Back to Home

GDPR & Data Processing

Last updated: July 3, 2026

Notice: This page provides a plain-language overview of how ClinStudy processes personal data under the EU/UK General Data Protection Regulation. It is provided for transparency and is pending final legal counsel review. For the full detail on categories of data, retention, and your rights, see our Privacy Policy.

ClinStudy processes personal data to operate a clinical-research sourcing platform that connects sponsors with providers. This page summarizes the roles, legal bases, and safeguards that apply to that processing for individuals in the European Economic Area and the United Kingdom.

Data Processing Terms

Processor terms, controller instructions, retention, and transfers.

Subprocessors

Service providers used for hosting, email, payments, and platform operations.

Security Measures

Technical and organizational safeguards for ClinStudy account and platform data.

1. Controller and Roles

  • Data Controller: ClinStudy determines the purposes and means of processing your account and platform data.
  • Data Processors: Vetted service providers (hosting, email, payments, analytics) process data on our documented instructions under data processing agreements.
  • Contact: Data Protection questions can be sent to privacy@clinstudy.com.

2. Legal Bases for Processing

  • Contract: to create your account and provide the services you request.
  • Legitimate interests: to operate, secure, and improve the platform, balanced against your rights.
  • Consent: for optional communications and any processing that specifically asks for it. Consent can be withdrawn at any time.
  • Legal obligation: to meet record-keeping, tax, and compliance requirements.

3. Your Rights

Subject to applicable law, you may exercise the rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. To make a request, email privacy@clinstudy.com. We aim to respond within 30 days and you may lodge a complaint with your local supervisory authority.

4. International Transfers

Where personal data is transferred outside the EEA or UK, we rely on recognized safeguards such as the European Commission Standard Contractual Clauses and equivalent UK mechanisms.

5. Security and Retention

We apply technical and organizational measures including encryption in transit and at rest, access controls, and audit logging. Personal data is retained only as long as needed for the purposes above or as required by law, then deleted or anonymized.

Contact

ClinStudy Data Protection

Email: privacy@clinstudy.com

Related Legal Documents