NCT Holdings, Inc. [also referred to as ‘VeraSci‘, formerly known as ‘NeuroCog Trials (NCT)’ and ‘NCT Linguistics (NCTL)’] is a clinical and cognition assessment services company that offers eCOA (electronic Clinical Outcome Assessments), Consulting, Site/Rater Screening, Rater Training and Certification, Scale Licensing, Translations, Data Review, Statistical Analysis services to companies for clinical trial data that is collected from global sites.
Protecting consumer privacy is important to NCT Holdings, Inc. NCT Holdings, Inc. (hereinafter collectively referred to as “VeraSci,” “we,” “us” or “our”) complies with local and global privacy regulations for all locations where we provide services, including the EU General Data Protection Regulation regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States, respectively. VeraSci currently remains certified with the Department of Commerce that it adheres to the Privacy Shield Principles, pending a new or revised program or agreement with the European High Court, while supplementing these measures with applicable business associate agreements, standard contractual clause agreements, and/or onward transfer agreements as appropriate to provide adequate assurance of data privacy measures in place for services provided.
VeraSci acknowledges the right of the EU or UK individual to invoke binding arbitration, at no cost to the individual, in filing a complaint disputing VeraSci’s adherence to the privacy practices required by GDPR with the EU DPA (European Union Data Protection Authority). The authority of the Swiss FDPIC (Federal Data Protection and Information Commissioner) will substitute for that of the EU DPA’s authority for data complaints originating from Switzerland.
The Federal Trade Commission has jurisdiction over VeraSci’s compliance with the Privacy Shield. VeraSci. submits to being subject to the investigatory and enforcement powers of the FTC, the Department of Transportation, or any other U.S. authorized statutory body with regards to our self-certification and implementation of the Principles and acknowledges the right of the EU individual to invoke binding arbitration, at no cost to the individual, in filing a complaint disputing VeraSci’s adherence to these practices with the EU DPA (European Union Data Protection Authority). The authority of the Swiss FDPIC (Federal Data Protection and Information Commissioner) will substitute for that of the EU DPA’s authority throughout the Swiss – U.S. Privacy Shield.
“Cookies” means small pieces of data stored by your Internet browser on your computer’s hard drive when visiting a website to make the site runs better and/or to provide information to the website owners. Now commonly used, cookies can be controlled through web browsers; for some sites, they may be refused, or they can be deleted from browser history once no longer visiting a website if desired.
“EU-US Privacy Shield” means the EU-U.S (including UK) and Swiss-U.S. Privacy Shield Frameworks that were designed by the U.S. Department of Commerce, the European Commission, the Swiss Administration and the UK Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union, the UK, and Switzerland to the United States in support of transatlantic commerce.
“GDPR (General Data Protection Regulation)” means a new regulation that replaces the current European Union (EU) Data Protection Directive 95/46/EC. The Regulation will apply to all EU Member States and is effective as of May 2018. The GDPR brings harmonization by applying the same set of Data Protection rules across the Europe.
“Local Language Experts (LLEs)” means VeraSci employees or contractors who provide translation services to VeraSci and their sponsors for test data, queries for the data or translation of other project materials including instructional videos and manuals.
“Personal Information” or “Information” means information that (1) is transferred from the EU, the UK, and Switzerland or other countries to the United States; (2) is recorded in any form; (3) is about or pertains to a specific individual; and (4) can be linked directly or indirectly to that individual.
“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or ideological beliefs or activities, trade union membership, genetic information, biometric data processed as a means of unique identification, or that concerns an individual’s health, social security measures, or as relates to the commission of a criminal offense or sanctions thereof.
“Site Rater” will mean the clinical site staff that is trained to conduct cognitive and clinical test assessments and to collect the information from those assessments which will be transferred to the Study Sponsor and VeraSci to be used for clinical trials.
“Study Sponsor” will mean a party that VeraSci has entered into a formal agreement with where VeraSci will provide assistance in processing cognitive or other clinical data that will be used to support a clinical research study.
“Third Party” means any party that has entered into an agreement with VeraSci for the purpose of collecting, processing, translating, analyzing or storing personal data either manually or electronically. VeraSci stipulates in any agreement with a third-party agent that the third party must subscribe to these Principles to ensure data privacy is preserved.
“Translation Client” means any party that has entered into an agreement with VeraSci for the purpose of translating personal data either manually or electronically.
“VeraSci Certified Linguists” means VeraSci employees or contractors who provide translation services to VeraSci or other clients. VeraSci Certified Linguists specialize in translation, interpretation, voice-over, training and localization. The primary distinction between LLEs and VeraSci Certified Linguists is that VeraSci Certified Linguists are required to pass a more stringent nationally and internationally recognized certification process.
