CLINIXIR
External Data Subjects Privacy Notice

Clinixir Company Limited (“Clinixir”, “we”, “us”, or “our”) has prepared this External Data Subjects Privacy Notice (“Privacy Notice”) to describe how Clinixir collects, uses, discloses and/or cross-border transfers Personal Data (as defined below), and associated data subjects’ rights. This Privacy Notice applies to third parties whose Personal Data (as defined below) we collect, use, disclose, and/or cross-border transfer in the course of our business operations or the provision of our services, which includes

  1. Directors, shareholders, representatives, authorized persons, agents, employees, and other persons in a similar capacity including contact person (collectively, “Connected Persons”) of juristic persons, which includes but not limited to sponsors, investigators, site personnel, consultants, and other business partners;
  2. visitors and users of our website , including other channels of communication; and
  3. any other persons whose Personal Data we obtain in the course of our business operations or the provision of our services.

Persons described above are collectively referred to as “you” or “your”.
“Personal Data” shall refer to any information, which enables the identification of such person, whether directly or indirectly, or other information that is combined with such individually identifiable information or other information, enable the identification of individual, and/or any information protected under any applicable personal data protection laws.
Failure to provide certain Personal Data may result in Clinixir not being able to comply with our contractual obligations or legal obligations. In some instances, failure to provide Personal Data may also result in us not being able to continue the contract or relationship we have with you.


A. Personal Data we collect from and about you:


Clinixir may directly or indirectly collect your Personal Data during pre-deal processes, and in the course of our business operations or the provision of our services. We may collect your Personal Data via different online and offline channels (e.g. e-mail communications, websites, social media platforms (e.g. LINE), telephone, physical walk-in at our locations, postal mail and CCTV recordings). In the event that you are our sponsor or any of its Connected Persons, we may receive your Personal Data from any other sponsor referring you to us.

The types of Personal Data collected will depend on our interaction and relationship with you, this includes, but not limited to the following:

  1. Identification Information: such as, name, surname, signature, government issued documents (e.g. national identification card, passport) and copies of such documents and CCTV recordings.
  2. Contact Information: such as, phone number, postal address, and e-mail address.
  3. Employment Related Information: such as, curriculum vitae (CV) (including work experiences, qualifications, registrations, and memberships), your company, job title, license and certificates related to work (e.g. medical license, ICH-GCP training certificate). If you are the investigator or site personnel, we may collect your financial support information (e.g. for the findings on the relationship between you and a sponsor).
  4. [Device Information: such as Internet Protocol (IP) address, internet browsing behavior, login data, login log, search history, browsing details, browsing type and version, browsing language, web beacon, log, device ID and type, network, connection details, access details, single sign-on (SSO) details, browser plug-in types and versions, operating system and platform, time zone setting and location, access times, time spent on page, information about how you use and interact with our website (including web page viewed, content viewed, links clicked, and features used), when and how often you use our website, crash reports and other technology on devices you use to access the website;]
  5. Other Personal Data: such as information collected, used, or disclosed in connection with the relationship with us, or in connection with the relationship between us and your company, data collected when you interact with us, your correspondence with us, and information as part of our prospective or existing relationship with you in the course of you applying for or us providing you with our services and otherwise.

In the event that you have provided Personal Data of any third party individuals to us (e.g. Personal Data of directors, shareholders, or other persons who have executive power in your company or other employees of your company) or you request us to disclose Personal Data of such individuals to other third parties, you are responsible to inform such individuals of this Privacy Notice, and obtain consent where applicable or necessary, to permit us to legally collect, use and/or disclose their Personal Data in accordance with this Privacy Notice. You should ensure that the Personal Data provided to us is accurate and complete. You are also responsible for updating us on any changes to the Personal Data.

Clinixir has no intention in collecting Personal Data of minors, quasi-incompetent persons and incompetent persons. If you are a minor, quasi-incompetent person and/or incompetent person wishing to enter in to or have a business relationship with us, and where consent is required to collect, use, and/or disclose your Personal Data, you shall obtain relevant consent from your parent or guardian prior to contacting us or giving us your Personal Data. In the event that we discover that we have unintentionally collected minor’s, quasi-incompetent person’s and/or incompetent person’s Personal Data without consent from parent or guardian, when consent is required, we will delete such Personal Data in a timely manner or will only collect, use, and/or disclose such Personal Data if we can rely on other legal bases apart from consent.

