Pharm-Olam is now Allucent. Learn More

Request a Proposal  

Privacy Policy

1.   Purpose, Scope and Users

Pharm-Olam, LLC and each affiliate and subsidiary thereof (collectively referred to as Pharm-Olam) conducts every business transaction (including without limitation, operations, negotiations and marketing) with integrity and complies with the laws and regulations of the United States, as well as the laws and regulations of each foreign country in which Pharm-Olam operates or is looking to operate. All Pharm-Olam personnel are expected to conduct Pharm-Olam business legally and ethically and with respect to maintaining privacy in communication.

At Pharm-Olam the foundation of our business is information related to the provision of clinical trials management or related services for the pharmaceutical and bio-tech industry corresponding to human clinical research studies. Given the nature of our work, the protection of personal data is critical for our company and our customers. For these reasons, Pharm-Olam has a comprehensive, global privacy program designed to respect and protect data privacy rights. Pharm-Olam intends that its corporate privacy policy and standard practices and procedures will ensure timely compliance with all applicable international laws and regulations, including but not limited to, the European Union’s General Data Protection Regulation 2016/679 (GDPR), the EU-US Privacy Shield Framework, Swiss-U.S. Privacy Shield Framework, as well as those of other nations, such as those of Russia Federal Law of 27 July 2006 N 152-FZ on Personal Data.

Pharm-Olam values the confidence of its customers and vendors and respects individual privacy, including personal data of employees, clients, healthcare professionals, medical research subjects, clinical investigators, customers, business partners, consultants, contractors, subcontractors and investors. Not only does Pharm-Olam strive to collect use and disclose personal data in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices.

Pharm-Olam intends to apply this policy to all transfers of personal data, whether in electronic, paper or verbal format, received or made by Pharm-Olam. The provisions and the uses of this policy apply to all employees, contractors, subcontractors, agents and consultants working with, or on behalf of, Pharm-Olam.

This Policy sets forth the basic principles by which the Company processes the personal data of customers, clients, vendors, business partners, employees, contractors, clinical trial investigators, site team members, clinical trial subjects and other individuals and indicates the responsibilities of its business departments and employees while processing personal data.

Questions about this policy, or requests for further information, should be directed to Pharm-Olam´s Data Protection Officer at

2. Definitions:

For purposes of this policy, the following definitions shall apply:

Agent: Any third party that uses personal information provided to it by or on behalf of Pharm-Olam to perform tasks on behalf of and under the instructions of Pharm-Olam.

Pharm-Olam: Pharm-Olam, LLC together with its successors, affiliates, subsidiaries, divisions and groups in the United States and other countries worldwide.

Personal Data: Any information relating to an identified or identifiable natural person ("Data Subject") who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special Categories of Personal Data: Personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, criminal records or trade union membership, or that concerns health or sexual orientation.

Controller: The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Controller.

Processing: An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data.

3. Basic Principles Regarding Personal Data Processing:

Pharm-Olam intends to process personal data in accordance with the data protection privacy principles of any and all applicable international laws and regulations, including but not limited to the GDPR Principles. Pharm-Olam also commits to subject to the Privacy Shield Principles all personal data received from the EU and Switzerland in reliance on the Privacy Shield.

The GDPR Principles are set forth below:

Lawfulness, Fairness and Transparency

Pharm-Olam processes personal data lawfully, fairly and in a transparent manner in relation to the data subject.

Purpose Limitation

Pharm-Olam collects personal data for specified, explicit and legitimate purposes and does not further process the data in a manner that is incompatible with those purposes.

Data Minimization

Pharm-Olam collects personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. Pharm-Olam strives to collect the least amount of personal data possible. With the increasing number of countries restricting or disallowing the use of subjects’ initials as an identifier, Pharm-Olam will no longer collect subjects’ initials, except where the Sponsor requires such and the Sponsor is compliant with the applicable national laws.


Pharm-Olam keeps personal data accurate and, where necessary, up to date and takes reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified in a timely manner.

Storage Period Limitation

Pharm-Olam keeps personal data for no longer than is necessary for the purposes for which the personal data are processed.

Integrity and confidentiality

Pharm-Olam uses appropriate technical or organizational measures to process personal data in a manner that ensures appropriate security of personal data, including protection against accidental or unlawful destruction, loss, alteration, unauthorized access to, or disclosure.

4. Building Data Protection in Business Activities

In order to demonstrate compliance with the principles of data protection, Pharm-Olam has build data protection into its business activities.

4.1 Privacy Notices to Data Subjects

When individuals are first asked to provide personal data to Pharm-Olam, or as soon as practicable thereafter and in any event before Pharm-Olam uses or discloses the information for a purpose other than for which it was originally collected, Pharm-Olam properly informs Data Subjects of the following: the types of personal data collected, the purposes of the processing, processing methods, the data subjects’ rights with respect to their personal data, the retention period, potential international data transfers, if data will be shared with third parties and the Company’s security measures to protect personal data. This information is provided through a Privacy Notice in clear and understandable language.

