Privacy Policy
This Policy is effective as of 1 August 2021

      1. Addressing Privacy

Mapi Research Trust (“MRT”), a not-for-profit organization registered under French law and an ICON business, is committed to protecting the privacy of all individuals whose information we handle.  This Global Privacy Policy (“Policy”) explains how we collect and use personal data about you in the performance of core services and operations in connection with MRT e.g. Mapi Research Trust is a non-profit organization dedicated to improving patients’ quality of life by facilitating access to Patient-Centered Outcome (PCO) information, services that support the clinical trials and medical research studies of pharmaceutical companies and other parties who are trying to bring products to the market, including new drugs, therapies and medical devices (“Sponsor(s)”).  In this Policy both “personal data” and “personal information” will mean data that identifies a living person or relates to an identifiable living person.

Under data privacy laws, a “controller” makes decisions about how and why personal data is processed, while a “processor” processes personal data on behalf of the controller in accordance with their instructions. In some cases, we act as a “controller” in respect of certain processing activities that involve your personal data, while in others we act as a “processor." Throughout this Policy we explain whether we are acting as a "controller" or a "processor" in respect of a given activity so you can understand who is responsible for your rights in respect of your personal information. .

Our processes and procedures are designed to support compliance with this Policy, our privacy notices and applicable international and local data protection laws and regulations, including but not limited to the European Union General Data Protection Regulation (the “GDPR”), the Health Insurance Portability and Accountability Act (“HIPAA”) and, the privacy and confidentiality requirements of Good Clinical Practice (“GCP”).

To help you navigate to the sections relevant to you, in section 2 “What Personal Information is Handled by MRT and for what Purposes” we have categorized our explanations based on the main categories of relationships between us and those we collect personal data from. In section 3 “More Information” we address issues that are relevant to most or all of the relationships between us and the individuals who share personal data with us, for example your rights as an individual who has shared personal data with us, who we may share personal data with and our obligations when sharing personal data with third parties internationally.

Additional privacy terms tailored for different methods of data collection and specific uses by certain of our business lines and operations may apply to personal information shared with us.  If alternative privacy terms are provided to you for a specific purpose those terms will govern the processing of personal data in relation to that purpose. For example, we maintain service specific privacy notices that may be provided to you for your review and consent in connection with the processing of personal data relating to those services and, if you are a participant in a research project for which MRT is providing services, there may be specific consent documentation addressing the disclosure of your personal information to us and clients who sponsor the research.

If you do not provide us with your personal data we may not be able to provide you with any of our services or respond to any questions or requests you submit to us via our websites. We will tell you when we ask for personal data which is a contractual requirement or is needed to perform our functions or is needed to comply with our legal obligations. 

    2. What Personal Information is Handled by MRT and for What Purpose

2.1 WEBSITE VISITORS AND MOBILE APPLICATION USERS

1. MRT WEBSITES

 “Websites” means any MRT owned website:

  • ePROVIDE™ (https://eprovide.mapi-trust.org), which facilitates access to information to all stakeholders in the field of Patient-Centered Outcomes (PCOs), particularly for Clinical Outcome Assessments (COAs),
  • the MRT website(https://mapi-trust.org) which describe MRT, its mission and its activities in the fields of PCOs and COAs,
  • any future MRT owned website.

The details below relates to any MRT owned website.

Sometimes we need personal data to deliver the information or services offered by our websites, including https://mapi-trust.org/ and https://eprovide.mapi-trust.organd any future MRT owned website (the “Websites”) or Mobile Applications (“Apps”), for example Apps supporting the execution of services. For example, we will use our Websites and Apps to collect information that is voluntarily submitted and which may be used by us to identify and contact you. Please be aware, Apps, including their download and use, will generally be subject to App specific terms of use (“Terms of Use”). Where you have agreed to Terms of Use they will address and govern how we collect personal information about you, how we use it and how we can interact with you in connection with that App.

Personal data that we ask you to provide on the Websites and Apps is often limited to e-mail address, language preference, country or location, but may include other information when needed to provide a requested service. We collect information in several ways, outlined below.

2. On some Website pages you can register to receive information on an automated basis. The type of information you can register to receive in this manner includes general corporate information about us such as:

  • Press releases
  • News and presentations
  • Annual & interim reports and other public financial information
  • Other general information updates
  • Subscription services
  • Member services  

The personal information collected when you register to receive information on an automated basis includes your name, e-mail address, address, ISOQOL membership status, company name and occupation. You will have the option of cancelling your registration and removing your e-mail from the database on each occasion that you receive an automated e-mail alert, by clicking on an unsubscribe link on each e-mail alert message.

