Privacy Policy

In terms of principles related to the Processing of Personal Data, AICIB undertakes to ensure that personal data will be:
- Processed lawfully, fairly, and transparently in relation to the data subject;
- Collected for specific, explicit, and legitimate purposes and not subsequently processed in a manner incompatible with those purposes;
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, when necessary, updated; all reasonable measures must be taken to ensure that personal data that are inaccurate, considering the purposes for which they are processed, are erased or rectified without delay;
- Retained in a manner that permits the identification of data subjects only for the period necessary for the purposes for which the personal data are processed;
- Processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

The Data Controller of Personal Data collected through the website is AICIB – Agency for Clinical Research and Biomedical Innovation, headquartered at Rua de Santa Catarina, 1288, 4000-099 Porto. For privacy-related matters, you may contact AICIB at aicib@aicib.pt or its Data Protection Officer via the following email address privacy@aicib.pt

Clients who have contracted our services may authorize certain users to access these Services, including users who are not directly affiliated with or controlled by the Client. These authorized users may include clinical trial participants, other clinical trial stakeholders, industry professionals, clinical trial monitors, and administrators or executives from hospitals, clinics, or other locations involved in a study. In these situations, the Client acts as the administrator of these accounts and any personal data that such authorized users may provide in connection with the contracted Services. Access by these authorized users to the Services is governed by AICIB's Terms and Conditions. Study Participants accessing technological enablement services or products, including any other software or tools made available to authorized users, will have a minimal amount of personal data collected to enable Client-driven workflows and compliance with our contractual and legal obligations. This personal data will not be used for any other purpose nor disclosed to unauthorized third parties.

We collect information about people who access or interact with the Portugal Clinical Studies platform and who voluntarily provide us with personal data, when someone contracts Products or Services and when authorized third parties provide them.
 
 
Types of Personal Data: “Personal data” refers to information that identifies an individual or relates to an identifiable individual. We may collect and process some or all of the following information:
- Personal and contact data (e.g., first name, last name, email address, phone number)
- Employment details (e.g., company entity, office location)
- Browsing/tracking activities
- Professional experience and affiliations
- Business information (e.g., purchase history and preferences)
- Sensory and electronic information (e.g., audio recordings if using products such as teleconsultation or participating in webinars, online meetings, training or remote support sessions, when applicable)
- Pictorial representations of the user (profile photographs, when applicable)
- Username and Authentication Passwords (to use certain Services)
- Special category data (e.g.: health data uploaded by the Client or directly by the Participant related to the Study they are participating in).
- Account and profile information: We collect certain personal data about the Client or authorized user when invited to join an Entity or authorized to access the Services, create an account, modify their profile, set preferences, or register others via the Services. Other commonly collected data include: contact information, billing details, Entity name, job title, and other account-related details.
The Website, Platform, and Services are not directed at individuals under 18 years of age. Our Clients who conduct Clinical Studies involving individuals under 18 must not provide or submit any personal data that may directly or indirectly identify them, even if informed consent has been obtained from their legal representatives for participation in the Clinical Study. In such cases, all data must be subjected to additional security measures. If we discover that personal data of a minor was submitted to us without parent or legal guardian consent or submitted data was not properly pseudonymized with additional security and confidentiality measures, we will take action to cease processing and delete this data. If you need to process data of minors, please contact us using the contact information provided below.

Note that AICIB cannot control whether submitted data belongs to minors, so the Client is fully responsible for the data submitted. We have no control over content uploaded via Service requests, and thus cannot delete or review this Personal Data.

Content the Client provides through the Website or Platform: We may collect and store the content you publish, send, receive, and share. We also process the personal data you provide when creating an account, subscribing to services, or contacting a Partner product supplier, with its usage limited solely to managing our relationship with you.

Information provided through our support channels: The Client may opt to submit tracking information related to a reported issue to our Customer Support Team. For example, if acting as a technical contact, opening a support ticket, speaking directly with one of our representatives, or contacting our Customer Support in another way, you will be asked to provide your contact information, a summary of the issue you wish to resolve, and any relevant documentation, screenshots, or information useful for problem resolution. Note that if sharing screenshots, sensitive data that should not be shared must not appear in those images.

