Privacy Policy

Home » Privacy Policy

Introduction

SIRO Clinpharm (also referred to as “SIRO”, “Company”, “we” or “our”) is a Clinical Research organization (“CRO”) that performs biostatistics, data management, medical writing, clinical operations and clinical pharmacology in support of specific medical or pharmaceutical research studies.

This Policy applies to all personal data of Individuals, either in electronic or paper format, received by SIRO including personal data of Company staff, consumers, healthcare professionals, subjects, medical research subjects, clinical investigators, customers, suppliers, vendors and business partners.

For the purpose of this policy, “Personal Data” means any information relating to an identified or identifiable natural person (or, to the extent that Data Privacy Laws apply to information about legal persons, an identified or identifiable legal person) or as otherwise defined in Data Privacy Laws.

This Privacy Policy describes how SIRO collects, uses and discloses information, and what choices you have with respect to the information.

Services

It is SIRO’s policy to respect your privacy regarding any information we may collect while providing the services.

This Privacy Policy applies when you use our Services.

SIRO operates a suite of web based applications (EDC, CTMS, IWRS, eDiary, etc.) collective called SIRO applications. All such products, applications, websites are collectively called “Services”.

Data Controller and Data Processor

We process three main types of personal data.

Sponsor Data – “Sponsor” is a third party entity in the development, manufacturing, marketing, and sale of pharmaceutical products and/or financing or organizing the clinical trial. Sponsor data is personal data that is provided by Sponsors or collected on behalf of the Sponsors. Examples include Sponsor’s employee names, email addresses and other personal data collected of these Sponsors.

Clinical Trial Data – SIRO carries out Clinical Trial on behalf of our Sponsors and collects subject data and all clinical trial related data.

Other Data – Personal data about our website visitors and other individuals that is collected and processed directly by us.

Sponsors are “the Data Controller” of Sponsor Data and the Clinical Trial Data and SIRO is the “Data Processor” of these data. For the “Other Data”, SIRO is the Data Controller.

Domains and Websites for this Policy

For the purposes of this Policy, the term, “Websites”, shall refer collectively to www.siroclinpharm.com as well as the other websites that the SIRO Group operates and that link to this Policy.

Information We Collect

Sponsor Data

As Sponsors, you provide data to us for processing as part of usage of our SIRO applications.

Sponsor Data may be processed by us as a result of customer’s use of the Services when our customers, or their end-users, input or upload information into the Service. For example, customers who use our SIRO application may upload Sponsor Data about themselves or their employees.

This data includes name, email address, phone number, landline number, job title for your employees. We collect billing details for invoice purposes.

Clinical Trial Data

As a Clinical Research Organization (CRO), we collect and analyse personal data, including sensitive health data and relating to subjects on behalf of our Sponsors. This information will only be collected if you consent to studies managed by SIRO via the Informed Consent Form (ICF). You have a choice at any time, before, during, or after the study to discontinue such consent via written notice. Your health related data is used only for the specific study and to carry out analytics for that study only. It is not used for any other purposes or combined with other studies.

In compliance with GCP, data subjects’ names and other personal identifiers are not associated to the personal data collected. We tag each record with internally generated identification code. Only CRA have access to the underlying subject name and identifiers and that only at the sites.

Date of Birth is collected in certain studies that are primarily based on age and on client instructions, and according to local regulatory requirements. You may choose to not provide this information.

Other Data

We collect data when you support us in clinical trials, use our websites or request to be contacted.

Health Professional Information – analyzes the professional profiles of doctors and other health care providers for the purpose of identifying potential investigators to assist in clinical and medical research.

We use available contact information, including email addresses, including applicable licenses and certifications, publications, resumes, and educational background, for the purpose of inviting potential investigators to apply to participate in research. SIRO maintains a database of Health Professionals built from public sources and from business references.

Log Data – Our servers automatically collect information when you access or use our applications and services. This data is recorded in log files. Examples of such data include IP Address.
Mobile Application – When you download and use our Services, we automatically collect information on the type of device you use, UUID, and operating system version.

