Privacy Policy

Our full Privacy Policy is listed below.  For your convenience, you can also click on the following link in order to contact us to complete the actions available per the General Data Protection Regulation (GDPR):  Opt-Out, Access My Data, Request a Transfer, Right to be Forgotten


NCT Holdings, Inc. [also referred to as ‘VeraSci‘, formerly known as ‘NeuroCog Trials (NCT)’ and ‘NCT Linguistics (NCTL)’] is a clinical and cognition assessment services company that offers eCOA (electronic Clinical Outcome Assessments), Consulting, Site/Rater Screening, Rater Training and Certification, Scale Licensing, Translations, Data Review, Statistical Analysis  services to companies for clinical trial data that is collected from global sites.

Protecting consumer privacy is important to NCT Holdings, Inc. NCT Holdings, Inc. (hereinafter collectively referred to as “VeraSci,” “we,” “us” or “our”) complies with the EU General Data Protection Regulation and the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (EU), the United Kingdom (UK) and Switzerland to the United States, respectively.  VeraSci has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit

The Federal Trade Commission has jurisdiction over VeraSci’s compliance with the Privacy Shield. VeraSci. submits to being subject to the investigatory and enforcement powers of the FTC, the Department of Transportation, or any other U.S. authorized statutory body with regards to our self-certification and implementation of the Principles and acknowledges the right of the EU individual to invoke binding arbitration, at no cost to the individual, in filing a complaint disputing VeraSci’s adherence to these practices with the EU DPA (European Union Data Protection Authority). The authority of the Swiss FDPIC (Federal Data Protection and Information Commissioner) will substitute for that of the EU DPA’s authority throughout the Swiss – U.S. Privacy Shield.

This privacy policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it, and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This privacy policy applies to all personal information received by VeraSci whether in electronic, paper or verbal format, for both non-HR and HR data.


“Cookies” means small pieces of data stored by your Internet browser on your computer’s hard drive when visiting a website to make the site run better and/or to provide information to the website owners. Now commonly used, cookies can be controlled through web browsers, including the option to delete them from browser history once no longer visiting a website if desired.

EU-US Privacy Shield” means the EU-U.S (including UK) and Swiss-U.S. Privacy Shield Frameworks that were designed by the U.S. Department of Commerce, the European Commission, the Swiss Administration and the UK Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union, the UK, and Switzerland to the United States in support of transatlantic commerce.

GDPR (General Data Protection Regulation)” means a new regulation that replaces the current European Union (EU) Data Protection Directive 95/46/EC.  The Regulation will apply to all EU Member States and is effective as of May 2018.  The GDPR brings harmonization by applying the same set of Data Protection rules across the Europe.

Local Language Experts (LLEs)” means VeraSci employees or contractors who provide translation services to VeraSci and their sponsors for test data, queries for the data or translation of other project materials including instructional videos and manuals.

“Personal Information” or “Information” means information that (1) is transferred from the EU, the UK, and Switzerland or other countries to the United States; (2) is recorded in any form; (3) is about or pertains to a specific individual; and (4) can be linked directly or indirectly to that individual.

Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or ideological beliefs or activities, trade union membership, genetic information, biometric data processed as a means of unique identification, or that concerns an individual’s health, social security measures, or as relates to the commission of a criminal offense or sanctions thereof.

“Site Rater” will mean the clinical site staff that is trained to conduct cognitive and clinical test assessments and to collect the information from those assessments which will be transferred to the Study Sponsor and VeraSci to be used for clinical trials.

Study Sponsor” will mean a party that VeraSci has entered into a formal agreement with where VeraSci will provide assistance in processing cognitive or other clinical data that will be used to support a clinical research study.

Third Party” means any party that has entered into an agreement with VeraSci for the purpose of collecting, processing, translating, analyzing or storing personal data either manually or electronically. VeraSci stipulates in any agreement with a third-party agent that the third party must subscribe to the Privacy Shield Principles and Framework to ensure data privacy is preserved.

Translation Client” means any party that has entered into an agreement with VeraSci for the purpose of translating personal data either manually or electronically.

VeraSci Certified Linguists” means VeraSci employees or contractors who provide translation services to VeraSci or other clients.  VeraSci Certified Linguists specialize in translation, interpretation, voice-over, training and localization.   The primary distinction between LLEs and VeraSci Certified Linguists is that VeraSci Certified Linguists are required to pass a more stringent nationally and internationally recognized certification process.

