Clinical Research Privacy Notice

Clinical Research Privacy Notice

This Clinical Research Privacy Notice explains the practices that SIGA Technologies (“SIGA”, “we”, “us”, “our”)  follows in connection with the Personal Data that we collect, process and disclose for the purpose of the clinical research that we sponsor.

 

What is Personal Data?

In the context of clinical research, Personal Data refers to any information that relates to an identified or identifiable individual such as a clinical research participant code (pseudonymized data), name, email, mailing address, phone number, professional credentials or any information related to an individual’s health for the purpose of clinical research.

How we collect and process Personal Data

During clinical research activities Personal Data is collected from participants by the clinical research site. We also collect Personal Data from the clinical research site employees that are involved in the research that we sponsor to ensure that they have the qualifications required to lead our research.

Legal basis for processing Personal Data

SIGA complies with different privacy and data protection laws and regulations around the world and specifically with the General Data Protection Regulation (“GDPR”) in the EU and privacy laws and regulations in the UK.

SIGA will not process (i.e. which includes to disclose, share, or otherwise disseminate) your Personal Data unless we have a legal justification to do so. SIGA will only process your Personal Data if:

  • Your explicit consent was obtained prior to the processing of your Personal Data through the Informed Consent Form;
  • We need to process your Personal Data to fulfill our legal and regulatory obligations;
  • We need to process your Personal Data for the performance of a task carried out in the public interest;
  • We have a legitimate interest that will not put your fundamental rights and freedoms at risk.

How we share Personal Data

Our policy is not to make your Personal Data available to anyone other than our staff and agents, which includes third-party vendors that process Personal Data on our behalf and under our instructions.

SIGA clinical research is sometimes funded by US health agencies and thus in such cases we share the results of our clinical research with them without disclosing individualized information.

When we are required to do so under applicable laws and regulations, we disclose your Personal Data to law enforcement, legal and regulatory bodies or courts.

Personal Data Protection

SIGA is committed to protecting the Personal Data we collect, process and disclose about you. We maintain appropriate safeguards and take reasonable steps to protect your Personal Data, ensure that we limit its use and that we disclose it only to the parties that have a legitimate reason to have access to it.

We ensure that all the parties that we disclose your Personal Data to, internal and external to SIGA, have contractual obligations in place to protect the security and the confidentiality of your Personal Data.

Personal Data Transfers

Your Personal Data will be transferred to systems that reside in the US and other countries around the world. During clinical research your Personal Data will be protected at all times and pseudonymized to ensure that the risks to your privacy are minimized. Only the clinical research site will have access to your identity and we will not be able to access that data at any time unless required to fulfill legal or regulatory requirements.

We have implemented legal data transfer mechanisms such as Standard Contractual Clauses with the parties that reside in the EU or UK and that will transfer Personal Data to SIGA in the US. In the case of clinical research, we request your explicit consent to transfer your Personal Data outside of the EU or UK.

Personal Data Retention

SIGA and the clinical research sites that we partner with will retain your Personal Data for at least the minimum number of years required to comply with legal and regulatory obligations.

Rights You May Exercise About Your Data

Subject to any exceptions provided by law, you have the right to request access to, update or deletion of your Personal Data.

You also have the right to request restriction of or object to the processing of your Personal Data. And you have the right to request to have your data transferred to another organization in a commonly used format.

On each particular case we will inform you of the consequences of your request and if there are any exemptions to honoring your requests based on legal or contractual requirements.

When you participate in our clinical research your rights to access, update or delete your pseudonymized Personal Data may be limited as permitted by law and applicable regulations. Specifically, we need to process your Personal Data in specific ways in order to maintain the reliability and accuracy of the research for reasons of public interest in public health and for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

To submit any request to exercise your rights concerning your Personal Data you may contact us via email at privacy@siga.com.

EU and UK Individuals – Right To Lodge A Complaint With A Supervisory Authority

If you reside in the EU or UK and want to lodge a complaint with a Supervisory Authority (Data Protection Authority) you may do so in the Member State where you reside, where you work or where you may have experienced an issue with the processing of your Personal Data.

EU/UK Representative

Pursuant to Article 27 of the UK GDPR, SIGA has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

Questions

If you have any questions about our Privacy Notice, the Personal Data that we collect and process, the practices of this website or your interaction with SIGA, please contact us at privacy@siga.com.

Latest update: July 14, 2021