Privacy Policy

Our full Privacy Policy is listed below.  For your convenience, you can also click on the following link in order to contact us to complete the actions available per the General Data Protection Regulation (GDPR):  Opt-Out, Access My Data, Request a Transfer, Right to be Forgotten

Introduction

NCT Holdings, Inc. [also referred to as ‘VeraSci‘, formerly known as ‘NeuroCog Trials (NCT)’ and ‘NCT Linguistics (NCTL)’] is a clinical and cognition assessment services company that offers eCOA (electronic Clinical Outcome Assessments), Consulting, Site/Rater Screening, Rater Training and Certification, Scale Licensing, Translations, Data Review, Statistical Analysis  services to companies for clinical trial data that is collected from global sites.

Protecting consumer privacy is important to NCT Holdings, Inc. NCT Holdings, Inc. (hereinafter collectively referred to as “VeraSci,” “we,” “us” or “our”) complies with local and global privacy regulations for all locations where we provide services, including the EU General Data Protection Regulation regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom to the United States, respectively.  VeraSci currently remains certified with the Department of Commerce that it adheres to the Privacy Shield Principles, pending a new or revised program or agreement with the European High Court, while supplementing these measures with applicable business associate agreements, standard contractual clause agreements, and/or onward transfer agreements as appropriate to provide adequate assurance of data privacy measures in place for services provided.

VeraSci acknowledges the right of the EU or UK individual to invoke binding arbitration, at no cost to the individual, in filing a complaint disputing VeraSci’s adherence to the privacy practices required by GDPR with the EU DPA (European Union Data Protection Authority). The authority of the Swiss FDPIC (Federal Data Protection and Information Commissioner) will substitute for that of the EU DPA’s authority for data complaints originating from Switzerland.

This privacy policy outlines our general policy and practices for implementing the following Principles, including the types of information we gather, how we use it, and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This privacy policy applies to all personal information received by VeraSci whether in electronic, paper or verbal format, for both non-HR and HR data.

The Federal Trade Commission has jurisdiction over VeraSci’s compliance with the Privacy Shield. VeraSci. submits to being subject to the investigatory and enforcement powers of the FTC, the Department of Transportation, or any other U.S. authorized statutory body with regards to our self-certification and implementation of the Principles and acknowledges the right of the EU individual to invoke binding arbitration, at no cost to the individual, in filing a complaint disputing VeraSci’s adherence to these practices with the EU DPA (European Union Data Protection Authority). The authority of the Swiss FDPIC (Federal Data Protection and Information Commissioner) will substitute for that of the EU DPA’s authority throughout the Swiss – U.S. Privacy Shield.

This privacy policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it, and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This privacy policy applies to all personal information received by VeraSci whether in electronic, paper or verbal format, for both non-HR and HR data.

Definitions

“Cookies” means small pieces of data stored by your Internet browser on your computer’s hard drive when visiting a website to make the site runs better and/or to provide information to the website owners. Now commonly used, cookies can be controlled through web browsers; for some sites, they may be refused, or they can be deleted from browser history once no longer visiting a website if desired.

EU-US Privacy Shield” means the EU-U.S (including UK) and Swiss-U.S. Privacy Shield Frameworks that were designed by the U.S. Department of Commerce, the European Commission, the Swiss Administration and the UK Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union, the UK, and Switzerland to the United States in support of transatlantic commerce.

GDPR (General Data Protection Regulation)” means a new regulation that replaces the current European Union (EU) Data Protection Directive 95/46/EC.  The Regulation will apply to all EU Member States and is effective as of May 2018.  The GDPR brings harmonization by applying the same set of Data Protection rules across the Europe.

Local Language Experts (LLEs)” means VeraSci employees or contractors who provide translation services to VeraSci and their sponsors for test data, queries for the data or translation of other project materials including instructional videos and manuals.

“Personal Information” or “Information” means information that (1) is transferred from the EU, the UK, and Switzerland or other countries to the United States; (2) is recorded in any form; (3) is about or pertains to a specific individual; and (4) can be linked directly or indirectly to that individual.

Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or ideological beliefs or activities, trade union membership, genetic information, biometric data processed as a means of unique identification, or that concerns an individual’s health, social security measures, or as relates to the commission of a criminal offense or sanctions thereof.

“Site Rater” will mean the clinical site staff that is trained to conduct cognitive and clinical test assessments and to collect the information from those assessments which will be transferred to the Study Sponsor and VeraSci to be used for clinical trials.

Study Sponsor” will mean a party that VeraSci has entered into a formal agreement with where VeraSci will provide assistance in processing cognitive or other clinical data that will be used to support a clinical research study.

“Third Party” means any party that has entered into an agreement with VeraSci for the purpose of collecting, processing, translating, analyzing or storing personal data either manually or electronically. VeraSci stipulates in any agreement with a third-party agent that the third party must subscribe to these Principles to ensure data privacy is preserved.

Translation Client” means any party that has entered into an agreement with VeraSci for the purpose of translating personal data either manually or electronically.

VeraSci Certified Linguists” means VeraSci employees or contractors who provide translation services to VeraSci or other clients.  VeraSci Certified Linguists specialize in translation, interpretation, voice-over, training and localization.   The primary distinction between LLEs and VeraSci Certified Linguists is that VeraSci Certified Linguists are required to pass a more stringent nationally and internationally recognized certification process.

Types of Information Gathered by VeraSci:

  • The VeraSci website is: http://www.verasci.com/  VeraSci believes it is important that you are able to control the collection of personal data when visiting our website and have therefore provided the option to either accept or refuse the use of cookies or other technologies. Cookies are small pieces of data stored by your Internet browser on your computer’s hard drive. A cookie, by itself, does not tell us your email address or who you are. It cannot be used to collect data from your hard drive or personal information about you. You can also use the settings within the Help section of your browser to control the cookies that are set on your computer or mobile device at any time, or simply to be notified when a cookie is received. Please be aware that cookies are important to many aspects of the website – if you refuse cookies or set your browser to reject cookies, you may not be able to enjoy all the features of the website. To easily view cookie options and how to reject or delete cookies, please visit http://www.aboutcookies.org. If you accept use of cookies, we will use tracking technology such as cookies to automatically record details about your visit. We use cookies to collect information such as your IP address, the name of the browser you use to access the Internet (such as Google Chrome), the website you came from, the website you visit next, and the VeraSci website pages that you actually visit, including the date and the duration of your visit.

    Information obtained through cookies may be transmitted either directly to us or to a third-party service provider (such as marketing automation software or network advertisers) authorized to collect information on our behalf. This information is used to measure the number of visits, average time spent, page views, and other statistics about visitors to our website in general and may be used to provide tailored offerings or content to you, including VeraSci advertisements when you visit other websites.

    Additionally, we may collect personal information such as name, email address, company name, phone number, job title, and street address through a form. We use your personal data to respond to your requests or inquiries. We also may use the information you provided to contact you about products and services VeraSci has to offer which may interest you.  For this purpose, we will ask for your consent each time you submit a form.

  • Cognitive and Clinical Assessment Test Data for Clinical Trials:VeraSci collects, processes, translates, analyzes and stores cognitive and clinical test data from clinical trials for their Study Sponsors.  This test data may be captured on paper or electronically and it may include personal information from the subject or site raters.  VeraSci works with the Study Sponsor to ensure that the subjects and site raters understand what type of data is being collected and to clarify the purpose for collecting the data.  VeraSci works with the Study Sponsor and site rater(s) to limit the collection of any personal data that is not relevant to the study.  In these types of studies, only the Study Sponsor will have the ability to contact an individual directly in order to allow them to opt out of any disclosures of personal data that are not previously authorized.

    The electronic data captured for studies may include audio or video recordings of the cognitive test assessments.  Audio and video recordings are used to provide feedback to the site rater on their performance of testing and to correct errors in the data that is collected.

