Firma Clinical Research (Firma) processes personal information from many countries, which have a diversity of privacy-related laws and regulations. Firma takes its responsibility to protect the personal information it processes seriously. Firma has policies, standard operating procedures, and training that support Firma’s compliance with applicable laws and regulations in each region.
Firma collects and further processes personal information from subjects in clinical trials. Virtually all of this personal information is health-related and is thus sensitive personal information, belonging to a special category (in the language of the Global Data Protection Regulation [GDPR]. In such clinical trials, the individuals whose personal information is processed are identified only by a coded identifier. The link between these coded identifiers and actual identifiers such as name and contact information is held only by personnel of the relevant study clinical site. For such clinical trial data, Firma processes the data as stipulated by contract with the sponsoring pharmaceutical or device company, which determines the purpose and means of the processing. Firma carries out such processing to carry out the legitimate business purposes specified in the contract.
For Firma’s Home Trial Services, Firma also collects non-pseudonymized clinical trial subject contact information in order to conduct subject visits in locations other than clinical trial investigative sites. These data are encrypted in transit and at rest.
Integral to its clinical trial work, Firma collects personal information from many sources, including investigative site staff, sponsor (client) staff, home health agency staff, staff from other Firma vendors, staff from other contract research organizations, and consultants. The personal data collected from investigative site staff are their professional contact details: first name, last name, postal address of the site, professional phone, professional email.
Firma collects and otherwise processes sensitive employment-related personal information from applicants to Firma positions (including background checks) as well as from Firma employees and contractors. Firma uses these data to carry out vital human resource functions.
When Firma personnel carry out their business development and marketing functions, they contact a variety of individuals, from whom they collect names and contact information in the ordinary course of business.
Firma collects personal information from many countries. As necessary in our work, we may transfer personal information from one country to another, including to third countries, such as the United States, which are not judged by the European Union as having adequate privacy safeguards for personal information. As legal protections of personal information differ among countries, Firma takes appropriate safeguards to ensure that such data transfers are made safely and legally.
For Firma’s clinical trial work, notice and consent for the clinical trial subjects are the responsibility of our Clients, the sponsors of the study, who determine the purposes and means of the processing of personal data by Firma.
When Firma is responsible for providing notice, Firma provides relevant notice as soon as reasonably practicable for the following particulars:
When required by law, Firma discloses personal information without consent.
Firma has comprehensive procedural safeguards in place designed to ensure the high quality of its data, consistent with good clinical practice and other legal and regulatory requirements.
Consistent with regulations, Firma collects personal information that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. The retention period for personal information within Firma varies by category, but is consistent with relevant legal, regulatory, and contractual requirements.
Firma ensures that individuals can exercise all legal or contractually-obligated rights with respect to their personal information processed by the company, including the following rights:
Firma employs technical and organizational security measures designed to protect personal information against a personal data breach, defined broadly as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Such security measures, including encryption of data at rest and in transit, are designed to ensure the confidentiality, integrity, availability and resilience of Firma’s processing systems and services.
Firma has a comprehensive procedure in place for responding to any security breach of personal information, including criteria for when notification of regulatory authorities and/or individuals whose personal information has been breached is required.
Your relationship to cookies on the Firma web site can generally be adjusted through your browser settings.
If you leave the Firma web site by clicking on a link, please note that Firma does not control any web sites linked to the Firma web site.
Firma’s web site is not directed at children less than 13 years old. Also, Firma does not knowingly collect information from such children.
Please direct such communications to the Firma Chief Privacy Officer, using either of the following methods:
Firma Clinical Research, LLC
Attn: Chief Privacy Officer
211 Schilling Circle, Suite 188
Hunt Valley, MD 21031
If you are in the EEA and have a question or complaint about the handling of your personal data , you also have a right to complain to the supervisory authority of your Member State, which is competent to monitor and enforce the application of the GDPR. Please refer to the list of all EU supervisory authorities, organized by Member State, on the European Data Protection Board website: https://edpb.europa.eu/about-edpb/board/members_en.