1 INTRODUCTION
This Privacy and Data Protection Policy establishes how Blueclinical handles the personal data of its employees, participants and/or potential participants in clinical studies, clients and/or potential clients and any other interested parties.

2 RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
Blueclinical is responsible for processing the personal data of all interested parties in the scope of conducting its activities.
In case of a clinical study, Blueclinical may be delegated by the Sponsor of the clinical study for the processing of the personal data collected during the study.
Within the scope of service provision activities, Blueclinical, as in the previous example, may be delegated by the marketing authorization holder for the processing of personal data collected during the use of the medicine.

3 COLLECTION OF PERSONAL DATA
Your personal data will be processed by Blueclinical in the following situations:

  • When establishing a relationship or a proposal of professional or commercial relationship with Blueclinical; and/or

  • By participating or applying for participation in clinical studies conducted by Blueclinical, or with the support of Blueclinical;

  • By giving consent to Blueclinical.

4 PURPOSE AND LEGAL BASIS FOR THE USE OF PERSONAL DATA
According to the General Regulation on Data Protection (GRPD), the use of personal data must be justified under at least one of the legal bases defined in the Regulation.
The personal data that we collect and process are essential so we can perform, in a proper way, the services we are offering. We do not collect information that is useless or unnecessary for the purposes for which it is intended. Also, we do not collect personal or professional information without obtaining the prior consent of the respective owner.
Your personal data are collected and used by Blueclinical for the following purposes: (i) compliance with obligations under the Law, (ii) execution of contracts, (iii) business relationship management, (iv) scientific research management, (v) evaluation of the interest of potential commercial relations, (vi) communication and marketing actions.

5 CATEGORIES OF PERSONAL DATA COLLECTED
The categories of personal data collected and processed by Blueclinical vary according to the purpose for which the data is intended.
Blueclinical has a “Personal Data Matrix”, which lists all categories of personal data that Blueclinical collects, by type of holder.

6 COMMITMENT TO PROTECT YOUR PERSONAL DATA
We use a variety of security measures and authentication tools to protect and maintain security, as well as the integrity and availability of your personal data.
Although data transmission through the internet or our website can not guarantee complete security against intrusions from third parties, Blueclinical, its service providers and commercial partners, make the best efforts to implement and maintain the procedures, as well as the measures of physical and electronic security to safeguard your personal data.
We implemented, among others, the following measures:
  • Restricted access to personal data based on the criteria of “need to know” and only within the scope of the purposes arising from contractual or commercial relationships or expressly consented.
  • Protection of information technology systems through firewalls, in order to prevent unauthorized access to personal data.
  • Access to Blueclinical website is done through a secure SSL connection (“Secure Socket Layer”). The communication between the browser and the web server is done via HTTPS being protected with an encrypted certificate, thus preventing the data from being intercepted.
  • Monitoring access to information technology systems, to prevent, detect and prohibit the misuse of personal data.
  • People who are in contact or who are aware of personal data by virtue of the execution of their duties are bound by professional secrecy and/or confidentiality obligations.
7 RETENTION OF PERSONAL DATA
We retain your personal data only for as long as it is necessary for the purpose for which they were collected.
Once the maximum legal term of conservation has been reached, your personal data are anonymised or destroyed in a secure way.
 
8 SHARING OF PERSONAL DATA WITH THIRD PARTIES
Blueclinical only uses subcontractors that have adequate guarantees and safety standards, under legally established terms.
 
9 AMENDMENT OR REMOVAL OF CONSENT
You may, at any time, change or withdraw your consent, with effect for the future.
Upon complete withdrawal of your consent, you are no longer contacted, as well as receive any communications intended for the purposes described in this Privacy Policy.
To change or withdraw your statements of consent, you must send an e-mail requesting the change or withdrawal of consent to the following e-mail addresses:
10 RIGHTS OF DATA PROTECTION
If you have any question or complaint regarding our use of your personal data, you can contact us through the email dpo@blueclinical.pt (Data Protection Officer of Blueclinical).
Since we want to ensure that you are aware of your rights and under the applicable law, we want to inform you that:
  • Your personal data belongs to you, namely, it is your property. As such, you have the right to access, rectify, limit, erase and oppose to the treatment thereof, in Blueclinical. If you exercise any of these rights we will proceed to the analysis of your request and we expect to respond within one month.
  • You have the right to make a complaint to the National Data Protection Commission (CNPD). More information about the CNPD can be obtained at the website www.cnpd.pt.