This Policy applies to Atlantia Food Clinical Trials Ltd and all associated companies defacto within the Atlantia Food Clinical Trial Group structure including Atlantia Food Clinical Trials Inc (“Atlantia Clinical Food Trials Group”).
The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 also known as the General Data Protection Regulation (GDPR), which became enforceable across the EU and the EEA from May 25th, 2018 having replaced the previous Directive 95/46/EC; In Ireland, the national law, which amongst other things, gives further effect to the GDPR, is the Data Protection Act 2018 (‘the 2018 Act’).
The Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 also known as the ePrivacy Directive, amending the Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws;
The California Consumer Privacy Act (CCPA)18, assembly Bill of the State of California United States of America No. 375, under CHAPTER 55, an act to add Title 1.81.5 (commencing with Section 1798.100) to Part 4 of Division 3 of the Civil Code, relating to privacy and approved by Governor June 28, 2018. Filed with Secretary of State June 28, 2018 and enforceable from January 1st, 2020 onwards.
This Policy sets out the basis on which any personal data we collect from you, or from others, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Laws:
Atlantia Food Clinical Trials Group is data controller as an employer, as a service provider, and where dealing with suppliers.
Atlantia Food Clinical Trials Group is a processor toward its Sponsors.
What information about you do we obtain from others?
When you use our services, we may obtain the following categories of personal data from others:
- Health Care Professionals/Medical Doctors.
Information we may collect from you
We collect Data from you which you volunteer when you provide such Data to us, or via our services with which you interact. We may also be given other Data relating to you by other persons, or we may obtain such other Data about you as may be provided to us in the course of our legitimate business activities.
We may collect and process Data, including the following in the course of providing services to you, which could contain your personal data including your special category data:
Your full name; your address; your various email addresses; your various phone numbers including mobile phone number; your gender, age and nationality, race and ethnicity, your occupational information, your family and relationships information and your personal preferences and opinions, your health data, CCTV images; details of your driving licence; and details of your passport and all other Data which you ask us to process on your behalf, or which is necessary for us to process in order for us to fulfil our role as providing a service to you.
We may also process other data, which is not personal data.
When you access our website your device’s browser provides us with information such as your IP address, browser type, access time and referring URL which is collected and used to compile statistical data. This information may be used to help us to improve our website and the services we offer, and to offer services to you.
Security and where we store your Data
We are committed to protecting the security of your Data. We use a variety of security technologies and procedures to help protect your Data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.
The transmission of information via the internet is not completely secure and may involve the transfer of data to countries outside of the European Economic Area (EEA). This occurs typically through use of cloud solutions for web hosting, email hosting or proprietary software solutions delivered to us through the Cloud. We do not however authorise any third party to use your Data for their own purposes. Non-EEA countries may not provide an adequate level of protection in relation to processing your personal data. By submitting your data, you agree to this transfer, storing and processing.
Although we will do our best to protect your Data, we cannot guarantee the security of your Data transmitted to us. Any transmission of data is at your own risk. Once we receive your Data, we use appropriate security measures to seek to prevent unauthorised access.
Uses made of your Data
We use your Data that we hold to:
- carry out our obligations arising from any contracts entered into between you and us;
- provide our services to you including carrying out clinical studies.
- comply with legislation; and/or
- notify you about changes to our services. In our legitimate interest of advertising our services, provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes (our list of services below);
The legal bases for the processing of your personal data are:
- Processing necessary for the performance of a contract which you have entered into with us or to take steps at your request prior to entering into a contract;
- That you have provided consent for the processing for one of more specified purposes such as taking part in a clinical study or marketing, for example when you fill out consent to receiving marketing material;
- Processing necessary for compliance with a legal obligation to which we are subject.
- Processing necessary for the purposes of the legitimate interest which we pursue in providing you with proposals about our services prior to contract where such interests are not overridden by your interests or fundamental rights or freedoms which require the protection of your information.
The legal bases for the processing of your special category data or sensitive data (for example data) are:
- That you have explicitly provided consent;
- Processing necessary for compliance with a legal obligation to which we are subject;
- Processing necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
List of services and Retention
Our services include conducting clinical studies in foods, supplements, nutraceuticals, live biotherapeutics and medical foods, as well as providing consultancy in regulation within these categories.
We may use your data to send you information relating to our services, events and products which may be of interest to you. If you do not want us to use your Data in this way, please notify us to that effect. You can contact us as set out throughout this Policy.
We keep your Data for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your Data to provide this service to you, you can request that we erase your Data. Please note that if you request the erasure of your Data:
We may retain some of your Data as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety;
We may retain and use your Data to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting and auditing obligations;
Because we maintain our records to protect from accidental or malicious loss and destruction, residual copies of your Data may not be removed from our backup systems for a limited period of time.
Where we process your Data based only on your consent, you may withdraw your consent.
You have the right to bring a complaint to a supervisory authority if you have any complaints about the processing of your Data. In Ireland the Data Protection Commission is the supervisory authority.
In circumstances where the provision of your Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, we will advise you at the point of collecting your Data whether the Data is a required field, and the consequences of not providing the Data.
