This Policy explains how SIRO collects, uses and discloses data and also describes the choices a website visitor would have with respect to their data.
|Website||For the purposes of this Policy, the term, “Website”, shall refer to www.siroclinpharm.com or any other websites that the SIRO Group operates and that may link to this Policy.|
|Website Visitor/External User||A website visitor or external user shall mean any individual user, a Sponsor, a Vendor, any SIRO employee, healthcare professionals, study subjects, clinical investigators, suppliers, vendors and business partners or any person visiting the Website. A website visitor hereinafter shall be referred as “you/your” in this Policy|
|Data Subject||Data subject shall mean any individual in relation to which SIRO is holding data.|
|Personal data||Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;|
|Services||This Policy applies when you use our services. SIRO operates a suite of web-based applications (EDC, CTMS, IWRS, e-Diary, etc.) collectively called as SIRO applications. All such products, applications, websites are collectively called “Services”.|
|Processing||Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;|
|Processor||A natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the controller;|
|Controller||The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;|
|Sensitive Personal Data||Sensitive Personal Data shall mean personal data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceeding. SIRO does not accept, store, process or transmit any sensitive personal data: however, if required for legitimate purpose, it is done in anonymized manner;|
4. Data Controller and Data Processor
SIRO processes three main types of Personal Data.
- Sponsor Data: “Sponsor” is a third-party entity in the development, manufacturing, marketing, and sale of pharmaceutical products and/or financing or organizing the clinical trial. Sponsor data is personal data that is provided by Sponsors or collected on behalf of the Sponsors. Examples include Sponsor’s employee names, email addresses and other personal data collected of these Sponsors.
- Clinical Trial Data: SIRO carries out Clinical Trial on behalf of Sponsors and collects subject data and all clinical trial related data
- Other Data: Personal data about you and other individuals who visit the Website is collected and processed directly by us.
Sponsors are “the Data Controller” of Sponsor Data and the Clinical Trial Data and SIRO is the “Data Processor” of these data. For the “Other Data”, SIRO is the Data Controller.
5. Data Collected by SIRO
5.1 Sponsor Data:
5.2 Clinical Trial Data
- As a Clinical Research Organization (CRO), SIRO collects and analyses personal data, including sensitive health data relating to subjects on behalf of Sponsors. This information will only be collected if you consent to studies managed by SIRO via the Informed Consent Form (ICF). You have a choice at any time, before, during, or after the study to discontinue such consent via written notice.
- All health-related data is used only for the specific study and to carry out analytics for that study only. Your data shall not be used for any other purposes or combined with any other studies. In compliance with Good Clinical Practices, data subjects’ names and other personal identifiers are not associated to the personal data collected. Each record is tagged with internally generated identification code. Only a Clinical Research Associate has access to the underlying subject name and identifiers only at the sites.
- Date of Birth is collected in certain studies that are primarily based on age and on Sponsors instructions and according to local regulatory requirements. You may choose not to provide this information.
5.3 Other Data
SIRO collects your data when a user supports us in our clinical trials, uses our websites or requests to be contacted.
- Health Professional Data: We analyze the professional profiles of doctors and other health care providers for the purpose of identifying potential investigators to assist in clinical and medical research.
- SIRO uses available contact information, including email addresses, including applicable licenses and certifications, publications, resumes, and educational background, for the purpose of inviting potential investigators to apply to participate in research. We maintain a database of health professionals built from public sources and from business references.
- Log Data: Our servers automatically collect information when you access or use our applications and services. This data is recorded in log files. Examples of such data include IP Address.
- Mobile Application: When a you download and use our Services, we automatically collect information on the type of device used along with the operating system version.
- Subscription Data: You may provide personal data to us as part of signing up for newsletters on the websites. We may also collect personal information when you use interactive features of the website, downloading resources, whitepapers, promotions, requests for customer support, or otherwise communicating with us.
- Contact Us Data: When you enquires about our products and services, we collect and stores this data to communicate and respond to your enquiry. This also includes queries that you send to us relating to conferences, RFP and any other general enquiries.
