Contact
Contact

Confidentiality Policy LLC "Global Research Partner"

1. Purpose and Scope

This Confidentiality Policy (hereinafter referred to as the "Policy") establishes the principles and rules for the protection of confidential information that is owned, processed, and stored by LLC "Global Research Partner" (hereinafter referred to as the "Company") in the course of providing services related to the documentation of clinical trial results of medicinal products for humans. This includes management, analytical work, data processing, documentation management in accordance with clinical trial protocols, and assisting researchers in working with data and documentation, among other activities. The Policy applies to all employees of the Company, contractors, partners, and other individuals who have access to the Company's confidential information or information received from clients, Contract Research Organizations (CROs), healthcare institutions, and other business partners.

2. Definition of Confidential Information

Confidential information is considered any information related to the Company's activities or its partners that is not publicly available and whose dissemination may harm the interests of the Company, its partners, or third parties. Such information includes:

  • Clinical trial data (results, methodology, analytical data, etc.);

  • Personal data of patients, including information about their health status, research results, medical histories, etc.;

  • Contracts, agreements, plans, reports, and other documents related to the Company's and its partners' work;

  • Any information related to the Company's internal processes, organizational structure, finances, and strategic plans;

  • Information about patient transportation and their routes carried out as part of the Company's services.

3. Confidentiality Obligations

3.1. Obligations of Employees

All Company employees are required to:

  • Comply with this Policy and other internal documents regulating confidentiality issues;

  • Use confidential information only within the scope of their professional duties;

  • Ensure the security and protection of confidential information from unauthorized access, disclosure, or loss;

  • Immediately report any breaches of confidentiality to management.

3.2. Obligations of Contractors and Partners
Contractors, partners, and other individuals who have access to the Company's confidential information are required to:

  • Comply with the terms of non-disclosure agreements;

  • Use confidential information exclusively for fulfilling their obligations to the Company;

  • Ensure an appropriate level of protection for confidential information, including implementing technical and organizational measures to prevent unauthorized disclosure.

4. Processing and Storage of Confidential Information.

4.1. Information Processing
All confidential information must be processed following the principles of data minimization and in accordance with Ukrainian legislation and international information protection standards. Employees must ensure confidentiality during the collection, transmission, storage, and destruction of information.

4.2. Information Storage
Confidential information is stored in secure information systems and on physical media with restricted access. Storage periods are determined by the Company's internal documents and agreements with partners.

5. Disclosure of Confidential Information

Confidential information may only be disclosed in cases provided by Ukrainian law or with written permission from the relevant party that owns the information. Any other disclosures are considered violations of this Policy.

6. Liability for Violations

Persons found guilty of violating this Policy are subject to liability under Ukrainian law and the Company's internal documents, including disciplinary measures, termination of the contract, and civil, administrative, or criminal liability.

7. Policy Updates and Control

This Policy is subject to regular review and updating in the event of changes in legislation or the Company's activities. Responsibility for monitoring compliance with the Policy rests with the Company's management.

8. Additional Measures for Protecting Confidential Information

8.1. Data Protection Principles in Compliance with GDPR
If the Company collaborates with international partners or processes personal data of EU citizens, it must comply with the General Data Protection Regulation (GDPR). This includes:

  • Lawfulness, transparency, and fairness in data processing;

  • Ensuring data subjects' rights to access, rectify, delete, restrict processing, and transfer their data;

  • Requirements for data breach notifications in accordance with GDPR.

8.2. Information Security Measures

The Company implements comprehensive information security measures in accordance with Ukrainian norms and international standards such as ISO/IEC 27001:

  • Protection of information systems from cyberattacks, including multi-factor authentication, data encryption, and regular security audits;

  • Assigning roles and access rights to confidential information only to employees directly involved in relevant data processing;

  • Securing premises where confidential information is stored from unauthorized access.

8.3. Compliance with National Legislation

The Policy complies with the requirements of Ukrainian laws "On Personal Data Protection" and "On Information." In the event of a data breach or loss of confidential information, the Company is obligated to immediately notify the relevant government authorities and affected individuals.

8.4. Employee Training and Awareness

The Company organizes regular training sessions and briefings for employees on the rules for handling confidential information. This includes familiarizing them with current legislative norms and the Company's internal policies, as well as conducting regular knowledge checks.

8.5. Transfer of Confidential Information to Third Parties

Confidential information may only be transferred to third parties under the condition that non-disclosure agreements (NDAs) are in place. The Company ensures that third parties adhere to the same confidentiality standards as the Company.

8.6. Incident Response
In the event of a confidentiality breach, the Company conducts an internal investigation, informs affected individuals, and takes measures to minimize harm. This may include notifying relevant government authorities and partners, as well as implementing additional protective measures.

8.7. Internal Control and Audit

The Company regularly conducts internal audits and checks to assess compliance with the Confidentiality Policy. Audits aim to identify potential risks and shortcomings in the management of confidential information, as well as to develop and implement corrective actions.

Audits include:

  • Assessment of processes for collecting, storing, processing, and transmitting confidential information;

  • Analysis of instances of access to confidential information and their compliance with security requirements;

  • Evaluation of the effectiveness of information security measures, such as access control, data encryption, and protection against unauthorized access;

  • Verification of compliance with international standards (e.g., ISO/IEC 27001) and Ukrainian legislation.

The audit results are analyzed by the Company's management, and appropriate measures are taken to enhance the protection of confidential information if necessary. These measures may include updating the Policy, implementing new protection technologies, additional employee training, or changes in organizational procedures.

9. Final Provisions

This Policy is mandatory for all employees and partners of the Company. Non-compliance with the provisions of the Policy may result in disciplinary, civil, or criminal liability in accordance with Ukrainian law.

The Policy comes into force upon approval by the Company's management and remains in effect until it is revoked or replaced by a new version. Changes and additions to the Policy may be made by decision of the Company's management and must be communicated to all interested parties.

The Company reserves the right to amend the Policy in response to changes in legislation, international standards, or internal procedures.

10. Responsible Persons

Responsibility for implementing and monitoring compliance with this Policy lies with the Company's management and designated responsible persons who coordinate information security, data protection, and confidentiality measures. In case of questions regarding the Policy's implementation or detection of violations, employees must immediately contact the responsible person or management.

Contact information:
If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to
main@grp-research.com

"Global Research Partner" LLC

Innovative solutions in clinical trials and biobanking.

© 2024. "Global Research Partner" LLC
All rights reserved.

Anticorruption Policy
Privacy policy
Useful Links:
Ministry of Health of Ukraine
State Expert Center of the MOH of Ukraine