Home / Privacy Policy
Privacy Policy
1. PURPOSE

The purpose of this document is to describe Privacy Policy that SIRO Clinpharm Private Limited (hereinafter collectively referred to as “SIRO”/ “we”/ “our”/ “us”) adapts to accordingly publish on its Functional Service Provider’s (“FSP”) official website. This Policy explains how SIRO collects, uses and discloses data and also describes the choices a website visitor would have with respect to their data.

2. SCOPE

This Policy applies to all of your Personal Data, either in electronic or paper format, received by SIRO, including Personal Data of SIRO employees, staff, consumers, healthcare professionals, client, end-customers, suppliers, vendors, business partners and relevant third-parties.

3. DEFINITIONS
Privacy PolicyA policy that will be published on the SIRO’s official website as Internet Privacy Policy. Hereinafter referred to as the “Policy” in this Privacy Policy for SIRO’s official website.
WebsiteFor the purposes of this Policy, the term, “Website”, shall refer to www.siroclinpharm.com or any other websites that the SIRO group operates and that may link to this Policy.
Website Visitor/External UserA website visitor or external user shall mean any individual user, a sponsor, a vendor, any SIRO employee, healthcare professionals, study subjects, clinical investigators, suppliers, vendors and business partners or any person visiting the Website. A website visitor hereinafter shall be referred to as “you”/ “your” in this Policy.
Data SubjectData Subject shall mean any individual in relation to which SIRO is holding personal identifiable data.
Personal dataAny information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
ServicesThis Policy applies when you use our services. SIRO operates a suite of web-based applications (SIRO Website, client portals, workforce management platforms, onboarding systems, communication platforms, and related digital tools) collectively called as SIRO applications. All such products, applications, websites and FSP services are collectively called “Services”.
ProcessingAny operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
ProcessorA natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the controller.
ControllerThe natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State laws, the controller or the specific criteria for its nomination may be provided for by Union or Member State laws.
Sensitive Personal DataSensitive Personal Data shall mean personal data about an individual's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceeding. SIRO does not accept, store, process or transmit any sensitive personal data: however, if required for legitimate purpose, it is done in anonymized manner.

4. DATA CONTROLLER AND DATA PROCESSOR

SIRO mainly processes three types of Personal Data.

  1. Client and end-customer Data: Client or end-customer is a third-party entity or a person involved in pharmaceutical products, CRO services, enterprise technology services, clinical trials, or availing functional services from SIRO. Client and/or end-customer data refers to Personal Data that is either provided directly by clients or end customers, or collected by SIRO on behalf of such clients or end customers in the course of providing Services. Examples of client data include names, email addresses, contact details of clients’ employees, and other Personal Data relating to clients or end customers.
  2. Functional Services Data: SIRO provides functional services in the capacity of a FSP to system integrators, contract research organizations (CROs), pharmaceutical sponsors, enterprise technology leaders, and organizations scaling globally.
    In the course of providing such Services on behalf of its clients, SIRO may collect, access, process, store, or otherwise handle information belonging to or relating to its clients, including Personal Data and, where applicable, sensitive information.
  3. Other Data: Personal Data about you and other individuals who visit the Website is collected and processed directly by us.

Clients and end-customers are the “Data Controllers” of their Sensitive Personal Data and other relevant data, and SIRO acts as the “Data Processor” of such data. For the “Other Data”, SIRO may act as a Data Controller or a Data Processor, depending on the nature and purpose of the processing activities.

5. DATA COLLECTED BY SIRO

5.1Client and end-customer Data:

Client and end customer data may be processed by SIRO as a result of clients’ or end customers’ use of the Services, including where clients, end customers, or their authorized end users input, submit, or upload information into SIRO’s systems, applications, or platforms.

For example, a client or end customer using SIRO’s application may upload data relating to themselves or their employees. Such data may include names, email addresses, phone numbers, landline numbers, job titles, and similar business related personal data of client or end customer personnel. SIRO may also collect billing and invoicing related information for contractual and financial administration purposes.

5.2Functional Services Data

  • As a FSP service provider, SIRO may collect and analyse Personal Data, including, where applicable, Sensitive Personal Data relating to Data Subjects strictly on behalf of its clients and end-customers. Such data is collected only where the Data Subject has provided informed consent to participate in studies/ Services managed by SIRO through SIRO applications and/or under the relevant FSP arrangements. Data Subjects may withdraw their consent at any time, whether before, during, or after the study, by providing written notice, subject to applicable legal and regulatory requirements.
  • All data collected under functional services is used solely for the purpose of specific study or project for which it is collected, including study-specific analytics. Such data shall not be used for any other purposes, nor combined with any other studies/ projects. In compliance with applicable data protection laws, Data Subjects’ names and other personal identifiers are not associated with the Personal Data collected. Each record is tagged with internally generated identification code.
  • Date of Birth is collected in certain studies/projects that are primarily based on age and on clients or end-customers instructions and according to local regulatory requirements. You may choose not to provide this information.

