This Data Protection Statement applies to the following companies in the Atlantia Group:
References to “we”, “us” and “Atlantia” shall apply to the company in the group that is processing your Personal Data.
We are a world-class provider of human clinical studies. We are a full-service, ICH-GCP compliant, Contract Research Organisation (CRO). We deliver human clinical studies in the following areas; functional foods and beverages, ingredients, supplements, prebiotics, probiotics and microbiome-based therapeutics and cosmeceuticals.
We need to process Personal Data to operate our business. We are committed to protecting the rights of individuals in accordance with data protection legislation including the General Data Protection Regulation in Europe (the “GDPR”).
We have appointed a Data Protection Officer. If you have any questions about this Data Protection Statement or the way in which your Personal Data is being used by us, please contact:
Data Protection Officer
Address: Floor 1, Heron House, Blackpool, Cork, T23 R50R, Ireland,
Email: dataprotectionofficer@atlantiatrials.com
Telephone: +353 (0)21 430 7442
Our website is: www.atlantiaclinicaltrials.com
For ease of use, Atlantia has split its Data Protection Statements into three separate statements as follows:
This Data Protection Statement applies to Personal Data that Atlantia processes generally as part of its business. It applies to business contacts and members of the public including sponsors, suppliers, and visitors to our website referred to herein as “Contacts”.
If you are a Volunteer please see this statement: [https://atlantiaclinicaltrials.com/atlantia-volunteer-data-protection-statement]. If you are a candidate seeking employment with Atlantia please see this statement: https://atlantiaclinicaltrials.com/atlantia-employee-selection-data-protection-statement
The definition of Personal Data is as follows:
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This Data Protection Statement describes the Personal Data that we process about Contacts and sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be used by us where we are controllers of that Personal Data for the purposes of the GDPR. Please read this Data Protection Statement carefully to understand our views and practices regarding the Personal Data we collect and how we will treat it.
As a Clinical Research Organisation, we undertaken research studies for and on behalf of Sponsors. In general, the sponsors are the controllers of the Personal Data relevant to participants in a particular study.
This Data Protection Statement applies to Personal Data that Atlantia processes generally as part of its business. It applies to business contacts and members of the public including sponsors, suppliers and visitors to our website referred to herein as “Contacts”.
Sources of personal data
We collect Contact Personal Data from:
We will only ever source Personal Data that is necessary and in a way that would be generally expected.
We receive Contact Personal Data from a variety of sources, as follows:
We process the following categories of Personal Data about Contacts. For each category we have included an example of the type of Personal Data that may be part of that category:
may include: name, address, email address, phone number, online communication id (e.g MS Teams); social media profile
may include: details of phone calls, email correspondence and hardcopy correspondence, notes of meeting and communications
may include: contact data and any preferences in receiving marketing from us and your communication preferences
may include: contact data, payment related information, bank account details, financial data, PPSN and financial data received as part of the services we provide
may include Personal Data provided on any forms on our website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
We process all Personal Data lawfully and in accordance with the requirements of the law. The GDPR sets out the legal grounds for processing Personal Data.
When Atlantia processes Personal Data of Contacts it is generally on one of the following legal basis:
CONTRACT
We will process Personal Data where necessary to perform our obligations relating to or in accordance with any contract that we may have with you or to take steps at your request prior to entering into that contract (e.g. our Clinical Trial Agreement);
For certain processing activities we may rely on your consent.
Where we are unable to collect consent for a particular processing activity, we will only process the Personal Data if we have another lawful basis for doing so.
You can withdraw consent provided by you at any time by contacting us at dataprotectionofficer@atlantiatrials.com
LEGITIMATE INTEREST
At times we will need to process your Personal Data to pursue our legitimate business interests, for example for administrative purposes, to collect debts owing to us, to provide information to you, to expand our business opportunities, to operate, evaluate, maintain, develop and improve our websites and services or to maintain their security and protect intellectual property rights.
We will not process your Personal Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweigh our legitimate interests.
You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data on the basis of our legitimate interests, contact us at dataprotectionofficer@atlantiatrials.com and we will review our processing activities.
LEGAL OBLIGATION
If we have a legal obligation to process Personal Data, such as the payment of taxes, we will process Personal Data on this legal ground.
