SIRO Clinpharm UK Limited - Privacy Policy

1. PURPOSE

The purpose of this document is to describe Privacy Policy that SIRO Clinpharm UK Limited (hereinafter referred to as “SIRO”/ “we”/ “our”/ “us”) adapts to and accordingly publish on its official website.

This Policy explains how SIRO collects, uses and discloses data and also describes the choices a website visitor would have with respect to their data.

2. SCOPE

This Policy applies to all of your Personal Data, either in electronic or paper format, received by SIRO, including Personal Data of SIRO employees, staff, consumers, healthcare professionals, study subjects, medical research subjects, clinical investigators, customers, suppliers, vendors and business partners.

3. DEFINITIONS
Privacy PolicyA policy that will be published on the official SIRO's website as Internet Privacy Policy. Hereinafter referred to as“Policy” in this Privacy Policy for SIRO's official website.
WebsiteFor the purposes of this Policy, the term, “Website”, shall refer to www.siroclinpharm.co.uk or any other websites that the SIRO group operates and that may link to this Policy.
Website Visitor/External UserA website visitor or external user shall mean any individual user, a sponsor, a vendor, any SIRO employee, healthcare professionals, study subjects, clinical investigators, suppliers, vendors and business partners or any person visiting the Website. A website visitor hereinafter shall be referred to as “you”/ “your” in this Policy.
Data SubjectA data subject is the individual the personal data relates to.
Personal dataAny information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
ServicesThis Policy applies when you use our services. SIRO operates inter-alia a suite of medical writing services (regulatory medical writing, clinical trial transparency & disclosure, scientific publications & medical communications, health economics & real-world evidence solutions, drug safety & risk management, patient narratives, plain language summaries etc.) collectively called as SIRO medical writing services. All such products, applications, platforms, services collectively called “Services”.
ProcessingAny operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
ProcessorA natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the controller.
ControllerThe natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Sensitive Personal DataSensitive Personal Data shall mean personal data about an individual's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceeding. SIRO does not accept, store, process or transmit any sensitive personal data; however, if required for legitimate purpose, it is done in anonymized manner.
4. DATA CONTROLLER AND DATA PROCESSOR

SIRO processes three main types of Personal Data.

  1. Sponsor Data and Website Visitors' Data: “Sponsor” is a third-party entity in the development, manufacturing, marketing, and sale of pharmaceutical products and/or financing or organizing the clinical trial. Your data is personal to you that is provided by you or collected on behalf of you. Examples include sponsors employees names, email addresses, contact information, data subjects' information, consent forms, protocol information, personal information, instructions and other Personal Data collected from these sponsors.
  2. Clinical Study Subjects or Trial Data: SIRO may carry out clinical trials on behalf of its sponsors and collects study subjects' and/ or trial data thereby or receive the same from its sponsors for performing the Services as defined hereinabove.
  3. Other Data: Personal Data about you and other individuals who visit the Website is collected and processed directly by us.

Sponsors are the “Data Controller” of sponsor data, and the Clinical Study Subjects or Trial Data and SIRO is the “Data Processor” of these data. For the “Other Data”, SIRO may be construed as the “Data Controller”.

5. DATA COLLECTED BY SIRO
5.1Sponsor Data or Website Visitors Data:

Sponsor data or Website Visitors' data may be processed by SIRO as a result of sponsors' use of the Services when sponsors's, or their end-users, input or upload information into the Services. For example, sponsors who uses SIRO's application or Services may upload their data about themselves or their employees. Website Visitors also share their data while surfing the Website. This data might include name, email address, phone number, landline number, job title, employee details etc. SIRO also collects billing details for invoice purposes.

5.2Clinical Trial Data
  • As a service provider, SIRO collects and analyses Personal Data, including sensitive health data, clinical trial reports, relating to subjects on behalf of sponsors and/or visitors. You have a choice at any time, before, during, or after the study to discontinue such consent via written notice.
  • All health-related data collected will be used to carry out the Services. Your data shall not be used for any other purposes or combined with any other services. In compliance with good clinical practices, Data Subjects' names and other personal identifiers are not associated to the Personal Data collected. Each record is tagged with internally generated identification code.
  • Date of Birth is collected in certain cases that are primarily based on age and on sponsors instructions and according to local regulatory requirements. You may choose not to provide this information.
5.3Other Data

SIRO collects your data when a sponsor or team members of the sponsor wish to avail our Services, upload the data of participants in the clinical trials, supports us in our clinical trials, uses our Websites or requests to be contacted.

