site2cro Logo
site2cro
Connecting Healthcare to Breakthroughs

Privacy Policy

Effective Date: January 18, 2025
Last Updated: January 18, 2025

1. Introduction

site2cro ("we," "our," or "us") is committed to protecting the privacy and security of your personal information and protected health information (PHI). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our clinical trial network platform and related services.

As a healthcare technology company facilitating clinical research, we adhere to the highest standards of data protection, including compliance with the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information

  • Contact information (name, email address, phone number, mailing address)
  • Professional credentials and licensing information
  • Institution or practice affiliation details
  • Account credentials and authentication data

2.2 Protected Health Information (PHI)

  • Patient demographic information (when authorized)
  • Medical history and clinical data relevant to trial matching
  • Treatment records and outcomes data
  • Laboratory results and diagnostic information

2.3 Technical Information

  • Device information and browser type
  • IP address and location data
  • Usage patterns and platform interactions
  • Log files and system performance data

3. How We Use Your Information

We use your information for the following purposes:

  • Clinical Trial Matching: To match patients with appropriate clinical trials using AI-powered algorithms
  • Platform Operations: To provide, maintain, and improve our services
  • Communication: To send important updates, notifications, and support communications
  • Compliance: To meet regulatory requirements and maintain audit trails
  • Research: To conduct aggregate analysis for improving clinical trial processes (de-identified data only)
  • Security: To protect against fraud, unauthorized access, and security threats

4. Information Sharing and Disclosure

4.1 Authorized Disclosures

We may share your information in the following circumstances:

  • With your explicit written consent or authorization
  • To clinical trial sponsors and research organizations (with proper agreements)
  • To healthcare providers involved in your care
  • To regulatory authorities as required by law

4.2 Service Providers

We work with trusted third-party service providers who assist us in:

  • Cloud hosting and data storage (AWS, Microsoft Azure)
  • Data analytics and AI processing
  • Communication and support services
  • Security monitoring and compliance auditing

All service providers are bound by strict confidentiality agreements and HIPAA Business Associate Agreements.

4.3 Legal Requirements

We may disclose information when required by law, including:

  • FDA reporting requirements
  • Court orders or legal proceedings
  • Public health and safety emergencies
  • Law enforcement investigations

5. Data Security

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • End-to-end encryption (AES-256)
  • Multi-factor authentication
  • Regular security audits and penetration testing
  • Intrusion detection and monitoring
  • Secure data transmission (TLS 1.3)

Administrative Safeguards

  • Role-based access controls
  • Employee background checks
  • Regular security training
  • Incident response procedures
  • Data retention and disposal policies

6. Your Privacy Rights

6.1 HIPAA Rights

  • Access: Request copies of your PHI
  • Amendment: Request corrections to your PHI
  • Restriction: Request limits on use or disclosure
  • Accounting: Receive a list of disclosures
  • Confidential Communications: Request alternative communication methods

6.2 GDPR Rights (EU Residents)

  • Data Portability: Receive your data in a structured format
  • Erasure: Request deletion of your personal data
  • Rectification: Correct inaccurate personal data
  • Processing Restriction: Limit how we process your data
  • Objection: Object to certain types of processing

7. Data Retention

We retain your information for the following periods:

  • Clinical Trial Data: As required by FDA regulations (typically 2-25 years post-trial completion)
  • Account Information: Until account deletion or 7 years after last activity
  • Audit Logs: 7 years for compliance purposes
  • Marketing Data: Until consent withdrawal or 3 years of inactivity

Data is securely destroyed using NIST-approved methods when retention periods expire.

8. International Data Transfers

Our services may involve transferring data internationally. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for certain countries
  • Binding Corporate Rules where applicable
  • Additional safeguards including encryption and access controls

9. Compliance and Certifications

site2cro maintains the following compliance standards:

Healthcare Compliance

  • HIPAA (Health Insurance Portability and Accountability Act)
  • 21 CFR Part 11 (FDA Electronic Records)
  • ICH GCP (Good Clinical Practice)
  • GDPR (General Data Protection Regulation)

Security Standards

  • SOC 2 Type II Certification
  • ISO 27001 Information Security
  • NIST Cybersecurity Framework
  • FedRAMP Authorization (in progress)

10. Contact Information

For privacy-related questions or to exercise your rights, contact us:

Privacy Officer: Chief Privacy Officer

Email: privacy@site2cro.com

Phone: 1-800-SITE2CRO (1-800-748-3227)

Mail: site2cro Privacy Office
123 Clinical Research Blvd
Healthcare City, HC 12345

Response Time: We will respond to privacy requests within 30 days (or as required by applicable law).

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Post the updated policy on our website
  • Update the "Last Updated" date
  • Notify users of material changes via email or platform notification
  • Obtain new consent where required by law

Continued use of our services after policy updates constitutes acceptance of the revised terms.

12. Acknowledgment

By using site2cro's services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our privacy practices, please do not use our services.

This Privacy Policy is designed to meet the requirements of HIPAA, GDPR, and other applicable privacy laws. For specific legal advice regarding your privacy rights, please consult with a qualified attorney.