We use your Personal Data to provide you with our services and to assist us in the operation of our business. Under data protection law, we must ensure that the purpose of processing is clear. We have set out below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing.
In certain circumstances, we may disclose Personal Data to third parties as follows:
We will take all steps reasonably necessary to ensure that all Personal Data is treated securely in accordance with this Data Protection Statement and the relevant law, including the GDPR. In particular, we have put in place appropriate technical and organisational procedures to safeguard and secure the Personal Data we process. We monitor for and do everything we can to prevent security breaches of the Personal Data that we process. Once we have received your Personal Data, we will use strict procedures and security features for the purpose of preventing unauthorised access and ensuring that only those who need to have access to your Personal Data can access it. We also use secure connections to protect Personal Data during its transmission. If you think that there has been any loss or unauthorised access to Personal Data of any individual, please let us know immediately.
In order to provide our products and services we may need to transfer Personal Data outside the European Economic Area (EEA). We ensure that any transfer of Personal Data outside the EEA is undertaken using legally compliant transfer mechanisms and in accordance with the GDPR.
If we transfer Personal Data outside of the EEA, we generally rely on the Standard Contractual Clauses under Article 46.2 of the GDPR adopted by the EU Commission. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.
Cookies are small text files placed on your computer or mobile device by websites that you visit, and they help us improve the products and services that we offer you. They are used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies may allow a website to remember your activity over a period of time. Cookies are optional and you do not have to accept them.
Further information on the cookies we use on the website and the purpose behind their respective uses are set out in our Cookie Notice.
Our website may contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy settings, and these are not endorsed by us. We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting any Personal Data to these websites.
In some circumstances it is not possible for us to specify in advance the period for which we will retain your Personal Data. In such cases we will determine the appropriate retention period based on balancing your rights against our legitimate business interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances such as where required for the purposes of legal claims.
Further information about our retention practices are set out below:
For the duration of the contract or for 7 years post-termination
24 months in the case where no meaningful engagement or earlier in the case you unsubscribe.
12 months
7 years
7 years unless required to retain indefinitely
You have various rights relating to how your Personal Data is used.
Right of access to the Personal Data we hold about you
You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we have recorded about you as well as details of the processing, the categories of Personal Data concerned and the recipients of the Personal Data.
We will provide the first copy of your Personal Data free of charge, but we may charge you a reasonable fee for any additional copies.
We cannot give you access to a copy of your Personal Data in some limited cases including where this might adversely affect the rights and freedoms of others.
Right of rectification of Personal Data
You should let us know if there is something inaccurate in your Personal Data.
We may not always be able to change or remove that Personal Data, but we will correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
Right of erasure of Personal Data (right to be forgotten)
In some circumstances you can ask for your Personal Data to be deleted, for example, where:
Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your request for erasure.
Please note that we cannot delete your Personal Data where:
Right to restrict what we use your Personal Data for
You have the right to ask us to restrict what we use your Personal Data for where:
When Personal Data is restricted, it cannot be used other than to securely store the Personal Data and with your consent to handle legal claims and protect others, or where it’s for important public interests.
Right to have your Personal Data moved to another provider (data portability)
You have the right to ask for your Personal Data to be given back to you or another service provider of your choice in a commonly used format. This is called data portability.
This right only applies if we are using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.
Right to object
You have the right to object to processing of your Personal Data which is based on public interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate a compelling ground for the processing.
Right not to be subject to automated decision-making
You have the right not to be subject to a decision based solely on automated processing. This right shall not apply where the processing is necessary for a contract with you, or the processing is undertaken with your explicit consent, or the processing is authorised by law.
You can make a complaint
You have the right to lodge a complaint with the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think an infringement of data protection law took place.
We will post any changes to this Data Protection Statement on the Website and on our job ads in recruitment portals and when doing so will change the effective date at the top of this Data Protection Statement.
In some cases, we may provide you with additional notice of changes to this Data Protection Statement, such as via email. We will always provide you with any notice in advance of the changes taking effect where we consider the changes to be material.
Thank you for reading our General Data Protection Statement. Please contact us if you have any questions.
If we are unable to resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work, or where you consider that the data protection rules have been breached
Online Form: https://forms.dataprotection.ie/contact
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Tel: +353 578 684 800 or +353 761 104 800
If you have any questions about this data protection statement or in the way your data is being used by us please contact:
