Loading...

Atlantia volunteer data protection statement

Last Updated: Tuesday, September 27, 2022 - 11:51
ABOUT US

This Data Protection Statement applies to the following companies in the Atlantia Group:

  • Atlantia Food Clinical Trials Limited- Floor 1, Heron House, Blackpool, Cork, T23 R50R, Ireland
  • Atlantia Food Clinical Trials Inc-142. E. Ontario Suite 1200, Chicago 60611, Illinois, USA

References to “we”, “us” and “Atlantia” shall apply to the company in the group that is processing your Personal Data.

References to “you” or “Volunteers” shall apply to the individuals who may be volunteering to take part in clinical trials.  In general this statement applies to Volunteers that are being recruited by Atlantia and the activities relevant to marketing and screening of Volunteers before being assigned to a particular trial.

We are a world-class provider of human clinical studies. We are a full-service, Contract Research Organisation (CRO). We deliver human clinical studies in the following areas; functional foods and beverages, ingredients, supplements, prebiotics, probiotics and microbiome-based therapeutics and cosmeceuticals.

Atlantia has its headquarters in Ireland which means that we must comply with the EU General Data Protection Regulation (the “GDPR”) when processing the personal data of Volunteers for clinical trials. This means we must provide information to you about how we process Personal Data and set out the basis on which any Personal Data we collect from You, or that You provide to us, will be used by us where we are controllers of that Personal Data for the purposes of the GDPR.

CONTACT DETAILS

We have appointed a Data Protection Officer.  If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us, please contact:

Data Protection Officer

Address: Floor 1, Heron House, Blackpool, Cork, T23 R50R, Ireland,

Email:    dataprotectionofficer@atlantiatrials.com

Telephone:  +353 (0)21 430 7442

Our website is: www.atlantiaclinicaltrials.com

THE PURPOSE OF THIS DATA PROTECTION STATEMENT

This Data Protection Statement applies specifically to the processing of Personal Data of Volunteers for clinical trials.  The definition of Personal Data is as follows:

Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This Data Protection Statement describes our approach to data protection and sets out the basis on which any Personal Data we collect from You, or that you provide to us, will be used by us. Please read this Data Protection Statement carefully to understand our views and practices regarding the Personal Data we collect and how we will treat it.

As a Clinical Research Organisation, we undertake research studies for and on behalf of Sponsors.  This statement applies to Volunteers that are being recruited by Atlantia and the activities relevant to marketing and screening of Volunteers before being assigned to a particular trial/study.

WHO THIS DATA PROTECTION STATEMENT APPLIES TO

This Data Protection Statement provides specific information relating to the Volunteers who have registered an interest in participating in trials. If you are not a Volunteer, you will find further information about the processing of Personal Data for other individuals in the following Data Protection statements;

SOURCES OF PERSONAL DATA

We generally collect Volunteer’s Personal Data when they volunteer to participate in clinical trials. We will only ever source Personal Data that is necessary and in a way that would be generally expected.

We receive Personal Data about Volunteers from a variety of sources, as follows:

  • through our website when Volunteers provide their Personal Data to receive information about clinical trials or register with us to join a trial;
  • as part of our pre-screening activities with the Volunteer; and
  • in the event of a health and safety or other incidents we may gather information as part of our incident investigation activities; and
  • as part of meeting our regulatory requirements.
  • Recruitment events
CATEGORIES OF PERSONAL DATA

We process the following categories of Personal Data.  For each category we have included an example of the type of Personal Data that may be part of that category:

Personal Data Category

Description

Identification Data

may include: name, date of birth, (copy of or details from) driving license, passport, identification card

Contact Data

may include: home address, work address, email address, phone number

Communication Data

may include: details of phone calls, email correspondence and hardcopy correspondence, notes of visits, and communications

Marketing Data

may include: identification data and contact data and any preferences in receiving marketing from us and your communication preferences

Web Data

may include: Personal Data provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use

Authorised Contact Data

may include: contact data for next of kin or point of contact provided by the Volunteer

Family Data

may include: marital status and dependents details

Health Data

may include: the volunteers’ health information such as physical characteristics, medical history data, anthropometric data, medication data

Racial/Ethnic Data

may include: race, ethnic origin

 

OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA

We process all Personal Data lawfully and in accordance with the requirements of the law. The GDPR sets out the legal grounds for processing Personal Data.

When Atlantia processes Personal Data for the activities specified in this statement, it is generally on one of the following legal basis:

CONSENT

If you want to register your interest in participating in a clinical trial or joining our database of volunteers, we will obtain your consent in advance.

Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.

You can withdraw consent provided by you at any time by contacting us at  dataprotectionofficer@atlantiatrials.com

LEGITIMATE INTEREST

At times we will need to process your Personal Data to pursue our legitimate business interests, for example for administrative purposes, to provide information to you or to operate, evaluate, maintain, develop the clinical trials process and to maintain security and safety in the study environment.

We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweighs our legitimate interests.

You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at dataprotectionofficer@atlantiatrials.com and we will review our processing activities.

LEGAL OBLIGATION

In some cases, we may have a legal obligation to process your Personal Data. In these cases, there is a regulation or rule of law which legally requires us to undertake the processing activity.

OUR PROCESSING ACTIVITIES

We use your Personal Data to provide you with our services and to assist us in the operation of our business.  Under data protection law, we must ensure that the purpose of processing is clear.

We have set out below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.

 

Purpose of Processing

Categories of Personal Data

Lawful Basis

Screening Volunteers

  • to conduct screening of Volunteers
  • to complete the study pre-screening questionnaire
  • to arrange pre-screening appointments
  • to send notifications about changes/updates to clinical trials and pre-screening arrangements
  • Identification Data
  • Contact Data
  • Communication Data
  • Health Data
  • Web Data
  • Consent

 

Management of the Database of Volunteers

  •  to update and manage the Volunteer database
  • to contact You about upcoming trials
  •  to manage/respond to a query from a Volunteer during the recruitment of Volunteers
  • to notify you of updates to this Data Protection Statement

 

 

  • Identification Data
  • Contact Data
  • Communication Data
  • Authorised Contact Data
  • Consent

 

Marketing & Promotion activities

  • to respond to any requests from You
  • to send newsletters and other information that maybe of interest
  • to contact You as part of our business relationship or to generate interest in studies and general administration
  • to inform You of events or webinars that might be of interest
  • for relationship management with Volunteers

 

  • Marketing Data
  • Contact Data
  • Web Data

 

  • Consent
  • Legitimate Interest in managing our marketing and promotion activities.

 

Website Delivery

  • to respond to web questionnaires completed by you
  • to promote participation on clinical trials
  • to improve and administer the website
  • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to ensure the safety and security of our website
  • Web Data
  • Contact data

 

  • Consent
  • Legitimate Interest in managing and delivery of our website.

 

Legal and regulatory requirements

  • Document review for mandatory regulatory audits
  • Sending interim or annual reports as part of our regulatory responsibilities
  • Identification Data
  • Contact Data
  • Authorised Contact Data
  • Health Data

 

  • Legal Obligation
  • Public interest in ensuring high standards of quality and safety in health care and of products.

 

 

DISCLOSURE OF PERSONAL DATA

In certain circumstances, we may disclose Personal Data to third parties as follows:

  • to business partners and subcontractors, including email, Communication Platforms, Customer Relationship Management system, database management, web developers, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers;
  • to analytics and search engine providers that assist us in the improvement and optimisation of the Website;
  • if we or substantially all of our company is merged with another company or acquired by a third party, in which case Personal Data held by us will be one of the transferred assets;
  • to other companies in the Atlantia group of companies for the purposes of administration of the clinical trials;
  • if we are under a duty to disclose or share Personal Data to comply with any legal obligation for example regulatory authorities; and
  • to protect our rights, property, or safety, of the Volunteers. This may include exchanging Personal Data with other companies and organisations for the purpose of fraud protection. When we engage another organisation to perform services for us, we may provide them with information including Personal Data, in connection with the performance of those functions. We do not allow third parties to use Personal Data except for the purpose of providing these services.
DISCLOSURE OF PERSONAL DATA

Personal Data is shared in certain circumstances as follows:

  • to business partners and sub-contractors to deliver our employee selection activities including email, chat, ticketing, applicant tracking systems and hosting service providers
  • for the purposes of third-party screening and verification, if applicable, including doctors or testing companies (for example, criminal record checks / pre-employment screening services and assessments)    
  • to other companies in the Atlantia group of companies including the affiliated companies documented in this Data Protection Statement for the purposes of administration
  • to any party acquiring an interest in Atlantia 
  • to tax, audit or other authorities, if we are under a duty to disclose or share Personal Data in order to comply with any legal obligation or in order to enforce or apply any contract that we have
  • to official authorities to protect our rights, property, or safety, or those of other persons (including you)
  • to providers of services to Atlantia including IT consultants and hosting companies, marketing, legal and finance
  • to analytics and search engine providers that assist us in the improvement and optimisation of our website. This consists of information relating to the web pages visited on the Website and tracking codes from service providers like LinkedIn and Google
  • to Atlantia insurance brokers and providers where required for administering claims
  • to our email distribution partner and service providers in the case of newsletters
SECURITY MEASURES

We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Data Protection Statement and the relevant law, including the GDPR.

