When it Comes to Data Protection, Florence’s Commitment to
Personal Data Privacy and Security Goes Above and Beyond

Our Commitment to You

You’re trusting us with a core component of your operations, and Florence takes this seriously. We’re committed to your success in advancing research together: in a compliant, safe, and secure way.

Our operations, practices, policies, and software all align with global data governance and regulatory standards. As a controller, processor, and trusted industry software vendor, Florence has extensive privacy and security controls in place, along with a dedicated data protection team that ensures our data privacy and security standards are at the highest level. At Florence, our Data Protection and Product Development Teams are on top of the evolving landscape to ensure that our software complies with the technical requirements so that your team can focus on the procedural requirements of running clinical research studies in a safe and compliant way.

See more details below including our software compliance and compatibilities with the various regulations, laws, and standards to ensure that every customer and user of our software can adhere to their regional and local regulatory guidance — across 44 countries where our customers have a presence.

FDA Part 11 Compliance Logo
HIPAA Compliance Logo
ICH GCP Complaint Logo
GDPR Compliant Logo
EU Annex 11 Compliant Logo
EU-US Privacy Shield Compliant Logo

Compliance

Florence has done the regulatory heavy lifting as it relates to understanding and interpreting the technical and procedural requirements so that our customers can have time back in their day to focus on research. Florence’s software is compliant and compatible with the technical regulatory body requirements for electronic records and electronic signatures as well as the industry standards for GxP; our Data Protection Teams design compliant software and validate against the requirements with each update. In addition, Florence offers consultation services and clinical research expertise with customers to reframe regulatory compliance from being another study startup burden into an opportunity to strengthen their own personal data protection program. At Florence, we’re here to guide you on training requirements, SOP management, and the administrative hurdles that can be easily missed (e.g., FDA non-repudiation letter before electronically signing Part 11 records).

General Data Protection Regulation (GDPR)

In 2019, Florence was given the opportunity to address this growing demand to support clinical research sites within the European Union (EU); in response, Florence began investing resources to comply with the EU’s General Data Protection Regulation (GDPR) 2016/679, which went into enforcement on 25MAY2018. Florence has not only taken the necessary steps to self-certify compliance with GDPR, it is written into our company’s culture. Florence kicked off GDPR compliance with a dedicated GDPR Taskforce, implemented technical and procedural controls, conducted company-wide training, and continues to monitor the evolving landscape. Despite Privacy Shield revocation, we maintain our self-certification and also stay on top of the current recommendations to ensure the personal data of EU individuals is protected while transferred to Florence as well as once it’s at Florence; for example, our Data Processing Agreements/Addenda (DPA) include the EU Standard Contractual Clauses (SCC) and applicable supplementary measures. For more details on the steps we’ve taken to achieve compliance as well as the steps we continue to take to maintain GDPR compliance, please reach out to us for a copy of our GDPR Compliance Statement using the contact information below.

Data Security

As part of our overall data protection program, data security is a principle and functional area of our organization. Florence protects our customers’ data in several ways: through the use of Amazon Web Services (AWS) as our hosting provider to architect our applications in alignment with ISO, HIPAA, and HITECH compliance requirements, through our incident and response management, through our data encryption and network security standards, through data-level security to meet the requirements of the HIPAA security rule, and through various ongoing policies and procedures to test the validity of our infrastructure, and monitor quality standards.

Data Privacy

At Florence, personal data privacy is of the utmost importance to us. You have the right to know how your information is collected and used. The Florence Privacy Policy was designed to protect your research study data, including any and all individuals whose personal data is handled by Florence; this includes the personal data of our software users, account holders, research team members, and research participants. The Privacy Policy describes our policies and practices regarding the collection, use, disclosure, and processing of your personal information. It also describes your rights and choices regarding your personal information.

If you have any questions related to Florence’s compliance, GDPR practices, data security, data privacy, and/or Privacy Policy, please contact us at .

Data Protection, GDPR, and Compliance Resources