[As part of the security procedure for our services and user experiences in using our website and services, cookies and such other technology systems may be used and may be placed on your device. In general, information gathered using cookies is not linked to any identifiable data (e.g., your name or e-mail). However, if we may need to link your Personal Data with cookies or other data that is associated with your use of our website and services, we will treat cookies and combined data as Personal Data.]


B. We use your Personal Data for the following purposes:

  1. Purposes in which, Clinixir rely on your consent includes: [Disclosure of your Personal Data for the purposes of referring you to potential sponsors who would subsequently use such Personal Data for selection and recruitment process for their prospective clinical study.]
  2. Purposes in which, Clinixir may rely on other legal bases: apart from the purposes where we may seek your consent, we (and third parties who may be acting on our behalf) may rely on (1) pre-contractual and contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of our legal obligations (3) legitimate interests, for the purpose of our legitimate interests and the legitimate interests of third parties, to be balanced with your own interest and fundamental rights and freedoms in relation to the protection of your Personal Data; (4) vital interest, preventing or suppressing a danger to a person’s life, body or health; (5) public interest, for the performance of a task carried out in the public interest or for the exercise of official actions and (6) the reason for an establishment, exercise and defense of legal claims for the following purposes:
    • Identity Verification: such as, for identity and status verification in relation to business operations;
    • Business Communication: such as, to communicate with you and support you on our business relationship or the relationship with your company;
    • Relationship Management: such as, to plan, perform, and manage our business relationship; to enter into a relevant contract or other documents; to provide services at your request; to issue and deliver of relevant documents related to the business operations; to manage and process payments; to provide credit; to perform accounting, billing, processing, clearing, settlement, collection or reconciliation activities; to process on the termination of relationship with you or your company;
    • Internal Management: such as, to create, maintain, and/or update information in relevant directories/databases; to manage, maintain and improve our website and services; to detect and prevent fraud risk and resolve any fraudulent activities, fraudulent transactions, deception, and fraudulent applications; to prepare relevant reports; to identify and perform management control on logs of network activities; to take any necessary steps to prevent activities aimed to cause damage, fraud, or illegal activities including activities relating to data maintenance and relevant services; to identify, investigate, prevent and protect of security events including security for life, health, property, and other rights of persons; to follow-up on incidents; to assist on crime prevention; to protect the security and integrity of our business; to maintain the internal business management; to manage access to our premises, including the use of CCTV; to establish, exercise, and/or defend legal claims (e.g. proceeding with legal procedure);
    • IT maintenance and support: such as, to safeguard the confidentiality, security, and accessibility of our website, IT systems, networks and hardware, and information; to provide IT and technical supports; to manage the access to any systems to which we have granted the access; to implement business controls to enable our business to operate; to identify and resolve issues in our IT systems; to maintain our systems security; to perform, develop, implement, operate and maintain our IT system; to authenticate and access controls and logs where applicable; to monitor the system, devices and internet;
    • Regulatory Compliance Related Purposes: such as, to cooperate with enforcement and/or governmental agencies pursuant to their orders (e.g. provision of information on a case-by-case basis); to submit any information in accordance with our legal obligations; to comply with the law, regulations and/or internal policies;
    • Sales or acquisitions of business: in the event of business reorganization, merger, sale, purchase, joint venture, assignment, transfer or other disposition of our business, assets, or stock, or rehabilitation, capital venture or any similar transaction, whether in whole or in part, we may disclose your Personal Data to our assignee(s) of rights and/or obligations as part of such transactions;
    • Prevention or suppression of danger to a person’s life, body, or health: such as emergency communications.
    • In addition to the purposes set out above, In the event that you are our sponsor or any of its Connected Persons, or you are our investigator or site personnel, the following purposes may also apply to you:
    • Clinical Study Management: such as, to process site selection and recruitment procedures; to conduct conflict checks; to process clinical study approval procedures.
    • In the event that you are our consultants, business partners or any of its Connected Persons, the following purposes may also apply to you:
    • Business Partner Selection: such as, to evaluate your suitability and qualifications; to process recruitment and selection procedures.

