Global Privacy Statement

Boston Biomedical Associates (BBA) is a full-service clinical research organization. Our mission is to define and provide our clients with the most integrated strategic plan possible to propel their products forward to market in an effective and timely manner. For nearly 20 years, BBA has assisted sponsors with global Device, Drug and Biologics clinical research from concept idea through PMA submission and commercialization.

BBA is committed to respecting the privacy of individuals, and complies with the  EU-U.S. Privacy Shield  Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States, including personal data collected on our website, personal data that may be provided for clinical trials, personal data collected from employees, and personal data collected from investigators, their staff and any third party vendors.  BBA has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit BBA remains committed to adherence with laws around the globe relating to data protection and privacy, including the General Data Protection Regulation 2016/679.

PRIVACY SHIELD: BBA adheres to the seven Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity, Access, and Recourse, Enforcement and Liability as they relate to personal data. BBA verifies compliance to the Principles through self-assessment. The Privacy Policy covering human resources data can be accessed on our intranet website by all employees.

CLINICAL TRIAL SUBJECTS: BBA collects pseudonomized medical and health information about the individuals who take part in clinical trials through physician investigators. The physician investigators, who examine the individuals before and during the clinical trials, are responsible for ensuring that the individuals understand and consent to the gathering of sensitive personal data relating to an individual’s health and lifestyle, and the transfer of such pseudonomized information to third parties who may be providing services for the clinical trial. The requirements of data protection and data privacy laws generally mandate that consent must be obtained before any health or sensitive data is collected from individuals. These informed consent agreements state that data may be transferred to other countries and to other parties.

INVESTIGATOR PHYSICIANS: BBA collects personal data about the investigator physicians and staff of such physicians in the hospitals and clinics that take part in a clinical study. This allows BBA to quickly identify and contact physicians for participation in clinical studies. BBA complies with data protection laws that require physician investigators to consent to the collection of their personal data and receive notice of their data protection rights. If an investigator or any staff member wishes to exercise its data protection rights, they may contact us at .

IT AND SECURITY: BBA maintains a high level of information technology security, particularly in relation to all of the personal data we collect. BBA has in place physical, electronic and managerial procedures to safeguard and secure the information we collect. BBA’s data from clinical trials is stored in a web-based proprietary software program which only authorized individuals can access on a need to know basis. Access to other personal data is restricted to those authorized employees on a need to know basis depending what type of work they are performing for BBA. All employees receive training and are required to review and understand global data protection requirements. BBA deploys encryption, firewalls, access controls, and other procedures to protect data from loss, misuse, unauthorized access, disclosure, alteration and destruction. BBA may at times be required to disclose personal information in response to lawful requests by legal or regulatory authorities.

TRANSFER TO THIRD PARTIES: To facilitate the purposes of clinical research, personal data may be shared in the normal course and scope of business with third parties to whom BBA has chosen to outsource work. In the event that personal data is transferred to a third party, BBA requires in its agreements with third parties that adequate privacy precautions are taken that provide the same level of privacy protection as is required by the Principles of the Privacy Shield. In certain circumstances, BBA may remain responsible and liable under Privacy Shield Principles if such third parties process the personal data in a manner inconsistent with the Privacy Shield Principles.

RIGHT OF ACCESS AND CHOICE: In accordance with Privacy Shield, EU and Swiss citizens whose data is collected may have a right to access, modify or suppress personal data, or to elect not to have personal data disclosed to a third party, or to object to their personal data being used for any purpose materially different from the purposes disclosed to them or stated within this Privacy Policy, by contacting BBA’s Data Protection Officer at or at 100 Crowley Drive, Suite 216, Marlborough, MA 01752. Please note that a clinical trial participant may not access its data during the clinical trial if the disclosure of such information would jeopardize the integrity of the research effort.

ENFORCEMENT, RECOURSE AND LIABILITY: The BBA organization is subject to the Federal Trade Commission (FTC) investigatory and enforcement powers ensuring BBA’s compliance with the Privacy Shield framework.

In compliance with the Privacy Shield Principles, BBA commits to resolve complaints about our collection or use of personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BBA’s Data Protection Officer at: or by mail at 100 Crowley Drive, Marlborough, MA 01752.

BBA agrees to respond to the complaint within 30 days of receipt. BBA has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States.  If you do not receive timely acknowledgement of your complaint from us, or we have not addressed your complaint to your satisfaction,  please visit for more information or to file a complaint.  The services of JAMS are provided at no cost to you.

In addition, BBA commits to cooperate with the panel established by the EU data protection authorities (DPAs) and comply with the advice given by the panel and the Commissioner with regard to data transferred from the EU. The DPAs can be found here:, The FTC has committed to reviewing on a priority basis referrals alleging non-compliance with the Principles of the Privacy Shield framework. If the complaint is not resolved using the independent recourse mechanism, as a last resort, the Privacy Shield framework provides for binding arbitration from a Privacy Shield Panel, made up of three neutral arbitrators.

EU and Swiss citizens who pursue resolution of a data protection dispute will not be charged any costs by BBA associated with resolution of the dispute. However, in pursuing the final option of binding arbitration, each party will bear its own legal fees.

COOKIES: This website uses “cookies,” which is information that our web server sends to your computer when you access a website.  This information enables our website to track where you go on our website.   The cookies help us analyze how our website is used, and help us to improve it. In some cases, your IP address, which is a number assigned to your computer by your internet service provider, may be collected. The cookies we send and the IP address does not allow us to identify you, it only allows us to identify the computer you are using.

HOW TO CONTACT US: To ask questions about this Privacy Policy or to exercise any rights under privacy or data protection laws, please contact us at Boston Biomedical Associates, 100 Crowley Drive, Suite 216, Marlborough, MA 01752 Attention: Mark McIlduff, Data Protection Officer, or .

Effective date of this revised Global Privacy Policy:  June 4, 2019

To Inquire About Our Services

Let's Keep in Touch!

Stay updated with our latest news and insights delivered to your inbox.

You have Successfully Subscribed!