Safe Harbor Policy Statement
This Policy was last updated on September 29, 2016.
Everest Clinical Research Corporation (Everest) respects the laws for privacy of its employees, clients, vendors and other visitors. Everest receives information from visitors worldwide. The use and disclosure of their personal information must be in accordance with their local laws and regulations. This Safe Harbor Policy Statement describes the privacy principles Everest follows regarding transfer of personal information from Switzerland to the United States (“U.S.”). .
Safe Harbor Principles
Everest has certified that it complies with the seven Safe Harbor Privacy Principles when transfers of personal information occur from Switzerland to the U.S. These principles are set forth by the U.S. Department of Commerce and the Federal Data Protection and Information Commissioner (“FDPIC”) of Switzerland in the U.S. – Swiss Safe Harbor agreement.
Please refer to the U.S. Department of Commerce Safe Harbor Program website http://2016.export.gov/safeharbor/swiss/ for further details.
This Policy applies to all personal information received from Switzerland by Everest.
Data Protection Principles
Everest notifies individuals about the purposes for which they collect and use information about them. Everest provides information about how individuals can contact Everest with any inquiries or complaints, the types of third parties to which it discloses the information and the choices and means Everest offers for limiting its use and disclosure.
Everest gives individuals the opportunity to choose (opt out/withdraw consent) whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive information, an affirmative or explicit (opt in/consent) choice is given if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by the individual.
Onward Transfer (Transfers to Third Parties)
To disclose information to a third party, Everest applies the notice and choice principles. Where Everest wishes to transfer information to a third party that is acting as an agent, it may do so if it makes sure that the third party subscribes to the Safe Harbor Privacy Principles or is subject to the Directive or another adequacy finding. As an alternative, Everest enters into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant principles. Note that Everest may from time to time employ third parties to complete Everest work and in all cases, confidentiality agreements are set in place between Everest and the third party to restrict any disclosure of information Everest provides to the third party.
Upon request, individuals have access to personal information about them that Everest holds and they can request to have corrected, amended, or deleted if that information is found to be inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual's privacy in the case in question, or where the rights of persons other than the individual would be violated.
Everest takes reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Personal information collected is relevant for the purposes for which it is to be used. Everest takes reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
To ensure compliance with the safe harbor principles, Everest developed (a) readily available and affordable independent recourse mechanisms so that each individual's complaints and disputes can be investigated and resolved and damages awarded where the applicable law or private sector initiatives so provide; (b) procedures for verifying that the commitments Everest makes to adhere to the safe harbor principles are implemented; and (c) obligations to remedy problems arising out of failure to comply with the principles.
- The recourse mechanism includes steps to allow any individual’s complaint and disputes to be provided to Everest via the Everest Privacy Officer.
- Verification that Everest attestations and assertions made about its privacy practices are true and have been implemented is accomplished by means of self-assessments through Everest internal compliance audits.
- Everest will make every effort to remedy problems arising out of failure to comply with the Safe Harbor Principles as soon as reasonably possible. Problems requiring dispute resolution are outlined immediately below.
The Everest Privacy Officer may be contacted, at the address below, with any questions, concerns, or complaints regarding this Policy. Everest will investigate and attempt to resolve complaints and disputes regarding this Policy. However, for complaints or disputes that cannot be resolved, Everest will participate in dispute resolution and agrees to cooperate with the Swiss FDPIC.
Everest’s Privacy Officer may be contacted as follows:
Brian Wettlaufer, Privacy Officer
c/o Everest Clinical Research Corporation
675 Cochrane Drive, East Tower, 4th Floor
Markham, Ontario, Canada, L3R 0B8
Tel: +1 (905) 752-5208
Fax: +1 (905) 752-5223
Changes to this Policy
This policy will be updated as needed to maintain consistency with the requirements of the Safe Harbor Principles and Everest internal privacy requirements.