Home / Privacy Policy
Privacy Policy
1. PURPOSE

The purpose of this document is to describe Privacy Policy that SIRO Clinpharm Private Limited (hereinafter collectively referred to as “SIRO”/ “we”/ “our”/ “us”) adapts to accordingly publish on its official website. This Policy explains how SIRO collects, uses and discloses data and also describes the choices a website visitor would have with respect to their data.

2. SCOPE

This Policy applies to all of your Personal Data, either in electronic or paper format, received by SIRO, including Personal Data of SIRO employees, staff, consumers, healthcare professionals, study subjects, medical research subjects, clinical investigators, customers, suppliers, vendors and business partners.

3. DEFINITIONS
Privacy PolicyA policy that will be published on the official SIRO's website as Internet Privacy Policy. Hereinafter referred to as“Policy”in this Privacy Policy for SIRO's official website.
WebsiteFor the purposes of this Policy, the term, “Website”, shall refer to www.siroclinpharm.com or any other websites that the SIRO group operates and that may link to this Policy.
Website Visitor/External UserA website visitor or external user shall mean any individual user, a sponsor, a vendor, any SIRO employee, healthcare professionals, study subjects, clinical investigators, suppliers, vendors and business partners or any person visiting the Website. A website visitor hereinafter shall be referred to as “you”/ “your” in this Policy.
Data SubjectData Subject shall mean any individual in relation to which SIRO is holding personal identifiable data.
Personal dataAny information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
ServicesThis Policy applies when you use our services. SIRO operates a suite of web-based applications (EDC, CTMS, IWRS, e-Diary, Website, etc.) collectively called as SIRO applications. All such products, applications, websites are collectively called “Services”.
ProcessingAny operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
ProcessorA natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the controller.
ControllerThe natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State laws, the controller or the specific criteria for its nomination may be provided for by Union or Member State laws.
Sensitive Personal DataSensitive Personal Data shall mean personal data about an individual's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceeding. SIRO does not accept, store, process or transmit any sensitive personal data: however, if required for legitimate purpose, it is done in anonymized manner.

4. DATA CONTROLLER AND DATA PROCESSOR

SIRO mainly processes three types of Personal Data.

  1. Sponsor Data: “Sponsor” is a third-party entity in the development, manufacturing, marketing, and sale of pharmaceutical products and/or financing or organizing the clinical trial. Sponsor data is personal data that is provided by Sponsors or collected on behalf of the Sponsors. Examples include Sponsors’ employee names, email addresses and other personal data collected of these Sponsors.
  2. Clinical Trial Data: SIRO carries out Clinical Trial on behalf of Sponsors’ and collects study subjects’ data and all clinical trial related data.
  3. Other Data: Personal data about you and other individuals who visit the Website is collected and processed directly by us.

Sponsors are the “Data Controller” of Sponsor Data and the Clinical Trial Data, and SIRO is the “Data Processor” of these data. For the “Other Data”, SIRO may or may not be a Data Processor.

5. DATA COLLECTED BY SIRO
5.1Sponsor Data:

Sponsor data may be processed by SIRO as a result of Sponsor’s use of the Services when Sponsors, or their end-users, input or upload information into the Service. For example, Sponsor who uses SIRO’s application may upload their data about themselves or their employees. This data includes name, email address, phone number, landline number, job title of Sponsor employees. SIRO also collects billing details for invoice purposes.

5.2Clinical Trial Data
  • As a Clinical Research Organization (CRO), SIRO collects and analyses personal data, including sensitive health data relating to subjects on behalf of Sponsors. This information will only be collected if you consent to studies managed by SIRO via the Informed Consent Form (ICF). You have a choice at any time, before, during, or after the study to discontinue such consent via written notice.
  • All health-related data is used only for the specific study and to carry out analytics for that study only. Your data shall not be used for any other purposes or combined with any other studies. In compliance with Good Clinical Practices, Data Subjects’ names and other personal identifiers are not associated to the personal data collected. Each record is tagged with internally generated identification code. Only a Clinical Research Associate has access to the underlying subject name and identifiers only at the sites.
  • Date of Birth is collected in certain studies that are primarily based on age and on Sponsors instructions and according to local regulatory requirements. You may choose not to provide this information.

5.3Other Data

SIRO collects your data when user supports us in our clinical trials, uses our websites or requests to be contacted.