Information we also collect whenever you download content from our Websites: When downloading content from our Websites or Services, we log your information in our marketing databases. For instance, IP address, email address, and other data requested to enable this action.

Information automatically logged when accessing the Websites or Services: Information is automatically collected, via cookies, regarding visits to our Websites or use of our Services, including browsing on our sites and performing certain actions within the Websites or Services.

Service Usage: We keep records of certain information regarding who and when someone interacts with any of our Services. We also log information about teams and other people granted access and how they collaborate with the Platform. Our tracking is aimed at generating audit logs.

Device and Connection Information: We may also collect information about the computer, mobile phone, tablet, or other devices you use to access our Websites and Services. This device information includes connection type, installation settings, accesses, and ways you utilize our services.

Like many site operators, we log the information your browser sends whenever you visit our Platform (“Log Data”). This Log Data may include details such as your IP address, device, browser type, browser version, pages visited on our Websites, the time and date of your visit, time spent on those pages, and other statistics.

We use your IP address and/or country preference to approximate your location and provide a better service experience. The amount of information collected depends on the type and settings of the device you use to access the Websites or Services and the cookies you accept. Cookies are information stored directly on the device you use. Cookies allow us to gather insights like browser type, time spent on the Websites, pages visited, language preferences, and other anonymous traffic data. The types of cookies are:
- Strictly necessary cookies: These cookies cannot be disabled as they are essential for delivering the Websites and any requested Services.
- Performance cookies: These cookies provide statistical information about site usage, such as web analytics.
- Functional cookies: These cookies enable enhanced functionality and personalization and may be set by us or by third-party providers whose services we add to our pages.
- Targeting/advertising cookies: These cookies are utilized to create profiles or personalize content to provide targeted online advertisements deemed more relevant for the user.

The Website user is required to accept all strictly necessary cookies, without which navigating the site is impossible, and may choose which of the remaining cookies to accept or reject per their preferences.

The Client's server and data center administrators can disable the collection of this information via administrative settings or prevent such data from being shared with us by blocking transmission at the local network level.

To Provide the Services: We need to collect some personal data to authenticate you when logging in, establish contracts, provide customer support, and operate and maintain the Services.
For research and development: We may use the information collected about how people use our Websites and Services and the feedback provided directly to us to troubleshoot problems and identify trends, usage, activity patterns, and areas for integration and improvement of the Websites and Services. In some cases, we utilize lessons learned from our Websites and Services to enhance and develop similar features or better integrate the Services requested by the user. 
To communicate with you about Services or Products: We may use your contact information to send transactional communications via email or within the Services related to your usage of these Services, including notifications and updates, and to share training materials tailored to your areas of interest.
To provide customer support: We may use your information to resolve technical issues, respond to support requests, analyze error data, and repair and improve the Websites and Services.
To improve network and information security: We may track the use of our Websites and Services to verify and investigate suspicious activities.

We may share your personal data for the following business purposes: 

- To our third-party service providers who provide services such as information technology and related infrastructure, cloud storage, messaging and voice services, email delivery, data analysis, marketing analysis, auditing, software development and maintenance, quality control and assurance, customer support and other services. These service providers are legally obliged to guarantee the confidentiality of personal data and to implement appropriate security measures. 

- If necessary or appropriate under applicable law; to comply with legal process; to respond to requests from public and government authorities; to enforce our terms and conditions; to protect our operations; to protect the rights, privacy, safety or property of AICIB, you or third parties; and to enable us to pursue available remedies or limit the damages we may suffer. 

Legal basis: 

All processing of personal data that we carry out has at least one lawful basis, which may be (1) your consent; (2) the need for the personal data for the performance of a contract or requested service; (3) the fulfilment of a legal obligation to which we are subject; or (4) our legitimate interest or that of a third party based on national or EU law. If we process your personal data with your consent, you can revoke it at any time as described below.  

