Synchrogenix, a Certara Company (hereafter “the Company”) cares about the privacy of its clients and business partners. The purpose of this policy is to provide its clients and business partners with information about what personal data the Company collects, why we collect it, how we use and handle it, individuals’ rights to access any personal data collected from them and their choice or consent related to limitations on how it is shared.

This policy also describes a point of contact in the organization where complaints about Synchrogenix’s handling of personal data can be directed, and information about how the Company is held accountable for safeguarding any personal data, should it be stored or transferred by Synchrogenix.

Synchrogenix agrees to adhere to the following Privacy Principles: Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement, and Liability, which are addressed herein (see also

Privacy Shield certification invokes the authority of United States (US) regulatory bodies, including the Department of Commerce and the Federal Trade Commission, over the Company’s handling of the personal data detailed in this privacy policy, should it be transferred out of the European Union (EU), including whether it will be transferred onward to third parties, and provides for an Independent Recourse Mechanism to help resolve individuals’ complaints regarding its handling of personal information.

I. Types of Personal Data Collected

Synchrogenix receives personal information from customers or individuals who participate in clinical trials for the purposes of modeling and simulation analyses. While the data cannot be reasonably used to identify an individual, Synchrogenix has access to data collected at the individual level.

Materials received from clients may include the following information about subjects or employees:


II. Data Integrity and Purpose Limitation (Uses for Personal Data)

Synchrogenix receives source documents from clients to create documentation associated with drug development and lifecycle support activities, including sales, marketing and submissions to regulatory bodies worldwide. These documents may contain personal data. In addition, personal data may also be collected as part of the process of creating named user accounts that grant access to Synchrogenix systems. Access to files and computer systems, as well as to the personal information collected in connection with business, marketing, sales and account creation activities, is limited to the employees or contractors who have a legitimate business need. Document access controls are detailed in Synchrogenix’s Standard Operating Procedures (SOPs).

III. Security, Choices, and Access

In providing products and services that involve the transfer of personal data, Synchrogenix is acting as a data processor of client-controlled data. Synchrogenix acknowledges the individual’s right to access their personal data. An individual who seeks access or who seeks to correct, amend, or delete inaccurate data, should direct their written request to

In addition, to protect this data and mitigate risk of a data breach, Certara employs the following security measures:

IV. Accountability for Onward Transfer

In providing products or services that involve the transfer of personal data, Synchrogenix is acting as a data processor of client-controlled data, and after providing services to the client using the personal information, the information is destroyed, archived, or returned to the client per applicable SOPs and client agreements, not transferred onto any third parties.

If Synchrogenix transfers personal data to a third party, the recipient should have the same level of protection as is available under Privacy Shield. Synchrogenix will notify the recipient if it makes a determination that it can no longer meet this obligation. In those cases, Synchrogenix remains responsible and liable if third-party agents that it engages to process personal data do so in a manner inconsistent with the Principles, unless Synchrogenix proves that it is not responsible for the event giving rise to the damage. Synchrogenix does not sell, trade or transfer personal data to third parties. However, Synchrogenix may share User information with business partners for marketing, advertising or product/service offering purposes. For example, Synchrogenix may provide User Information to select service providers for direct email distribution of newsletters, on-line surveys, or notifications.

If an EU individual wishes to opt out or limit the use and disclosure of their personal data to a third party or a use that is incompatible with the purpose for personal data was originally collected or authorized, they should direct their written request to

Third parties that are not Synchrogenix employees who could have access to the personal data described herein include individual contractors. The integrity and security of the personal data transferred to these third parties are protected by requirements to train on Synchrogenix privacy and confidentiality policies and/or contractual terms.

In addition, Synchrogenix may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

V. Recourse, Enforcement, and Liability

A. Point of Contact for Complaints or Questions

Individuals have the ability to contact Certara regarding any questions or concerns related to Synchrogenix’s collection or handling of their personal data.

Adebayo Olowoyeye
VP, Corporate IT, Certara
(609) 716-7967

B. Verification Procedures

Certara verifies that it conforms to Privacy Shield principles via the following:

Certara recognizes that it must respond promptly to Department of Commerce inquiries.

C. Consequences of Non-compliance

In conjunction with its certification with the EU Privacy Shield, Certara uses Better Business Bureau (BBB) EU Privacy Shield as its Independent Recourse Mechanism (IRM), and by self-certifying with Privacy Shield, it is subject to the investigatory and enforcement authority of the Federal Trade Commission.

Certara complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from EU member countries. Certara has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification page, please visit

In compliance with the EU-US Privacy Shield Principles, Certara commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact Certara at:

Adebayo Olowoyeye,, who will escalate it to the Incident Response Team (IRT), or directly to

The incident response team consists of membership from Information Technology, Human Resources and Quality Assurance. Suspected and confirmed security breach incidents will be investigated by the team to identify the source of the breach, identify the types of data compromised and determine who will be notified. If a data breach is suspected or confirmed, the team with the Chief Information Officer as the chair will:

Certara has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint.

Under certain limited conditions, individuals may invoke last-resort binding arbitration before the Privacy Shield Panel to be created by the US Department of Commerce and the European Commission.