C. We may disclose your Personal Data to the following parties:


Our disclosure of your Personal Data would depend on the context of your relationship with us and the nature of services you obtain from us. In general, we may disclose or transfer your Personal Data to third parties, including (1) service providers (e.g. cloud service providers, data storage service providers, [infrastructure, IT and/or software service providers, postal mail service providers, delivery or logistic service providers, professional advisors relating to audit, legal, accounting and tax services, payment service provider, administrative and business support service providers, document storage and destruction service providers, data backup service providers, printing service providers]; (2) government entities or regulatory bodies and others for legal, regulatory and other necessary purposes, including responding to requests from government entities or regulatory bodies for purposes of law enforcement, legal orders, audits, or legal processes/claims; and (3) any other third parties based on your consent or your instruction. Clinixir may also disclose your Personal Data in order to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
In addition to the third parties as listed above, Clinixir may disclose your Personal Data to Assignee(s), third parties connected with possible or substantive sale of our business or any of our assets, or those of any related company, particularly through acquirements or mergers, alteration in divestitures or control, or affiliation with bankruptcy. In such instances, Personal Data collected by us may be one of the reassigned equities.
In the event that you are the sponsor or any of its Connected Persons, we may disclose your Personal Data to the following parties:

  1. Clinical Study Facilitating Parties: Clinixir may outsource third parties to assist in the performance of tasks related to Clinixir’s operations in processing clinical studies, to which your Personal Data may be disclosed to, including, but not limited to: (1) clinical vendors (2) central labs (3) investigators and (4) site personnel. The listed third parties may have access to your Personal Data in order to provide relevant services and to comply with their relevant tasks and responsibilities. Clinixir will only provide these third parties with information that is necessary for them to provide their services and/or to perform their relevant tasks and responsibilities.
  2. Ethics Committees: Clinixir may disclose your Personal Data to an ethics committee for communication purposes and for facilitation of the clinical studies; and
  3. Governmental Authorities: In order to comply with our legal obligations or to cooperate with the governmental authorities, Clinixir may be required to disclose your Personal Data as we deem necessary to comply with such legal or regulatory obligations. The recipient of your Personal Data includes, but is not limited to, the Food and Drug Administration that Clinixir discloses your Personal Data for the approval process on drug importation.

In the event that you are the investigator or site personnel, we may disclose your Personal Data to the following parties:

  1. Sponsor: Clinixir may disclose your Personal Data to the sponsors or any of its Connected Persons when you are involved in their relevant clinical study. [Your Personal Data may also be disclosed to other potential sponsors who would subsequently use such Personal Data for selection and recruitment process for their prospective clinical study.]
  2. Clinical Vendor: Clinixir may disclose your Personal Data to our clinical vendors to assist in the performance of tasks related to Clinixir’s operations in processing clinical studies; and
  3. Ethics Committees: Clinixir may disclose your Personal Data to an ethics committee for the processing of clinical study approval procedures.

In the event that you are our consultants, business partners or any of its Connected Persons, we may disclose your Personal Data to Bangkok Bank Public Company Limited, our transaction facilitator, for payment management.


D. We may transfer your Personal Data outside Thailand:


The recipients as listed in clause C. above may be located outside Thailand. Clinixir may also transfer your Personal Data to third parties [or servers] located outside Thailand for lawful purposes, including to the cloud service providers and data storage vendors for the purposes of data storage. Furthermore, if you are the investigator or site personnel, your Personal Data may also be cross-border transferred to our project consultant (e.g. CliniBiz in the United States of America) to confirm your qualifications and experiences for the clinical study.
Some recipients may be located in a country which the competent authority does not already prescribe to be the country that has the standard of personal data protection on the same level with the standard of personal data protection in Thailand. In such event, we will take steps and measures to ensure that your Personal Data is securely transferred, and that the receiving parties have in place an appropriate level of data protection standards or other measures as applicable with the applicable laws.


