Privacy

This Policy was last updated on October 18, 2024.

Purpose

The purpose of this policy is to explain the collection and handling of personal information at Everest.

Introduction

Everest Clinical Research Corporation (Everest) respects the laws for privacy of its employees, clients, vendors and other visitors. Everest is committed to providing our visitors with a website that respects their privacy. Some pages on our website require personal information to be collected from our visitors so we can provide them with information or services they have requested. The use and disclosure of their personal information is in accordance with their local laws and regulations, including Data Protection regulations.

Everest complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Everest has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU U.S. DPF and the UK Extension to the EU-U.S. DPF. Everest has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In addition, for the collection, use, and retention of personal information transferred from the European Union and United Kingdom, Everest complies with the EU GDPR (General Data Protection Regulation) and the United Kingdom’s Data Protection Act 2018 (the "UK GDPR"), and has Data Transfer Agreements in place with its clients and vendors.

Data Protection Principles

Notice

Everest collects information including personal information relating to clients/sponsors, visitors, and vendors as well as the personal information of healthcare professionals and clinical study subjects where Everest is providing services to its customers as a Clinical Research Organisation.

Personal Information provided to Everest may be used for the following purposes, each a “Purpose”:

To respond to your request about a career opportunity.

To respond to your request about a career opportunity.
To deliver services and information about Everest that you request.
To provide you with access to protected areas of the Everest website.
To provide you with a user account to facilitate your participation in a clinical trial conducted by Everest.
To include your information in an investigators registry so that it may be provided to Everest clients for consideration to participate in their Clinical Trials.

We will obtain your consent if we wish to use your information for any other Purpose. We will not release your personal information to other persons unless one of the following conditions apply:Where we have your consent.

Where we have your consent.
Where we are required by law, regulation, subpoena, or judicial or government order to be disclosed, provided Everest shall promptly notify you upon such request for disclosure and prior to such disclosure to permit you to oppose such disclosure by appropriate legal action.

Everest is the owner of all information collected on this website. If your personal information is collected and processed for the Purpose of your participation in a clinical trial, the clinical trial sponsor is the owner of this personal information collected. Everest processes this personal information according to the written agreement between Everest and the clinical trial sponsor.

Everest understands the importance of protecting the privacy of personal information. We limit the information we collect to what is needed for the Purpose, and we will only process it for the Purpose. Data is retained for as long as it is needed for the Purpose, or as permitted by law.

Personal information collected may include your name, email address, home or business address and phone number, current position title, and IP address (through navigation on our website). Our website collects personal information from you in the following ways:

You may submit your personal information in response to a career opportunity within Everest.
You may provide your personal contact information so that we can provide you with information to a specific request or service.
In submitting a request for access to protected areas of our website, you will be required to provide personal contact information.
If registering in our Investigator Registry, you will be required to provide personal contact information.
While navigating through the Everest website, information is collected electronically for analytical purposes; information collected includes IP address, browser type, operating system, and access times. This information is collected so that we may analyze usage in an effort to continually improve our website and user engagement.

Clinical trial Data collected include de-identified study subject personal information such as year of birth and age, gender, race, ethnic origin, health record and information, genetic information, medical history, hospital(s), current and historical medicinal information, treatments, other information as specified in informed consent forms approved by relevant ethics committee or IRB. Name and contact details may be collected for caregivers or guardians of the study subjects. Name, contact details, curriculum vitae, medical license numbers may be collected for clinical research investigators, study site employees, and medical and healthcare professionals. First name, surname, email address, postal address, and phone numbers may be collected for study staff members.

Data collected to provide the individual with a user account to facilitate participation in a clinical trial conducted by Everest may be accessed by clinical trial sponsor representatives and applicable regulatory authorities and is provided to the clinical trial sponsor at the end of the clinical trial. The Data may be stored on servers in Canada, U.S.A., and Germany.

Third party vendors may process and store the Data during the clinical trial conduct. When third party vendors are involved, they will ensure that (1) the Data may only be processed for the limited and specified Purposes consistent with the consent provided by the individual; (2) they will provide the same level of protection to the Data as Everest provides; and (3) they will notify Everest if they can no longer meet this obligation. If the third party vendor notifies Everest that they can no longer meet this obligation, the third party vendor ceases processing or takes other reasonable and appropriate steps to remediate. These steps are in place because Everest has responsibility for the processing of personal information it receives under the EU-U.S. Data Privacy Framework (DPF), UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF. Procedures are in place to ensure privacy breach incidents are communicated and followed up consistently with all applicable regulatory requirements, and according to Everest’s Policy EV.102, “Operational Policies Covering Confidentiality, Privacy, and Security.”

Data collected through the Investigator Registry information gathering page may be accessed by clinical trial sponsors who are Everest clients.

In the unlikely event that a U.S. Law Enforcement agency requests Data to be released, this Data will be provided as required by law. Everest is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Everest is required to disclose personal information in response to lawful requests by public authorities, including meeting national security or law enforcement requirements. Everest commits to notify individuals of the requirement to disclose personal information in response to lawful requests by public authorities, including meeting national security or law enforcement requirements and its liability in cases of onward transfers to third parties.

Choice

The choice to provide Everest with personal information is always yours. When Data is collected in order to provide the individual with a user account to facilitate participation in a clinical trial conducted by Everest, the Data must be retained according to the applicable regulatory requirements. The individual may opt not to participate in the clinical trial before submitting the personal information to Everest.

