Privacy Notice for Staff Members of Clinical Trials

1.    Introduction

This Privacy Notice applies to all staff members participating in Epics Therapeutics’ clinical trials (including investigators, Health Care Providers, CRO personnel and staff members of the Institution(s)) (hereinafter referred as “All staff members”) whose personal data is being processed in relation to clinical research and development activities organized by Epics Therapeutics (“Epics” or “we”).

As Data Controller of All staff members’ personal data, Epics whose registered headquarters are located at Rue Adrienne Bolland, 47 6041 Gosselies (Belgium) will be responsible for what happens to those personal data and will process your personal data in compliance with the EU General Data Protection Regulation (hereinafter “GDPR”) and those of the Law of July 30, 2018 on the protection of individuals with regard to the processing of personal data. We only collect and use the information necessary to achieve the purposes described below. Your data will be treated in accordance with this Privacy Notice at all times.

For any questions about this Privacy Notice, Epics’ Data Protection Officer (DPO) can be contacted at epicstx.dpo@mydata-trust.info

2.    The categories of personal data we process

 The personal data we process concerning All staff members may include:

(i)    Contact information (e.g., name, postal address, email address, fax number and phone number);

(ii)    Professional information (e.g., profession and title, place of work, the medical field in which you are active, CVs, professional qualifications, scientific activities (such as  previous clinical trial experience, and participation in past or pending research studies), publication of academic or scientific research and articles, and membership in associations and boards.

We collect personal data about you from a variety of sources, including directly from you and your institution (e.g. CV/resume), from publicly available sources (e.g. register of licensed medical practitioners in your country), online and other databases and websites, and from any other sources that you provide to participate in clinical research and development activities organized by Epics.

Note that if you do not provide your personal data, you will not be able to participate in the clinical trials.


3.    The legal basis we rely on to process personal data and what we use for

We only process your personal data in relation to our clinical trial(s) activities to satisfy our regulatory and legal obligations, e.g. to verify you are adequately trained, experienced and qualified to participate in the clinical trial(s).  This applies to All staff members.

4.    Who we share data with

We may share your personal data with others, in connection with the purposes described in this Notice. In particular, we may make your personal data available to:

  • Regulatory bodies and authorities, e.g. in respect of clinical trial submissions, reporting and/or in the context of applying for product registrations;
  • Companies with whom we may partner in connection with proposed or actual projects, such as shared research initiatives;
  • Our trusted service providers that supply goods and/or services to us, such as legal counsel, brokers, auditors and IT service suppliers;
  • Other trusted parties pursuant to a court order, to protect the interests of Epics, or where otherwise required by law or legal process;
  • Actual or prospective purchasers of Epics’ businesses in the event of a sale, merger or acquisition; and
  • The public in a limited way through websites, such as the EU clinical trial register and/or  www.clinicaltrials.gov, and other websites/databases that serve a comparable purpose to enhance clinical trial transparency.

If we are required to transfer Personal Data to vendors, suppliers, potential partners or prospective purchasers of Epics’ businesses outside the EEA, it will be done in compliance with the international data transfer restrictions that apply under EU data protection laws (including Chapter V under GDPR), and, where appropriate, through the use of appropriate safeguards (e.g. EU standard contractual clauses for data transfers).

You can receive a copy of the appropriate safeguards by contacting Epics’ DPO at the contact details provided above.


5.    What security measures we take to protect your personal data

We take appropriate technical and organizational security measures to protect your personal data in compliance with applicable data protection and privacy laws, which includes protection against accidental or unlawful destruction, loss, alteration, unauthorized access to, or disclosure of your personal data.

When we retain a service provider, that provider will be carefully selected and required to use appropriate measures in accordance with applicable law to protect the confidentiality and security of personal data. That provider will only be permitted to process your data on our written instruction.

6.    How long we keep data for

Your personal data will be stored for no longer than our obligations under applicable laws, considering the purpose(s) it was collected for.

7.    Data Protection Rights

Per GDPR, you have the following rights in relation to your personal data:

  • Right of access;
  • Right to rectification;
  • Right to restriction of processing; and
  • Right to erasure.

Please, note that these rights are not absolute and will be subject to a case-by-case analysis by Epics’ DPO.

To exercise your rights, contact Epics’ DPO at the contact details provided above. If Epics is unable to provide the requested data or fulfil your request, you will be provided with the reason(s) for such decision.

Please contact us if any of the details you have provided change (e.g. name or address).

You also have the right to lodge a complaint with the Supervisory Authority in the Member State of the European Union of your habitual residence, place of work or place of the alleged infringement if you consider that your personal data has/is not been processed in accordance with the GDPR.

The Belgian supervisory authority is called:

Data Protection Authority (DPA) who can be contacted at:
Rue de la Presse, 35 à 1000 Bruxelles
Tel.: +32 2 274 48 00
Fax +32 2 274 48 35
Email: contact@apd-gba.be

Website: https://www.dataprotectionauthority.be

Changes to this Staff Member’s Privacy Notice
This Privacy Notice is effective from 23 November 2021. We reserve the right to change this Privacy Notice at any time (for example, to comply with changes in laws or regulations; our practices, procedures and organizational structures; requirements imposed or recommended by supervisory authorities; or otherwise). Changes to this Privacy Notice shall be applicable on the effective date of implementation. We will communicate any changes to you, where we are required to do so.