Medidata Solutions, Inc.

Active Participant

Participation

UK Extension to the EU-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 7/31/2023
Next Certification Due Date: 8/15/2024
Data Collected: HR, NON-HR

Swiss-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 5/10/2017
Next Certification Due Date: 7/30/2024
Data Collected: HR, NON-HR

EU-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 11/1/2016
Next Certification Due Date: 7/30/2024
Data Collected: HR, NON-HR

Purpose of Data Collection

Medidata may obtain and process personal data from visitors to our websites, from our employees based in the EU, Switzerland, or UK, or from our business services, including Software as a Service (SaaS) and solutions, that we provide to our customers for their business purposes. Medidata processes personal data provided by our customers as instructed by them, and does not directly control or own that personal data. As instructed in our customer agreements, Medidata may provide personal data to one or more subcontractors with whom we have contracted to provide services on our behalf. While our customers configure our services and determine what data to submit, our business services usually process personal data about our customer's employees, the employees of clinical sites contracted by our customers, and customer clinical study data pertaining to individuals. Specifically, we offer software-as-a-service products in the life sciences industry, where processing covered personal data is necessary to support clinical trials and related activities conducted by our customers.

Privacy Policy

HR Data

EMEA Workforce Privacy Notice
Description:

Medidata's EMEA Workforce Privacy Notice provides Medidata's rules for its processing of HR personal data, which cover the DPF principles. The Notice is available to all employees on Medidata's internal portal.

Effective Date: 7/31/2023

Non-HR Data

Document: Data Privacy Framework Policy
Description:

Component of broader privacy policy.

Effective Date: 7/31/2023
Document: Privacy Policy
Description:

Privacy Policy covers individuals who visit Medidata's websites and share customer data (individuals who use Medidata's applications).

Effective Date: 10/26/2022

Verification Method

Self-Assessment

Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Medidata Solutions, Inc. at:

Andrew Kopelman
VP, AGC & Chief Privacy Counsel
Medidata Solutions, Inc.
350 Hudson Street, Floor 9 New York, NY 10038
350 Hudson St
New York, New York 10014-4535
akopelman@mdsol.com
Phone: (212) 466-4161

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Medidata Solutions, Inc. to your question or complaint, please contact the independent recourse mechanism listed below


HR RECOURSE MECHANISM

EU Data Protection Authorities (DPAs)
UK Information Commissioner's Office (ICO)
Swiss Federal Data Protection and Information Commissioner (FDPIC)

NON-HR RECOURSE MECHANISM

BBB National Programs DPF Services
EU Data Protection Authorities (DPAs)
UK Information Commissioner's Office (ICO)


Appropriate statutory body with jurisdiction to investigate any claims against Medidata Solutions, Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission