Last revised in August 2020
At IDDI, we value the confidence of those who have entrusted us with their personal data. IDDI has developed procedures and practices to periodically review and monitor the use of personal information in order to ensure that our data processing practices comply with the internationally recognized standards of personal data protection. Such international standards include, but are not limited to, the EU General Data Protection Regulation 2016/679 of 27 April 2016 (‘GDPR’).
What you will find in this Privacy statement.
- To whom is this Privacy statement addressed?
- Who is responsible for the protection of your data?
- Purposes and legal grounds for processing your data
- Categories of personal data we may collect
- To whom may we disclose your personal data?
- Transfers of personal data to countries outside of the EEA
- Automated decision-making
- How long we retain your personal data and how we protect it
- Your rights regarding the processing of your personal data
- About the use of our websites
- How to contact us
- Changes to this Privacy statement
2. To whom is this Privacy statement addressed?
This Privacy statement is about how IDDI is collecting, using, and disclosing personal information from its customers, healthcare professionals and other parties visiting this website or in business relation with IDDI. A specific Privacy statement for job applicants is also available on our website.
3. Who is responsible for the protection of your data?
When processing personal data for its own purposes International Drug Development Institute (IDDI, s.a.), 30 Avenue Provinciale, 1341 Ottignies-Louvain-La-Neuve, Belgium is responsible for your data as the “data controller”.
IDDI, s.a. and its affiliates also act as “data processors” on behalf of their customers when processing data in the context of biostatistical and e-clinical services.
4. Purposes and legal grounds for processing your data
In the course of its relationship with customers IDDI collects personal data that you provide to us directly when you request information about our services; subscribe to our website services, email notifications or make an enquiry through our different enquiry forms and helplines. This personal data is processed on basis of our legitimate interest.
IDDI may also process your contact information to send emails and communicate with you via email regarding our services and events which may be of interest to you if this is in accordance with your marketing preferences and to which you consented.
In the context of a contractual service agreement, IDDI also processes personal data for providing specific services like the management of healthcare professional databases.
5. Categories of personal data that we may collect
- Identification and contact data that allows us to communicate with you, such as first name, last name, gender, job title, phone number, company name, email address, ZIP/Postal code and city.
- Relationship Information that helps us do business with you, such as the types of services that may interest you, contact preferences, languages, marketing preferences.
- Transaction Information about how you interact with us, including inquiries, customer account information, order and contract information, billing and financial data, details for taxes, transaction and correspondence history.
- Any information that you voluntarily share with us such as feedback, opinions or information provided via any of our helplines.
- Information about how you use and interact with our websites. Device information such as IP address, referring website, IDDI pages your device visited and the time that your device visited our website.
- Vendor screening information, such as professional qualifications, licenses and certificates, work permits, government identification documents, potential conflicts of interest, and ultimate beneficial ownership, each as permitted or required by applicable law.
- User related data on IDDI systems such as usernames and (hashed) passwords, recovery email addresses and security logs.
6. To whom may we disclose your personal data?
The personal information that IDDI obtains in the course of its business activities, including via this website, will be available to the staff of the IDDI Group of companies, including IDDI Inc., its US based affiliate.
We may disclose your personal data to third party service providers who provide us with application development, hosting, maintenance, and other services. These third parties may have access to or process personal data about you as part of providing those services for us. We limit the personal data provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information.
We reserve the right to disclose your personal data as required by law or when we believe that disclosure is necessary to protect the security or integrity of IDDI, or to protect the legitimate interests, rights, property, or safety of IDDI, its employees, users, or others, or to comply with a judicial proceeding, court order, or governmental or regulatory request or any other legal process served on us.
7. Transfers of personal data to countries outside of the EEA
Please note that some of the recipients of your personal data referenced above may be based in countries outside of the European Union whose laws may not provide the same level of data protection. In such cases, we will ensure that there are adequate safeguards in place to protect your personal data that comply with our legal obligations. The adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal data to third countries.
We comply with applicable laws to provide an adequate level of data protection for the transfer of Personal Data to the US. IDDI Inc.is certified under the EU-U.S. and the Swiss-U.S. Privacy Shield Framework and adheres to the Privacy Shield Principles. For further details please read our Privacy Shield Statement. Customers may request to execute EU Standard Contractual Clauses by contacting IDDI as described in section 12 hereafter.
Further details of the transfers described above, and the adequate safeguards used by IDDI in respect of such transfers can be obtained by contacting us through the contact information set forth below.
8. Automated decision-making
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved. As a rule, your personal data will not be used for automated decision-making.
9. How long we retain your personal data and how we protect it
We will retain your information no longer than necessary for the requested services or as required by law. In case of a litigation we will keep the information until the end of the investigation period or as required by law.
IDDI makes reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse.
10. Your rights regarding the processing of your personal data
You can contact us regarding the processing of your personal data, or for exercising your rights to:
- Obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;
- Ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
- Ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data if you believe that there is no (longer a) lawful ground for us to process it;
- Withdraw consent to our processing of your personal data (to the extent such processing is based on consent);
- Receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);
- Object to our processing of your personal data for which we use legitimate interest as a legal basis, in which case we will cease the processing unless we have compelling legitimate grounds for the processing.
You have also the right to object at any time to the processing of personal data for direct marketing. If you do not want to continue receiving any direct marketing from us, you can contact us (see below) or use the unsubscribe function available in any such communication.
In that event, the personal data shall no longer be processed for such purposes.
In order to exercise any of your rights, you can send us a request, indicating the right you wish to exercise by e-mailing us at firstname.lastname@example.org
You may also use these contact details if you wish to make a complaint to us relating to the protection of your personal data.
If you are unhappy with the way we have handled your personal data or any Privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction. If you would like to be directed to the appropriate DPA, please contact us.
11. About the use of our website
This website uses interfaces with social media platforms such as Facebook, LinkedIn, Twitter, and others. If you have an account on these social media sites, these sites may make a connection between your visit and your personal information. Before you choose to “like” or share your information through these services we recommend that you review their Privacy policies.
IDDI does not knowingly allow any third party to collect personal information about your online activities over time and across different websites when you use the IDDI website.
No part of the IDDI website is designed to attract minors, nor to intentionally collect or use information about children known to be under 16 years old.
12. How to contact us
You can contact us, or get in relation with our Data Protection Officer, by mail on email@example.com
Depending on your relations with us you may also write to one of our locations:
30 Avenue Provinciale
7751 Brier Creek Parkway
Raleigh, NC 27617
13. Changes to this Privacy statement
IDDI reserves the right to modify or amend this Privacy statement. For instance, we may need to change this Privacy statement as new Privacy legislation is introduced or as existing regulations are amended. To let you know when we make changes to this Privacy statement, we will amend the revision date at the top of this statement. The new modified or amended Privacy statement will apply from that revision date. Please check back periodically for updates to this Privacy statement.