Subscription Data – You provide personal data to us as part of signing up for our newsletter on our websites. We may also collect personal information from you when you use interactive features of the Websites, downloading resources, whitepapers, promotions, requesting customer support, or otherwise communicating with us.

Contact Us Data – When you enquire about our products and services, we collect and store this data to communicate with you and respond to your enquiry. This also includes queries that you send to us relating to conferences, RFP and other general enquiries.

Data from Others

SIRO may receive your data from sources other than from you, such as Public Directory, Seminar Attendee lists and other public sources as part of our marketing / promotion activities.

Cookies

We collect data through cookies SIRO uses cookies to help SIRO identify and track visitors, their usage of SIRO website, and their website access preferences. SIRO visitors can control cookies through your browser settings. For more details about how we use these technologies, please see our Cookie Policy.

How We Use Your Data

Lawful bases for processing

We have lawful bases to process your personal data.

We also use your consent as bases for lawfully processing your personal data.

  • We process your personal data only when we have a lawful basis. Presently, we use the Performance of Contract (i.e. to deliver the services to our customers) and consent as the lawful basis for processing. For certain processing, we may also use legitimate interests as provided under the Data Protection Regulations.
  • In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
  • For clinical studies, we collect necessary informed consents of study subjects on behalf of our Sponsors.
  • Where you have consented to a particular processing, you have a right to withdraw the consent at any time.

How we use Sponsor Data

We will retain your personal information for as long as is needed to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

Sponsor Data – We retain your information for as long as you have active Services. We may also retain your personal information for extended period under applicable statutory laws.

SIRO will retain Sponsor Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and as required by applicable law. When you decide to discontinue our services, we delete all personal information as per your contractual instructions.

However, certain computer records or files containing Confidential Information which have been created pursuant to automatic archiving or back-up procedures cannot reasonably be deleted. In such cases, we will not access or use any such records or files following the date on which it would have otherwise returned or deleted.

Clinical Trial Data – SIRO retains clinical trial data in accordance with contractual, legal and regulatory requirements. Sponsor contracts also determine how long we retain this data, both during the study and after the study is completed.

Other Data – We retain your information for as long as necessary for the purposes that we have described in this privacy policy

SIRO may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy

How we use Clinical Trial data

We may send you service related messages or marketing / promotional materials. You may choose to restrict the collection or use of your personal information

We will update you with improvements in our services, new features and from time to time also carry out direct marketing of our products and services. Direct marketing is carried out only if you consent to receiving such communications from us.

Users under 16 years of age

The Sites and Services do not knowingly collect personal information from users under the age of 16 If you are under the age of 16, you are not permitted to use the Sites and Services or to disclose Personal Information unless a consent is provided by a Legally Acceptable Representative (LAR).

Data Retention Policy

Such data will be used by SIRO in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and as required by applicable law. SIRO is a processor of Sponsor Data and Customer is the controller.

We only process Sponsor Data on behalf of our customers and in accordance with their instructions provided in the applicable Services agreement with us. We use the data that we have about you to provide our services and provide support to you. In each case, SIRO collects such information only in so far as is necessary or appropriate to fulfil the purpose of the interaction with our services.

  • To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services and our Services offerings. These communications are considered part of the Services and you may not opt out of them.
  • For any other purpose as provided for in the Services Agreement between us and the customer, or as otherwise authorized by the customer.

Your Rights

You can request to access, update or correct your personal information. You also have the right to object to direct marketing.

You may have additional rights pursuant to your local law applicable to the processing. For example, if the processing of your personal information is subject to the EU General Data Protection Regulation (“GDPR”), and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation. Under GDPR you may also have the right to request to have your personal information deleted or restricted and ask for portability of your personal information.

Your Rights to Control Data

Whenever you use our services, we aim to provide you easy means to access, modify, delete, object to or restrict use of your personal information.

We strive to give you ways to access, update/modify your data quickly or to delete it unless we have to keep that information for legal purposes. Some rights can be access from within the SIRO application. For visitors, these rights can be exercised by contacting us with your specific request.

  • Change or Correct Data: You can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
  • Delete Data: You can ask us to erase or delete all or some of your personal data (e.g. if it is no longer necessary to provide Services to you).
  • Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g. if we have no legal right to keep using it) or to limit our use of it (e.g. if your personal data is inaccurate or unlawfully held).
  • Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.
  • Study subjects must contact their investigator at their study site, who will be able to make the necessary link to subject identity.