Since Pharm-Olam has multiple data processing activities, it has developed different privacy notices depending on the processing activity, the Data Subject and the categories of personal data collected. Pharm-Olam´s Data Protection Officer is responsible for creating and maintaining the Register of Privacy Notices. Where special categories of personal data are being collected, the Privacy Notice explicitly states the purpose for which this data is being collected.

Where Pharm-Olam, as a Processor, receives personal data from its subsidiaries, affiliates or other entities in the EU, Switzerland and any other country, it shall use such data in accordance with all applicable laws and regulations, including the GDPR. Where Pharm-Olam, as a Controller, receives personal data from third parties, it shall provide the subjects with an appropriate Privacy Notice within a reasonable period after obtaining the personal data, at the time of the first communication or first disclosure to another recipient.


4.2 Data Subject's Choice and Consent

Whenever personal data processing is based on the Data Subject's consent, Pharm-Olam retains a record of such consent. Pharm-Olam provides Data Subjects with options to provide the consent and informs and ensures that their consent (whenever consent is used as the lawful ground for processing) can be withdrawn at any time. When requests to correct, amend or destroy personal data records, Pharm-Olam ensure that these requests are handled without undue delay and in any event within one month of receipt of the request. Pharm-Olam´s Data Protection Officer also records the requests and keeps a log of these.

Personal data is only processed for the purpose for which it was originally collected. If Pharm-Olam wants to process collected personal data for another purpose, it seeks the consent of its Data Subjects in clear and concise writing.

Pharm-Olam will obtain consent from all customers, employees, healthcare professionals, medical research subjects, clinical investigators, customers, business partners, contractors, subcontractors, consultants and investors, where required, for processing, use and/or distribution of any personal and/or special categories of personal data prior to the processing, use or distribution of such data.


4.3 Use, Retention and Disposal

The purposes, methods, storage limitation and retention period of personal data are consistent with the information contained in the Privacy Notice. Pharm-Olam maintains the accuracy, integrity, confidentiality and relevance of personal data based on the processing purpose. Adequate security mechanisms designed to protect personal data are used to prevent personal data from being stolen, misused, or abused and prevent personal data breaches.


4.4 Disclosure to Third Parties

Pharm-Olam may share an individual's personal data with agents, contractors, partners or vendors of Pharm-Olam in connection with services that these individuals or entities perform for, or with, Pharm-Olam. Whenever Pharm-Olam uses a third-party vendor to process personal data on its behalf, Pharm-Olam ensures that this vendor can provide security measures to safeguard personal data that are appropriate to the associated risks. Pharm-Olam always remain liable in cases of onward transfers of personal data to third parties.

Pharm-Olam contractually requires the vendor to provide the same level of data protection. The vendor must only process personal data to carry out its contractual obligations towards Pharm-Olam or upon the instructions of Pharm-Olam and not for any other purposes. Pharm-Olam explicitly specifies the respective responsibilities of the third party in the relevant contract or any other legal binding document, such as the Data Processing Agreement.

Pharm-Olam may also have a requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.


4.5 Cross-border Transfer of Personal Data

Pharm-Olam intends that all transfers of personal data comply with all applicable international laws and regulations, including the GDPR.

When transferring personal data out of the European Economic Area (EEA), adequate safeguards will be used, such as including standard contractual clauses issued by the European Commission in contracts with third parties. Specifically, for example, for transfers of personal data from Switzerland and the EU to the US, Pharm-Olam follows and complies with the EU-US Privacy Shield and the Swiss-U.S. Privacy Shield Principles published by the U.S. Department of Commerce. Pharm-Olam certifies that it adheres to the Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Privacy Shield please visit  Transfers of personal data outside of the European Union, other than to the U.S. shall be made in accordance with the data protection principals prescribed by the international law and regulations applicable in the relevant countries.


4.6 Privacy Shield Enforcement

The Federal Trade Commission has jurisdiction over Pharm-Olam’s compliance with the Privacy Shield.

In compliance with the Privacy Shield Principles, Pharm-Olam commits to resolve complaints about our collection or use of personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Pharm-Olam at: 

Pharm-Olam has further committed to refer unresolved Privacy Shield complaints regarding transferring personal data from EU to the US to the EU Data Protection Authorities (DPAs). For unresolved Privacy Shield complaints regarding transferring personal data from Switzerland to the US, Pharm-Olam has committed to refer to the Judicial Arbitration and Mediation Services, Inc. (JAMS), an alternative dispute resolution provider located in the United States.

If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, you could invoke binding arbitration by contacting or visiting EU DPAs at: or JAMS at: The services of EU DPAs or JAMS are provided at no cost to you.