  • Health Professional Data: We analyze the professional profiles of doctors and other healthcare providers for the purpose of identifying potential investigators to assist in clinical and medical research.
  • SIRO uses available contact information, including email addresses, including applicable licenses and certifications, publications, resumes, and educational background, for the purpose of inviting potential investigators to apply to participate in research. We maintain a database of health professionals built from public sources and from business references.
  • Log Data: Our servers automatically collect information when you access or use our applications and Services. This data is recorded in log files. Examples of such data include IP Address.
  • Mobile Application: When you download and use our Services, we automatically collect information on the type of device used along with the operating system version.
  • Subscription Data: You may provide the Personal Data to us as part of signing up for newsletters on the Websites. We may also collect personal information when you use interactive features of the website, downloading resources, whitepapers, promotions, requests for customer support, or otherwise communicating with us.
  • Contact Us Data: When you enquire about our products and Services, we collect and stores this data to communicate and respond to your enquiry. This also includes queries that you send to us relating to conferences, RFP and any other general enquiries.
5.4Data from Others

SIRO may receive your data from the sources, such as public directory, seminar attendee lists and other public sources as part of our marketing / promotional activities.

5.5Cookies

In operating this site, we may use a technology called "cookies”. A cookie is a piece of information that the computer that hosts our site gives to your computer (actually to your browser) when you access a Website. We use cookies to:

  • Understand and save user's preferences for future visits. For instance, our site may set a cookie on your browser that eliminates any need for you to remember the URL.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.

We may also use trusted third-party services that tracks this information on our behalf. In all cases in which we use cookies, we will not collect Personal Data through the use of such technology except for the collection of the data mentioned above.

  • You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Site's features.
6. DATA PROCESSING
6.1We lawfully process your Personal Data. We also use your consent as bases for lawfully processing Personal Data.
  • Presently, SIRO uses the Performance of Contract (i.e. to deliver the Services to customers) and consent as the lawful basis for processing. For certain processing, SIRO may also use legitimate interests as provided under the Data Protection Regulations.
  • In some cases, SIRO may have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of a person.
  • For clinical studies, we collect necessary informed consents of study subjects on behalf of our sponsors.
  • If you have consented to a particular processing, then you have a right to withdraw the consent at any time.
6.2How sponsor data is processed

All sponsor data shall be used by us in accordance with sponsors instructions, including any applicable terms in the sponsor agreements and as required by applicable law. SIRO is a Processor of sponsor data and sponsor is the Controller here.

We shall only process sponsor data on behalf of sponsors and in accordance with their instructions provided in the applicable agreement with us. The collected data is used to provide Services and provide support to sponsors and you. In each case, we collect such information only to the extend to fulfil the purposes of the Services.

  • We may send you Service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform about the changes in Services and our offerings. These communications are considered as a part of the Services and you may choose to opt out.
  • For any other purpose as provided for in the applicable agreements between SIRO and the sponsors, or as otherwise authorized by the respective sponsors.
6.3How Clinical Trial data is processed

Clinical trial data is processed for research and analytics purposes in accordance with sponsors instructions as a part of performance of contract with relevant sponsor. Based on the contractual arrangements, sponsor is the Data Controller since they ultimately direct us the process to conduct the study. SIRO acts as the Processor to execute their instructions. Below are some of the ways in which data is used:

  • Summarising and entering them in EDC / CTMS / IWRS applications.
  • Sharing the results of the studies with our sponsors.
  • Performing aggregated data analytics and sharing the summary reports with our sponsors.
  • Medical Writing Services.
6.4How Other data is processed

Service-related messages or marketing / promotional materials are being sent to you. You may choose to restrict the collection or use of your personal information.

We provide updates on the improvements in our Services, new features and from time to time also carry out direct marketing of our products and Services. Direct marketing is carried out only if you consent to receiving such communications.

6.5Our Website and Services intentionally do not collect personalinformation from users under the age of 16.
7. DATA RETENTION

SIRO may retain your Personal Data to fulfil the purposes as outlined in this Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

  • Sponsor Data: We retain your data for performance of an active service or further your data may be retained for an extended period under a statutory requirement. SIRO will retain sponsor data in accordance with their instructions, including any applicable terms in the agreement and/or as required by applicable law. When sponsor decides to discontinue the Services, as per their instructions we process and delete data.

However, certain computer records or files containing confidential and proprietary information which have been created pursuant to automatic archiving or back-up procedures cannot reasonably be deleted. In such cases, SIRO shall not access or use any such records or files following the date on which it would have otherwise returned or deleted.