Retention of personal data: 

We will retain and use personal data for as long as necessary to fulfil the purposes for which it was collected or provided, to fulfil contractual obligations and legal obligations, resolve any disputes, provide our services, enforce our contracts and exercise any other rights we have under applicable law. Where applicable, we store personal data in accordance with the instructions of our Clients who are the Data Controllers providing us with the data through the Platform. 

 When there is no longer a legitimate need to retain the data and information related to the Services or Products you have purchased, we will securely erase it permanently or, if this is not possible, we will securely store it until it can be securely destroyed. When we delete or destroy personal data, it will be removed from our servers and active databases, as well as from the Sites, but may remain in our backup archives as long as it is not feasible or possible to delete it. 

To the extent permitted by law and/or our contractual obligations, we may retain and use anonymised and aggregated information for performance reporting, benchmarking and analytical purposes, to improve our Services and for other commercial or research purposes. 

Information Security: 

 We take reasonable and appropriate administrative, technical and organisational security measures to protect personal data as well as other confidential information and we review these security procedures periodically taking into account new technologies and new security regulations that may come into force. However, no security system is perfect and no data transmission over the internet can be guaranteed to be completely secure. Whilst we endeavour to protect personal data, we cannot fully guarantee the security of any information you transmit to or from our Services or Sites. You should always maintain the appropriate level of security on the devices you use or those used by users authorised by you to access our Sites and Platforms. Whenever a link is posted to external, non-AICIB Sites, you should consult the privacy policy and terms of use of the owner of those Sites or Platforms, as they are beyond AICIB's control. 

 Certain areas of the Sites or Services may require a user ID, email address and/or password as an additional security measure to help protect your information. Do not share your password with anyone. 

 International Transfers: 

 The Portugal Clinical Studies Platform is based in Portugal and is governed by Portuguese law. We do not transfer data outside the European Economic Area (‘EEA’). 

 Important: If you share or give access to third parties, whether natural or legal persons, whether or not they are involved in the Study, in any capacity, you are responsible for promoting the conclusion of all the necessary legal instruments required by law, namely the Personal Data Processing Agreements, for the purposes of complying with the GDPR. 

Your rights in relation to personal data: 

 - Marketing or promotional communications: You can opt out of receiving marketing or promotional email communications from us by using the ‘unsubscribe’ feature at the bottom of the email we send or by requesting an opt-out by sending an email to pcs@portugalclinicalstudies.com. 

- Access and update your information: Our Services allow you to update or modify the content of information about you in your profile settings. For certain fields, you may need to contact your account administrator. 

- Deactivate your account: If you want to stop using our Services, your administrator can deactivate your access or account. You must contact your administrator to request deactivation of the account. If you are an administrator and cannot deactivate an account in the administrator settings, please contact Customer Support at pcs@portugalclinicalstudies.com. 

- In some cases, due to the rules governing clinical trial audit processes, you may not be able to delete certain information about yourself or the Study from our Platform. For authorised users, it may also not be possible to ask AICIB directly to delete their data as the accounts are controlled by the account administrator. 

Request for information: Any data subject has the right to request: (1) the specific personal data we process; (2) the categories of personal data, specifically listing the exact data concerned; (3) the sources through which the personal data were collected; (4) the categories of personal data that were shared and their recipients, if any; (5) the purposes of the processing; (6) the lawful grounds for processing; (7) the retention periods; (8) the legitimate interests of the controller or a third party, if that is the lawful ground for processing; (9) the rights granted to you by law; and (10) how to exercise them. 

 Access: You have the right to receive confirmation as to whether and how we process your personal data. You will have access to personal data and information that relates to the Services or Products you have contracted for; we will also provide you with details of such processing; and, in some circumstances, we will provide you with a copy of such personal data. 

Rectification: You always have the right to demand that we correct any inaccurate or incomplete personal data. 

Limitation of processing: You also have the right to restrict the processing of your personal data when: (1) the accuracy is contested, for a period that allows us to verify its accuracy; (2) the processing is unlawful, but you object to its erasure and instead request a limitation; (3) you need us to keep certain data for the establishment, exercise or defence of legal claims, even if we no longer need that data; or (4) you object to the processing of personal data by AICIB, pending resolution of your objection. 

