Privacy Policy

Last updated: March 3, 2026

1. Introduction

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Electronic Data Capture (EDC) system. We are committed to protecting your privacy and ensuring the security of your personal data in compliance with applicable regulations including GDPR, HIPAA, and other data protection laws.

2. Information We Collect

We collect and process the following types of information:

  • User Account Information: Username, email address, role/permissions, and authentication credentials
  • Clinical Research Data: Study data, patient information (de-identified where applicable), and related research data
  • System Activity Logs: Login times, IP addresses, actions performed, and data modifications
  • Technical Information: Browser type, device information, and system performance data
3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Performance of contract (to provide EDC services)
  • Legal compliance (regulatory requirements for clinical research)
  • Legitimate interests (system security and service improvement)
  • Consent (where explicitly obtained for specific purposes)
4. How We Use Your Information

Your personal data is used for the following purposes:

  • Providing access to and operation of the EDC system
  • Conducting clinical research activities in compliance with protocols
  • Maintaining audit trails for regulatory compliance
  • Ensuring data security and preventing unauthorized access
  • Improving system performance and user experience
  • Communicating important system updates and notifications
5. Data Security Measures

We implement comprehensive security measures to protect your data:

  • End-to-end encryption for data transmission (TLS/SSL)
  • Encrypted data storage using industry-standard algorithms
  • Multi-factor authentication options
  • Role-based access controls and least privilege principles
  • Regular security audits and vulnerability assessments
  • 24/7 system monitoring and intrusion detection
  • Regular backups and disaster recovery procedures
HIPAA & GDPR Compliance: Our EDC system is designed to meet the requirements of HIPAA, GDPR, and other applicable data protection regulations. We employ administrative, technical, and physical safeguards to ensure Protected Health Information (PHI) and personal data are properly secured.
6. Data Retention

Personal data and clinical research data are retained for the duration required by:

  • Applicable regulatory requirements (typically 25 years for clinical trial data)
  • Study protocols and institutional policies
  • Legal obligations and potential litigation holds

After the retention period expires, data is securely deleted or anonymized in accordance with our data retention and destruction policies.

7. Data Sharing and Disclosure

We may share your information with:

  • Authorized study personnel and investigators
  • Regulatory authorities (FDA, EMA, etc.) as required by law
  • Institutional review boards (IRBs) and ethics committees
  • Study sponsors and clinical research organizations (as specified in study protocols)
  • Third-party service providers bound by confidentiality agreements

We do not sell or rent your personal information to third parties.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restriction: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent
9. International Data Transfers

When data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for transfers to approved countries
  • Additional security measures for data protection
10. Cookies and Tracking Technologies

We use essential cookies and session management technologies to:

  • Maintain user authentication and session security
  • Remember user preferences and settings
  • Analyze system performance and usage patterns

You can control cookie settings through your browser, though disabling certain cookies may affect system functionality.

11. Children's Privacy

This system is not intended for use by individuals under the age of 18 without proper authorization and supervision. We do not knowingly collect personal information from children.

12. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Users will be notified of significant changes, and the "Last Updated" date will be revised accordingly.

13. Contact Information

For questions, concerns, or to exercise your privacy rights, please contact:

Sylphid Analytics Pvt. Ltd.
Email: edc@sylphidanalytics.com
Website: https://edc.krithrim.com/
Address: Hyderabad, Telangana, India

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

Back to Login