) Data Protection Officer of CTI can be contacted at: KINAST Attorneys at Law mbH | Hohenzollernring 54 | 50672 Köln | Germany | +49 221 - 222 183 0 | cti-dpo@kinast-partner.de

Clinical and Medical Information

The nature of clinical research involves collecting, analyzing, and reviewing large amounts of health data for study subjects around the world on behalf of our clients. For confidentiality, subjects’ names and other identifiers are not attached to records or samples collected by CTI, and only study doctors and authorized personnel can access source records with de-identified information. All clinical and medical information processed by CTI is to support clinical studies in which the individual study subjects participate, including to record and summarize the data collected in these clinical studies, as directed by our clients and is stored in accordance with our client contracts and applicable law.

CTI also collects health information that includes personal data within our Clinical Research Center, including operations, patient recruitment subject study visits. The personal information we collect includes name, gender, date of birth, postal address, email address and telephone number, racial and ethnic origin as well as medical findings and treatment types. We appreciate the sensitivity of this information and adhere to strict privacy protections in these areas of work.

If you are eligible for study participation at our Clinical Research Center, your personal data processed by the online contact form will be stored in accordance with the statutory retention periods. We may also store your contact information for contacting you for upcoming clinical studies.  Further storage may take place in individual cases if this is required by law.

Individuals at Healthcare Sites

CTI often interacts with doctors, nurses, site coordinators and other third parties employed by healthcare systems and hospitals. CTI will record and use names, contact details, professional profiles (CVs) and other professional information on these individuals for business related purposes, including feasibility of sites, suitability assessments for acting as principal investigator or investigational staff in relation to a clinical study, trial administration, provision of training and access to tools that may be required for the execution of a clinical study, preparation and submission of regulatory filings, correspondence, and communications to government authorities and conducting safety reporting and pharmacovigilance activities relating to a clinical study, evaluating, reporting and publishing results of the clinical study and disclosing payments and other transfers of value in order to comply with transparency reporting laws on behalf of our clients. In addition, the above mentioned information may be processed for the following purposes:

  • To consider, from time to time, potential sites and investigators for future clinical studies; and
  • To conduct surveys, manage internal studies, improve processes and practices related to the execution of clinical studies and other activities related to medical research.

CTI may source health care professional information from its own databases and also indirectly from public sources or referrals as needed for feasibility or trial operations. CTI will retain information relating to the investigators and study staff only for as long as it serves a purpose of processing, which includes CTI’s obligations under its clinical study contracts with clients and its own business purposes.

Individuals in Industry

CTI often interacts with employees, consultants, contractors and other third parties employed by our sponsors or partners in our work on clinical research. CTI will record and use names, contact details and other professional information on these individuals for business related purposes, including project administration and related communications. CTI may use the information we obtain to provide relevant information on our services to our clients and partners through corporate communications with our sales or marketing team.  The information will be stored until individuals unsubscribe from the communications. Further storage may take place in individual cases if this is required by law.

Website Visitors

CTI collects personal information about visitors to our company websites. Voluntarily provided information may be submitted through our contact form, our participate in a clinical trial form, or through our human resource portal when applying for open positions. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection for the user. Further storage may take place in individual cases if this is required by law.

Through the use of cookie-based and other similar tracking technologies, CTI may collect data linked to visitors when they access our websites which may include IP address, browser type, operating system, domain name, access times and referring web site addresses. Cookies are information that our web server send to your computer and enable our website to track where you go on the site, as well as other information about users that is not personal. This data is used for a variety of purposes, including site analytics and marketing efforts and to protect the security and integrity of our information system. In some cases, CTI is able to link information to real world identities of visitors when they provide named information. This allows CTI to tailor marketing messages or have more specific analytics.

CTI webs pages may contain links to websites outside the company. Linked websites are not under the control or endorsed by CTI, and this policy does not apply to these websites. Users should review the privacy policy of each website they visit.

