MCRA, LLC (“MCRA”, “we”, “us”, or “our”) recognizes the importance of protecting the privacy of our online visitors. It is our intent to balance our legitimate interest in collecting and using information received from you and about you with your reasonable expectation of privacy. This privacy policy (“Privacy Policy”) applies to all information that may be collected or otherwise provided by you to MCRA and its service providers from your visit to our website available at www.MCRA.com (the “Site”).
PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. When you submit information to or through the Site, you consent to the collection and processing of your information as described in this Privacy Policy. By using the Site, you accept the terms of this Privacy Policy.
When you visit our website, our web servers will regularly store the IP of your Internet service provider, the website you came from, the pages of our website that you browse, and the date and duration of your visit. This information is a prerequisite for the technical transfer of the website and securing server operations. This data will not be analyzed for personal information.
If you disclose data to us via our contact form, this information will be stored on our servers for the purpose of data backup. Your information will be used exclusively for processing your request. Your personal information will be treated in strict confidence and will not be disclosed to third parties.
Information Collection And Use
We collect several different types of information for various purposes to provide and improve our Service.
Types of Data Collected
Personal Data
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
- First name and last name
- Email and postal address
- Cookies and Usage Data
We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information, such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking & Cookies Data
We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used include beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, this may restrict the functionality and your use of our website and you may not be able to use some portions of our Service.
Examples of Cookies we use:
-
Session Cookies: We use Session Cookies to operate our Service.
-
Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
-
Security Cookies: We use Security Cookies for security purposes.
-
Use of Data
As a general rule, if you use any of our services, we will only collect information that is required for the provision of our service to you. We may ask you for additional information that may be disclosed on a voluntary basis. Whenever we process personal data we will do so to be able to offer you our services or to pursue our business objectives.
We use the collected data for various purposes
-
To provide and maintain the Service
-
To notify you about changes to our Service
-
To allow you to participate in interactive features of our Service when you choose to do so
-
To provide customer care and support
-
To provide analysis or valuable information so that we can improve the Service
-
To monitor the usage of the Service
-
To detect, prevent and address technical issues
-
Transfer Of Data
Your information, including Personal Data, may be transferred to, and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside of the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
MCRA will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and that no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information.
Disclosure of Data
Legal Requirements:
MCRA may disclose your Personal Data when there is a good faith belief that such action is necessary to:
-
To comply with a legal obligation
-
To protect and defend the rights or property of MCRA
-
To prevent or investigate possible wrongdoing in connection with the Service
-
To protect the personal safety of users of the Service or the public
-
To protect against legal liability
Security of Data
The Security of your data is important to us; however, it is important to remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Service Providers
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Analytics
We may use third-party Service Providers to monitor and analyze the use of our Service.
Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
Recruiting Management
We collect various types of information in connection with job applications. In particular, this includes any personal information you provide us, including your contact data and a description of your education, work experience, and skills. In addition, you may submit electronically stored documents such as certificates, diplomas, or cover letters.
We do not require any information from you that may not be processed in accordance with the General Equal Treatment Act (race, ethnic origin, sex, religion or belief, disability, age, or sexual orientation). Please do not submit any information on diseases, pregnancy, ethnic origin, political views, philosophical or religious beliefs, membership in a trade union, physical or mental health, or sexual activities. The same applies to any content that may infringe on third-party rights (e.g., copyrights, press rights, or general third-party rights).
Any personal information provided to us will only be collected, stored, processed and used for purposes that are related to your interest in a current or future employment with us, or the processing of your application. It will not be disclosed to third parties. In the course of the online recruitment process data such as name, postal address, phone number, email address, etc. will be collected. This data will be used to contact you in connection with your application.
If your application is successful, the disclosed data may be used for administrative tasks concerning your employment.
Your online application will be exclusively read and processed by our relevant contact persons and contractors. All employees and contractors assigned with data processing tasks are bound to data secrecy and have their own privacy policy as described below.
MCRA uses third-party contractors for applicant tracking system, performance management, human resources, payroll services and employee benefits, as well as to manage recruitment and employment life cycle. Information collected during this process and how it is handled can be found in their Privacy Policy as follows:
- TriNet https://www.trinet.com/privacy-policy
- Lever https://www.lever.com/privacy
- Leapsome https://www.leapsome.com/privacy
- Shield Screening https://www.shieldscreening.com/privacy-policy/
The above third-party contractors operate independently from MCRA and have their own privacy notice or policies. We strongly suggest you review them. To the extent any linked website, device, app, or other feature is not owned or controlled by MCRA, we are not responsible for its content, use, or privacy practices.
In no event will any other third party have access to your data. If we should be unable to offer you a position, we will retain the information you submitted, subject to statutory retention periods for the purpose of answering questions regarding your application and our rejection of your application.
Marketing Permissions
MCRA will use the information you provide on this form to communicate with you and to provide updates and marketing.
You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at DPO@mcra.com . We will treat your information with respect.
Links To Other Sites
Our Service may contain links to other sites that are not operated by MCRA. If you click on a third-party link, you will be directed to that third-party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Children’s Privacy
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18 years old. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Updates To This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
Please contact us at any time if you have any questions about this Privacy Policy, wish to find out which personal data we have stored about you or if you wish to have data corrected or deleted. Furthermore, you have the right to restrict the processing (Art. 18 of the GDPR), the right to object the processing (Art. 21 of the GDPR), and the right to data portability (Art. 20 of the GDPR). In these cases, please contact us directly.
