At Privacy for Clinical Trials, privacy is what we do. Because of our focus on privacy, we take the protection of personally identifiable information (“Personal Data”) very seriously.
In the course of operating our business, we process Personal Data in a variety of ways. This Privacy Policy (the “Policy”) addresses the individuals (“Data Subjects”) whose Personal Data we process in the course of providing our “Services,” which include the following “Professional Services”:
This Policy does not apply to Personal Data we collect about team members and applicants during employment or the application process, respectively, as described by our HR Privacy Policy.
This Policy does not apply to Personal Data we collect about visitors to our websites, or in the context of our sales and marketing initiatives, as described by our Sales, Marketing, & Outreach Privacy Policy.
This Policy does not apply to information that is not Personal Data. Personal Data is information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual.
This Policy covers Privacy for Clinical Trials as commercial name for Paula Pérez Sanjuán.
Generally, when providing Professional Services, such as consulting services, Privacy for Clinical Trials acts as a data controller for the Personal Data we process. This means that Privacy for Clinical Trials determines the type of Personal Data that clients collect and provide to us to process on their behalf.
When providing certain Professional Services, Privacy for Clinical Trials acts as a data processor for the Personal Data we process for our clients. This means that those clients determine the type of Personal Data that they provide to us to process on their behalf. We typically have no direct relationship with the individuals whose Personal Data we receive from our clients (generally, employee data) when we act as a data processor.
In the context of certain Professional Services, such as data representative services, Privacy for Clinical Trials is neither a data controller nor a data processor.
Depending upon the context, we process your Personal Data on the basis of:
Where we receive your Personal Data as part of providing our Services to you based on a contract, we require certain Personal Data in order to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.
We may collect or otherwise receive your Personal Data when:
We may process the following categories of Personal Data:
We may process your Personal Data for the purposes of:
When we act as a data controller, we only retain Personal Data for as long as necessary to fulfill the purposes of processing or as long as required by applicable law, whichever is longer.
When we act as a data processor, we retain Personal Data for as long as instructed by the respective client (who typically acts as a data controller). We delete the Personal Data submitted to us within six months of the end of our service agreement with the client unless applicable laws require otherwise.
We may share Personal Data with our service providers, who process Personal Data on our behalf, and who agree to use the Personal Data only to assist us in providing our Services or as required by law. Our service providers provide:
Some of these third parties may be located outside of the European Union, the European Economic Area (EEA), United Kingdom or Switzerland. However, before transferring your Personal Data to these third parties, we will require the third party to maintain at least the same level of privacy and security for your Personal Data that we do. We remain liable for the protection of your Personal Data, except to the extent that we are not responsible for the event that leads to any unauthorized or improper processing.
We may disclose your Personal Data to the extent required by law or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by government or law enforcement officials or private parties, including to meet national security or law enforcement requirements). We may also disclose your Personal Data if we sell or transfer all or some of our company's business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.
A “cookie” is a small file stored on your device that contains information about your device. We may use cookies to provide some of our Applications' functionality, authentication, usage analytics (web analytics), and to remember your settings, and generally improve our Applications.
We use session and persistent cookies. Session cookies are deleted when you close your browser. Persistent cookies may remain even after you close your browser. Other parties, such as Google, may also set their own (third-party) cookies. Please refer to the policies of these third parties to learn more about the way in which they collect and process information about you.
For more information about the cookies we use, please refer to our Cookie Policy, which forms a part of this Policy.
We have implemented and will maintain technical, administrative, and physical security measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction. We have also implemented solutions to prevent accidental loss and mitigate unavailability of relevant information systems used to process Personal Data.
If we process your or your child's Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability with respect to such Personal Data.
If we have received your Personal Data in reliance on our client's, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties.
You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you subsequently authorized.
Requests should be sent directly to the client who provided your Personal Data to us. Privacy for Clinical Trials has limited rights to access Personal Data our clients submit to us. Therefore, if you contact us with such a request, please provide the name of the Privacy for Clinical Trials client who submitted your Personal Data to us. We will forward your request to that client and provide any needed assistance as they respond to your request.
The Services are not directed at, or intended for use by, children under the age of 14. To the extent that we process any Personal Data about children under the age of 14, we do so according to the documented instructions of our client, who typically acts as a data controller, or in order to comply with applicable law.
Where a privacy complaint or dispute cannot be resolved through Privacy for Clinical Trials’s internal process, in compliance with applicable regulations, Privacy for Clinical Trials, LLC commits to cooperate and comply respectively with the advice of the panel established by the Spanish data protection authorities (DPAs) with regard to unresolved complaints concerning our handling of personal data received.
If your dispute or complaint can't be resolved by us, Privacy for Clinical Trials is submitted to Madrid courts.
If you are a Data Subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Economic Area member states.
If we make any material change to this Policy, we will post the revised Policy to this web page. We will also update the “effective on” date. By continuing to use our Services after we post any of these changes, you accept the modified Policy.
If you have any questions about this Policy or our processing of your Personal Data, you can reach us at: contactdpo@privacyct.com. We will respond to legitimate inquiries within 30 days of receipt.