• About Us
  • Global Reach
  • Leadership
  • News
  • Industry Events
  • MAPI Group
  • Locations
  • Contact Us
  • Career Opportunities
    • Associate Director, Biostatistics and Programming
    • Epidemiologist
    • Safety Specialist
    • CRA Freelance Opportunities
    • MAPI Group Openings
    • Proposal Development Specialist II/ Senior
    • Site Management Associate I/II

    • Manager, Global Clinical Learning & Development
    • Paralegal
• Solutions
  • Consulting Areas
    • Late Phase Study Design
    • Epidemiology
    • Risk Management Planning
    • Regulatory Strategy and Interactions
  • Late Phase Research
    • Prospective
    • Retrospective
• Services
  • Study Support
    • Project Management
    • Site Management and Monitoring
    • Call Center
    • Data Management
    • Programming and Biostatistics
    • Medical Writing
  • Risk Management and Safety
    • REMS, RMPs
    • Safety Management
  • Epidemiology
• Technology
  • Site Management Technologies
  • Data Collection Technologies
  • Reporting Technologies
  • Quality of Service
• Expertise
  • Late Phase Focus
  • Scientific Expertise
  • Resources
    • Newsletters (PRO/EPI)
    • Press Releases
    • Datasheets
    • Reference Sites

Privacy Policy

Website Privacy Policy

This is how we handle information we learn about you from your visit to our web site.

The information we receive depends on what you do when visiting our site. If you visit our site to read or download information, we collect and store, without limitation, the following types of information about you: the Internet Protocol (IP) address through which you accessed our site; the date and time you access our site; the type of browser you are using to access our site; and the referrer to our site (for example, if you find us through Google™ or Yahoo!®, that information is passed to our servers). We use this and other internal server specific information to measure the number of visitors to different sections of our site, so that we can make our site more useful to our visitors.

Except as required or permitted by law, we do not share any individually identifiable information about you outside of REGISTRAT-MAPI. We sometimes share aggregate information, including without limitation the number of visitors using a particular Internet Explorer version or total number of visitors to a site or a web site page.

If you are accessing our web site through a study-specific portal, user login information is accessible to REGISTRAT-MAPI’s Information Technology Department personnel and to those other persons requiring that information to provide support to visitors (such as REGISTRAT-MAPI’s Monitoring & Site Management Department).

Generic access information is not given the same level of security as the information that is provided to access through a study-specific portal. This is because there is no data collected on a simple visit that should require safeguarding. Excepting perhaps IP address and cookies (see below), access logs do not store unique user information but only unique system information such as: date of visit; host or proxy address; requested resource; whether the request succeeded or failed; the size of the resource; browser version; referring web site (if any); etc.

"Cookies" are small text files or pieces of information that may be stored in your computer's hard drive when you visit a web site. We use cookies to better tailor our site and our services to your interests and needs. Cookies may also be used to help speed up your future activities or to improve your user experience by remembering the information that you have already provided to us. The use of cookies is a standard in industry and you will find they are used at most web sites. We use cookies for login verification, session management, load balancing, and personalization to enable or enhance your user experience. We never use cookies to retrieve information from your computer that was not already voluntarily provided to us by you. You are always free to decline our cookies if your browser permits, although in that case you may not be able to use certain features on our site.

You may choose to send personally-identifying information to other sites you have linked to through our site. We do not control the collection or use of this information, and make no representations about the privacy policies of other sites.

The effective date of this “Website Privacy Policy” is February 12, 2010. It amends our previous policy, originally posted on January 5, 2005. Should you have questions about what has changed or should you have any other questions or concerns regarding our Privacy Policy, please direct your inquiries to privacy@registratmapi.com.

Top

REGISTRAT-MAPI Privacy Policy
Including US-EU/EEA Safe Harbor

REGISTRAT-MAPI abides by the Safe Harbor Principles as laid out in the Safe Harbor Agreements between the United States Department of Commerce and the European Commission on behalf of the European Union and that US agency and the Federal Data Protection and Information Commission of Switzerland (collectively, the “Safe Harbor Agreements”) and by the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as applicable.

REGISTRAT-MAPI respects the privacy of its clients and customers (and their clients and customers) and others who may use REGISTRAT-MAPI's services.

This privacy policy sets forth the privacy principles that REGISTRAT-MAPI follows with respect to the protection and transfer of personal information, including data transfers from European Union or European Economic Area countries (“EU/EEA”) to the United States. This statement applies to all personal information REGISTRAT-MAPI processes (except as noted below), including online and offline data.

"Personal Information" means any information or set of information that is recorded in any form, pertains to or is about you, and can be linked to or used to identify you, and in the case of EU/EEA residents is transferred from the EU/EEA to the United States. Personal Information does not include information that is encoded, anonymized, or publicly available information that has not been combined with non-public personal information. Personal Information does not include information that pertains to or is about a specific person from which that person could not reasonably be identified.

