| Record Type | Document |
|---|---|
| Policy | Data Privacy Policy HIPAA Policy |
| Procedure | Privacy Incident and Breach Management Procedure Privacy Operations Procedure |
| Work Instruction | Privacy by Design Principles |
Veeva maintains a privacy program aligned to industry standards and national regulations, such as but not limited to AICPA/CICA’s Generally Accepted Privacy Principles (GAPP), EU-US and Swiss-US Data Privacy Shield, UK’s Information Commissioner’s Office (ICO), German Bundesdatenschutzgesetz (BDSG), European General Data Protection Regulation (GDPR), and privacy regulations by states in the US. Veeva performs internal periodic assessments against GAPP for privacy, and maintains it U.S.-EU Data Privacy Shield in order to transfer and allow access of EU and Swiss personal data from the EU or Switzerland to the United States. Veeva also signs EU Standard Contractual Clauses with its customers who act as Data Controllers and Exporters. Veeva maintains privacy policies and procedures, a training awareness program, and performs ongoing monitoring. Veeva complies with the EU Data Protection Directive 95/46/ EC and its replacement from May 25, 2018, the GDPR, Regulation (EU) 2016/679. Veeva has a dedicated Chief Privacy Officer (CPO) who resides in the EU and reports to Veeva’s General Counsel and ultimately the Board of Directors. The CPO measures the privacy program and ensures compliance with global privacy requirements for Veeva’s products and internal business processes.