3. On some Website pages and Apps you may choose to provide personal information about yourself depending on your relationship or potential relationship with us e.g.:

  • If you are interested in engaging/keeping up to date with MRT and/or ePROVIDE™

if you are interested in obtaining services from or providing services to us- see sections 2.3 Client Personnel or Section 2.4 Vendor Personnel respectively.

4. On some Website pages or Apps you may choose to register to receive access to web casts, periodic updates or information on specific services. Generally the personal information collected in such cases is your name, title, company and e-mail address. This information is collected for qualification and aggregate measurement purposes and to provide you with the service.

5. On some Website pages and Apps you can register to receive customized information. This information is generally collected on 'Contact Us' forms where you may choose to be contacted by us. The personal information collected in these cases include your name, title, company, address, and contact details and e-mail address.

6. Websites and Apps also collect certain information about your computer hardware and software. This information may include; your IP address, browser type, operating system, domain name, access times and referring website addresses. This information is used for the operation of the service, to maintain and monitor quality of the service and to provide general statistics regarding use of Websites.

Third Party Websites.  Websites and Apps may contain links to third party websites. Links to these websites are not under the control of or endorsed by us. This Policy does not apply to such websites. It is recommended that visitors review the privacy policy of each such website before submitting any personal data to those websites.

Cookies. MRT’s Websites and Apps use cookies. A cookie is a data file that is placed by a website or mobile application operator on the hard drive of a visitor to their website. We, and third parties with whom we work, may place cookies with the following functions on the computers of visitors to MRT Websites and Apps: to allow the Website or App to deliver the service requested by the visitor; to remember repeat visitors; to improve the user experience of the Website or App; to allow the us to perform Website or App analytics; and to serve and help tailor our marketing messages on our Websites and elsewhere on the internet based on the visitor’s previous browsing activity.

We only use cookies based on your consent, with the exception of cookies that are strictly necessary to provide you with the services that you have requested. 

If you do not want non-essential cookies to be placed on your device, then you can easily accept or reject them in the cookie banners.

Otherwise, most browsers will allow a visitor to choose which cookies can be placed on his/her computer and to delete or disable cookies. Please note that disabling cookies may prevent a visitor from using certain features on MRT Websites. For more information, please refer to the applicable cookie policy on the Website or App.

Website and App Security. Please be aware that whilst we do all that we can to safeguard the security of your personal information, the transmission of information over the internet is not completely secure and therefore you do this at your own risk. Once we receive your personal information we will implement strict security procedures with the objective of preventing unauthorized access.

Children. We do not knowingly collect any personal data through our Websites or Apps from individuals who are known to be under the age of 13, and no part of MRT’s Website or mobile Apps is directed towards anyone less than 13. 

Recruitment. For employee recruitment, please see ICON Privacy policy https://www.iconplc.com/privacy/privacy-policy/

2.2 WEBSITES USERS

Certain MRT services involve the collating and maintenance of user databases of persons who may wish to procure free services for paid for services (“User Database”). Once a person is recorded in MRT’s User Database, we may contact them for further services or to respond to enquiries.

Your personal information may be collected through either volunteering it through one of our Websites or in the context of telephone calls or meetings with our representatives. Please be aware that by providing your personal information you consent to a member of our team contacting you directly by way of following-up with you, including contacting you directly by telephone or other means, including SMS text messages, and adding your personal information to our User Database.

In this context, we are the controller of the personal data.

Uses of your personal data. As discussed earlier, the main purpose of collecting personal data in the User Database is to provide services, including responding to enquiries.

We may use your Personal Information to respond to subsequent requests you may make of us, and from time to time, we may refer to your personal information to better understand your needs and how we can improve our websites, products and services on the basis of our legitimate interests in doing so. We may enhance or merge your personal information with data obtained from third parties for the same purposes. Any other information transferred by you which cannot be used to identify you (and which, therefore, does not constitute personal information) may be included in databases owned and maintained by us or our agents worldwide. We may also use anonymised personal data to run general statistical analysis in support of patient recruitment and similar analytical purposes.