Our data privacy officer will be glad to answer any questions regarding data protection matters: MCRA Data Privacy officer mailbox.
In the event our data privacy officer should be unable to answer your enquiry to your full satisfaction you may complain to the data protection supervisory authority having competence at your place of residence.
Special Notice to CA Residents
California law provides California consumer’s the right to request certain details about the categories of personal information that is collected, how certain types of their information are shared with third parties and for what business/commercial purpose. They also have the right to request that their personal information be deleted. If a California resident would like to submit a Consumer Access request they would use this link to submit their request, or email their request to MCRA Data Privacy Officer mailbox DPO@mcra.com, complete the online form or use our toll free number (866) 460-9409.
Additional Disclosures for Data Subjects in Europe
1. European Residents
European nations have implemented laws including the General Data Protection Regulation (“GDPR”) for nations within the European Economic Area, the Data Protection Act of 2018 (“UK DPA”) for the United Kingdom, and the Federal Act on Data Protection (“FADP”) in Switzerland (with the GDPR, UK DPA and FADP collectively referred to herein as the “European Data Protection Laws”). If you are a resident in a country where any of the European Data Protection Laws apply, this additional disclosure is intended for you and provides you with information about how we process your Personal Data and your rights with respect to such Personal Data.
2. MCRA’s Role under Data Protection Laws.
European Data Protection Laws distinguish between organizations that process Personal Data for their own purposes (known as “controllers”) and organizations that process Personal Data on behalf of other organizations (known as “processors”).
MCRA, in limited circumstances, may act as a controller with respect to Personal Data collected as you interact with our websites, emails, and our advertisements. However, in most instances, MCRA acts a processor on behalf of a client—a separate legal entity—which is the controller. Please visit the applicable client’s privacy policy for information about their privacy practices. Any questions that you may have relating to the processing of personal data by MCRA on behalf of the client and your rights under European Data Protection Laws should be directed to the client as the controller, not to Company.
Where information is collected by MCRA as a controller, please contact us via the contact information provided in the section entitled “Contact Us” above.
3. Lawful Basis for Processing.
European Data Protection Laws require a “lawful basis” for processing Personal Data. Our lawful bases include, where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers, partners, or customers; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of a legitimate interest(s) pursued by us or a third party and your interests and fundamental rights and freedoms do not override those interests.
4. Research
We may obtain and create Personal Data directly from you or from our client specifically for research purposes as allowed under European Data Protection Laws (such specific information referred to herein as “Study Data” which is a subset of Personal Data).
During the whole lifecycle of the research, your Study Data will be processed for various purposes based on a different legal basis of processing as provided in section 3 above. Related researchers will process your Study Data either for safety and reliability purposes in order to comply with their legal obligations, or for scientific research purposes based on Researcher’s legitimate interest in conducting clinical trials and performing valuable scientific and medical research.
We may process health data or other sensitive data which are part of your Study Data and are designated as “special categories” under the European Data Protection Laws, when the processing is necessary for reasons of public interest in the area of public health and based on your explicit consent.
The specific grounds on which we process Study Data, including your health data, may vary somewhat from the above in order to comply with the requirements of applicable local laws in jurisdictions where Research is run. We try and ensure that legal requirements of applicable jurisdictions are met, and if you have any questions regarding specific requirements or rights, please contact us at the address set out in the “Contact Us” section above.
5. Data Transfer and Standard Contractual Clauses.
We may transfer your Personal Data to our research site(s) or service provider(s) located in the United States or in another country that does not have the same level of Personal Data protection as the EEA or the UK. In such a case, we will take all reasonable steps to protect the confidentiality of your Personal Data and put in place suitable safeguards, such as the EU Commission’s approved standard contractual data protection clauses.
6. Your Data Subject Rights.
If you reside in the UK, EU, or EEA, the applicable European Data Protection Laws give you rights relating to your Study Data, including the right to:
-
Request access;
-
Rectification;
-
Erasure;
-
Restrict processing;
-
Data portability;
-
Object to processing;
-
Not be evaluated on the basis of automated processing; and
-
Withdraw consent.
You may exercise your rights by submitting a written request to us at the address set out in the “Contact Us” section above. We will respond to your request within 30 days. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
Please note that we retain information as necessary to fulfill the purposes for which it was collected and may continue to retain and use information to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
If your Personal Data has been processed by us on behalf of a client and you wish to exercise any rights you have with respect to such Personal Data, please inquire with our client directly. If you wish to make your request directly to us, please provide the name of our client on whose behalf we processed your Personal Data. We will refer your request to that client and will support them to the extent required by applicable law in responding to your request.
With respect to Study Data your rights above might be limited for various processing activities we perform related to research, depending on the relevant legal basis. For instance, erasure or restriction of processing is only possible if and to the extent that the processing of your Study Data is based on consent or legitimate interest. Also, due to the Researchers’ legal obligations related to safety reporting, in the context of an inspection by national competent authority, or the retention of clinical trial data in accordance with archiving obligations, the Researchers may not be able to erase or restrict processing of your Study Data.
When the processing activities are based on consent, your right to withdraw your consent at any time does not affect the lawfulness of processing based on (i) consent before its withdrawal or (ii) other lawful grounds, but in particular, legal obligations to which the Researcher is subject such as the ones related to safety purposes.
7. Complaints
If you have a complaint about our use of your Personal Data or response to your requests regarding your Personal Data, you may submit a complaint to the data protection regulator in your jurisdiction. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us. In addition to the contact information above, please contact our Data Privacy Officer: DPO@mcra.com