The Privacy Principles

REGISTRAT-MAPI's operations and processing of Personal Information conform to the Safe Harbor Privacy Principles as stated below.

Notice and Choice

To the extent permitted by the Safe Harbor Agreements, REGISTRAT-MAPI reserves the right to process Personal Information in the course of providing professional services to REGISTRAT-MAPI's clients and customers without the knowledge of the individual involved. Where appropriate, necessary, and practical, REGISTRAT-MAPI gives both notice of our intent to process Personal Information and a choice to opt-out of processing such information. Participation by you in activities that involve Personal Information is with your consent, after you have been informed how the information will be collected and used.

Disclosures and Transfers

REGISTRAT-MAPI will not disclose your Personal Information to third parties, except when one or more of the following conditions is true:

• REGISTRAT-MAPI has your permission to make the disclosure.
• The disclosure is required by law or professional standards.
• The information in question is publicly available.
• The disclosure is reasonably necessary for the establishment or defense of legal claims.
• We have collected your information on behalf of one of our customers, to whom we reserve the right to disclose that information.

Access to Personal Information about individuals is given only to those who have a legitimate need to know the information to carry out their responsibilities. Any third party to whom we disclose Personal Information will be required to also protect that Personal Information.

Data Security

To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of its clients, customers and business partners, REGISTRAT-MAPI has put in place and rigorously enforces appropriate physical, electronic, and managerial procedures to safeguard and secure the information that REGISTRAT-MAPI processes. You can find more detailed information in the “Data Security Processes and Policies” section below.

If appropriate in the event of a breach of Personal Information security, those persons whose data has been compromised will be sent notice of that breach. That notice may include: a description of the information disclosed; how to contact the discloser; toll free numbers for credit reporting agencies; toll free numbers, web addresses and addresses for the state Attorney General and the Federal Trade Commission where you may be able to get information about data security breaches; a warning to watch for fraud or identity theft; and what has been done to prevent future breaches. That notice may be sent by First Class mail, electronic communication, telephone, or by being published in a general circulation newspaper. When notice occurs it will be made without unreasonable delay, but no more than ten (10) days after a breach. If appropriate, we will also notify the police, the Attorney General, and if more than 1,000 people’s data was involved we may provide notice to consumer reporting agencies.

Data Integrity

REGISTRAT-MAPI processes Personal Information only in ways compatible with the purpose for which it was collected or authorized by you. To the extent necessary for such purposes, REGISTRAT-MAPI takes reasonable steps to make sure that Personal Information is accurate, complete, current and otherwise reliable for its intended use.

Access and Correction

If you become aware that information REGISTRAT-MAPI maintains about you is inaccurate and you wish to have it corrected, or if you would like to amend, update, delete or review your information, you may contact REGISTRAT-MAPI at the addresses indicated under “Enforcement and Dispute Resolution” section below. You will need to provide sufficient identifying information, such as name, address, birth date, etc. REGISTRAT-MAPI may request additional identifying information as a security precaution. In addition, REGISTRAT-MAPI may limit or deny your access to Personal Information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Safe Harbor Agreements.

In every case, REGISTRAT-MAPI will take reasonable steps to permit you to review your information or to correct, amend, update or delete your information that is demonstrated to be inaccurate.

Enforcement and Dispute Resolution

REGISTRAT-MAPI utilizes the self-assessment approach to assure its compliance with this privacy policy. REGISTRAT-MAPI periodically verifies that this privacy policy is accurate, comprehensive for the information intended to be covered, accessible, completely implemented, and in conformity with the Safe Harbor Principles.

If you have any questions regarding our Privacy Policy or how it is implemented, or if you wish to review, correct, amend, update or delete your Personal Information, or if you have concerns about how your Personal Information is handled, please contact us at:

REGISTRAT-MAPI
ATTN: Privacy
2343 Alexandria Drive, Suite 400
Lexington, KY 40504-3276
USA

or by email at: privacy@registratmapi.com

In compliance with the Safe Harbor Principles, REGISTRAT-MAPI commits to resolve complaints about your privacy and our collection or use of your personal information. Anyone with inquiries or complaints by regarding this privacy policy should contact REGISTRA-MAPI at the address above.

REGISTRAT-MAPI has further committed to refer unresolved privacy complaints from European Union citizens under the Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU Safe Harbor, operated by the Council of Better Business Bureaus. Thus, if you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by REGISTRAT-MAPI, you may contact:

Council of Better Business Bureaus, Inc.
BBB EU Safe Harbor
4200 Wilson Boulevard, Suite 800
Arlington, VA 22203
Phone: 703-276-0100
Web: www.bbb.org/us
Email: eusafeharbor@council.bbb.org

USA Dispute resolution for the EU/EEA may also be handled through the EU/EEA Data Protection Authorities.