Types of Information Gathered by VeraSci:
Information obtained through cookies may be transmitted either directly to us or to a third-party service provider (such as marketing automation software or network advertisers) authorized to collect information on our behalf. This information is used to measure the number of visits, average time spent, page views, and other statistics about visitors to our website in general and may be used to provide tailored offerings or content to you, including VeraSci advertisements when you visit other websites.
Additionally, we may collect personal information such as name, email address, company name, phone number, job title, and street address through a form. We use your personal data to respond to your requests or inquiries. We also may use the information you provided to contact you about products and services VeraSci has to offer which may interest you. For this purpose, we will ask for your consent each time you submit a form.
Cognitive and Clinical Assessment Test Data for Clinical Trials:VeraSci collects, processes, translates, analyzes and stores cognitive and clinical test data from clinical trials for their Study Sponsors. This test data may be captured on paper or electronically and it may include personal information from the subject or site raters. VeraSci works with the Study Sponsor to ensure that the subjects and site raters understand what type of data is being collected and to clarify the purpose for collecting the data. VeraSci works with the Study Sponsor and site rater(s) to limit the collection of any personal data that is not relevant to the study. In these types of studies, only the Study Sponsor will have the ability to contact an individual directly in order to allow them to opt out of any disclosures of personal data that are not previously authorized.
The electronic data captured for studies may include audio or video recordings of the cognitive test assessments. Audio and video recordings are used to provide feedback to the site rater on their performance of testing and to correct errors in the data that is collected.
In these cases, VeraSci will work with an Investigational Review Board (IRB) or Ethics Committee (EC) to ensure that subjects and raters understand what type of data is collected and to clarify the purpose for collecting the data. In these types of studies, VeraSci will limit the collection of any personal data for individuals participating in the study that is not relevant to the study.
- Human Resource and Financial Information:
Most VeraSci employees are located at the VeraSci office in Durham, North Carolina, United States but our Local Language Experts (LLEs) or Certified Linguists may be located in any country. LLEs/Certified Linguists provide translation services for VeraSci and our sponsors. VeraSci collects human resource and financial information from the LLEs/Certified Linguists as needed to continue their employment with VeraSci.
For any human resources data of EU or UK citizens accessed, VeraSci agrees to cooperate and comply with the EU Data Protection Authorities (DPAs) to provide a recourse mechanism for any complaints regarding the handling of this data. Similarly, VeraSci will cooperate with the Swiss FDPIC for human resources data of Swiss citizens. Also refer to the section in this policy for “CHOICE” that provides additional options for related to the data we collect. VeraSci will also address other regulations related to the employment of LLEs as applicable globally.
VeraSci’s Certified Linguistics offers translation services for their translation clients. The translation services include written/verbal translations, localization, narration, etc. for all industries.
VeraSci collects cognitive and clinical assessment test information from clinical sites for the purpose of clinical research, translations and statistical analysis. This information is collected and prepared for VeraSci’s Study Sponsors unless the research is solely conducted by VeraSci (e.g. research grants). VeraSci and the Study Sponsor use standard processes (e.g. consent forms) to inform study participants, site staff and other individuals that work with VeraSci as applicable, about the purpose of the clinical research and the intended use of data that is collected for those studies. The data that is collected by VeraSci may be shared with the Study Sponsor, a vendor (Third Party) hired by VeraSci to assist with the trial, regulatory agencies, or other affiliates, subsidiaries or agents of the Study Sponsor as required by study contracts or as required by law (e.g. lawful requests by public authorities or to meet national security or law enforcement requirements).
VeraSci will work with Study Sponsors to offer individuals the opportunity in clear and plain language to affirmatively consent or explicitly dissent (opt-out) to the disclosure of their Personal Information to a third party or for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the individual.
For Sensitive Personal Information, VeraSci will not process any such information relating to individuals for any purpose other than that for which it was originally or subsequently authorized by the individual without first receiving prior explicit consent (opt-in), or as required or permitted, or where not prohibited by law or regulation.
VeraSci reserves the right to disclose information as required by law, or if deemed necessary to prevent physical harm, financial loss, or in connection with an investigation or legal proceeding.