Links to other sites
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any data to those websites.
We may share your information with selected third parties including:
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
Third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and (ii) you ask us to share your information;
Statutory and regulatory bodies (including central and local government) and law enforcement authorities in order to comply with any applicable laws, grant applications and / or court orders;
Service providers who provide us with marketing, cloud storage, any subcontractors who provide a service to us, and sub processors.
We attach at Schedule 1 a list of some of the entities with whom your personal data is potentially shared should you have any further queries please contact us.
Do we transfer your information outside the European Union or European Economic Area?
We will, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools such as Microsoft Office 365. Where data needs to be transferred or processed outside the EU/EEA, we chose providers who process data on the basis of
An Adequacy Decision from the European Commission.
Your rights under GDPR
As an individual, under EU law you have certain rights to apply to us to provide information or make amendments to how we process your Data. These rights apply in certain circumstances and are set out below: -
The right to access data relating to you (‘access right’);
The right to rectify/correct data relating to you (‘right to rectification’);
The right to object to processing of data relating to you (‘right to object’);
The right to restrict the processing of data relating to you (‘right to restriction’);
The right to erase/delete data relating to you (i.e. the ‘right to erasure’);
The right to ‘port’ certain data relating to you from one organisation to another (‘right to data portability’).
These rights are not absolute and only apply in certain circumstances. You may exercise any of the above rights by contacting us accompanied by all necessary information via:
an e-mail to email@example.com
or a written request to the following address: Floor 1 Heron House Offices, Blackpool, Cork, Ireland, T23 R50R
You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is www.dataprotection.ie
Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.
If you are receiving marketing from us, you may opt out. If you no longer wish to be contacted for marketing purposes, please contact us as set out at the end of this Policy to request to “opt out" of marketing.
The exercise of Data Subjects’ rights as some other “interactions” requires the univocal identification of the person submitting such request as being, in fact, the Data Subject to whom such Personal Data pertains to, hence we may have to set in place a process or mechanism that allows it to document having undergone such assertive identification.
Under the CCPA you have the following rights:
Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the right to:
- Know the categories of personal information we collect and the categories of sources from which we got the information;
- Know the business or commercial purposes for which we collect and share personal information;
- Know the categories of third parties and other entities with whom we share personal information; and
- Access the specific pieces of personal information we have collected about you;
- Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may, in some circumstances, ask us to delete their personal data/ information.
We may refuse the exercise of such right if it prevents us from exercising legal defence, we cannot do it driven from a legal obligation or there is the risk of by doing so, not being able to fulfil any open contractual obligations.
Right to opt out of sales – We do not "sell" your data.
Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. We are, however, permitted to provide a different price or rate to you if the difference is directly related to the value provided to you by your data.
We will use the information you provide to make your CCPA rights requests to verify your identity, identify the personal information we may hold about you and act upon your request.
When exercising your rights, we strongly recommend that you submit the email address or other identifiers that you used when you communicated with Atlantia Food Clinical Trials Group or signed up for any communications or services with us to allow us to quickly identify your information and execute on your rights request.
After you submit a CCPA rights requests you will be required to verify access to the email address you submitted. You are required to verify your email in order for us to proceed with your CCPA rights requests. We will verify your e-mail address by contacting you on that address. Please check your spam or junk folder in case you can't see the verification email in your inbox.
an e-mail to firstname.lastname@example.org
or a written request to the following address: Floor 1 Heron House Offices, Blackpool, Cork, Ireland T23 R50R
We make use of Facebook Ads from time to time. We do base our ads on interests and do not use re-marketing techniques. You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950. To opt-out from Facebook’s interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217. Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance.
We may use your Personal Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising. Where appropriate, you will be asked whether you wish to receive any marketing communications from us.
You may object to direct marketing by using the provided links or the contact email@example.com to opt-out or make use of the opt-out links on communications.
Changes to this policy
We reserve the right to change this Policy from time to time in our sole discretion. If we make any changes, we will post those changes here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our site or our services or otherwise provide data after we post any such changes, you accept and agree to these terms.
Questions, comments, requests and complaints regarding this Policy and your Data we hold are welcome and should be addressed to us at DPO at firstname.lastname@example.org
All requests will be dealt with promptly and efficiently.
This Policy is effective from 16th November 2020
We have set out below a list of some of the third parties with whom we store your data or whose services we use to deliver our service.
Mircosoft Office 365 (European Data Centres) – E-mail, Documents, Meetings
Mircosoft Azure – Hosting
LinkedIn – Marketing and Communication
Mail Chimp – Marketing
Clindox – Storage of clinical study data
Iron Mountain – Archiving
Compunet – Outsourced IT
Pride Design – Web development
CRIO – Scheduling
Eurofins-Biomnis – Biological sample analysis services
MedLab Pathology – Biological sample analysis services
Mardyke Arena Performance Lab – Assessments
Keeper Solutions – Data collection tool
Mater Private, Affidea – Radiology services
Seq Biome, Teagasc, Comos ID – Microbiome analysis services