    In these cases, VeraSci will work with an Investigational Review Board (IRB) or Ethics Committee (EC) to ensure that subjects and raters understand what type of data is collected and to clarify the purpose for collecting the data.  In these types of studies, VeraSci will limit the collection of any personal data for individuals participating in the study that is not relevant to the study.

  • Human Resource and Financial Information:

    Most VeraSci employees are located at the VeraSci office in Durham, North Carolina, United States but our Local Language Experts (LLEs) or Certified Linguists may be located in any country.   LLEs/Certified Linguists provide translation services for VeraSci and our sponsors.  VeraSci collects human resource and financial information from the LLEs/Certified Linguists as needed to continue their employment with VeraSci.

    For any human resources data of EU or UK citizens accessed, VeraSci agrees to cooperate and comply with the EU Data Protection Authorities (DPAs) to provide a recourse mechanism for any complaints regarding the handling of this data.  Similarly, VeraSci will cooperate with the Swiss FDPIC for human resources data of Swiss citizens.  Also refer to the section in this policy for “CHOICE” that provides additional options for related to the data we collect.  VeraSci will also address other regulations related to the employment of LLEs as applicable globally.

Translation:

VeraSci’s Certified Linguistics offers translation services for their translation clients.   The translation services include written/verbal translations, localization, narration, etc. for all industries.

All VeraSci employees are expected to adhere to the privacy principles noted in this Privacy Policy and VeraSci has implemented security procedures to protect any data that is handled by our internal employees and any remote LLEs/Certified Linguists.

Principles

Notice

VeraSci collects cognitive and clinical assessment test information from clinical sites for the purpose of clinical research, translations and statistical analysis.  This information is collected and prepared for VeraSci’s Study Sponsors unless the research is solely conducted by VeraSci (e.g. research grants).   VeraSci and the Study Sponsor use standard processes (e.g. consent forms) to inform study participants, site staff and other individuals that work with VeraSci as applicable, about the purpose of the clinical research and the intended use of data that is collected for those studies.  The data that is collected by VeraSci  may be shared with the Study Sponsor, a vendor (Third Party) hired by VeraSci to assist with the trial, regulatory agencies, or other affiliates, subsidiaries or agents of the Study Sponsor as required by study contracts or as required by law (e.g. lawful requests by public authorities or to meet national security or law enforcement requirements).

Choice

VeraSci will work with Study Sponsors to offer individuals the opportunity in clear and plain language to affirmatively consent or explicitly dissent (opt-out) to the disclosure of their Personal Information to a third party or for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the individual.

For Sensitive Personal Information, VeraSci will not process any such information relating to individuals for any purpose other than that for which it was originally or subsequently authorized by the individual without first receiving prior explicit consent (opt-in), or as required or permitted, or where not prohibited by law or regulation.

VeraSci reserves the right to disclose information as required by law, or if deemed necessary to prevent physical harm, financial loss, or in connection with an investigation or legal proceeding.

VeraSci takes very seriously an individual’s right to choose regarding Personal Information, as required by applicable law, including the EU General Data Protection Regulation. VeraSci will facilitate, on behalf of the company and potentially other third parties, all reasonable and appropriate means to allow the following, as appropriate when compared with “the public interest in the availability of the data”:

Onward Transfers

Prior to disclosing Personal Information to a third party, VeraSci or their Study Sponsor will notify the individual of such disclosure and allow the individual the choice to opt out of such disclosure.  VeraSci will ensure that any third party for which Personal Information may be disclosed subscribes to applicable global privacy regulations for services provided, such as GDPR and Privacy Shield Principles and will enter into a contract with the third party that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles. VeraSci will take reasonable and appropriate steps to ensure that any third-party agent effectively processes the personal information transferred in a manner consistent with our obligations under the Principles, and upon notice, will take reasonable and appropriate steps to stop and remediate unauthorized processing. VeraSci will require said agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles. VeraSci will also provide a summary or representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.