E. Retention of your Personal Data:


Clinixir will retain your Personal Data for as long as it is necessary to fulfil the purposes for which we obtain it, and/or to comply with our legal and regulatory obligations. Clinixir may have to retain your Personal Data for a longer period where it is required or permitted by law, such as where legal action or proceedings is initiated.


F. Your rights:


Pursuant to the applicable laws and exceptions thereof, you may have the following rights to:

  1. Right to access: You may have the right to access and/or request a copy of your Personal Data that Clinixir collects, uses, and/or discloses about you. Where necessary, we may require you to prove or authenticate yourselves prior to our compliance with your request.
  2. Right to rectify: You may have the right to have incomplete, inaccurate, misleading, or not-up-to-date Personal Data that Clinixir collects, uses, and discloses about you rectified.
  3. Right to data portability: Where legally applicable, you may have the right to obtain Personal Data Clinixir holds about you, in a structured, electronic format, and to have them send or transfer to another data controller.
  4. Right to object: You may have the right to object to certain collection, use, and disclosure of your Personal Data, on grounds relating to your particular situation.
  5. Right to restrict: You may have the right to restrict the use of your Personal Data in certain circumstances.
  6. Right to delete: You may have the right to request the deletion of your Personal Data or have your Personal Data anonymized, to the extent permitted by laws. However, we are not obligated to follow such request, if your Personal Data is still required to be maintained in order to comply with legal obligations, or to establish, exercise, or defend legal claims.
  7. Right to withdraw your consent: For the purposes you have consented to the collection, use and disclosure of your Personal Data, you have the right to withdraw consent at any time.
  8. Right to lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe the collection, use, and disclosure of your Personal Data is unlawful or non-compliant with applicable data protection laws.
  9. However, prior to lodging complaint to the competent authority, Clinixir would appreciate a chance for us to rectify your concerns. Please contact us at the contact information provided below.

G. Our security measures:


Clinixir has in place appropriate security measures, which includes administrative, technical and physical safeguards in relation to access control, to protect the confidentiality, integrity, and availability of Personal Data against any unauthorized or unlawful loss, alteration, modification, use, disclosure, or access. The standard security measure in place includes, but not limited to: restriction to access of Personal Data, Personal Data storage and any processing equipment; access rights or permission; user management to limit access to Personal Data to only authorized personnel; user responsibilities to prevent unauthorized access, disclosure, knowledge acquisition and/or unlawful duplication of Personal Data or theft of device used to store and process Personal Data; and the re-examination of unauthorized, alteration, erasure, or transfer of Personal Data.


H. Links to other third party websites:


[For website users, our website may contain links to platforms and other websites that are operated by third parties. While we try to link only to platforms and websites that share our high standards for privacy, we do not take responsibility for the content or the data protection standards employed by such other platforms or websites. Unless this Privacy Notice provides otherwise, any Personal Data you provide to any such third-party platforms or websites will be collected by that party and not by us and will be subject to that party’s privacy notice/policy (if any), rather than this Privacy Notice. In such a situation, we will have no control over, and shall not be responsible for that party’s use of your Personal Data.]


I. Change to this Privacy Notice:


We reserve the right to amend this Privacy Notice from time to time. The amendments to this Privacy Notice will be effective upon being published on our website. It is suggested that you check back periodically to view any changes or updates to this Privacy Notice. We will notify you of any material changes, and obtain your consent again, if required by law.


J. Feel free to contact us if you have any questions:


To exercise your data subject’s rights, or to make any inquiry, please contact:


Clinixir Company Limited:
Address: Asia Centre Building, 17th Floor, 173/18 South Sathorn Road, Thung Maha Mek, Bangkok, Thailand 10120
02-163-6430
admin@clinixir.com

Privacy Notice on CCTV Use

We, Clinixir Company Limited, use closed-circuit television (CCTV) in our premises to monitor a specific space for the safety and security of our premises, assets, staff, customers and visitors. This privacy notice provides information on our collection, use, and disclosure of your personal data collected in our use of CCTV. We may update this notice from time to time. You can find our updated notice at www.clinixir.com

TYPES OF PERSONAL DATA WE COLLECTED

Our CCTV captures images of all individuals and their belongings (e.g. handbags) entering the monitored area in our premises and may collect photos or videos of you.