Types of Information Gathered by VeraSci:

  • The VeraSci website is: When you visit our website, we use tracking technology such as cookies to automatically record details about your visit. Cookies are small pieces of data stored by your Internet browser on your computer’s hard drive. A cookie, by itself, does not tell us your email address or who you are. It cannot be used to collect data from your hard drive or personal information about you. We use cookies to collect information such as your IP address, the name of the browser you use to access the Internet (such as Google Chrome), the website you came from, the website you visit next, and the VeraSci website pages that you actually visit, including the date and the duration of your visit.Information obtained through cookies may be transmitted either directly to us or to a third-party service provider (such as marketing automation software or network advertisers) authorized to collect information on our behalf. This information is used to measure the number of visits, average time spent, page views, and other statistics about visitors to our website in general and may be used to provide tailored offerings or content to you, including VeraSci advertisements when you visit other websites
  • Cognitive and Clinical Assessment Test Data for Clinical Trials: VeraSci collects, processes, translates, analyzes and stores cognitive and clinical test data from clinical trials for their Study Sponsors.  This test data may be captured on paper or electronically and it may include personal information from the subject or site raters.  VeraSci works with the Study Sponsor to ensure that the subjects and site raters understand what type of data is being collected and to clarify the purpose for collecting the data.  VeraSci works with the Study Sponsor and site rater(s) to limit the collection of any personal data that is not relevant to the study.  In these types of studies, only the Study Sponsor will have the ability to contact an individual directly in order to allow them to opt out of any disclosures of personal data that are not previously authorized.The electronic data captured for studies may include audio or video recordings of the cognitive test assessments.  Audio and video recordings are used to provide feedback to the site rater on their performance of testing and to correct errors in the data that is collected.  Other biometric data may be captured in order to ensure the integrity of data collected in clinical studies, however VeraSci has implemented measures to eliminate all access to this data in its original state in order never to compromise an individual’s personal information.In some cases, VeraSci may collect the data for a research study on their own (e.g. under a research grant). In these cases, VeraSci will work with an Investigational Review Board (IRB) or Ethics Committee (EC) to ensure that subjects and raters understand what type of data is collected and to clarify the purpose for collecting the data.  In these types of studies, VeraSci will limit the collection of any personal data for individuals participating in the study that is not relevant to the study.
  • Human Resource and Financial Information:

    Most VeraSci employees are located at the VeraSci office in Durham, North Carolina, United States but our Local Language Experts (LLEs) or Certified Linguists may be located in any country.   LLEs/Certified Linguists provide translation services for VeraSci and our sponsors.  VeraSci collects human resource and financial information from the LLEs/Certified Linguists as needed to continue their employment with VeraSci.

    For any human resources data of EU or UK citizens accessed, VeraSci agrees to cooperate and comply with the EU Data Protection Authorities (DPAs) to provide a recourse mechanism for any complaints regarding the handling of this data.  Similarly, VeraSci will cooperate with the Swiss FDPIC for human resources data of Swiss citizens.  Also refer to the section in this policy for “CHOICE” that provides additional options for related to the data we collect.


VeraSci’s Certified Linguistics offers translation services for their translation clients.   The translation services include written/verbal translations, localization, narration, etc. for all industries.

All VeraSci employees are expected to adhere to the privacy principles noted in this Privacy Policy and VeraSci has implemented security procedures to protect any data that is handled by our internal employees and any remote LLEs/Certified Linguists.



VeraSci collects cognitive and clinical assessment test information from clinical sites for the purpose of clinical research, translations and statistical analysis.  This information is collected and prepared for VeraSci’s Study Sponsors unless the research is solely conducted by VeraSci (e.g. research grants).   VeraSci and the Study Sponsor use standard processes (e.g. consent forms) to inform study participants, site staff and other individuals that work with VeraSci as applicable, about the purpose of the clinical research and the intended use of data that is collected for those studies.  The data that is collected by VeraSci  may be shared with the Study Sponsor, a vendor (Third Party) hired by VeraSci to assist with the trial, regulatory agencies, or other affiliates, subsidiaries or agents of the Study Sponsor as required by study contracts or as required by law (e.g. lawful requests by public authorities or to meet national security or law enforcement requirements).


VeraSci will work with Study Sponsors to offer individuals the opportunity in clear and plain language to affirmatively consent or explicitly dissent (opt-out) to the disclosure of their Personal Information to a third party or for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the individual.

For Sensitive Personal Information, VeraSci will not process any such information relating to individuals for any purpose other than that for which it was originally or subsequently authorized by the individual without first receiving prior explicit consent (opt-in), or as required or permitted, or where not prohibited by law or regulation.

VeraSci reserves the right to disclose information as required by law, or if deemed necessary to prevent physical harm, financial loss, or in connection with an investigation or legal proceeding.