5.4 Data from Others
- Understand and save user’s preferences for future visits. For instance, our site may set a cookie on your browser that eliminates any need for you to remember the URL
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Site’s features.
6. Data Processing
6.1 We lawfully process your Personal Data. We also use your consent as bases for lawfully processing Personal Data.
- Presently, SIRO uses the Performance of Contract (i.e. to deliver the services to customers) and consent as the lawful basis for processing. For certain processing, SIRO may also use legitimate interests as provided under the Data Protection Regulations.
- In some cases, SIRO may have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of a person.
- For clinical studies, we collect necessary informed consents of study subjects on behalf of our Sponsors.
- If you have consented to a particular processing, then you have a right to withdraw the consent at any time.
6.2 How Sponsor Data is processed
All Sponsor data shall be used by us in accordance with Sponsor’s instructions, including any applicable terms in the Sponsor Agreement and as required by applicable law. SIRO is a Processor of Sponsor Data and Sponsor is the Controller.
We shall only process Sponsor Data on behalf of Sponsor and in accordance with their instructions provided in the applicable Agreement with us. The collected data is used to provide services and provide support to Sponsor and you. In each case, we collect such information only to the extend to fulfil the purposes of the services.
- We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform about changes in services and offerings. These communications are considered as a part of the services and you may choose to opt out.
- For any other purpose as provided for in the Services Agreement between SIRO and the Sponsor, or as otherwise authorized by the Sponsor;
6.3 How Clinical Trial data is processed
Clinical trial data is processed for research and analytics purposes in accordance with Sponsor instructions as a part of performance of contract with Sponsors. Based on the contractual arrangements, Sponsor is the Data Controller since they ultimately direct us the process to conduct the study. SIRO acts as the processor to execute their instructions. Below are some of the ways in which data is used:
- Summarising and entering them in EDC / CTMS / IWRS applications.
- Sharing the results of the studies with our Sponsors.
- Performing aggregated data analytics and sharing the summary reports with our Sponsors.
- Medical Writing.
6.4 How Other data is processed
Service-related messages or marketing / promotional materials are sent to you. You may choose to restrict the collection or use of your personal information.
We provide updates on the improvements in our services, new features and from time to time also carry out direct marketing of our products and services. Direct marketing is carried out only if you consent to receiving such communications.
6.5 Our website and services intentionally don’t collect personal information from users under the age of 16.
7. Data Retention
SIRO retains your personal data to fulfil the purposes as outlined in this Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).
- Sponsor Data: We retain your data for performance of an active Service or further your data may be retained for an extended period under a statutory requirement. SIRO will retain Sponsor Data in accordance with their instructions, including any applicable terms in the Agreement and/or as required by applicable law. When Sponsor decides to discontinue the services, as per their instructions we process and delete data.
However, certain computer records or files containing Confidential Information which have been created pursuant to automatic archiving or back-up procedures cannot reasonably be deleted. In such cases, SIRO shall not access or use any such records or files following the date on which it would have otherwise returned or deleted.
- Clinical Trial Data: SIRO retains clinical trial data in accordance with contractual, legal and regulatory requirements. Agreements with Sponsors also determine the term for data retention, both during the study and after the study is completed.
- Other Data: SIRO may retain other data pertaining to you for as long as necessary for the purposes described in this Policy.
8. Users Rights
- You can request to access, update or correct your personal information. You also have the right to object to direct marketing.
- You may have additional rights pursuant to local law applicable to the processing. For example, if the processing of your Personal Data is subject to the EU General Data Protection Regulation (“GDPR”), and your Personal Data is processed based on legitimate interests, you have the right to object to the processing on ground relating to a specific situation. Under GDPR you may also have the right to request to deletion or restriction of your Personal Data and also ask for portability of your Personal Data.
9. Users Rights to Control Data
Whenever our services are used by you, the aim is to provide easy means to access, modify, delete, object or restrict use of your Personal Data.
