Privacy Notice for Request for Proposal

Who we are?

We are Comac Medical Ltd., a full-service privately owned boutique CRO/SMO with more than 290 full-time employees, operating in several European countries covering population of over 390 mln: Bulgaria, Romania, Spain, Italy, Serbia, Macedonia, Croatia, Bosnia and Herzegovina, Montenegro, Moldova, Georgia (South-Eastern Europe), Lithuania, Latvia, Estonia (Baltic region), Belarus, Poland, Hungary, Slovenia, Kosovo, Albania, Cyprus, Greece, Kazakhstan, United Kingdom, Czech Republic, Turkey and USA.

Our details as a corporate entity and as a data controller are:

Comac Medical Ltd., UIC 103174683, having our registered address in Sofia, Bulgaria, 131 Odrin str., 5th floor, and correspondence address:
69 Bulgaria Blvd.,
Tower B, 7 Floor
1404 Sofia, Bulgaria
Tel: +359 2 892 10 00
Fax: +359 2 892 10 01

Data Protection officer: privacy@comac-medical.com.

We may process personal data for the purpose of RFP together with our affiliates when evaluating the possibility of conducting a particular clinical research / trial in a particular geographical region. As a CRO we give the potential sponsors the opportunity to request proposal for services from us or our affiliates. In this case we may act as joint controllers when we set the purposes and means of data processing together. Nevertheless, Comac Medical Ltd. is the contact point for all matters concerning personal data processing. If you are only visitor to our website, we do not process any particular personal data except for the basic information about IP address, location, device, cookies as stated below and in our Cookies Notice.

These Requests for proposal are intended to be included in our data base of potential sponsors or clients and to give us an opportunity to submit a proposal for the services requested by you or your organization. Should you have any questions and concerns in this regard, feel free to contact our Data Protection Officer at privacy@comac-medical.com.

  1. What kind of personal data do we collect and process?

In order to register you request for proposal we need to collect and to process a limited set of information, including personal data. The personal information includes: first name, last name, e-mail, phone number. We need also job title and organization that may be considered as personal data if you may be identified through them.

For all groups of users and website visitors, we may process information related to your location, IP address, your web preferences as it is stated in our Cookies Policy, the way you navigate and interact with this website. The purpose is to improve the functionalities of our website and our services.

Sometimes we may conduct re/marketing campaigns for the purpose of enhancing the visibility and the transparency of our activity and our services.

We may collect and process your personal data which are available publicly on LinkedIn or other social network in order to communicate with you, to verify information and to offer services.

  1. How do we obtain personal data?

For the purpose of RFP, we obtain your data directly from you. In some cases, we may validate the data you provided using external public information sources.
By way of using this web site and its forms, we may automatically collect information about your IP address, approximate location, device (type of device – mobile or PC) log data, usage information, and cookies.
The information about the location is not specifically tracked, but provides information about the geographic area where your device interacts with our web site as indicated by the IP address of another similar identifier.

More information about the cookies you may find in our Cookie Policy.

  1. For what purpose it is necessary to provide your personal information?

To handle your request of proposal. In addition, your personal data is necessary to contact you, in case further verification of your interest or additional information is needed.

It is possible also to see ads for our activities, services and/or products by remarketing campaigns.

We may use your personal data for direct marketing campaigns and will be always given the opportunity to opt-out, based on our legitimate interest.

We may use the personal data for statistical and archiving purposes. In this case we apply appropriate technical and organizational measures to ensure personal data protection.

We do not plan to process further your personal data for purposes other than those specifically described herein. In case of changes, we`ll notify you prior to that further processing.

  1. Which is the legal basis of processing?

For the purposes of Request for proposal we`ll process your personal data based on legitimate interest.

For archiving and statistical purposes, we rely on legitimate interest or legal obligation, depending on the relevant circumstances.

For re/marketing campaigns, we rely on legitimate interest.

The international data transfer, when applicable, the personal data is transferred when it is necessary for entering into agreement with you or your organization or for precontractual measures, as requested by you.

  1. What would be the consequences in case you do not provide your personal data?

You cannot submit RFP.

  1. Do we share your personal information with internal organizations?

We may share your personal data with our affiliates and/or local offices in other countries, which are affiliates of Comac Medical.

  1. Do we share your personal information with external organizations?

If required for the respective potential clinical research/trial, we may share your information with the Sponsor, other clinical research sites, investigators, partners, contract research organizations, monitors, public authorities in accordance to their powers. Usually the purpose is clinical trial feasibility.

  1. For how long do we retain your personal information?

We retain your personal data for no longer than is necessary for the purposes for
which the personal data are processed. In some cases, your personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the applicable law.

The longest retention period is 25 years when it is required by the law, the Good Clinical Practice or if the process is included in the Clinical study research/trial protocol.

  1. Do we transfer your personal data internationally and outside the EU?

If required for the respective potential clinical research/trial, we may have sponsors, partners, other investigators and sites these participants may be established or located in a foreign country including outside European Union. When we prepare a clinical trial/research or other related activities with international coverage, we may transfer your data to our affiliates, some of them outside EU.

We use interactive tools from Facebook, YouTube, LinkedIn, Google Maps and Google analytics which may transfer your IP address, web preferences as it is stated in our Cookies Policy in other countries, including outside EU.

  1. How do we protect your rights and freedoms in case of non-EU personal data transfer?

For several non – EU countries, the European Commission explicitly adopted a decision that these countries provide an adequate level of data protection mechanism and when your personal data is transferred to them no specific additional safeguards are needed from our side. Currently, The European Commission has so far recognized Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay and the United States of America (limited to the Privacy Shield framework) as providing adequate protection.