When Data is collected to be included in an Investigator Registry, Everest gives individuals the opportunity to choose (opt out/withdraw consent) whether their personal information will be disclosed to a third party or used for a Purpose incompatible with the Purpose for which it was originally collected or subsequently authorized by the individual.

Accountability for Onward Transfer (Transfers to Third Parties)

If you are an EU, UK, or Swiss Individual, where we transfer your personal data to third party service providers (see above) who perform services for us or on our behalf, we are responsible for the processing of that data by them and shall remain liable if they process your personal data in a manner inconsistent with the DPF Principles referred to below, unless we prove that we are not responsible for the event giving rise to the damage.

To disclose information to a third party, Everest applies the Notice and Choice Principles. Where Everest wishes to transfer information to a third party that is acting as an agent (e.g., a vendor), Everest will also enter into a contract with the third party that provides that such Data may only be processed for limited and specified Purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the DPF Principles and will notify Everest if it makes a determination that it can no longer meet this obligation. This contract shall detail the ways in which the third party fulfills these responsibilities.

Security

Everest has implemented appropriate technical, physical and organizational measures designed to protect personal information against accidental loss, misuse, alteration, unauthorized access, disclosure, unauthorized and unlawful destruction, and any forms of unlawful processing.

Data Integrity and Purpose Limitation

Personal information collected is relevant for the Purposes for which it is to be used. Everest takes reasonable steps to ensure that Data is reliable for its intended use, accurate, complete, and current.

Access

Upon request, individuals have access to their personal information that Everest holds and they can request to have it corrected, amended, or deleted if that information is found to be inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated. This request can be made to the Everest Privacy Officer. Access will be provided only when the individual’s identity is confirmed.

Recourse, Enforcement and Liability

The Everest Privacy Officer may be contacted with any questions, concerns, or complaints regarding this Policy. Everest will investigate and attempt to resolve complaints and disputes regarding this Policy.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Everest commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to JAMS Mediation, Arbitration and ADR Services (JAMS), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

For breaches or access/modifications of personal information, pursuant to Article 27 of the General Data Protection Regulation (GDPR) and UK GDPR, Everest Clinical Research Corporation has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU and EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO regarding matters pertaining to the GDPR and UK GDPR:

General Data Protection Regulation (GDPR) – European Representative

Complete EDPO’s online request form: https://edpo.com/gdpr-data-request/
Write to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

UK General Data Protection Regulation (GDPR) - UK Representative

Complete EDPO-UK’s online request form: https://edpo.com/uk-gdpr-data-request/
Write to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.

Protection of California User’s Personal Information

On June 28, 2018, California passed a new privacy bill, AB 375, known as the California Consumer Privacy Act of 2018 (“CCPA”). This Act is Effective as of January 1, 2020. Everest is providing this supplemental privacy notice to California users pursuant to the CCPA. The CCPA grants California residents the following rights:

Information. You can request information about how Everest has collected, used and shared your personal information during the past 12 months.
Access. You can request a copy of the personal information that Everest maintains about you.
Deletion. You can ask to delete the personal information that Everest maintains about you.
Opt-out of sale of your personal information. While Everest does not engage in any Sale of personal data in the context of our processing, we offer instructions on how to limit online tracking.
Please note that the CCPA limits these rights by, for example, prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request.
You are entitled to exercise the rights described above free from discrimination.

To submit a request, please contact the Everest Privacy Officer. See below for contact details.

Protection of Children's Personal Information

Everest recognizes the importance of protecting the privacy of children. We do not knowingly collect personal information from children under the age of 16. If we become aware of collecting information through our website(s) from a child under the age of 16, we will delete that information immediately. The Parent(s)/Guardian(s) may contact us if it is believed that we might have any information from a child under 16.

Use of Cookies

Cookies are small files stored on your computer when you visit certain online pages. Cookies allow Everest to improve the design and content of our website, to enable us to better personalize your user experience. Cookies are not linked to any personal information while on the Everest website. Data collected through the use of cookies includes: date and time of visit, IP address, type of browser used, domain name of your internet service provider, pages visited, links you follow. Everest uses Google Analytics for this Purpose. Google Analytics uses its own cookies. You can find out more information about Google Analytics cookies here: Google Analytics Cookie Usage on Websites. You can find out more about how Google protects your Data here: Google Privacy Policy. You can prevent the use of Google Analytics relating to your use of services by downloading and installing the browser plugin available here: Google Analytics Opt-out Browser Add-on.

You always have the right to decline our cookies by modifying your web browser preferences to reject cookies (e.g., in Google Chrome, navigate to “Settings”🡪“Advanced”🡪“Privacy and Security”🡪“Site Settings”🡪“Permissions”🡪 “Cookies and Site Data” to modify settings), although this may adversely affect the usability of the site. You will be presented with a pop-up screen requiring consent to store the cookies on your device. If you click “I Accept” or continue to navigate our website, you agree to having those cookies set on your device.

Changes to this Policy

This policy will be updated as needed to maintain consistency with privacy laws and regulations and Everest internal privacy requirements.

Everest Privacy Officer

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Everest commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Everest at:

Privacy Officer
c/o Everest Clinical Research Corporation
675 Cochrane Drive, East Tower, 4th Floor
Markham, Ontario, Canada, L3R 0B8
Tel: +1 (905) 752-5222

Are you ready to get started?

Tell us about your next project

CONNECT WITH US