Effective Date: September 18, 2020

Syneos Health ("we," “us,” or “Syneos Health”), operating through its affiliates/subsidiaries located throughout the world (collectively, the “Company”) is committed to protecting your privacy and has implemented the measures below to protect the personal data we process about you (“Personal Data”).

If you are a California resident, please read our Notice to California Residents for additional information that we are required by the California Consumer Privacy Act of 2018 (CCPA) to provide to you.

Scope

Except as set forth in the Exclusions section of this notice, this notice applies to all Personal Data gathered for and on behalf of Syneos Health through this website (collectively, the “Site”). The purpose of the Site is to obtain information about your interest in participating in clinical studies related to COVID-19 for which you may be qualified (“Purpose”). You understand that by registering through this Site, you may be contacted in connection with the Purpose, but we make no guarantee that you will be contacted for any particular study or that if you are contacted, that you will qualify for participation. By using the Site, you consent to the data collection and use practices described in this notice.

Effect of Other Notices

Syneos Health has additional privacy notices or terms that are tailored for the different ways your Personal Data is collected by different Syneos Health lines of business or functions. If you receive a privacy notice provided to you for a specific purpose, the terms of the more specific notice or contract will control your interaction with Syneos Health to the extent that notice conflicts with this notice.

Exclusions

  • Third-Party Sites. The Site may link to or provide the ability to connect with non-Syneos Health websites, social networks or applications (“Third-Party Sites”). Clicking on those links or enabling those connections may allow the third party to collect or share information about you. Those Third-Party Sites are beyond Syneos Health’s control and are subject to the terms of the Third-Party Sites’ privacy policies, and not the terms of this notice. We encourage you to check the privacy policies and terms of use of any Third-Party Sites before providing your information to them. Syneos Health is not responsible for the privacy practices or content of Third-Party Sites.
  • Customer Contracts. This notice does not apply to the information that we process in connection with providing services to our customers under our contracts with them. Our processing of such information is governed by our customer contracts and other relevant privacy notices.

Identification of Data Controller

The data controller is Syneos Health, Inc., operating through its affiliates/subsidiaries located throughout the world. You can contact the Syneos Health entity acting as a data controller through our Privacy Office, by clicking here.

Information We Collect

When you visit our websites or otherwise interact with Syneos Health, we may collect the following information about you. With respect to your Personal Data Processed through this Site, please note that Syneos Health has instructed its Processor, X Factor Advertising, not to provide us with any identifying information about you. However, as the data controller, Syneos reserves the right to obtain any such identifying information about you from X Factor Advertising, and use such information in accordance with this Privacy Notice, in the future. We will update this Privacy Notice accordingly if any such change is implemented. We may also collect information about you from our customers or from third parties:

  • Contact details, such as name, social media handle, job title and employer, email address, mailing address, phone number, and emergency contact information.
  • Transaction history, such as details about the programmes and activities in which you have participated.
  • Usage information, such as information about how you use the services and interact with us.
  • Health Information, such as your responses to questions that address your medical history.
  • Survey data, such as your responses to our online and offline surveys.
  • Communications that we exchange when you contact us.
  • Publicly available information, including information that you or others publish on social media and in publications, such as tweets, comments, news articles, or video or audio content.
  • Device identifiers, including information about the device you are using to visit connect to our websites or applications, such as your device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, and other device identifiers.
  • Online activity data, including browsing history, search history, clickstream data, and other information about your interactions with our services, websites, applications, social media pages, and email communications. We, our service providers, and business partners also collect this type of information over time and across third-party websites.

Sensitive Personal Data

In certain cases, we may need to collect Sensitive Personal Data (which is also known in certain jurisdictions as special categories of Personal Data) through the Site. The term "Sensitive Personal Data" refers to categories of personal data identified by data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent from you. These categories generally include racial or ethnic origin, political opinions, financial background, religious or similar beliefs, sexual life, trade union membership or affiliations, individual medical records and history, physical, mental or physiological health condition or genetic or biometric information, ideological views or activities, information on social security measures, or administrative or criminal proceedings and sanctions which are treated outside pending proceedings.

If we seek to collect Sensitive Personal Data, we will do so in accordance with applicable law. Unless we have specifically requested such data, however, we ask that you not send to us, nor share with us, any Sensitive Personal Data.