HOW WE PROCESS YOUR PERSONAL DATA

2.1 We may collect, use, disclose, or process your personal data, for the following purposes: 

to protect individuals’ life, body, health, personal safety, and belongings;

to protect and prevent our premises, facilities and assets from damage, disruption, vandalism, and other crime;

to support law enforcement agencies in the prevention, detection, and prosecution of crime and to act as a deterrent against crime;

to assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings;

to assist in the investigation or proceedings concerning a whistleblowing complaint; and loment proceedings

2.2 Our CCTV is in operation 24 hours a day, except in case of system failure or maintenance.

2.3 We place appropriate signage in the monitored areas to alert you that a CCTV installation is in use and your personal data is recorded

LEGAL BASES

We may collect, use, disclose, or process your personal data on any of the following legal bases.

Vital interest. The collection, use, disclosure, or processing is necessary for the prevention or suppression of a danger to a person’s life, body, or health.

Legitimate interest. It is in our legitimate interest to collect, use, disclose, or process, your personal data to achieve any of the purposes described above.

Legal obligations. We owe a duty to comply with the legal obligations prescribed by the applicable laws, including but not limited to the laws regarding safety and environment in the workplace. We consider the use of CCTV as a necessary measure to enable us to meet those obligations.

DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES

We may disclose your personal data to third parties (including our affiliates and service providers) if we consider that the disclosure is necessary for the purposes described above.

We may disclose your personal data to law enforcement agencies if the disclosure is necessary for compliance with our legal obligations and to support or assist them in the prevention, detection, and prosecution of crime.

PERIOD OF RETENTION

We may retain your personal data no longer than 78 days or as necessary to achieve the purposes described in this notice or as is required by applicable laws. We may need to retain your personal data for so long as is necessary to deal with any disputes or legal proceedings that may arise.

If we no longer need to retain your personal data, we may destroy, delete, remove or anonymize your personal data.

YOUR RIGHTS

You have the following rights pursuant to the laws:

Right of access. You have the right to access and obtain a copy of your personal data or request to disclose your personal data. The request must be in writing and sent to the channel provided in the “CONTACT US” section. Your request will be processed within the period required by law. We may, to the extent permitted by law or a court order, refuse to act on your request where such a request could affect the rights and freedom of another person.

Right to rectification. You have the right to have incomplete, inaccurate, misleading, or not up-to-date personal data that we process about you rectified.

Right to data portability. You may have the right to obtain your personal data we hold, in a structured, electronic format, and transmit such data to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that data based on your consent.

Right to object. You have the right to object to the collection, use, or disclosure of your personal data for the purposes of achieving our legitimate interest (or that of other persons). We may refuse to comply with your request if we can demonstrate compelling legitimate grounds for such collection, use, or disclosure, which may override your own interests or if such collection, use, or disclosure is for the purposes of establishment, compliance, exercise or defense of legal claims.

Right of erasure. You have the right to request us to erase or destroy your personal data or to anonymize your personal data if you believe that (i) the personal data is no longer needed for the purposes described in this notice or (ii) the collection, use, or disclosure of your personal data is unlawful. We may refuse to comply with your request for erasure or destroy for the purposes of establishment, compliance, exercise or defense of legal claims, or compliance with laws.

Right to restrict processing. You have the right to request us to suspend the use of your personal data if you believe that we no longer need to retain the personal data for the purposes described in this notice, but you still require the retention for the purposes of establishment, compliance, exercise or defense of legal claims, or compliance with laws

Right to withdraw consent. If you have consented to our collection, use, or disclosure of your personal data, you have the right to withdraw that consent at any time.

Right to lodge a complaint. You have the right to file a complaint against us to the relevant data protection supervisory authority if you believe that we breach or do not comply with any of our obligations under the applicable personal data protection laws.

CONTACT US

If you have any questions about this notice or if you would like to exercise your rights, please contact our General Administration at admin@clinixir.com or call 02-163-6430