Pharm-Olam commits to cooperate with EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship


4.6 Subject Rights

Rights of Access by Data Subjects

When acting as a Controller, Pharm-Olam provides data subjects with a mechanism to enable them to access their personal data and allows them to update, rectify, erase, or transmit their personal data, if appropriate or required by law. The access mechanism is further detailed in Pharm-Olam´s Data Subject Access Request Procedure, as well as in the Privacy Notices.


Data Portability

Data Subjects have the right to receive, upon request, a copy of the data they provided to Pharm-Olam in a structured format and to transmit those data to another Controller, for free. Pharm-Olam´s Data Protection Officer is responsible to ensure that such requests are processed within one month, are not excessive and do not affect the rights to personal data of other individuals.


Right to be Forgotten

Upon request, Data Subjects have the right to obtain from the Company the erasure of its personal data, if applicable. When the Company is acting as a Controller, Pharm-Olam will take necessary actions to inform the third-parties who use or process that data to comply with the request.

4.7 Data Protection Impact Assessments

Where a type of processing in particular using new technologies and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, Pharm-Olam shall, when acting as the Controller, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (Data Protection Impact Assessment), according to Pharm-Olam´s Data Protection Impact Assessment Procedure. Pharm-Olam shall consult the supervisory authority prior to processing where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by Pharm-Olam to mitigate the risk.

4.9 Use of Cookies

Pharm-Olam employs cookies on our websites, these are a small piece of data sent from the website and stored in the web browser of the visitor. Each time the visitor loads the website, the browser sends the cookie back to the server to notify the website of the visitor’s previous activity. This website’s performance cookie is not connected to personal information; it is used in aggregate with other website visitors’ data to generate statistical reports on how people are navigating and using the website. Pharm-Olam uses the reports to help us improve the website usage and performance. Visitors to may additionally receive cookies from third party sources, these sources can provide more about their privacy and cookie policies.


5. Response to Personal Data Breach Incidents

When Pharm-Olam learns of a suspected or actual personal data breach, the Data Protection Officer must perform an internal investigation and take appropriate remedial measures in a timely manner, according to the Data Breach Response and Notification Procedure. Where there is any risk to the rights and freedoms of data subjects, Pharm-Olam shall notify the relevant data protection authorities without undue delay and, when possible, within 72 hours.

6. Organization, Accountability and Audit

The responsibility for ensuring appropriate personal data processing lies with everyone who works for or with Pharm-Olam and has access to personal data processed by Pharm-Olam.

The key areas of responsibilities for processing personal data lie with the following organisational roles:



Chief Compliance Officer (CCO)

Makes decisions about and approves, Pharm-Olam´s general strategies on personal data protection and ensures enforcement of this Policy.

Data Protection Officer (DPO)

Manages the personal data protection program and is responsible for the development and promotion of end-to-end personal data protection policies. Monitors and analyses personal data laws and changes to regulations, develops compliance requirements and assists business departments in achieving their personal data goals.

Chief Information Officer (CIO)

Ensures all systems, services and equipment used for storing data meet required security standards. Performs regular checks and scans to ensure security hardware and software is functioning properly.

Executive Director, Global Marketing & Communications

Approves any data protection statements attached to communications, such as emails and letters.Addresses any data protection queries from journalists or media outlets like newspapers. Where necessary, works with the DPO to ensure marketing initiatives abide by data protection principles.

Vice President, Global HR & Country Operations

Improves all employees' awareness of user personal data protection. Ensures end-to-end employee personal data protection. Ensures that employees' personal data is processed based on the employer's legitimate business purposes and necessity.

Global Training Director

Organizes personal data protection expertise and awareness training for all employees and contractors as part of the induction process, and at regular intervals thereafter.

Organizes additional training to individuals whose roles require regular access to personal data, or who are responsible for implementing this policy or responding to subject access requests under this policy, to help them understand their duties and how to comply with them.

Vendor Manager

Passes on personal data protection responsibilities to vendors by ensuring Data Processing Agreements are signed. Improves vendors' awareness levels of personal data protection, as well as the flow down of personal data requirements to any third party a vendor is using. The Vendor Manager must ensure that Pharm-Olam reserves a right to audit vendors.

Manager, Quality Assurance

Ensures Audits are conducted on how well business departments implement this Policy.

Pharm-Olam uses a self-assessment approach to ensure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the GDPR and Privacy Shield Principles. 

Any employee that Pharm-Olam determines to be in violation of this policy will be subject to disciplinary action and this may result in termination of their employment with Pharm-Olam. The employee may also be subject to civil or criminal liabilities if his or her conduct violates laws or regulations.

7. Amendments

Pharm-Olam reserves the right to amend this policy from time to time to ensure it remains consistent with the Principles.

8. Conflicts of Law

This Policy is intended to comply with the laws and regulations in the place of establishment and of the countries in which Pharm-Olam operates. In the event of any conflict between this Policy and applicable laws and regulations, the latter shall prevail.