Boston Biomedical Associates (BBA) is a full-service clinical research organization. Our mission is to define and provide our clients with the most integrated strategic plan possible to propel their products forward to market in an effective and timely manner. For nearly 20 years, BBA has assisted sponsors with global Device, Drug and Biologics clinical research from concept idea through PMA submission and commercialization.
CLINICAL TRIAL SUBJECTS: BBA collects pseudonomized medical and health information about the individuals who take part in clinical trials through physician investigators. The physician investigators, who examine the individuals before and during the clinical trials, are responsible for ensuring that the individuals understand and consent to the gathering of sensitive personal data relating to an individual’s health and lifestyle, and the transfer of such pseudonomized information to third parties who may be providing services for the clinical trial. The requirements of data protection and data privacy laws generally mandate that consent must be obtained before any health or sensitive data is collected from individuals. These informed consent agreements state that data may be transferred to other countries and to other parties.
INVESTIGATOR PHYSICIANS: BBA collects personal data about the investigator physicians and staff of such physicians in the hospitals and clinics that take part in a clinical study. This allows BBA to quickly identify and contact physicians for participation in clinical studies. BBA complies with data protection laws that require physician investigators to consent to the collection of their personal data and receive notice of their data protection rights. If an investigator or any staff member wishes to exercise its data protection rights, they may contact us at firstname.lastname@example.org .
IT AND SECURITY: BBA maintains a high level of information technology security, particularly in relation to all of the personal data we collect. BBA has in place physical, electronic and managerial procedures to safeguard and secure the information we collect. BBA’s data from clinical trials is stored in a web-based proprietary software program which only authorized individuals can access on a need to know basis. Access to other personal data is restricted to those authorized employees on a need to know basis depending what type of work they are performing for BBA. All employees receive training and are required to review and understand global data protection requirements. BBA deploys encryption, firewalls, access controls, and other procedures to protect data from loss, misuse, unauthorized access, disclosure, alteration and destruction. BBA may at times be required to disclose personal information in response to lawful requests by legal or regulatory authorities.
TRANSFER TO THIRD PARTIES: To facilitate the purposes of clinical research, personal data may be shared in the normal course and scope of business with third parties to whom BBA has chosen to outsource work. In the event that personal data is transferred to a third party, BBA requires in its agreements with third parties that adequate privacy precautions are taken that provide the same level of privacy protection as is required by the Principles of the Privacy Shield. In certain circumstances, BBA may remain responsible and liable under Privacy Shield Principles if such third parties process the personal data in a manner inconsistent with the Privacy Shield Principles.
ENFORCEMENT, RECOURSE AND LIABILITY: The BBA organization is subject to the Federal Trade Commission (FTC) investigatory and enforcement powers ensuring BBA’s compliance with the Privacy Shield framework.
In compliance with the Privacy Shield Principles, BBA commits to resolve complaints about our collection or use of personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BBA’s Data Protection Officer at:
email@example.com or by mail at 100 Crowley Drive, Marlborough, MA 01752.
BBA agrees to respond to the complaint within 30 days of receipt. BBA has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
In addition, BBA commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel and the Commissioner with regard to data transferred from the EU. The DPAs can be found here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm, The FTC has committed to reviewing on a priority basis referrals alleging non-compliance with the Principles of the Privacy Shield framework. If the complaint is not resolved using the independent recourse mechanism, as a last resort, the Privacy Shield framework provides for binding arbitration from a Privacy Shield Panel, made up of three neutral arbitrators.
EU and Swiss citizens who pursue resolution of a data protection dispute will not be charged any costs by BBA associated with resolution of the dispute. However, in pursuing the final option of binding arbitration, each party will bear its own legal fees.
COOKIES: This website uses “cookies,” which is information that our web server sends to your computer when you access a website. This information enables our website to track where you go on our website. The cookies help us analyze how our website is used, and help us to improve it. In some cases, your IP address, which is a number assigned to your computer by your internet service provider, may be collected. The cookies we send and the IP address does not allow us to identify you, it only allows us to identify the computer you are using.