Data Controller and Data Processor

We process three main types of personal data.

Sponsor Data – “Sponsor” is a third party entity in the development, manufacturing, marketing, and sale of pharmaceutical products and/or financing or organizing the clinical trial. Sponsor data is personal data that is provided by Sponsors or collected on behalf of the Sponsors. Examples include Sponsor’s employee names, email addresses and other personal data collected of these Sponsors.

Clinical Trial Data – SIRO carries out Clinical Trial on behalf of our Sponsors and collects subject data and all clinical trial related data.

Other Data – Personal data about our website visitors and other individuals that is collected and processed directly by us.

Sponsors are “the Data Controller” of Sponsor Data and the Clinical Trial Data and SIRO is the “Data Processor” of these data. For the “Other Data”, SIRO is the Data Controller.

Your information shared with others

Recipients of your data

Your data will be shared with other recipients in order to provide you or our Sponsors with services.

While we aim to limit the sharing of your data, at times, it is necessary to share your data with certain service providers. Examples of when and for what purpose your data is shared include data center / hosting services, email marketing services, etc.

The following categories of recipient will most likely receive your data in order for us to provide services to you.

  • Third Party Data Center Services
  • Third party vendor applications
  • SharePoint/Office 365 – Email exchange, OneDrive where research data is stored

To Comply with Laws. – If we receive a request for information, we may disclose if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.

Cross-Border Data Transfers

Your data will be stored and processed in multiple countries including outside of the European Union (EU) Region

Since we are an international company, your data will be processed outside of the EU region. Your data will be processed within Third Party Data Centers / Hosting services in USA and other countries. In certain circumstances, sponsor data and clinical trial data will be hosted within vendor platforms located on the cloud in USA. Some countries where we process data may not have as protective laws as your own country and there are risks associated with such transfer.

SIRO offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Sponsor Data. These clauses are contractual commitments between parties transferring personal data (for example, between SIRO and its Clients, suppliers or data processors outside the EU), binding them to protect the privacy and security of the data.

Security Measures to Protect your Data

Security Measures

We implement security controls to prevent breaches and unauthorised access to your data.

We maintain reasonable and appropriate security measures to protect sensitive clinical data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

Examples of security measures include physical access controls, HTTPS, restricted access to data, monitoring for threats and vulnerabilities etc.

We also subject our services to internationally recognised certification and attestation standards. Details about our security measures are given below.

  • Protect the confidentiality, integrity, and availability of Personal Data in Siro’s possession or control or to which Siro has access
  • Protect against any anticipated threats or hazards to the confidentiality, integrity, and availability of Personal Data
  • Protect against unauthorized or unlawful access, use, disclosure, alteration, or destruction of Personal Data
  • Protect against accidental Joss or destruction of, or damage to, Personal Data

Protection of personal information

You can contact us about this privacy policy or use of our services.

If you have questions or complaints regarding this Policy, you may contact us through email at dataprivacy@siroclinpharm.com or through phone at 91-22-6108 8000. You may contact us at our mailing address below:
SIRO Clinpharm Pvt. Ltd
Mumbai, India

If you are a resident of the European Economic Area and we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you have additional rights. If you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.

Other Information

Contact Information

You can contact us about this privacy policy or use of our services.

If you have questions or complaints regarding this Policy, you may contact us through email at dataprivacy@siroclinpharm.com or through phone at 91-22-6108 8000. You may contact us at our mailing address below:
SIRO Clinpharm Pvt. Ltd
Mumbai, India

If you are a resident of the European Economic Area and we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you have additional rights. If you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.

Privacy policy change

SIRO may change this Privacy Policy from time to time, at our sole discretion.

SIRO encourages visitors and customers to frequently check this page for any changes to its Privacy Policy. We will notify you of material changes in advance by email or by notice when you log in to the Sites and Services or both. You confirm that your continued use of our services after any change in this Privacy Policy will constitute your acceptance of such changes and agree to be subject to the revised privacy policy.