How We Use Personal Data

We may use Personal Data for the following purposes:

Service delivery. We use Personal Data to:

  • Provide, operate and improve our business and the services we provide;
  • Communicate with you about the Site and the Purpose, including by sending you announcements, updates, security alerts, and support and administrative messages;
  • Communicate with you about events, surveys, questionnaires or webinars in which you participate;
  • Understand your needs and interests, and personalise your experience with our services and communications;
  • Provide support and maintenance for our sites; and
  • Respond to your requests, questions and feedback.

Research and development. We may use Personal Data for research and development purposes, including to analyse and improve our Site, services, and business. As part of these activities, we may create aggregated, de-identified or other anonymous data from Personal Data we collect.

Appending our databases. We may assign a unique identifier to the Personal Data we collect and use this information to supplement our existing databases of Personal Data, analytics, and insights for purposes consistent with this notice.

Compliance. We may use Personal Data to:

  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • Audit our internal processes for compliance with legal and contractual requirements and internal policies;
  • Enforce the terms and conditions that govern our services; and
  • Prevent, identify, investigate and deter fraudulent, harmful, unauthorised, unethical or illegal activity, including cyberattacks and identity theft.

Disclosure to Third Parties

We may share Personal Data with third parties, as described below.

  • Affiliates: We may share Personal Data with our subsidiaries and affiliates for purposes consistent with this notice.
  • Customers and Business Partners: We may share Personal Data, analytics and insights from our databases with our prospective and current customers and business partners in connection with providing our services to those customers.
  • Healthcare Providers: In connection with the Purpose and with your agreement, we may share your information with potential trial sites.
  • Companies and people who work for us: We contract with other companies and individuals to help us provide services including the Site. For example, we host this Site on another company's computers, and we also hire technical consultants to maintain this Site. In order to perform their services, these other companies may have limited access to some of the Personal Data we maintain about our users. Other companies may collect information on our behalf through their websites or applications. We require that such companies not use your information for any purpose other than fulfilling their responsibilities to us. We also require that such companies keep your Personal Data confidential and comply with applicable laws. Syneos Health’s practice is to (i) conduct reasonable and appropriate due diligence on our service providers; and (ii) obtain written commitments regarding the processing of Personal Data, including that the service provider will only handle Personal Data in accordance with our instructions; adopt adequate technical and organisational measures to protect your personal data; and not retain Personal Data when it is no longer required for completion of its services. Details of service providers and the countries in which they are based are available from Syneos Health by contacting its Global Privacy and Data Protection Officer.
  • Professional advisers: We may disclose Personal Data to professional advisers, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
  • Business transfers: If we transfer a business unit or an asset (such a Syneos Health website) to another company, we may transfer the Personal Data we have collected to the relevant third party.
  • Legal requirements: We may be obligated to cooperate with various law enforcement inquiries. Syneos Health reserves the right to share or transfer your information to comply with a legal requirement, disclose any activities or information about you to law enforcement or other government officials as we, at our sole discretion, determine necessary or appropriate, in connection with an investigation of fraud, for the administration of justice, intellectual property infringements, or other activity that is illegal or may expose us or you to legal liability. We may release information if, in our judgment the release may be necessary to prevent the death or serious injury of an individual.

Legal Basis for Processing Personal Data

In certain jurisdictions, such as the Member States of the European Union, we are required to identify the legal bases for processing Personal Data. We process Personal Data:

  • For our legitimate business interests, which will be assessed in connection with the specific use of Personal Data;
  • With your consent (or, where required to process Sensitive Personal Data, with your explicit consent), which will be requested and given via the Site or otherwise.

Withdrawal of Consent

If we process Personal Data based on your consent or your explicit consent, you have the right to withdraw your consent in whole or in part at any time. Once we have received notification that you have withdrawn your consent, we will no longer Process the Personal Data for the purpose(s) to which you originally consented unless there are compelling legitimate grounds that override your interests, rights and freedoms (for example, to comply with a legal obligation), or for the establishment, exercise, or defence of legal claims. If we processed Personal Data for direct marketing purposes, you have the right to object at any time, in which case we will no longer process your Personal Data for such purposes. The withdrawal of your consent does not affect the lawfulness of such processing that occurred before its withdrawal. Should you withdraw consent to future processing of your Personal Data, we may not be able to contact or interact with you as originally planned when you first provided your consent.