2.3 SUBSCRIBERS/USERS/MEMBERS OF MRT AND EPROVIDE™ SERVICES

Subscribers/Users/Members of MRT services. For Individuals sharing personal Information with us in order to inquire about, engage or otherwise make use of MRT and ePROVIDETM services or purchase, receive or seek information from us, including about any MRT and ePROVIDE™ products and services, vendors or opportunities, we will use such personal information in order to provide the requested information, products, and/or services and to process requested transactions. We may also use this personal data to improve the quality of our services, send and receive communications about the products and services available through us, and to enable our business partners and agents to perform certain activities on our behalf.

Use of personal information of client business representatives and agents in relation to MRT and ePROVIDE™ activities. For individuals engaged by our clients and collaborating with us in connection with projects for which we are providing services, including client employees, study personnel, and other consultants, contractors, managers, and agents (who are natural persons) of the client and its corporate affiliates, business partners and third-party service providers, personal information may be used by us in order to carry out the applicable services and related activities. This may include the transfer of such personal information to the applicable vendors, its corporate affiliates, business partners and third-party service providers.

2.4 VENDOR PERSONNEL

Vendor business representatives and agents. Vendor representatives may share personal information with us in order to provide us information about services e.g. business support services, health care products and services, opportunities to participate in clinical research, health care education and patient related programs which may be available through a vendor. We will use any personal information provided by the vendor and its representatives in order to receive and assess the vendor related information, products, and/or services and potentially close associated contracts. Uses may include processing for requested transactions, reviewing the quality of the vendor’s services, sending and receiving communications about the products and services available through the vendor, and enabling our business partners, clients and agents to perform activities and make decisions in relation to the vendor.

Use of personal information of vendor business representatives and agents in relation to activities performed by vendors for us and our clients. For vendors engaged by us to perform services for us, including in relation to research studies being managed by us and our clients your personal information may be used by us in order to carry out the projects, activities and other related services in connection with which the vendor is engaged by us. This may include the transfer of such personal information to the applicable our study sponsor or client, other vendors involved in a project for which a vendor is engaged and such parties’ respective corporate affiliates, business partners and third-party service providers performing services or activities related to the project or activities for which a vendor is engaged by us.

   3. More Information

3.1 INTERNATIONAL AND THIRD PARTY TRANSFERS OF PERSONAL INFORMATION

To operate as a global business it may be necessary to process and transfer personal information within our businesses and with agents, contractors or partners of ours in connection with services that these individuals or entities perform for, or with, us.  This may involve transferring personal information outside the European Economic Area (EEA) to the USA and elsewhere. These agents, contractors or partners are restricted from using this information in any way other than to provide services for us, or services for the collaboration in which they and us are engaged. We may, for example, provide your information to agents, contractors or partners for hosting our databases, for data processing services, or so that they can send you information that you requested.

Regardless of whether the transfer is within our group or to a third party, we will apply appropriate safeguards to such transfers as required by applicable law. For example, transfers to non-EEA countries will usually be governed by EU-approved “standard contractual clauses” where appropriate and will be subject to other appropriate technical and organisational measures having regard to the nature of the personal data. For more information, please contact us.

We reserve the right to share personal information in response to duly authorized information requests of governmental authorities or where required by law. We may also provide personal information to a third party in connection with the sale, assignment, or other transfer of the business to which the information relates, in which case we  will require any such third party to agree to treat personal information in accordance with any applicable terms of use agreed by you and us. We may disclose personal data where necessary for our legitimate business interests to protect our rights, property or safety or that of others or for the purposes of fraud protection. Such disclosure may, as appropriate, include exchanging information with other organisations, companies, auditors and Government Departments.

3.2 LEGAL BASIS FOR USE OF YOUR PERSONAL INFORMATION

3.2.1. With your Consent: In cases where we need your consent to process your information, we will ask you to make a positive indication (e.g. to tick a box, sign a document, provide confirmation) that you agree to the processing.  By actively providing consent, you are stating that you have been informed as to the type of information that will be processed, the reasons for such processing and how it will be used and for how long it will be kept and who else has access to it.  Where we may rely on consent to process your information, you have the right to withdraw that consent for that activity at any time.

3.2.2. To fulfill a contract: In other cases we process your personal data because it is necessary to deliver a service you have requested.