Objection: In certain circumstances, you have the right to object to the processing of your personal data, unless we can demonstrate legitimate grounds for the processing by AICIB to override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You also have the right to object when personal data is processed for direct marketing purposes, for the secondary purposes set out in Article 89 of the GDPR: scientific research, historical archiving or for statistical purposes, unless the processing is necessary for the performance of a task carried out in the public interest. 

Revocation of consent: If the processing of personal data is based on your consent, you may revoke it in whole or in part at any time, without this jeopardising the processing that has already been carried out. Once we have received notification that you have withdrawn your consent, we will cease to process them for the purposes for which you originally consented, unless we have a legitimate basis that overrides your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our Services. 

Complaints: If you believe that we have not processed your personal data in accordance with applicable law, you have the right to lodge a complaint with the Supervisory Authority - Comissão Nacional de Proteção de Dados (‘CNPD’), whose contact details are available at www.cnpd.pt, or to take legal action. 

 Automated decision-making. We do not use the personal data you provide for exclusively automated decision-making (including profiling) that results in automated decisions that legally or otherwise significantly affect you. Automated decisions are those made solely on the basis of computer algorithms, without human review. If you are subjected to automated decision making, we will make this clear, and you have the right to challenge the decision, express your point of view and demand a human review of the decision. 

We will confirm receipt of your request within a maximum of 5 working days. We will respond to your request to exercise your rights within 30 days of receiving your request, but we may need an additional 30 days if we need more time due to the complexity of your request. 

 Excessive requests: If your requests are unfounded or excessive, particularly because they are repetitive, we may charge a reasonable fee or refuse to fulfil the request and notify you of the reason for the refusal. If we charge a fee, the amount will be based on the administrative costs of providing the information, communicating or taking the action requested. 

Verification process: We are required by law to verify the identity of those who submit requests. To determine whether the person making the request is the data subject, we will verify their identity by comparing the identifying information provided in the request with the personal data we already hold. If we cannot verify your identity, we may request additional information or deny the request in whole or in part. We will inform you if we are unable to verify your identity. 

 Legal representatives: An authorised legal representative may submit a request on your behalf. In this case, we may require: (1) the presentation of legal power of attorney; (2) that you confirm the identity of the representative directly with the Portugal Clinical Studies team. We may deny a request if we have valid reasons to doubt the authenticity of the authorisation to act on your behalf. 

Form and channels for exercising rights with regard to personal data: 

 You can contact AICIB using the special form available at Who are we? Or, alternatively, pcs@portugalclinicalstudies.com. 

 If you are a Clinical Study participant: In general, clinical study participants should contact the research team directly, rather than the AICIB. If a study participant contacts AICIB directly, AICIB will fulfil all contractual obligations to respond to the request, but will favour redirection to the Principal Investigator, who will provide all the information necessary to respond to the request. 

Changes to this Privacy Policy.
We may update this Privacy Policy at any time, at our sole discretion and without prior notice. We will post any revised Privacy Policy on our Sites and Services. You should check this Privacy Policy periodically to ensure that you are aware of any changes. Your continued use of the Sites or Services constitutes your acceptance of any revised Privacy Policy. 

If you have any questions about this Privacy Policy, please contact us at: pcs@portugalclinicalstudies.com or at: Agência de Investigação Clínica e Inovação Biomédica, Rua de Santa Catarina, 1288, 4000-099 Porto, Portugal. 

The user acknowledges that the contents of this website are protected by intellectual property rights of AICIB and third parties, and undertakes to respect such rights. 

The rights over texts, images, graphics, sound, and animation, and all other information and the way they are graphically represented on the website, including trademarks, logos, and symbols, as well as the arrangement and structure of the website, are owned by AICIB or have been duly licensed to AICIB. 

The user is not authorized to transmit, publish, modify, copy, sell, use or distribute, in any form, the texts, images, or other information contained in this website or parts of the website without prior written permission from AICIB. The use of trademarks and logos on this website, as well as the availability of materials on the website, does not grant nor can be interpreted as granting users permission to use, directly or indirectly, such trademarks, logos, or materials.