The collection and analysis of the most confidential information about people is fundamental to medical research. MAC Research understands that in order for individuals to share their most sensitive information, a culture of trust must exist where data will be stored following safe data management practices.
MAC Research Limited (together with its affiliates and subsidiary companies “MAC,” “we,” “us,” and “our”) is committed to ensuring we handle all individual information in a responsible and careful manner and in accordance with data privacy and confidentiality laws.
Who Are We?
MAC is a leading European clinical research organisation with a network of clinical research centres. MAC provides patient engagement and recruitment services and conducts full scope ethically approved clinical research and medical trials for pharmaceutical companies (“Sponsor”), medical device companies and clinical research organisations. MAC also provides healthcare and consultancy services.
As an employer and clinical research organisation we act as Data Controller over individual personal data and healthcare information. When conducting clinical trials MAC may share the responsibility of Data Controller with the Sponsor and participants should consider our respective roles in processing the personal data. For example, with regard to coded clinical trial data provided to Sponsor, MAC and Sponsor are both considered controllers for the processing of the personal data and will both act in accordance with the applicable data protection law.
MAC has internal policies, procedures and training programs designed to support compliance with the above laws and this Policy. All our policies, procedures and training programs are reviewed on a regular basis and overseen by our legal team and senior executives.
Types of Personal Information Managed by MAC Research
Clinical and Medical Information
In our capacity as a clinical research organisation providing services for Sponsors, our clinical research sites collect, host and analyse significant quantities of health data and bio-medical samples relating to clinical trial participants. MAC and clinical trial Sponsors are both considered controllers in the terms established by Regulation. To adhere to good clinical practice and to ensure the privacy of clinical trial participants is maintained, identification numbers (i.e. not names) are applied to specific clinical trial documentation and any samples taken during the course of clinical trials.
Clinical Trial Participant Engagement and Recruitment Information
MAC gathers and manages personal contact details, date of birth, supporting personal information and information relating to health, medical indications and relevant areas of research from individuals who have expressed their interest in clinical trial participation. This information is collected directly from the participant, their doctor or other health records via NHS Digital and is used by MAC to match prospective participants against future relevant clinical trials and to conduct study recruitment analyses.
Industry Professional Information
MAC will liaise with employees, consultants, contractors and other third parties employed or engaged by our clients, when conducting our clinical trials and research activities. MAC will record and use the names, contact details and other professional information on these individuals for legitimate business-related purposes, including project and financial administration. This information may be used (including email addresses), to provide background on MAC’s services for our clients.
Employee and Human Resource Data
We collect personal information from applicants pursuing employment with MAC, including private contact details, professional qualifications and previous employment history to assist with the personnel recruitment process. MAC carries out a range of background inspections on applicants, including DBS and professional disbarment checks. Consistent with the operation of a business, MAC systems collect information on employed staff for human resource, performance, payroll and tax purposes. MAC processes similar information relating to consultants, contractors and other third parties that we engage to deliver products or services.
MAC collects named information about visitors to our company websites when there is a request volunteered from an individual. This includes requests, for example by clients regarding information about company services, or when medical professionals are interested in contributing to a clinical trial or where job applicants are applying for a vacancy. MAC may collect various data via cookie-based technologies, linked to virtual identities allocated to visitors when they access our websites. This information is used for website analytics and for first party marketing. These virtual identities are sometimes connected with real world identities of visitors when they submit named details. This enables MAC to personalise marketing messages to make them relevant to those visitors.
Internal and External Disclosures of Personal Information
Personal information will only be shared on a “need to know” basis within MAC and its affiliates and with relevant third parties to deliver stated legitimate business purposes. Any access to personal information contained within databases and binders is restricted to appropriate staff only. MAC does not trade or sell personal information.
Under some circumstances, MAC may be required by law enforcement or judicial authorities to disclose certain personal information as part of investigations or for litigation purposes. MAC may disclose personal information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of MAC or cases or all of its assets.
Any companies working as vendors for MAC are required to sign “processor” and/or confidentiality agreements whereby they will commit to only process personal information consistent with contracted purposes and take organisational and technical security safeguards for the data.
Notice of Data Use and Consent
MAC will provide notice to individuals using clear and conspicuous language at the point of data collection, about how their information will be used and disclosed. We will make clear what choices are available in relation to how individual data is managed and what rights there are under data privacy law or under this Policy and who to contact with any questions or complaints. MAC’s privacy notices are tailored according to specific data collection circumstances. In providing such notice, MAC meets its obligations to be transparent and fair with individuals as is required by data privacy law. Dependent on the medium, notice may be given in person, by email, post, telephone, or by posting on our website.
In accordance with data privacy law and good practice, MAC will seek consent of individuals to collect, use and disclose their data consistent with the relevant privacy notice. In certain cases where law allows, particularly where gaining consent will involve a disproportionate effort, where intended processing of the data is in MAC’s or our clients’ legitimate interests and the privacy risks are low, MAC will proceed to process personal information absent of consent. MAC will also use and disclose personal information without consent where required by law and judicial order. MAC will collect all necessary informed consents of clinical trial participant on behalf of clients, according to good clinical practice, laws on confidentiality and data privacy regulations.
Data Quality, Integrity and Retention of Records
Data quality and accuracy are essential in clinical trials and MAC understands the vital importance of this. The accuracy of data relating to clinical trial participants is critical for the integrity clinical research, particularly where bio-medical samples are concerned. MAC employs a quality assurance department to ensure standards are commensurate with legal requirements. Our privacy notices provide individuals a straight-forward way of updating and validating information and enabling error corrections. MAC retains personal information in accordance with contractual, legal and regulatory requirements.
In accordance with data privacy laws and contractual commitments, MAC ensures that individuals can exercise all relevant informational rights with respect to their personal information processed by the organisation, including but not limited to the right of access and correction, to withdraw consent at any time, object to data processing, request data deletion, restrict aspects of data processing, prevent direct marketing and request transmission of personal data in a common digital format (e.g. pdf) to the themselves or another organisation.
In all other respects, where no overriding interest prevails, MAC will endeavour to allow the following informational rights under this Policy as a matter of good practice:
- to allow access to copies of personal information within a reasonable timeframe;
- to correct personal information where inaccurate; and
- to withdraw a previously provided consent to processing of personal information.
Participants enrolled in clinical trials run by MAC’s clients must contact the principal investigator at their MAC research centre, who will be able to identify the participant and process accordingly.
MAC maintains a wide-ranging information security policy applying technical and organisational security measures that protect personal information, particularly sensitive clinical data, against unauthorized access or loss. MAC’s security breach policy provides a procedural response for managing any breach of personal information, including making necessary notifications to individuals or governmental authorities.
Considerations When Online
Children’s Online Privacy Protection
MAC does not collect information through our websites from individuals who are known to be under the age of 13, and no part of our online presence is directed to anyone less than 13 years.
Inquiries, Complaints and Requests to Exercise Rights
Communications, queries, requests to exercise informational rights (e.g., access to data) or complaints can be addressed for the attention of the Data Protection Officer, MAC Research, Kaman Court, 1 Faraday Way, Blackpool, Lancashire, FY2 0JH, United Kingdom.
Within the EU, individuals have the right in law to complain about how their information is managed to a supervisory authority that is responsible for regulating compliance with the Regulation. A list of all EU supervisory authorities is available on the European Commission website:
Legal Status of Policy and Policy Changes
This Policy is not a contract, and it does not create any legal rights or obligations. MAC reserves the right to modify or amend this Policy and may do so according to new or amended legislation. The updated Policy will be posted on https://www.macplc.com (Last Updated: 2 September, 2020).