VeraSci takes very seriously an individual’s right to choose regarding Personal Information, as required by applicable law, including the EU General Data Protection Regulation. VeraSci will facilitate, on behalf of the company and potentially other third parties, all reasonable and appropriate means to allow the following, as appropriate when compared with “the public interest in the availability of the data”:
- Plainly readable access to personal data, its location, and the purpose of its use
- To make easily accessible and to promptly comply with any request to transfer the data to another processor or facilitate withdrawal (opt-out) of further consent regarding continued use of an individual’s Personal Information
- To respect an individual’s right to be forgotten on request or as the data is no longer relevant to the original purposes for processing by ceasing further dissemination of the data
Prior to disclosing Personal Information to a third party, VeraSci or their Study Sponsor will notify the individual of such disclosure and allow the individual the choice to opt out of such disclosure. VeraSci will ensure that any third party for which Personal Information may be disclosed subscribes to applicable global privacy regulations for services provided, such as GDPR and Privacy Shield Principles and will enter into a contract with the third party that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles. VeraSci will take reasonable and appropriate steps to ensure that any third-party agent effectively processes the personal information transferred in a manner consistent with our obligations under the Principles, and upon notice, will take reasonable and appropriate steps to stop and remediate unauthorized processing. VeraSci will require said agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles. VeraSci will also provide a summary or representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.
VeraSci will remain liable under the Principles if its third-party agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Additionally, VeraSci will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.
For as long as the Privacy Shield remains without a formally designated replacement, VeraSci must annually certify its commitment to apply the Principles to information received under the Privacy Shield Framework, regardless of whether VS determines to leave the Privacy Shield of its own volition, in order to continue to keep such data or provide “adequate” protection for the information by another authorized means. Currently, VeraSci still subscribes to the Privacy Shield framework while new data protection regulations are being created and will continue to certify annually until such time as new regulations may be established to replace this framework.
VeraSci will take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. VeraSci has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction.
VeraSci will only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, VeraSci will take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use. VeraSci will adhere to the Principles for as long as it, or any contracted third-party acting on its behalf, retains such information.
As noted in the Choice section, VeraSci will allow an individual readable access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, request transfer of Personal Information to another processor, or to allow access to Personal Information processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.
If a complaint or dispute cannot be promptly resolved through our internal process, we agree to co-operate with the European Data Protection Authorities (DPAs) or Swiss FDPIC or other global agencies as applicable accordingly for dispute resolutions.
VeraSci will respond promptly to inquiries and requests for information relating to the GDPR or Privacy Shield or other applicable regulations and will respond expeditiously to complaints regarding compliance referred by applicable authorities through the designated channels and will respond to consumer complaints within 45 days of receipt of the complaint. VeraSci, in cooperation with DPAs, will respond directly to such authorities with regard to the investigation and resolution of complaints and will comply with any advice given by the DPAs where the DPAs take the view that VeraSci needs to take specific action to comply with the applicable privacy regulations, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.
Information Subject to Other Policies
Attn: Privacy & Data Protection Officer
3211 Shannon Road, Suite 300
Durham, NC 27707
Please use the following link to learn more about the Privacy Shield program and to view the VeraSci certification: https://www.privacyshield.gov
VeraSci commits to cooperate with any global data protection authority to address complaints as needed.
This includes, but is not limited to, the panel established by the EU data protection authorities (DPAs), the UK Administration, the Swiss Federal Data Protection and Information Commissioner (FDPIC), and comply with the advice given by the panel with regard to data transferred from the EU, UK, or Switzerland, whether of a human resources nature or not. To file a complaint, free of charge, regarding potential mishandling of EU, UK, or Swiss data by VeraSci for citizens of the countries listed below, you may refer to the following websites to locate the specific emails, websites, mailing addresses, and phone numbers for your corresponding country’s Data Protection Authority or the Swiss FDPIC:
- Czech Republic
- United Kingdom
- Or to contact the European Data Protection Supervisor
- Iceland https://eeas.europa.eu/diplomatic-network/iceland/3032/data-protection
- Liechtenstein https://eeas.europa.eu/diplomatic-network/liechtenstein/3032/data-protection
- Norway https://eeas.europa.eu/diplomatic-network/norway/3032/data-protection
To file a complaint regarding Swiss data privacy concerns, you may contact the Swiss Federal Data Protection and Information Commissioner to oversee any potential dispute resolution. You may reach the FDPIC via the following contact information:
Swiss Federal Data Protection and Information Commissioner
mail: Feldeggweg 1
telephone: +41 (0)58 462 43 95 (mon.-fri., 10-12 am)
fax: +41 (0)58 465 99 96
online contact form: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/kontaktformular.html
An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. The following is a link to Annex I for additional information:
Version 13, Effective as of 16 Nov 2020