Changes to this Policy

REGISTRAT-MAPI may change this privacy policy from time to time, consistent with the requirements of the Safe Harbor Principles, the Safe Harbor Agreements or the United States Department of Commerce. REGISTRAT-MAPI will publish any amended privacy policy on this web site.

Top

Data Security Processes and Policies

Administrative

REGISTRAT-MAPI’s data security program is administered by the head of our Information Technology (IT) Department, who can be contacted at this address:

REGISTRAT-MAPI
ATTN: Information Technology
2343 Alexandria Drive, Suite 400
Lexington, KY 40504-3276
USA

or by email at: it@registratmapi.com.

Appropriate REGISTRAT-MAPI IT staff and the REGISTRAT-MAPI Privacy Officer will review potential security risks at least yearly in a scheduled review.

Employees are trained in security procedures and policies.

Employees’ actions are monitored by supervisory personnel to assure compliance with security procedures and policies.

REGISTRAT-MAPI monitors intrusion protection systems and monitoring systems to identify potential issues. Appropriate staff will be notified in the event of any breach of security to systems.

Prior to any data leaving the REGISTRAT-MAPI premises, supervisor of the person causing it to leave the premises must agree with the copying or relocation of the data and authorize that the data may be taken off-site in human readable format.

Use of REGISTRAT-MAPI’s computers and systems are explained in REGISTRAT-MAPI’s Standard Operating Procedures (SOP(s)) and include the provision of working only from REGISTRAT-MAPI server network drives. Working from local drives or modified storage methods must be approved and proper security assessed on a case by case basis.

In the case of a violation of any security procedure, appropriate action will be taken up to and including termination of employment or potential legal action.

REGISTRAT-MAPI SOPs guide the elimination of access to data post employment and such actions are executed immediately.

When applicable, REGISTRAT-MAPI requires all third-party vendors to abide by our security polices and to verify that they do so.

REGISTRAT-MAPI limits data collected to what is actually needed. Where possible, we limit the need of person specific identifiers. Although individual REGISTRAT-MAPI customers and clients dictate final data collection forms for certain Personal Information, REGISTRAT-MAPI will guide them to seek the lowest level of personal data possible for successful data collection.

REGISTRAT-MAPI tracks which computers or other storage systems, including paper storage, contain Personal Information. We hold all systems to the highest level of security as dictated by SOPs. When appropriate, we store paper records in a secure records room which has controlled access as dictated by physical security SOPs.

REGISTRAT-MAPI regularly monitors all systems, both physical and logical, in the REGISTRAT-MAPI facilities, files, networks and servers, and verifies security and integrity of each system.

REGISTRAT-MAPI reviews security policies and procedures at least annually and more often as necessary depending on individual business needs.

The REGISTRAT-MAPI IT department documents all security incidents with an incident report and assesses impact, if any, based on that report.

Physical Security

REGISTRAT-MAPI has physical security guidelines, including restrictions on physical access to Personal Information and physical access to computers and systems inside of REGISTRAT-MAPI facilities, files, networks and servers.

REGISTRAT-MAPI manages the personnel who have access to the physical secure records storage systems in REGISTRAT-MAPI, and this is verified at least monthly and tracked in real time.

The REGISTRAT-MAPI IT Department controls the setup and use of computer systems internally, including items ranging from inventory to configuration management.

The REGISTRAT-MAPI IT Department sets standards for secure authentication protocols and how these protocols may be used in REGISTRAT-MAPI.

REGISTRAT-MAPI has systems and procedures: that control user IDs and passwords; set standards for how passwords and unique user IDs are created and assigned; for how passwords must be secured; and for computer locks and intrusion controls are implemented so that accounts and files will be locked in the event of a breach attempt.

REGISTRAT-MAPI restricts access to information to those personnel who have a “need to know” based on each person’s job function.

Project specific guidelines dictate the level of encryption used to protect data at REGISTRAT-MAPI that may be available on the Internet. Although REGISTRAT-MAPI typically uses 128 bit encryption, higher levels of encryption may be used based upon customer and client requirements.

REGISTRAT-MAPI manages all virus, intrusion protection, malware, spybot and other potential threats and updates patterns for each at least daily. As part of the update, REGISTRAT-MAPI monitors for potential misuse of systems or resources and logs potential threats as they are identified. To ensure data security in local networks, REGISTRAT-MAPI employs a series of firewalls and limits or blocks access to potentially threatening sites.

The effective date of this “REGISTRAT-MAPI Privacy Policy Including US-EU/EEA Safe Harbor” is February 12, 2010.

Top

We self-certify compliance with

www.export.gov/safeharbor

Copyright 2010 REGISTRAT-MAPI All Rights Reserved

• home
• contact us
• terms and conditions
• privacy policy
• site map