Chiltern respects the privacy of its employees, its customers, those involved in the work we conduct, and visitors to its websites. We recognise that when You share Personal Information with us, You trust us to deal with it in a responsible manner. As a result, Chiltern is committed to ensuring that Personal Information that You share with us is treated appropriately.
For the purposes of the Policy, the following definitions shall apply:
- ‘Agent’ – Any third party that uses Personal Information provided by Chiltern to perform tasks on behalf of and under the instructions of Chiltern.
- ‘Chiltern’ – Chiltern International Ltd, its subsidiaries and affiliates around the world.’Data Subjects’ or ‘You’ – those who share Personal Information with Chiltern.
- ‘Personal Information’ – any information relating to an identified or identifiable natural person which is protected from disclosure, use or transfer by applicable law; an identifiable person is one who can be identified, directly or indirectly, in particular reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Examples of Personal Information include a Data Subject’s name, address, telephone number or e-mail address. Personal Information does not include information that is encoded or stripped of all personal identifiable information, or which is publicly available.
- ‘Sensitive Personal Information’ – Personal Information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns the health or sex life of an individual. Information will be treated as Sensitive Personal Information where it is received from a third party that treats and identifies it as sensitive.
Chiltern makes reasonable efforts to protect Personal Information. In dealing with Personal Information, Chiltern adheres to a variety of mandatory protections in accordance with the laws and regulations in the countries in which we operate. For example, the EU Data Protection Directive (EUDP) and the US Health Insurance Portability and Accountability Act (HIPAA). In furtherance of our commitment to protect Personal Information, Chiltern also complies with the US – EU Safe Harbor Framework and the US – Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from EU member countries and Switzerland. Chiltern has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor program, and to view Chiltern’s certification, please visit http://export.gov/safeharbor/. Chiltern’s privacy program and data security activities are governed by this Policy as well as other policies and procedures.
Chiltern collects, processes, and stores Personal Information for the following purposes:
- With respect to our employees, we use Personal Information to: determine, implement and evaluate employment-related actions, training and programs; administer employment-related benefits and other Human Resources programs; familiarise our customers with the qualifications of our staff members; and monitor and evaluate employee performance and conduct.
- With respect to our customers and other business associates, we may use Personal Information as necessary to: maintain business records relating to past, present and potential customers, suppliers, contractors, joint venture partners and other business associates; collect and store customer information; conduct auditing, accounting, financial and economic analyses; facilitate business communications, negotiations, transactions, conferences and compliance with contractual and legal obligations; and to provide goods and services, including clinical studies, to our customers.
- With respect to the services we provide, we may use Personal Information in: support of our clients’ development programs for their products, which may include preparing and submitting filings or other documentation to regulatory agencies; developing reports or other compilations of information; and monitoring the progress of the services we provide.
This Policy applies to Chiltern International Ltd, and all of its subsidiaries and affiliates around the world, and applies to all goods and services provided by Chiltern.
Data Privacy Principles
The Privacy Principles in this Policy are based on the Safe Harbor Program’s Principles.
Chiltern may obtain Personal Information from Data Subjects through the purposes identified above. At the time Chiltern collects Personal Information from You, it will inform You of the purposes for which it collects and uses such information and how to contact Chiltern with any enquiries or complaints. Chiltern will not disclose Personal Information to third parties except as described in the consent provided to You.
Chiltern will offer You the opportunity to choose whether your Personal Information is to be (a) disclosed to a third party or (b) used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorised by You. If your Personal Information is defined as Sensitive Personal Information by applicable law, we will provide You with a further opportunity to consent to additional disclosures to it or if it is to be used for another purpose.
Transfer to Third Parties
When transferring Personal Information to third parties, Chiltern applies the Notice and Choice Principles. Before transferring Personal Information to a third party that is acting as an Agent, Chiltern will seek agreements obligating the third party to safeguard the Personal Information consistent with this Policy and applicable laws (the EU Data Protection Directive, Safe Harbor certification in the US by the third party, or by being subject to another European Commission adequacy finding). Alternatively, Chiltern may enter into a written agreement with the third party requiring that the third party provide at least the same level of privacy protection as required by the relevant principles of this Policy. Where Chiltern has knowledge that an Agent is using or disclosing Personal Information contrary to this Policy, Chiltern will take reasonable steps to prevent or stop the use or disclosure.
Chiltern will take reasonable precautions to protect your Personal Information from loss, misuse and unauthorised access, disclosure, alteration and destruction.
Chiltern will not process your Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorised by You. To the extent necessary for those purposes, Chiltern will take reasonable steps to ensure that Personal Information is relevant for its intended use, accurate, complete and current.
Chiltern will provide You with reasonable access to your Personal Information that it holds and will undertake reasonable steps to permit You to correct, amend or delete Personal Information, which is shown to be inaccurate or incomplete.
Enforcement, Verification and Dispute Resolution
Chiltern will regularly review its privacy compliance posture and will seek to verify adherence to this Policy. Chiltern implements a self-assessment approach to verify its compliance with these principles. Any employee that Chiltern determines is in violation of this Policy will be subject to disciplinary action. Any Data Subject who believes they are affected by Chiltern’s non-compliance with this Policy is urged to report the non-compliance to email@example.com.