  • Clinical Trial Data and Medical Writing Services: SIRO retains clinical trial data and Services related data in accordance with contractual, legal and regulatory requirements. Agreements with sponsors also determine the term for data retention, both during the study and after the study is completed.
  • Other Data: SIRO may retain other data pertaining to you for as long as necessary for the purposes described in this Policy.
8. USERS RIGHTS
9. USERS RIGHTS TO CONTROL DATA

Whenever our Services are availed by you, the aim is to provide easy means to access, modify, delete, object or restrict use of your Personal Data.

  • 9.1 We strive to give ways to access,update/modify your data quickly or to delete it unless it has to be maintained for legal purposes. You can exercise these rights by contacting us with a specific request such as:
  • Change or Correct Data: Your Personal Data can be edited, changed, updated or fixed through your account if it is inaccurate.
  • Delete Data: Request to delete or erase your Personal Data can be asked by the user (e.g. if it is no longer necessary to provide Services).
  • Object or Limit or Restrict the Use of Data: You can request to stop using all or some of your Personal Data (e.g. if SIRO has no legal right to keep using it) or to limit use of it (e.g. if Personal Data is inaccurate or unlawfully held).
  • Right to Access and/or Take Data: You can ask for access to the copy(ies) of your Personal Data which can be provided in machine readable form.
  • 9.2 Clinical trials related study subjects must contact their investigators at their study site, who will be able to make the necessary link to subject identity.
10. TRANSFER OF USER DATA

10.1 Recipients of your data:

While we aim to limit sharing of your data, at times, it is necessary to share data with certain third-party service providers.

The following categories of recipient will most likely receive your data in order to provide:

  • Third Party Data Center Services;
  • Third party vendor applications;
  • SharePoint/Office 365-Email exchange, OneDrive where research data is stored.

10.2 Compliance with Law: If we receive a request for data, we may disclose if we reasonably believe that such disclosure is in accordance with or required by any applicable law, regulation or legal process.

10.3 Cross-Border Data Transfers: Your data may be stored and processed in multiple countries including outside of the European Union (EU) and UK region, if required.

Since SIRO is an international company, your data may be processed outside of the EU and UK region, if required. Your data shall be processed within Third Party Data Centers / Hosting services in other countries. In certain circumstances, sponsor data and clinical trial data may be hosted on vendor platforms located on the cloud in other territories. Some countries where SIRO processes data, may not have as protective laws as your own country and there are risks associated with such transfer.

SIRO offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for sponsors that operate in the European Union and UK region, and other international transfers of sponsor data. These clauses are contractual commitments between parties transferring Personal Data (for example, between SIRO and sponsors, suppliers or data processors outside the EU/ UK region), binding them to protect the privacy and security of your data.

11. SECURITY MEASURES TO PROTECT DATA
11.1 Security Measures:

SIRO implements security controls to prevent breaches and unauthorized access to your data. Reasonable and appropriate security measures are maintained by us to protect sensitive clinical data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.


Examples of security measures include physical access controls, HTTPS, restricted access to data, monitoring for threats and vulnerabilities etc.


SIRO Services are subject to internationally recognized certification and attestation standards.


Details about security measures are given below:

  • Protect the confidentiality, integrity, and availability of Personal Data in SIRO's possession or control or to which we have access.
  • Protect against any anticipated threats or hazards to the confidentiality, integrity, and availability of your Personal Data.
  • Protect against unauthorized or unlawful access, use, disclosure, alteration, or destruction of your Personal Data.
  • Protect against accidental loss or destruction of, or damage to your Personal Data.

11.2 Protection of Personal Data

Our sites and Services use commercial efforts to maintain safeguards for protection of your Personal Data. SIRO takes all reasonable and necessary measures to protect against the unauthorized access, use, alteration or destruction of your potential personally identifiable information.

12. SECURITY MEASURES TO PROTECT DATA
12.1 Security Measures:

You can contact us about this policy or use of our Services, in case you have questions or complaints regarding this Policy at:

  • Email at dataprivacy@siroclinpharm.com
  • Postal address at SIRO Clinpharm UK Limited, 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, W1T 6EB.

12.2 President of the European Economic Area and UK regionwhose data is maintained by us within the scope of the General Data Protection Regulation (GDPR), then you may have additional rights. If you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.

13. CHANGES TO POLICY ON THE WEBSITE

SIRO reserves the right to change this Policy at any time, at our sole discretion.

We encourage you to frequently check our Website for any changes to the Policy. We shall notify of any material changes in advance by email or by notice when you log into the website.

Confirmation by you and continued use of Services after any change in this Policy will constitute as an acceptance of such changes.

The Policy was last reviewed/updated on 14 October 2024.