©2018 BY KLINITRIAL LTD

PRIVACY NOTICE

Klinitrial Ltd is required by law to protect your personal data. This Notice explains how we process (e.g. collect, use, store, and share) your personal data. We will process any personal data about you in accordance with this Notice and applicable law.

 

1. Who are we?

The company responsible for processing your personal data is:

Klinitrial Ltd

Registered address:

Thames House

Bourne End Business Park

Bourne End

Buckinghamshire SL8 5AS

UK

Tel.: +44 (0)20 7078 7333

Company Registration Number: 07528608

You can always contact us at info@klinitrial.com with questions or concerns about how we process your personal data. Please put the phrase "Personal Data" in the title when you email us. We may make a small charge to cover our reasonable costs in dealing with any requests you make.

2. How do we collect personal data about you?

We get your personal data from the following sources:

  • (Client, supplier, CRO, HCO, HCP contacts) from you directly

  • (Client, supplier contacts) From publicly available sources e.g. publications, websites, social media

  • (CRO, HCO, HCP contacts) From our mutual clients

  • (HCP contacts) From your employers or their clients or their clients’ suppliers

3. What personal data do we process about you?

For the purposes described below in Section 4, we may process the following types of personal data:

  • Client contact information (name, title, position, work tasks, department, work address, work telephone number, work email address)

  • Supplier contact information (name, title, position, work tasks, department, work address, work telephone number, work email address)

  • Contract research organisation (CRO) contact information (name, title, position, work tasks, department, work address, work telephone number, work email address)

  • Health care organisation (HCO) contact information (name, title, position, work tasks, department, work address, work telephone number, work email address)

  • Health care professional (HCP) contact information (name, title, position, work tasks, department, work address, work telephone number, work email address)

4. Why do we process your personal data?

We process personal data about you for the following purposes: 

  • (Client contact information) To do business with existing and prospective clients  

  • (Supplier contact information) To do business with existing and prospective suppliers

  • (All contact information) To meet transparency and regulatory obligations

  • (All contact information) To investigate compliance/fraud

  • (Client, CRO and HCO contact information) To coordinate investigator meetings

  • (Client, CRO and HCO contact information) To arrange ophthalmic training and certification visits

  • (HCP contact information) To provide ophthalmic training and certification services, and to maintain a record of such certifications for the duration of any relevant trials

  • (HCP contact information) To respond to questions or requests for information about certifications from HCOs, CROs and our clients

  • (Client, CRO, HCO and HCP contact information) To provide a certification-related archiving service for our clients

  • (Client, CRO, HCO and HCP contact information) For data analysis and planning purposes

 

You are not required to provide us with your personal data. If you do not want Klinitrial Ltd to use your personal data:

  • (Client contacts) We may not be able to conduct business with your employers

  • (Supplier contacts) We may not be able to conduct business with your employers

  • (CRO and HCO contacts) We may not be able to work with you to coordinate investigator meetings or to arrange training and certification visits

  • (HCP contacts) We will not be able to provide you with ophthalmic training and certification services and we will not be able to provide our clients with certification-related storage and archiving services

5. Why are we allowed by law to process your personal data?

Our processing of your personal data requires a legal basis. By law, we are allowed to process your personal data described above in Section 3 based on the following legal bases:

  • We believe our purpose constitutes a legitimate interest - our processing of personal data is necessary for the specific purposes we have identified in section 4. It is a targeted and proportionate way of achieving the purposes. We cannot reasonably achieve the above stated purpose without holding and processing the above data. Our processing is ‘legitimate’ – both ethical and lawful. We also believe our legitimate interest is compelling enough to justify the potential impacts on and risks to individuals (which we believe are negligible) and we further believe that all elements of the processing would be easily understood and within the reasonable expectations of the individuals concerned.

  • The processing may also be necessary for compliance with our transparency and regulatory obligations

6. How do we share your personal data?

We may share your personal data with:

  • Suppliers or vendors that assist our company (e.g., consultants, IT service providers, financial institutions, law firms)

  • (CRO and HCO contacts) Our mutual clients

  • (HCPs) (Your employer’s and) Our mutual clients

  • Public and regulatory authorities

7. When do we transfer your personal data outside the EU/EEA?

For the purposes described above in Section 2, we may transfer your personal data to countries outside the European Economic Area (EEA). The level of data protection in certain countries outside the EEA does not conform to the level of data protection for personal data currently applied and enforced within the EEA. 

We therefore use the following safeguards, as required by law, to protect your personal data in case of such transfers:

  • (Supplier contacts) The transfer is to another of your employer’s group companies

  • (CRO, HCO or HCP contacts) The transfer is to our mutual clients or to your employer’s clients.  

  • The destination countries are deemed by the EU Commission to have an adequate level of protection of personal data

  • The EU-US Privacy Shield Framework for transfers to Privacy Shield-certified and US-based companies and organisations. More information and a list of Privacy Shield-certified companies and organisations are available at https://www.privacyshield.gov/welcome.

8. How long will we keep your personal data?

We will keep your personal data for the following period of time:

  • For as long as we hope to do business with existing and prospective clients

  • For as long as we hope to do business with existing and prospective suppliers

  • For as long as needed to provide our clients with the certification-related processing and archiving services they require (for the duration of any relevant studies and then typically for a further 15 years in archival form)

  • For as long as required by applicable law.

9. What are your rights?

In general, you have the following rights:

  • You can get an overview of what personal data we have about you

  • You can get a copy of your personal data in a structured, commonly used and machine-readable format

  • You can get an update or correction to your personal data

  • You can have your personal data deleted or destroyed

  • You can have us stop or limit processing of your personal data

  • You can submit a complaint about how we process your personal data to a Data Protection Authority.

Under applicable law, there may be limits on these rights depending on the specific circumstances of the processing activity.  Contact us as described in Section 1 with questions or requests relating to these rights.

10. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

11. Changes to our Privacy Policy

We will keep our privacy policy under regular review and we will place any updates on this web page.