5.3Other Data

SIRO collects your data when we provide Services, you visit our websites or request to be contacted.

  • Healthcare Professional Data: We may analyze the professional profiles of doctors and other healthcare providers for the purpose of identifying potential investigators to assist our client in clinical research and medical research, and other FSP services.
  • SIRO uses available contact information, including email addresses, including applicable licenses and certifications, publications, resumes, and educational background, for the purpose of identifying and inviting its potential clients for availing our Sevices.
  • Log Data: Our servers automatically collect information when you access or use our applications and Services. This data is recorded in log files. Examples of such data include IP Address.
  • Mobile Application: When you download and use our Services, we automatically collect information on the type of device used along with the operating system version.
  • Subscription Data: You may provide Personal Data to us as part of signing up for newsletters on the Websites. We may also collect personal information when you use interactive features of the website, downloading resources, whitepapers, promotions, requests for customer support, or otherwise communicating with us.
  • Contact Us Data: When you enquire about our products and Services, we collect and store this data to communicate and respond to your enquiry. This also includes queries that you send to us relating to conferences, RFP and any other general enquiries.

5.4Data from Others

SIRO may receive your data from sources, such as public directory, seminar attendee lists and other public sources as part of our marketing / promotion activities.


5.5Cookies

In operating our Website, we may use a technology called "cookies." A cookie is a piece of information that the computer hosts our site gives to your computer (actually to your browser) when you access a Website. We use cookies to:

  • Understand and save user's preferences for future visits. For instance, our site may set a cookie on your browser that eliminates any need for you to remember the URL.
  • Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.

    We may also use trusted third-party services that tracks this information on our behalf. In all the cases in which we use cookies, we will not collect personal data using such technology except for the collection of the data mentioned above.

  • You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies. We recommend that you leave cookies turned on because they allow you to take advantage of some of the site’s features.

6. DATA PROCESSING

6.1We lawfully process your Personal Data. We also use your consent as bases for lawfully processing Personal Data.

  • Presently, SIRO uses the Performance of Contract (i.e., to deliver the Services to its clients and end-customers) and consent as the lawful basis for processing. For certain processing, SIRO may also use legitimate interests as provided under the data Protection Regulations.
  • In certain cases, SIRO may have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of a person.
  • If you have consented to a particular processing, then you have a right to withdraw the consent at any time.

6.2How client and end-customer data is processed

All client and end-customer data shall be used by us strictly in accordance with relevant clients’ or end-customers’ instructions, including any applicable terms in the relevant agreements and as required by applicable law. SIRO acts as a Processor of the client or end-customer data and such client or end-customer act as the Controller.

We shall only process client and end-customer data on behalf of the relevant client or end-customer and in accordance with their instructions provided in the applicable agreement with us. The collected data is used to provide Services and provide support to clients, end-customers, and, where applicable, Website visitors. In each case, we collect such information only to the extend to fulfil the purposes of the Services.

  • We may send you Service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform about changes in Services and offerings. These communications are considered as a part of the Services and you may choose to opt them out.
  • For any other purpose as provided for in the services agreements between SIRO and the relevant client and/or end-customer, or as otherwise authorized by the such client and/or end-customer.

6.36.3 How Other data is processed

Service-related messages or marketing / promotional materials are being sent to you. You may choose to restrict the collection or use of your personal information. We provide updates on the improvements in our Services, new features and from time to time also carry out direct marketing of our products and Services. Direct marketing is carried out only if you consent to receiving such communications.

6.4 Our Website and Services intentionally don’t collect personal information from users under the age of 16.


7. DATA RETENTION

SIRO may retain your Personal Data to fulfil the purposes as outlined in this Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

  • Clients and end-customers data: We retain your data for performance of an active Service or further your data may be retained for an extended period under a statutory requirement. SIRO will retain its clients and end-customers data in accordance with their instructions, including any applicable terms in the agreement and/or as required by applicable law. When a client or end-customer decides to discontinue the Services, as per their instructions we process and delete data.

    However, certain computer records or files containing confidential information which have been created pursuant to automatic archiving or back-up procedures cannot reasonably be deleted. In such cases, SIRO shall not access or use any such records or files following the date on which it would have otherwise returned or deleted.
  • FSP Services data: SIRO retains FSP Services data in accordance with applicable contractual, legal requirements, and regulatory requirements. Agreements with clients and/or end-customers may also determine the term for data retention, both during the Services and after the Services are completed.
  • Other data: SIRO may retain other data pertaining to you for as long as necessary for the purposes described in this Policy.

8. USERS RIGHTS

  1. 8.1You can request to access, update or correct your personal information. You also have the right to object to direct marketing.
  2. 8.2You may have additional rights pursuant to local laws applicable to the processing of your Personal Data. For example, if the processing of your Personal Data is subject to the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the EU General Data Protection Regulation ("GDPR"), or any other applicable data protection law, and your Personal Data is processed based on legitimate interests or other lawful grounds permitted under the such law, you may have the right to object to the processing on grounds relating to a specific situation. Under the applicable Act, law or regulation, you may also have the right to request deletion or restriction of your Personal Data and to request portability of your Personal Data, subject to the conditions and limitations prescribed thereunder.