Employee and Human Resource Data

CTI collects personal information from applicants applying for positions with the company, including name, email address, mailing address, telephone number, work experience, and educational background on your resume or curriculum vitae. CTI conducts various background checks on applicants, including, where law allows, criminal history and professional employment history. This personal information is used by us to communicate with you through the recruitment and selection process. By necessity, this will involve limited sharing of your personal information with the business unit(s) resourcing the vacancy. Once employed, CTI collects personal information on all staff members, including that for payroll and tax purposes. This information is collected and kept in various company systems. Similar information is collected for consultants, contractors, and third parties associated with CTI.  Personal data collected through the application and employment processes will be retained as required by law.

Legal Bases for Data Processing

For the processing of your personal information as described in this policy we rely on different legal grounds that depend on the context of your interactions with CTI:

  • If we process your personal information under a consent provided by you, you can withdraw your consent at any time; for example, where you sign up for newsletters from us by following the unsubscribe link on CTI emails as described below. As a consequence, we are no longer allowed to continue the data processing based on this consent for the future.
  • In other cases, CTI processes personal information on the basis of its legitimate interests in using the data for the purposes described in this policy. These legitimate interests relate to conducting and managing our business and providing our services.
  • We may process your personal information where necessary for our compliance with a legal obligation.
  • Finally, in some cases we process your personal information as necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.

Information Technology Security

CTI maintains a high level of information technology security, particularly related to personal data we collect. There are many physical, electronic and managerial security measures and safeguards to secure the information we collect, including restricted access, significant internal procedures, and encryption methods. Access to personal data is restricted to only those needing the information based on their role at CTI.

Third Party and International Transfers

Recipients of pseudonymized [encrypted] personal data in the framework of a clinical trial may be our clients or a body authorized by the client, the applicant and the authority responsible for the market authorization, as well as competent regulatory authorities.

To facilitate our work, personal data may be shared in the normal scope of business within CTI, companies working on behalf of CTI, and third parties whom CTI has chosen to outsource work. In the event that personal data is transferred to a third party, CTI requires that adequate privacy precautions are taken for protection of personal information and compliance with local legal requirements.

Under some circumstances, CTI may be required by law enforcement or judicial authorities to disclose certain personal information as part of investigations or for litigation purposes. CTI does not trade or sell personal information.

CTI is a global corporation with operations in over 35 countries, with global data practices designed to ensure your personal information is protected. Your personal information may be transferred, accessed and stored globally as necessary. By using global sites, such as our website and social media, you consent to the transfer of your personal information to countries outside your country of residence, which may have different data protection laws.

Rights as a Data Subject

If you are a resident of the European Economic Area (EEA) or another country that specifically provides these rights for data subjects, you can ask us to confirm if your personal data is processed by CTI and for access to your personal data. You can also request to modify or suppress your personal data, or can object to your data being used for purposes different from those disclosed to you or stated in this policy. For those located in the EEA, you can also ask us to provide you your personal data for transmission to another data controller. Please note that your rights as a clinical trial participant in the EEA may be restricted or exempted by national data protection laws applicable in your country if the exercising of such rights would jeopardize the integrity of the research.

If you have any questions about the personal information CTI has about you, please contact CTI’s Chief Privacy Officer at dataprotection@ctifacts.com. You may have an opportunity to elect to opt out of informational and promotional emails from us. Our emails will include instructions on how to update your personal information and how to unsubscribe to our emails.

In addition to the rights set out above, individuals within the EEA have the right in law to complain about how their information is handled to a supervisory authority (data protection authority) that is responsible for regulating compliance with the European Union General Data Protection Regulation (European Commission Regulation 2016/679 or GDPR). A list of all EU supervisory authorities is available on the European Commission website.

Contact Us

To ask any questions about this privacy policy or to exercise any rights under privacy or data protections laws, contact us at dataprotection@ctifacts.com.