VeraSci takes very seriously an individual’s right to choose regarding Personal Information, as required by applicable law, including the EU General Data Protection Regulation. VeraSci will facilitate, on behalf of the company and potentially other third parties, all reasonable and appropriate means to allow the following, as appropriate when compared with “the public interest in the availability of the data”:

Onward Transfers

Prior to disclosing Personal Information to a third party, VeraSci or their Study Sponsor will notify the individual of such disclosure and allow the individual the choice to opt out of such disclosure.  VeraSci will ensure that any third party for which Personal Information may be disclosed subscribes to the GDPR and Privacy Shield Principles and will enter into a contract with the third party that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles. VeraSci will take reasonable and appropriate steps to ensure that any third-party agent effectively processes the personal information transferred in a manner consistent with our obligations under the Principles, and upon notice, will take reasonable and appropriate steps to stop and remediate unauthorized processing. VeraSci will require said agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles. VeraSci will also provide a summary or representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.

VeraSci will remain liable under the Principles if its third-party agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

Additionally, VeraSci will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

If VeraSci leaves the Privacy Shield Framework at any point, it must annually certify its commitment to apply the Principles to information received under the Privacy Shield Framework if it chooses to keep such data or provide “adequate” protection for the information by another authorized means.

Data Security

VeraSci will take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. VeraSci has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction.

Data Integrity

VeraSci will only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, VeraSci will take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use. VeraSci will adhere to the Principles for as long as it, or any contracted third-party acting on its behalf, retains such information.


As noted in the Choice section, VeraSci will allow an individual readable access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, request transfer of Personal Information to another processor, or to allow access to Personal Information processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.


VeraSci uses a robust self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles and the GDPR. VeraSci remains obligated to remedy any problems arising out of failure to comply with these regulations.  We encourage interested persons to raise any concerns using the contact information provided below and we will investigate and attempt to expeditiously resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.

If a complaint or dispute cannot be promptly resolved through our internal process, we agree to co-operate with the European Data Protection Authorities (DPAs) or Swiss FDPIC accordingly dispute resolution procedures.

VeraSci will respond promptly to inquiries and requests by the Department for information relating to the GDPR or Privacy Shield and will respond expeditiously to complaints regarding compliance with the Principles referred by EU Member State, UK, or Swiss authorities through the Department and will respond to consumer complaints within 45 days of receipt of the complaint. VeraSci, in cooperation with DPAs, will respond directly to such authorities with regard to the investigation and resolution of complaints and will comply with any advice given by the DPAs where the DPAs take the view that VeraSci needs to take specific action to comply with the Privacy Shield Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.


This privacy policy may be amended from time to time consistent with the requirements of the GDPR or Privacy Shield Framework. We will post any revised policy on this website.

Information Subject to Other Policies

VeraSci is committed to following the Principles for all Personal Information within the scope of the Privacy Shield Agreement. However, certain information is subject to policies of VeraSci that may differ in some respects from the general policies set forth in this privacy policy.

Contact Information

In compliance with the Privacy Shield Principles, VeraSci commits to resolve complaints about our collection or use of your personal information, whether of a human resources nature or not.  Individuals with inquiries or complaints regarding our Privacy Shield policy should first contact VeraSci at:

Attn: Privacy & Data Protection Officer
3211 Shannon Road, Suite 300
Durham, NC 27707


Please use the following link to learn more about the Privacy Shield program and to view the VeraSci certification:

This VeraSci Privacy Policy can be viewed at our website:

Further Complaints:

VeraSci commits to cooperate with the panel established by the EU data protection authorities (DPAs), the UK Administration, the Swiss Federal Data Protection and Information Commissioner (FDPIC), and comply with the advice given by the panel with regard to data transferred from the EU, UK, or Switzerland, whether of a human resources nature or not. To file a complaint, free of charge, regarding potential mishandling of EU, UK,  or Swiss data by VeraSci for citizens of the countries listed below, you may refer to the following websites to locate the specific emails, websites, mailing addresses, and phone numbers for your corresponding country’s Data Protection Authority or the Swiss FDPIC:

To file a complaint regarding Swiss data privacy concerns, you may contact the Swiss Federal Data Protection and Information Commissioner to oversee any potential dispute resolution. You may reach the FDPIC via the following contact information:

Swiss Federal Data Protection and Information Commissioner

mail: Feldeggweg 1
CH-3003 Berne

telephone:  +41 (0)58 462 43 95 (mon.-fri., 10-12 am)

fax: +41 (0)58 465 99 96

online contact form:

Binding Arbitration

An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. The following is a link to Annex I for additional information:

Please note that at the first annual review, the Department of Commerce will work with the Swiss Government to put in place the binding arbitration option in Annex I of the Swiss-U.S. Privacy Shield Framework.

Version 12, Effective as of 18 Dec 2019