9. USERS RIGHTS TO CONTROL DATA

Whenever our Services are used by you, the aim is to provide easy means to access, modify, delete, object or restrict use of your Personal Data.

9.1We strive to give ways to access, update/modify your data quickly or to delete it unless it has to be maintained for legal purposes. You can exercise these rights by contacting us with a specific request such as:

  • The right to be informed: You have the right to be provided with clear, transparent, and easily understandable information about how we collect, use, store, and share your Personal Data.
  • Change or Correct Data: Your Personal Data can be edited, changed, updated or fixed through your account if it is inaccurate.
  • Delete Data: Request to delete or erase your Personal Data can be asked by the user (e.g. if it is no longer necessary to provide Services).
  • Object or Limit or Restrict the Use of Data: You can request to stop using all or some of your Personal Data (e.g. if SIRO has no legal right to keep using it) or to limit use of it (e.g. if Personal Data is inaccurate or unlawfully held).
  • Right to Access and/or Take Data: You can ask for access to the copy of your Personal Data which can be provided in machine readable form.
  • The right to lodge a complaint: You have the right to lodge a complaint with the supervisory authority if you are dissatisfied with the way we handle or process your Personal Data.
  • Automated individual decision-making, including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you (data subject).
  • The right to withdraw consent: You have the right to withdraw your consent at any time, and such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

10. TRANSFER OF USER DATA
  • 10.1Recipients of your data:

    Your data will be shared with other recipients in order to provide Services to you.

    While we aim to limit sharing your data, at times, it is necessary to share data with certain service providers.

    The following categories of recipient will most likely receive your data in order to provide:
  • Third Party Data Center Services;
  • Third party vendor applications;
  • SharePoint/Office 365-Email exchange, OneDrive where research data is stored.
  • 10.2Compliance with Law: If we receive a request for data, we may disclose if we reasonably believe that such disclosure is in accordance with or required by any applicable law, regulation or legal process.
  • 10.3Cross-Border Data Transfers: Your data maybe be stored and processed in multiple countries including outside of the European Union (EU) and/ or United Kingdom (UK) Regions.

    Since SIRO is an international company, your data may be processed outside of the EU/ UK regions. Your data shall be processed within Third Party Data Centers / Hosting services in USA and other countries. In certain circumstances, clients and end-customers data and Services data will be hosted within vendor platforms located on the cloud in USA. Some countries where SIRO processes data, may not have as protective laws as your own country and there are risks associated with such transfer.

    SIRO offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for clients and end-customers that operate in the European Union, and other international transfers of clients and end-customers data. These clauses are contractual commitments between parties transferring Personal Data (for example, between SIRO and clients, end-customers, suppliers or data processors outside the EU), binding them to protect the privacy and security of your data.

11. SECURITY MEASURES TO PROTECT DATA

11.1 Security Measures:

SIRO implements security controls to prevent breaches and unauthorized access to your data. Reasonable and appropriate security measures are maintained by us to protect sensitive clinical data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

Examples of security measures include physical access controls, HTTPS, restricted access to data, monitoring for threats and vulnerabilities etc.

Services are subjected to internationally recognized certification and attestation standards.

Details about security measures are given below:

  • Protect the confidentiality, integrity, and availability of Personal Data in SIRO's possession or control or to which we have access.
  • Protect against any anticipated threats or hazards to the confidentiality, integrity, and availability of your Personal Data.
  • Protect against unauthorized or unlawful access, use, disclosure, alteration, or destruction of your Personal Data.
  • Protect against accidental loss or destruction of, or damage to your Personal Data.

11.2 Protection of Personal Data

Our sites and Services use commercial efforts to maintain safeguards for protection of your Personal Data. SIRO takes all reasonable and necessary measures to protect against the unauthorized access, use, alteration or destruction of your potential personally identifiable information.

12. HOW TO CONTACT US

  1. 12.1Contact Information

    You can contact us about this Policy or use of our Services; in case you have questions or complaints regarding this Policy at:

  1. 12.2Resident of the European Economic Area whose data is maintained by us within the scope of the General Data Protection Regulation (GDPR), then you may have additional rights. If you are not satisfied with the resolution, you can also lodge a complaint with the Supervisory Authority in the country of your residence.

13. CHANGES TO POLICY ON THE WEBSITE

SIRO reserves the right to change this Policy at any time, at our sole discretion. We encourage you to frequently check our Website for any changes to the Policy. We shall notify you of any material changes in advance by email or by notice when you log into the website.

Confirmation by you and continued use of Services after any change in this Policy will constitute as an acceptance of such changes.

The Policy was last reviewed/updated on 15 May 2026.