Email:
global@GCP-ClinPlus.com
At GCP ClinPlus, we are committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with applicable data protection laws and regulations.
This Privacy Policy applies to:
All personal information processed by GCP ClinPlus
All business operations, including clinical research activities, employment practices, and business relationships
All locations where GCP ClinPlus operates
All employees, contractors, and third parties acting on behalf of GCP ClinPlus
For the purposes of this policy:
Personal Information/Personal Data: Any information relating to an identified or identifiable natural person.
Special Category Data/Sensitive Personal Information: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sex life, or sexual orientation.
Data Subject: The individual to whom personal information relates.
Processing: Any operation performed on personal information, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
Data Controller: The entity that determines the purposes and means of processing personal information.
Data Processor: The entity that processes personal information on behalf of the data controller.
Contact information (name, address, telephone number, email)
Demographic information (age, gender, ethnicity)
Medical history and health information
Biological samples and genetic information
Study participation data and records
Family medical history (when relevant)
Images and recordings (if applicable to the study)
Contact information and professional credentials
Employment history and qualifications
Financial information for payments
Performance data related to clinical trials
Training records and certifications
Contact and identification information
Employment history and educational background
Performance information and employment records
Compensation and benefits information
Background check information (where legally permitted)
Contact information
Business relationship details
Communication records
Contract and payment information
IP addresses and device information
Browsing history on our websites
Cookie data
User preferences and settings
Contact information provided through forms
We collect personal information through:
Direct interactions with data subjects
Forms completed by clinical trial participants
Medical records provided with appropriate consent
Information provided by healthcare providers with consent
Employment applications and human resources processes
Website interactions and electronic communications
Third parties (with appropriate authorization)
Public sources (where legally permitted)
Conducting clinical trials and research studies
Recruiting and screening research participants
Monitoring safety and efficacy of investigational products
Regulatory compliance and reporting
Quality assurance and improvement
Scientific analysis and publication of results
Managing relationships with clients, vendors, and partners
Contract administration and fulfillment
Financial management and accounting
Business planning and development
Legal compliance and corporate governance
● Recruitment and hiring
● Payroll and benefits administration
● Performance management
● Training and development
● Workplace safety and security
● Compliance with employment laws
● Providing information about our services
● Marketing communications (with consent where required)
● Event management and invitations
● Website optimization and analytics
We process personal information under one or more of the following legal bases:
● Explicit consent of the data subject
● Performance of a contract
● Compliance with legal obligations
● Protection of vital interests of the data subject or another person
● Performance of a task carried out in the public interest
● Legitimate interests pursued by GCP ClinPlus or a third party
We may share personal information with:
● Sponsors of clinical trials
● Regulatory authorities
● Ethics committees and institutional review boards
● Healthcare providers involved in clinical trials
● Contract research associates and monitors
● Service providers and vendors who process data on our behalf
● Legal advisors and professional consultants
● Affiliated companies (where applicable)
When transferring personal information across borders, we implement appropriate safeguards, which may include:
● Standard contractual clauses approved by relevant authorities
● Binding corporate rules (if applicable)
● Adequacy decisions for certain jurisdictions
● Consent of the data subject (where appropriate)
● Other lawful transfer mechanisms as available and appropriate
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal, regulatory, or internal policy requirements. Specific retention periods are determined based on:
● Legal and regulatory requirements
● Contractual obligations
● Business needs
● The sensitivity of the data
● The purposes for which the data was collected
We implement appropriate technical and organizational measures to protect personal information, including:
Encryption of digital records
Access controls and authentication requirements
Staff training on data protection and security
Physical security measures for premises and equipment
Secure disposal procedures for paper and electronic records
Regular security assessments and updates
Business continuity and disaster recovery plans
Depending on applicable law, data subjects may have the following rights:
Right to be informed about the collection and use of their personal information
Right to access their personal information
Right to rectification of inaccurate personal information
Right to erasure (the "right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Rights related to automated decision making and profiling
To exercise these rights, data subjects may contact us at [email address] or through the procedures outlined in Section 15.
Strictly necessary cookies
Performance/analytics cookies
Functional cookies
Targeting/advertising cookies (if applicable)
Visitors to our websites can manage their cookie preferences through:
Our cookie consent banner
Browser settings
Our preference center [if applicable]
We do not knowingly collect personal information from children under the age of 16 without parental consent, except as part of approved clinical research with appropriate parental/guardian consent and regulatory approvals.
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will post the revised policy on our website with the effective date. Significant changes will be communicated through appropriate channels.
For questions or concerns about this Privacy Policy or our data practices:
Privacy Officer: [Name or Title] Email: [Email address] Phone: [Phone number] Address: [Physical address]
If you believe that we have not adhered to this Privacy Policy or you have concerns about our data practices, please contact our Privacy Officer. You also have the right to lodge a complaint with a supervisory authority.
For personal data subject to the GDPR:
GCP ClinPlus acts as a data controller when determining the purposes and means of processing.
GCP ClinPlus acts as a data processor when processing data on behalf of sponsors or other clients.
The legal basis for processing will be clearly communicated to data subjects.
Data subjects have the right to lodge a complaint with a supervisory authority.
California: California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, right to delete, right to opt-out of sale, and right to non-discrimination.
HIPAA: For health information covered by HIPAA, our practices comply with the HIPAA Privacy Rule and relevant authorizations will be obtained.
For activities subject to the Personal Information Protection Law (PIPL):
Separate consent will be obtained for processing sensitive personal information.
Additional measures will be implemented for cross-border transfers of personal information.
We comply with data protection laws in all jurisdictions where we operate. Additional jurisdiction-specific notices may be provided where required.
This Privacy Policy is effective as of 01/01/2008