  • Healthcare Professional Data: We analyze the professional profiles of doctors and other healthcare providers for the purpose of identifying potential investigators to assist in clinical and medical research.
  • SIRO uses available contact information, including email addresses, including applicable licenses and certifications, publications, resumes, and educational background, for the purpose of inviting potential investigators to apply to participate in research. We maintain a database of healthcare professionals built from public sources and from business references.
  • Log Data: Our servers automatically collect information when you access or use our applications and Services. This data is recorded in log files. Examples of such data include IP Address.
  • Mobile Application: When you download and use our Services, we automatically collect information on the type of device used along with the operating system version.
  • Subscription Data: You may provide personal data to us as part of signing up for newsletters on the Websites. We may also collect personal information when you use interactive features of the website, downloading resources, whitepapers, promotions, requests for customer support, or otherwise communicating with us.
  • Contact Us Data: When you enquire about our products and Services, we collect and store this data to communicate and respond to your enquiry. This also includes queries that you send to us relating to conferences, RFP and any other general enquiries.
5.4Data from Others

SIRO may receive your data from sources, such as public directory, seminar attendee lists and other public sources as part of our marketing / promotion activities.

5.5Cookies

In operating our Website, we may use a technology called "cookies." A cookie is a piece of information that the computer hosts our site gives to your computer (actually to your browser) when you access a Website. We use cookies to:

  • Understand and save user's preferences for future visits. For instance, our site may set a cookie on your browser that eliminates any need for you to remember the URL.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.

    We may also use trusted third-party services that tracks this information on our behalf. In all the cases in which we use cookies, we will not collect personal data using such technology except for the collection of the data mentioned above.
  • You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Site’s features.

6. DATA PROCESSING
6.1We lawfully process your Personal Data. We also use your consent as bases for lawfully processing Personal Data.
  • Presently, SIRO uses the Performance of Contract (i.e., to deliver the Services to customers) and consent as the lawful basis for processing. For certain processing, SIRO may also use legitimate interests as provided under the Data Protection Regulations.
  • In certain cases, SIRO may have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of a person.
  • For clinical studies, we collect necessary informed consents of study subjects on behalf of our Sponsors.
  • If you have consented to a particular processing, then you have a right to withdraw the consent at any time.

6.2How sponsor data is processed

All Sponsor data shall be used by us in accordance with Sponsor’s instructions, including any applicable terms in the Sponsor agreements and as required by applicable law. SIRO is a Processor of Sponsor Data and Sponsor is the Controller.

We shall only process Sponsor Data on behalf of Sponsors and in accordance with their instructions provided in the applicable agreement with us. The collected data is used to provide Services and provide support to Sponsors and Website visitors. In each case, we collect such information only to the extend to fulfil the purposes of the Services.

  • We may send you Service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform about changes in Services and offerings. These communications are considered as a part of the Services and you may choose to opt them out.
  • For any other purpose as provided for in the services agreements between SIRO and the Sponsors, or as otherwise authorized by the Sponsors.

6.3How Clinical Trial data is processed

Clinical trial data is processed for research and analytics purposes in accordance with Sponsors instructions as a part of performance of contract with Sponsors. Based on the contractual arrangements, Sponsor is the Data Controller since they ultimately direct us the process to conduct the study. SIRO acts as the Processor to execute their instructions. Below are some of the ways in which data is used:

  • Summarising and entering them in EDC / CTMS / IWRS applications.
  • Sharing the results of the studies with our sponsors.
  • Performing aggregated data analytics and sharing the summary reports with our sponsors.
  • Medical Writing.

6.4How Other data is processed

Service-related messages or marketing / promotional materials are being sent to you. You may choose to restrict the collection or use of your personal information. We provide updates on the improvements in our Services, new features and from time to time also carry out direct marketing of our products and Services. Direct marketing is carried out only if you consent to receiving such communications.

6.5Our Website and Services intentionally don’t collect personal information from users under the age of 16.

7. DATA RETENTION

SIRO retains your personal data to fulfil the purposes as outlined in this Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

  • Sponsor Data: We retain your data for performance of an active service or further your data may be retained for an extended period under a statutory requirement. SIRO will retain Sponsor Data in accordance with their instructions, including any applicable terms in the agreement and/or as required by applicable law. When Sponsor decides to discontinue the Services, as per their instructions we process and delete data.

    However, certain computer records or files containing Confidential Information which have been created pursuant to automatic archiving or back-up procedures cannot reasonably be deleted. In such cases, SIRO shall not access or use any such records or files following the date on which it would have otherwise returned or deleted.
  • Clinical Trial Data: SIRO retains clinical trial data in accordance with contractual, legal and regulatory requirements. Agreements with Sponsors also determine the term for data retention, both during the study and after the study is completed.
  • Other Data: SIRO may retain other data pertaining to you for as long as necessary for the purposes described in this Policy.