Cross-Border Transfers

We have taken measures to protect the confidentiality, integrity, availability, and security of Personal Data when it is transferred across country borders. However, when you use this Site, you do so with the understanding that it is hosted and operated in the United States of America, and your Personal Data will be processed in the United States of America for the Purpose. The laws of the United States of America may not provide the same level of protection as the laws of your home country. By using the Site (and if required by law), you consent to the transfer of your Personal Data for processing for the Purpose to countries outside of your country of residence.

For cross-border transfers within the Syneos Health Group, we also use other transfer mechanisms where required, including Intra-group data transfer agreements based on Standard Contractual Clauses. For information about our Intragroup Data Transfer Agreement, please contact us at data.privacy@syneoshealth.com.

To the extent that your Personal Data is shared with service providers or others who process Personal Data on our behalf and who are located outside your country of residence, it is our practice to enter into appropriate contracts that require such third parties to comply with applicable data protection laws.

Retention and Deletion

Subject to the following paragraph, Syneos Health will retain your Personal Data for the Purpose for five years from the date of collection, after which it will be deleted in a manner designed to ensure that it cannot be reconstructed or read. You may also request deletion of your Personal Data if you no longer wish to remain registered with the Site by sending an email here.

Syneos Health will retain your Personal Data for longer than five years if:

  • You authorise us to do so;
  • The Personal Data is needed to provide you products or services or to fulfill our obligations to you;
  • Doing so is necessary to comply with our legal obligations, resolve disputes, or enforce our agreements; or to the extent otherwise permitted by law.

In all cases, Syneos Health does not retain Personal Data after it no longer serves the purposes for which it was collected or subsequently authorised.

Protection of Information

The security of your Personal Data is important to Syneos Health. We use commercially reasonable physical, electronic, and administrative safeguards that are designed to protect your Personal Data from loss, misuse and unauthorised access, disclosure, alteration, and destruction. However, regardless of our efforts and the device you use to access the Site, it is possible that third parties may unlawfully intercept or access transmissions or private communications over an unsecured transmission.

Cookies and Other Tracking Technologies

The Site and/or third parties may use “cookies,” “web beacons,” scripts, tags, Local Shared Objects (Flash cookies), Local Storage (HTML5) beacons, and other similar tracking technologies (collectively, “Tracking Technologies”) to collect information from you automatically as you use the Site, browse Syneos Health websites, and the web. These Tracking Technologies help us tailor our content, gather statistics about and understand website and internet usage, improve or customise Site content, personalise your experience with respect to the Site, save your password in password-protected areas, maintain and administer the Site, and for other purposes described in the "Uses of Information" section of this notice.

These Tracking Technologies collect “click stream” data and other information regarding your use of the Site, such as your visits, use of our features and preferences, and may also collect your IP address or some other identifier unique to the device you use to access the Site (“Identifier”). Your Identifier may be automatically assigned to the device you use to access the Site.

Cookies

"Cookies" are text files that a website can send to your device through your browser, which is then used to identify your device by the website. Cookies can be both “session level” (stored only for until you close your web browser), which help you efficiently navigate our Sources during a visit, and “persistent” (stored for a longer period, even after you close your browser), which remember relevant information such as your language preference. Syneos Health Sources may use both session level and persistent cookies.

If you would like more information about cookies, including how to manage them, please see All About Cookies.

Other Tracking Technologies

We also use other technologies to collect information about how our Sources are used, tailor our content, gather statistics about and understand website and internet usage, improve or customise the content, offerings or advertisements through the Site, personalise your experience with respect to the Site (for example, to recognise you by name when you return to a Syneos Health website), save your password in password-protected areas, save your online video player settings, help us offer you programmes or services that may be of interest to you, deliver relevant advertising, maintain and administer the Site and for other purposes described in the "Uses of Information." Some examples of these Tracking Technologies include:

  • "Web beacons" (also known as image tags, gifs or web bugs), including conversion pixels, are small pieces of code used to collect advertising data. They may count page views or help us understand, for example, whether e-mails we send out have been opened or whether certain links have been clicked.
  • Local Shared Objects (e.g., Flash cookies), and Local Storage (e.g., HTML5) may be used to store content information and preferences. You may manage Flash cookies by clicking here. Your browser may offer settings to turn off HTML5.