In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process.

Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it.

We also use secure connections to protect Personal Data during its transmission.

If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.

TRANSFERS OUTSIDE THE EEA

To provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.

If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.

USE OF THIRD-PARTY WEBSITES

Websites that you access via a link on the Atlantia website are outside our control and are not covered by this Data Protection Statement. If you access other websites using the links provided, the operators of these websites may collect Personal Data from you, which will be used by them in accordance with their own Data Protection Statements, which may differ from ours. Please check the Data Protection Statements on those websites before you submit any Personal Data to them. 

COOKIES

Cookies are small text files placed on your computer or mobile device by websites that you visit, and they help us improve the products and services that we offer you. They are used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may allow a website to remember your activity over a period of time. Some cookies are optional and you do not have to accept them. 
Further information on the cookies we use on the website and the purpose behind their respective uses are set out in our Cookie Notice

YOUR RIGHTS

Our Website may contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy settings, and these are not endorsed by us.  We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting any Personal Data to these websites.

QUESTIONS OR COMPLAINTS

Thank you for reading our Employee Selection Data Protection Statement.  Please Contact us if you have any questions.  
If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached 

Online Form: https://forms.dataprotection.ie/contact
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Tel: +353 578 684 800 or +353 761 104 800

THIRD PARTY WEBSITES

We will post any changes to this Data Protection Statement on the Website and on our job ads in recruitment portals and when doing so will change the effective date at the top of this Data Protection Statement.
In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

RETENTION

In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on data protection laws and our purpose for processing the Personal Data.  We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.

Further information about our retention practices are set out below:

Purpose of Processing

Retention Period

Screening Volunteers

For duration of the recruitment campaign + 4 weeks or earlier if you withdraw consent.

Management of the Database of Volunteers

12 months in the case where no meaningful engagement or earlier if you withdraw consent.

Marketing and Promotion Activities

12 months in the case where no meaningful engagement or earlier if you unsubscribe.

Website Delivery

See Cookie Notice

Legal and regulatory requirements

In line with statutory requirements

YOUR RIGHTS

You have various rights relating to how your Personal Data is used.

Right of access to the Personal Data we hold on you

You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.

We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.

Right of rectification of Personal Data

You should let us know if there is something inaccurate in your Personal Data.

We may not always be able to change or remove that Personal Data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.  

Right of erasure of Personal Data (right to be forgotten)

In some circumstances you can ask for your Personal Data to be deleted, for example, where: 

  • your Personal Data is no longer needed for the reason that it was collected in the first place
  • you have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
  • there is no lawful basis for the use of your Personal Data
  • deleting the Personal Data is a legal requirement

Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.

Please note that we can’t delete your Personal Data where:

  • we are required to have it by law
  • it is used for freedom of expression 
  • it is used for public health purposes
  • it is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the objectives of the processing
  • it is necessary for legal claims. 

Right to restrict what we use your Personal Data for

You have the right to ask us to restrict what we use your Personal Data for where:

  • you have identified inaccurate Personal Data, and have told us of it
  • where we have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase the Personal Data altogether

When Personal Data is restricted it can’t be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.

Right to have your Personal Data moved to another provider (data portability)

You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.

This right only applies if we’re using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

Right to object

You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing.  We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.

Right not to be subject to automated decision-making

You have the right not to be subject to a decision based solely on automated processing.  This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent or the processing is authorised by law.

You can make a complaint

You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.

AMENDMENTS TO THIS DATA PROTECTION STATEMENT

We will post any changes on the Website and when doing so will change the effective date at the top of this Data Protection Statement.  Please make sure to check the date when you use our services to see if there have been any changes since you last used those services.

In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.

Thank you for reading our Data Protection Statement.  Please Contact us if you have any questions.  If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached

Contact details for the relevant Supervisory Authority in Ireland are set out below for your information:

Country

Supervisory Authority

Contact Details

Ireland

Data Protection Commission

Online Form: https://forms.dataprotection.ie/contact

Address:  21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

Tel:        +353 578 684 800 or

              +353 761 104 800