Any questions or concerns regarding the use or disclosure of Personal Information should be directed to the Chiltern Group General Counsel at firstname.lastname@example.org. Chiltern will investigate and attempt to resolve complaints regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between You and Chiltern, Chiltern has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the Safe Harbor Program’s Principles.
Limitation on Scope of Privacy Principles
Adherence by Chiltern to these Privacy Principles may be limited to the extent required to meet a legal, governmental, national security or public interest obligation.
Information Collected and Submitted on the Website
Chiltern may collect information through its websites that can identify You (but only if openly requested from and provided by You), such as your name, address, phone number, e-mail address, company name and position. Chiltern may use this information to respond to your requests for information, products or services. Chiltern may also collect non-identifying information, such as information gathered through web logs and web browser “cookies” (see below). When You browse our websites, You do so anonymously, unless You have previously indicated that You wish Chiltern to remember your login and password. We do not automatically collect Personal Information, including your email address. We may log your Internet Protocol (IP) address to give us an idea of which part of our website You visit and how long You spend there. But we do not link your IP address to any Personal Information unless You have logged in to our website.
Server Log Files
Our server log files are stored in a secure location, and can only be accessed by specified employees of Chiltern. This information may be kept indefinitely for historical purposes. This information is used to analyse trends, administer the site, track user movement in the aggregate and gather broad demographic information for aggregate use.
We make use of multiple databases to record and retrieve information sent to us through web forms (such as contact information, products and services requested and any billing/payment information, etc.). This information may be kept indefinitely for historical purposes.
Web Browser Cookies
When You use our sites, Chiltern may assign cookie files to You, which are a small amount of data we send to your web browser. Cookies enable the computers operating our websites to differentiate between visitors and to track the patterns of activities engaged in by different visitors. By tracking such activities, the computers operating our websites can recognise a visitor and customise certain features for that visitor. We may also use aggregated, non-identifiable data regarding persons who visit our site in order to learn more about the use of the site and how we can improve it.
Information Submitted Through the Website
In some areas of our websites You may be offered the opportunity to submit Personal Information.
Medical Investigators who have an interest in working with Chiltern in clinical studies may submit information to become part of our Investigator Database. If You submit your name as a potential Medical Investigator, we may assess your qualifications for such work and conduct an audit of your site by sending a questionnaire for You to complete. By completing this questionnaire, You agree that You may become part of our Investigator Database and You consent to have this information shared with our clients (Sponsors of clinical trials) who are interested in conducting clinical studies in the therapeutic areas described by the registering Medical Investigator.
Clinical Trial Subjects participating in a study managed by Chiltern, or those acting on their behalf, who submit unsolicited information to a Chiltern website, including Personal Information, may expect that we will share that information with our client who is responsible for the study, the Medical Investigator supervising the Clinical Trial Subject’s participation in the study, the Institutional Review Board or Ethics Committee supervising the study and others who may have an interest in that particular Clinical Trial Subject’s experience in the clinical study. If a Clinical Trial Subject sends an unsolicited email to our website regarding a clinical study, we reserve the right to use or disclose the information contained in the email to third parties without seeking any additional consent from the Clinical Trial Subject.
Our websites also contain forms for completion and submission, such as on our ‘Contact Us’ page and ‘Career Opportunities’ page. Information submitted via these forms will be used for the purposes described on the page containing the form. You may expect that information submitted will be shared with the appropriate Chiltern employees and Agents necessary to take action on the information or request submitted. For example, resumes or curriculum vitaes and information related to those seeking employment will be shared with the staff of the Chiltern Human Resources Department and other Chiltern employees involved in the hiring process.
Chiltern takes reasonable precautions to protect Data Subjects’ information, whether collected on-line or otherwise. When Data Subjects submit Sensitive Personal Information via a website, their information is protected both online and off-line.
Web Practices and Children
Chiltern’s Web sites are not intended or designed to attract children. We do not collect information or data on our Web site from children under the age of 13 nor do we desire to receive any information or data from children who visit our Web site.
Updating Personal Information on the Website
If a Data Subject’s Personal Information changes (such as zip/post code, phone, email or postal address), we provide a way to correct and update Data Subjects’ Personal Information. Selecting ‘Modify my account information’ after logging in can usually do this.
Sharing of Personal Information
In the event Chiltern goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, Data Subjects’ Personal Information will, in most instances, be part of the assets transferred. Data Subjects will be notified via a notice on our website prior to a change of ownership or control of their Personal Information. If as a result of the business transition, the Data Subjects’ Personal Information will be used in a manner different from that stated at the time of collection they will be given choice consistent with our notification of changes section.
Links to Other Sites
This Web site contains links to other sites. Please be aware that Chiltern is not responsible for the privacy practices of such other sites. We encourage our data subjects to be aware when they leave our site and to read the privacy statements of other Web sites that collect Personal Information. This policy applies solely to information collected by this Web site.
Notification of Policy Change
If Data Subjects have any questions or suggestions about this Policy, contact us at:
Attention: Owen Lewis, General Counsel
171 Bath Road
SL1 4AA UK