3.2.3. For a Legitimate Interest: We may process your personal data on the basis of our legitimate interests in using your data for the purposes described in this Policy. Examples of our legitimate interests include the following:

  • Processing your information in relation to employment opportunities with us;
  • Processing your information in relation to investigator opportunities with us;
  • To improve our services;
  • To protect the security and integrity of our websites and mobile applications;
  • To protect any of our property or rights or obligations and/or the property, rights or obligations of third parties where we may have an obligation or liability in respect of these;
  • To take precautions against potential liability on our part;
  • To analyze therapeutic trends and gather anonymized geographic statistics; and
  • To correct technical errors and to technically process your personal data.

You can object to us relying on our legitimate interest to use your personal data in these ways at any time as described under “Your Personal Data Rights” below.

 3.2.4. To comply with Legal Obligations:  There may be situations where we need to use your information to comply with legal obligations, applicable regulation and judicial process. For example, we are required by law to keep certain records for specific periods of time.

3.3 YOUR PERSONAL DATA RIGHTS

You have certain rights in respect of the personal data that we hold about you. Subject to certain exemptions and local law, these rights may include the following:

  • Right to withdraw consent – if we are processing your personal data on the basis of your consent, you are entitled to withdraw your consent to that processing at any time (see contact details section). However, the withdrawal of your consent will not invalidate any processing we carried out prior to the withdrawal of your consent.
  • The right of access to your personal data – you can request a copy of the personal data we hold about you. 
  • The right to rectification – you have the right to request that we correct any inaccuracies in the personal data we hold about you and complete any personal data where this is incomplete.
  • Right to erase your personal data (right to be forgotten) - You have the right to be forgotten in certain circumstances including, for example, where the personal data are no longer needed for the purpose for which they were collected. However, this right does not apply where, for example, processing is necessary to comply with a legal obligation, or for the establishment, exercise or defense of legal claims.
  • The right to restrict the processing of your personal data - You have the right to ask us to restrict certain processing activities in some circumstances, including, for example, where the accuracy of the data in question is contested. Where processing has been restricted, we can only process it for limited purposes such as, for example, the establishment, exercise or defense of legal claims.
  • The right of data portability - You have the right to have your data returned to you or to a third party in certain cases.
  • The right to object – You have a right to object to the processing of your personal data in certain cases. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds which override your interest.

To exercise any of the above rights, please notify us at the address provided in section 3.6.  “Inquiries, complaints and requests to exercise rights” below, unless you are a patient in a Study Site in which case please notify the relevant Study Site you are attending. We may request proof of identification to verify your identity. Where we are the relevant data controller, we will carefully assess your request and, subject to applicable laws and exceptions, will respond within the relevant legal time limits.

3.4 DATA QUALITY AND RECORD RETENTION

We retain personal information for as long as is necessary in accordance with its data retention, contractual, legal and regulatory requirements. Where appropriate and consistent with regulatory requirements, we engage our professional quality assurance department to safeguard the accuracy of data. In general, our privacy policy, notices and procedures provide individuals easy means of validating, correcting errors and updating information.

3.5 INFORMATION SECURITY

We ensure appropriate technical and organizational measures are taken to protect the personal and sensitive data you provide us with from unauthorized or unlawful processing and to protect against accidental loss, destruction or damage. Our Websites, Apps and electronic databases have security measures in place to protect the loss, misuse, unauthorized access or disclosure, alteration or destruction of the information under our control. However, as effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet.

3.6 INQUIRIES, COMPLAINTS AND REQUESTS TO EXERCISE RIGHTS

The responsible data controller for MRT is ICON Clinical Research Limited. If you feel your data protection rights have been infringed by us, you have the right to complain to your local data protection supervisory authority. Our lead supervisory authority in Europe is the Data Protection Commission in Ireland (see www.dataprotection.ie).

Questions, comments or requests to exercise your rights should be submitted to our Global Data Protection Officer as follows:  

By Mail:
Global Data Protection Officer
ICON plc
South County Business Park
Leopardstown
Dublin 18
D18 X5R3
Ireland

By Email: Data_Privacy_Officer@iconplc.com.

3.7 LEGAL STATUS OF POLICY AND POLICY CHANGES

This Policy is not a contract, and it does not create any legal rights or obligations. We reserves the right to modify or amend this Policy. For instance, the Policy may need to change as new legislation is introduced or as legislation is amended. Where we have your contact details, we will notify you of any material changes. The updated Policy will be posted on 1 August 2021. Last Updated: July 2021.