BIORCE PRIVACY POLICY

Effective Date: Current Date
Last Updated: Current Date

1. WHO WE ARE

Biorce ("we," "us," or "our") is a Spanish company (Biorce ESP SL) that provides AI-powered clinical trial optimization services. We are committed to protecting your personal data and privacy rights.

Contact Information:

Company: Biorce ESP SL
Email: info@biorce.com
Website: www.biorce.com
Data Protection Contact: info@biorce.com

2. WHAT PERSONAL DATA WE COLLECT

2.1 Information You Provide Directly

Contact Information: Name, email address, company name, job title
Professional Information: Role, therapeutic area, number of clinical trials
Account Information: Username, password (encrypted)
Communication Data: Messages, feedback, support requests

2.2 Information Automatically Collected

Technical Data: IP address, browser type, device information
Usage Data: Pages visited, time spent, click patterns
Cookies: See our Cookie Policy for details

2.3 Information from Third Parties

Business Contact Data: Publicly available professional information
Social Media: If you connect social media accounts (LinkedIn, etc.)

3. LEGAL BASIS FOR PROCESSING

We process your personal data based on:

Consent (Art. 6(1)(a) GDPR): For marketing communications and non-essential cookies
Contract Performance (Art. 6(1)(b) GDPR): To provide our services and respond to inquiries
Legitimate Interest (Art. 6(1)(f) GDPR): For service improvement, security, and business development
Legal Obligations (Art. 6(1)(c) GDPR): When required by applicable laws

4. HOW WE USE YOUR PERSONAL DATA

We use your information to:

Provide Services: Deliver clinical trial optimization tools and analysis
Account Management: Create and maintain your account
Customer Support: Respond to inquiries and provide technical support
Service Improvement: Analyze usage to enhance our platform
Marketing Communications: Send relevant updates and promotional materials (with consent)
Legal Compliance: Meet regulatory and legal requirements
Security: Protect against fraud, abuse, and security threats

5. DATA SHARING AND RECIPIENTS

5.1 We may share your data with:

Service Providers: Cloud hosting, payment processors, email services (under strict data processing agreements)
Business Partners: For joint services (with your explicit consent)
Legal Authorities: When required by law or to protect rights and safety
Corporate Transactions: In case of merger, acquisition, or sale (with appropriate safeguards)

5.2 We do NOT:

Sell your personal data to third parties
Use your data for automated decision-making without human oversight
Process sensitive data without explicit consent

6. INTERNATIONAL DATA TRANSFERS

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy Decisions for countries with adequate data protection
Additional Safeguards as required by GDPR Article 44-49Adequacy Decisions for countries with adequate data protection

7. DATA RETENTION PERIODS

We retain your personal data only as long as necessary:

Data Type

Account Data

Marketing Data

Support Records

Usage Analytics

Financial Records

Security Logs

Retention Period

Until account deletion + 30 days

3 years from last interaction or until consent withdrawal

2 years from case closure

2 years (anonymized after 6 months)

7 years

1 year

Legal Basis

Contract performance

Consent

Legitimate interest

Legal obligation

Legitimate interest

After retention periods expire, data is securely deleted or anonymized.

8. YOUR RIGHTS UNDER GDPR

You have the following rights regarding your personal data:

8.1 Right of Access (Art. 15 GDPR)

Request a copy of your personal data we hold

8.2 Right to Rectification (Art. 16 GDPR)

Correct inaccurate or incomplete data

8.3 Right to Erasure (Art. 17 GDPR)

Request deletion of your personal data ("right to be forgotten")

8.4 Right to Restrict Processing (Art. 18 GDPR)

Limit how we use your data in certain circumstances

8.5 Right to Data Portability (Art. 20 GDPR)

Receive your data in a structured, machine-readable format

8.6 Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interests or direct marketing

8.7 Right to Withdraw Consent

Withdraw consent at any time (where processing is based on consent)

How to Exercise Your Rights:

Email: info@biorce.com (Subject: Data Protection Request)
Response time: Within 30 days (may be extended to 60 days for complex requests)
Verification: We may request identity verification to protect your data

9. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data:

Encryption: Data encrypted in transit and at rest
Access Controls: Role-based access with multi-factor authentication
Regular Audits: Security assessments and vulnerability testing
Staff Training: Regular data protection training for all personnel
Incident Response: Procedures for detecting and responding to data breaches

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to:

Ensure website functionality
Analyze usage and improve services
Provide personalized content (with consent)

Cookie Types:

Essential Cookies: Required for website operation (no consent needed)
Analytics Cookies: Usage statistics (consent required)
Marketing Cookies: Personalized advertising (consent required)

You can manage cookie preferences through our cookie banner or browser settings.

11. DATA BREACH NOTIFICATION

In case of a personal data breach that poses a risk to your rights and freedoms:

We will notify the relevant supervisory authority within 72 hours
We will inform affected individuals without undue delay
We will document the breach and remedial actions taken

12. CHILDREN'S PRIVACY

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the data immediately.