VeraSci will remain liable under the Principles if its third-party agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

Additionally, VeraSci will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

For as long as the Privacy Shield remains without a formally designated replacement, VeraSci must annually certify its commitment to apply the Principles to information received under the Privacy Shield Framework, regardless of whether VS determines to leave the Privacy Shield of its own volition, in order to continue to keep such data or provide “adequate” protection for the information by another authorized means. Currently, VeraSci still subscribes to the Privacy Shield framework while new data protection regulations are being created and will continue to certify annually until such time as new regulations may be established to replace this framework.

Data Security

VeraSci will take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. VeraSci has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction.

Data Integrity

VeraSci will only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, VeraSci will take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use. VeraSci will adhere to the Principles for as long as it, or any contracted third-party acting on its behalf, retains such information.

Access

As noted in the Choice section, VeraSci will allow an individual readable access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, request transfer of Personal Information to another processor, or to allow access to Personal Information processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.

Enforcement

VeraSci uses a robust self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with applicable global privacy regulations for services provided, such as the Principles and the GDPR. VeraSci remains obligated to remedy any problems arising out of failure to comply with these regulations.  We encourage interested persons to raise any concerns using the contact information provided below and we will investigate and attempt to expeditiously resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.

If a complaint or dispute cannot be promptly resolved through our internal process, we agree to co-operate with the European Data Protection Authorities (DPAs) or Swiss FDPIC or other global agencies as applicable accordingly for dispute resolutions.

VeraSci will respond promptly to inquiries and requests for information relating to the GDPR or Privacy Shield or other applicable regulations and will respond expeditiously to complaints regarding compliance referred by applicable authorities through the designated channels and will respond to consumer complaints within 45 days of receipt of the complaint. VeraSci, in cooperation with DPAs, will respond directly to such authorities with regard to the investigation and resolution of complaints and will comply with any advice given by the DPAs where the DPAs take the view that VeraSci needs to take specific action to comply with the applicable privacy regulations, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of applicable global privacy regulations where services are provided, such as the GDPR. We will post any revised policy on this website.

Information Subject to Other Policies

VeraSci is committed to following these Principles for all Personal Information within the scope of applicable global privacy regulations where services are provided. However, certain information is subject to policies of VeraSci that may differ in some respects from the general policies set forth in this privacy policy.

Contact Information

In compliance with these Principles, VeraSci commits to resolve complaints about our collection or use of your personal information, whether of a human resources nature or not.  Individuals with inquiries or complaints regarding our privacy policy should first contact VeraSci at:

Address:
VeraSci
Attn: Privacy & Data Protection Officer
3211 Shannon Road, Suite 300
Durham, NC 27707

Email:
privacy@verasci.com

Please use the following link to learn more about the Privacy Shield program and to view the VeraSci certification:  https://www.privacyshield.gov

This VeraSci Privacy Policy can be viewed at our website:  http://www.verasci.com

Further Complaints:

VeraSci commits to cooperate with any global data protection authority to address complaints as needed.

This includes, but is not limited to, the panel established by the EU data protection authorities (DPAs), the UK Administration, the Swiss Federal Data Protection and Information Commissioner (FDPIC), and comply with the advice given by the panel with regard to data transferred from the EU, UK, or Switzerland, whether of a human resources nature or not. To file a complaint, free of charge, regarding potential mishandling of EU, UK,  or Swiss data by VeraSci for citizens of the countries listed below, you may refer to the following websites to locate the specific emails, websites, mailing addresses, and phone numbers for your corresponding country’s Data Protection Authority or the Swiss FDPIC:

http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm:

To file a complaint regarding Swiss data privacy concerns, you may contact the Swiss Federal Data Protection and Information Commissioner to oversee any potential dispute resolution. You may reach the FDPIC via the following contact information:

Swiss Federal Data Protection and Information Commissioner

mail: Feldeggweg 1
CH-3003 Berne
Switzerland

telephone:  +41 (0)58 462 43 95 (mon.-fri., 10-12 am)

fax: +41 (0)58 465 99 96

online contact form: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/kontaktformular.html

Binding Arbitration

An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. The following is a link to Annex I for additional information:

https://www.privacyshield.gov/article?id=ANNEX-I-introduction

Version 13, Effective as of 16 Nov 2020