This Site does not recognise automated “do not track” instructions. You can, however, adjust your web browser’s privacy preferences regarding the use of most cookies, through your browser’s privacy settings. Unless you choose to block cookies, some Sources may issue cookies when you visit them or click on an e-mail link that we send to you, even if you have previously deleted our cookies. If you choose to delete or block cookies, you may impact your user experience on the Site, as some features may no longer work. In addition to deleting or blocking cookies, you may be able to manage cookie preferences with the cookie manufacturer. For example, you can opt out of Google Analytics by downloading and installing a browser plugin available here. You can opt out of Adobe Experience Cloud by clicking here.

Children's Privacy

We are committed to protecting the privacy of children. For that reason, we do not knowingly collect or maintain personally identifiable information from any person we actually know is under the age of 18. No part of the Site is structured to attract anyone under age 18.

Your Rights as a Data Subject

In some jurisdictions (for example, the Member States of the European Union) you may be entitled to certain rights in and to your Personal Data, subject to certain conditions and exceptions contained in applicable law. These rights may include the following:

  • Request us to confirm whether your Personal Data is processed by us, and if we do, to obtain access to your personal data and certain information about it.
  • Require the correction of your Personal Data if it is inaccurate or incomplete.
  • Direct us to stop processing your Personal Data under certain circumstances.
  • Erase or delete your Personal Data, for example, where the data is no longer needed to achieve the purpose for which it was collected.
  • Restrict the further Processing of Personal Data
  • Request us not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (we currently do not engage in such processing and will notify you prior to doing so).
  • Request to receive your Personal Data for transmission to, or to directly transmit to, another data controller in a structured, commonly used and machine-readable format.

With respect to your Personal Data Processed through this Site, please note that Syneos Health has instructed its Processor, X Factor Advertising, not to provide us with any identifying information about you. As a result, we receive anonymised data from X Factor. If you wish to exercise your Personal Data rights, we ask that you contact our Processor, X Factor Advertising, as follows:

To protect your privacy and the security of your Personal Data, we have instructed X Factor to take reasonable steps to verify your identity before complying with such rights requests. To help X Factor identify your Personal Data, please inform X Factor that your request relates to the Syneos Health Covid-19 recruitment site.

If you are not satisfied with the manner in which X Factor addressed your rights, you may contact us directly as specified in the Raising Concerns portion of this Notice.

Raising Concerns

Should you have questions about the Personal Data that we process, or if you have a question, concern, or would like to exercise your legal rights in and to your Personal Data, please contact the Syneos Health Global Privacy and Data Protection Officer as follows:

Attn: Privacy Office
Syneos Health
1030 Sync Street
Morrisville, NC 27560
United States of America

Attn: Privacy Office
Syneos Health
Farnborough Business Park, 1 Pinehurst Road,
Farnborough, Hants, GU14 7BF
United Kingdom

We may also be reached via email at data.privacy@syneoshealth.com.

How Your Dispute or Complaint May Be Resolved

Any questions, concerns, or complaints regarding the use of your Personal Data should be directed to Syneos Health Global Privacy and Data Protection Officer using the contact information presented above.

If you are located in certain jurisdictions, such as the European Union, you also have the right to raise a complaint about the collection or use of your Personal Data to your local regulator. In the European Union, you may contact the United Kingdom’s Information Commissioner’s Office, which we have designated as our Lead Supervisory Authority. You may also contact the Supervisory Authority for the Member State in which you reside.

Changes to This Privacy Notice

We may periodically update this notice. When we post changes to this notice, we will also revise the “Last Updated” date appearing at the top of the notice. If there are material changes to this notice, we will notify you by e-mail or by means of a notice on our home page. We encourage you to review this notice periodically to be informed of how we are using your information and to be aware of any changes to it. Your continued use of the Site after the posting of any amended notice shall constitute your agreement to be bound by any such changes. Any changes to this notice are effective immediately after we post it.