9.1 We strive to give ways to access, update/modify your data quickly or to delete it unless it has to be maintained for legal purposes. You can exercise these rights by contacting us with a specific request such as:
- Change or Correct Data: Your Personal Data can be edited, changed, updated or fixed through your account if it’s inaccurate.
- Delete Data: Request to delete or erase your Personal Data can be asked by the user (e.g. if it is no longer necessary to provide Services).
- Object or Limit or Restrict the Use of Data: You can request to stop using all or some of your Personal Data (e.g. if SIRO has no legal right to keep using it) or to limit use of it (e.g. if personal data is inaccurate or unlawfully held).
- Right to Access and/or Take Data:You can ask for access to the copy of your Personal Data which can be provided in machine readable form.
9.2 Clinical trials related study subjects must contact their investigators at their study site, who will be able to make the necessary link to subject identity.
10. Transfer of User Data
10.1 Recipients of your data:
Your data will be shared with other recipients in order to provide services to Sponsors.
While we aim to limit the sharing of your data, at times, it is necessary to share data with certain service providers.
The following categories of recipient will most likely receive your data in order to provide:
- Third Party Data Center Services
- Third party vendor applications
- SharePoint/Office 365 – Email exchange, OneDrive where research data is stored
10.2 Compliance with Law: If we receive a request for data, we may disclose if we reasonably believe that such disclosure is in accordance with or required by any applicable law, regulation or legal process.
10.3 Cross-Border Data Transfers: Your data maybe be stored and processed in multiple countries including outside of the European Union (EU) Region.
Since SIRO is an international company, your data may be processed outside of the EU region. Your data shall be processed within Third Party Data Centers / Hosting services in USA and other countries. In certain circumstances, sponsor data and clinical trial data will be hosted within vendor platforms located on the cloud in USA. Some countries where SIRO processes data, may not have as protective laws as your own country and there are risks associated with such transfer.
SIRO offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for Sponsors that operate in the European Union, and other international transfers of Sponsor Data. These clauses are contractual commitments between parties transferring personal data (for example, between SIRO and Sponsors, suppliers or data processors outside the EU), binding them to protect the privacy and security of your data.
11. Security Measures to Protect your Data
11.1 Security Measures
SIRO implements security controls to prevent breaches and unauthorised access to your data. Reasonable and appropriate security measures are maintained by us to protect sensitive clinical data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Examples of security measures include physical access controls, HTTPS, restricted access to data, monitoring for threats and vulnerabilities etc.
Services are subjected to internationally recognised certification and attestation standards.
Details about security measures are given below:
- Protect the confidentiality, integrity, and availability of Personal Data in Siro’s possession or control or to which we have access
- Protect against any anticipated threats or hazards to the confidentiality, integrity, and availability of your Personal Data
- Protect against unauthorized or unlawful access, use, disclosure, alteration, or destruction of your Personal Data
- Protect against accidental loss or destruction of, or damage to your Personal Data
11.2 Protection of personal information
Our sites and Services use commercial efforts to maintain safeguards for protection of your Personal Data. SIRO takes all reasonable and necessary measures to protect against the unauthorized access, use, alteration or destruction of your potential personally-identifying information.
12. How to Contact Us
12.1 Contact Information
You can contact us about this policy or use of our services, in case you have questions or complaints regarding this Policy at:
- email at firstname.lastname@example.org
- phone at +91-22-6108 8035
- postal address at SIRO Clinpharm Pvt Ltd, Kalpataru Prime, 1st Floor, Units 3 & 4, Road no. 16, Wagle Estate, Thane 400604, Maharashtra
12.2 Resident of the European Economic Area whose data is maintained by us within the scope of the General Data Protection Regulation (GDPR), then you may have additional rights. If a you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.
13. Changes to Policy on the Website
SIRO reserves the right to change this Policy at any time, at our sole discretion.
We encourage you to frequently check our website for any changes to the Policy. We shall notify of any material changes in advance by email or by notice when you log into the website. Confirmation by you and continued use of services after any change in this Policy will constitute as an acceptance of such changes.
The Policy was last reviewed/updated on 28 Jan 2022.