8. USERS RIGHTS
  1. 8.1You can request to access, update or correct your personal information. You also have the right to object to direct marketing.
  2. 8.2You may have additional rights pursuant to local law applicable to the processing. For example, if the processing of your Personal Data is subject to the EU General Data Protection Regulation ("GDPR"), and your Personal Data is processed based on legitimate interests, you have the right to object to the processing on ground relating to a specific situation. Under GDPR you may also have the right to request for deletion or restriction of your Personal Data and ask for portability of your Personal Data.

9. USERS RIGHTS TO CONTROL DATA

Whenever our Services are used by you, the aim is to provide easy means to access, modify, delete, object or restrict use of your Personal Data.

9.1We strive to give ways to access, update/modify your data quickly or to delete it unless it has to be maintained for legal purposes. You can exercise these rights by contacting us with a specific request such as:

  • The right to be informed: You have the right to be provided with clear, transparent, and easily understandable information about how we collect, use, store, and share your personal data.
  • The right to lodge a complaint: You have the right to lodge a complaint with the supervisory authority if you are dissatisfied with the way we handle or process your personal data.
  • Automated individual decision-making, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you (data subject).
  • The right to withdraw consent: You have the right to withdraw your consent at any time, and such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.


9.2 Clinical trials related study subjects must contact their investigators at their study site, who will be able to make the necessary link to subject identity.

10. TRANSFER OF USER DATA
  • 10.1Recipients of your data:

    Your data will be shared with other recipients in order to provide Services to you.

    While we aim to limit sharing your data, at times, it is necessary to share data with certain service providers.

    The following categories of recipient will most likely receive your data in order to provide:
  • Third Party Data Center Services;
  • Third party vendor applications;
  • SharePoint/Office 365-Email exchange, OneDrive where research data is stored.
  • 10.2Compliance with Law: If we receive a request for data, we may disclose if we reasonably believe that such disclosure is in accordance with or required by any applicable law, regulation or legal process.
  • 10.3Cross-Border Data Transfers: Your data maybe be stored and processed in multiple countries including outside of the European Union (EU) and/ or United Kingdom (UK) Regions.

    Since SIRO is an international company, your data may be processed outside of the EU/ UK regions. Your data shall be processed within Third Party Data Centers / Hosting services in USA and other countries. In certain circumstances, sponsor data and clinical trial data will be hosted within vendor platforms located on the cloud in USA. Some countries where SIRO processes data, may not have as protective laws as your own country and there are risks associated with such transfer.

    SIRO offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for Sponsors that operate in the European Union, and other international transfers of Sponsor Data. These clauses are contractual commitments between parties transferring personal data (for example, between SIRO and Sponsors, suppliers or data processors outside the EU), binding them to protect the privacy and security of your data.
11. SECURITY MEASURES TO PROTECT DATA
11.1 Security Measures:

SIRO implements security controls to prevent breaches and unauthorized access to your data. Reasonable and appropriate security measures are maintained by us to protect sensitive clinical data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

Examples of security measures include physical access controls, HTTPS, restricted access to data, monitoring for threats and vulnerabilities etc. Services are subjected to internationally recognized certification and attestation standards.

Details about security measures are given below:

  • Protect the confidentiality, integrity, and availability of Personal Data in SIRO's possession or control or to which we have access.
  • Protect against any anticipated threats or hazards to the confidentiality, integrity, and availability of your Personal Data.
  • Protect against unauthorized or unlawful access, use, disclosure, alteration, or destruction of your Personal Data.
  • Protect against accidental loss or destruction of, or damage to your Personal Data.

11.2 Protection of Personal Data

Our sites and Services use commercial efforts to maintain safeguards for protection of your Personal Data. SIRO takes all reasonable and necessary measures to protect against the unauthorized access, use, alteration or destruction of your potential personally identifiable information.

12. HOW TO CONTACT US
  1. 12.1Contact Information
    You can contact us about this policy or use of our Services; in case you have questions or complaints regarding this Policy at:

  1. 12.2Resident of the European Economic Area whose data is maintained by us within the scope of the General Data Protection Regulation (GDPR), then you may have additional rights. If you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.
13. CHANGES TO POLICY ON THE WEBSITE

SIRO reserves the right to change this Policy at any time, at our sole discretion. We encourage you to frequently check our Website for any changes to the Policy. We shall notify you of any material changes in advance by email or by notice when you log into the website.

Confirmation by you and continued use of Services after any change in this Policy will constitute as an acceptance of such changes.

The Policy was last reviewed/updated on 07 October 2025 .