ICON complies with the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland. ICON has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor Program and to view ICON's certifications, please visit http://www.export.gov/safeharbor
This Policy applies to all personal information, either in electronic or paper format, received by ICON in the United States from the EEA and Switzerland.
For the purposes of the Policy, the following definitions shall apply:
“Agent” means any third party processing personal information on behalf of, and under the instructions of ICON.
“ICON” means ICON Laboratory Inc, ICON Clinical Research Inc, their successors, subsidiaries, divisions and groups in the United States.
“Personal information” means any information or set of information that identifies or could be used by or on behalf of ICON to identify an individual. It does not include personal information that has been anonymized or that is publicly available, that has not been combined with non-public personal information.
“Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information that concerns health or sex life. In addition, ICON will treat as sensitive, any information received from a third party where that third party treats and identifies the information as sensitive.
Where ICON collects personal information directly from individuals in the EEA and Switzerland, it will inform them about the purposes for which it collects and uses personal information about them, the types of non-agent third parties to which ICON discloses that information, and the choices and means, if any, that ICON offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to ICON, or as soon as practical thereafter, and in any event before ICON uses the information for a purpose other than that for which it was originally collected.
Where ICON receives personal information from its subsidiaries, affiliates or other entities in the EEA and Switzerland, it will use such information in accordance with the notices provided by such entities and the choices made by the individuals to who such personal information relates.
ICON will offer individuals the opportunity to choose (opt-out) whether their personal information is (a) to be disclosed to a non-agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
For sensitive personal information, ICON will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. ICON will provide individuals with reasonable means to exercise their choices
ICON will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. ICON will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and up-to date.
ICON will obtain assurances from its agents that they will safeguard personal information in accordance with this policy. Where ICON has knowledge that an agent is using or disclosing personal information in violation of this Policy, ICON will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
Upon request, ICON will grant individuals reasonable access to the personal information it holds about them. In addition, ICON will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
ICON will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
ICON will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. ICON will take all necessary measures against any employee that ICON determines is in violation of this policy, including disciplinary action
Any questions or concerns regarding the use or disclosure of personal information should be directed to the ICON Global Data Protection Officer at the address given below. ICON will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information, in accordance with the principles contained in this Policy. For complaints that cannot be resolved between ICON and the complainant, ICON has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes, pursuant to the Safe Harbor Principles.