In case we transfer your data to other countries not listed above we use standard contractual clauses to ensure the equal level of protection as in EU or the exception pursuant art. 49, para 1, (b) of GDPR.

  1. Do we perform automated decision – making, including profiling?

We do not execute automated decision – making, apart the analytics described in our Cookie Policy.

  1. How do we protect your personal data?

The connection of our web site where you fill your personal information is ensured through secured Hypertext Transfer Protocol Secure.

Comac Medical Ltd. аnd our affiliates have implemented appropriate technical and organizational measures to protect your right and freedoms concerning personal data protection including to prevent unauthorized data access, disclosure, loss and/or alteration.

  1. What are your rights with regards to the personal data processing?

• Right of access
You have the right to request information whether we process personal data related to you and certain additional information in this regard such as for purposes of processing, categories of personal data, recipients to whom your personal data have been or will be disclosed in particular recipients in thirds countries.

• Right of rectification
You have the right to request that your personal data be corrected if any changes have been made or found to be incomplete or inaccurate.

• Right to be erasure (“right to be forgotten”)
You have the right to request that your personal data to be deleted when it is no longer needed for the purposes for which it has been processed when you withdraw your consent on which the processing is based and where there is no other legal ground for the processing.

You are entitled to request the erasure of your data have been unlawfully processed; if your data need to be erased for compliance with a particular legal obligation.

After considering all the circumstances of this request, we may refuse to delete your personal data if the processing is necessary to comply with a legal obligation which is applicable to us or for reasons of a public interest in the area of public health, for archiving purposes in the public interest, scientific, statistical purposes or for establishment, exercise or defense of legal claims.

The exercise of the right of erasure may not affect the rights and freedoms of others.

• Right to restriction of processing

You have the right to request a restriction of processing while we consider your rectification request, until verifying the accuracy of your personal data.

You may also request a restriction on processing when you do not want your personal data to be deleted, including in connection with the exercise or protection of legal claims. Processing restriction may also apply to your objection to automatic decision-making against you or profiling or during the pending verification whether our legitimate grounds override yours.

• Right to data portability

You have the right to receive personal data that concerns you and that you have provided to us, in a structured, widely used and machine-readable format, and you have the right to request that we transfer this data to another controller in the following cases:

  • Processing is based on consent or on a contract and it is carried out automatically.

When exercising this right, the transfer can only be made by us to another controller when it is technically feasible.

This right shall not apply to the processing necessary for the performance of a public interest task.

The exercise of the right of portability may not affect the rights and freedoms of others.

• Right to object to automated decision-making against you.

When decisions are made against you (if any), it is only based on automated processing of your data, including profiling, that you may object.
This right may not be exercised when automated processing is necessary for the conclusion or performance of a contract between us.

When processing your data for direct marketing purposes (when such is done), you have the right to object to such processing at any time and your processing of personal data for that purpose is terminated.

Depending on your particular situation, at any time of the processing of your data on the grounds of legitimate interest, you have the right to object before us. In this case, we shall no longer process your data unless we demonstrate compelling this legitimate ground for the processing which overrides your interest, rights and freedoms or for establishment, exercise or defense of legal claims.

In case of direct marketing you may always object against it.

  • Right to lodge a complaint with a supervisory authority

Within the EU, you have the right to complain to a supervisory authority about how your information is handled and/or when you feel your rights and freedoms regarding personal data processing are violated.

  1. How to file an inquiry, complain or requests in terms of data protection?

You may file an inquiry, complain or requests in terms of data protection by sending an email to privacy@comac-medical.com .

To handle your request, we may require additional identification.

To facilitate the process, we may require also to fill specific request form to exercise your rights, especially if your request is unclear. In this case, we will provide you with the respective form.

If you act through a proxy or on behalf of someone else, you need you provide us with the valid power of attorney following the applicable law.

  1. Do we use cookies on our website?

For this site, sometimes we store small data files called cookies on your device, to make the website work properly. Most major websites also use this method. You can check through your browser what cookies you use; how long cookies are stored and how to manage them.

  1. Cookies and marketing tools integrated to this web site?

What are cookies?
Cookies are small text files that are saved to your computer or mobile device when you visit a website. They allow the website to store your actions and preferences (such as username, language, font size, and other display settings) for a specified period so you don’t have to enter them every time you visit the site or switch from page to page.

How to control cookies

You can block, disable and/or delete analytics and marketing cookies whenever you like – see https://aboutcookies.org/ for more information. In addition, you can delete any cookies already stored on your computer, and you can also set most browsers to block them. However, if you do this, you may need to manually adjust some parameters each time you visit a site, and some services and features may not work.
All modern browsers allow you to change your cookie settings. You can usually find these settings in the “options” or “preferences” menu of your browser. To be aware of these settings, the following links may help, or you can use the “Help” button in your browser menus for more details:

Cookie settings in Internet Explorer

Cookie settings in Edge

Cookie settings in Firefox

Cookie settings in Chrome

Cookie settings in Opera

Cookie settings in Safari

  1. Linking to external web pages?

Our website contains links and may redirect you to external websites which are independent data controllers and may process your data at their legal basis. Please, when you use other websites and external systems, nevertheless you are redirected from our website, read carefully their information regarding personal data processing.

Besides, there are embedded links to LinkedIn, Facebook, Google.

  1. Changes in this Privacy Notice?

We reserve the right to modify or amend this Privacy Notice. For instance, it may need to change as new legislation is introduced or as it is amended. The updated Privacy Notice will be posted on this website. When it is reasonable and/or in case of significant changes we will notify the data subjects, enrolled in our database via your registered email or by posting a visible message on our website.