Privacy Policy
This Privacy Policy explains how [YOUR COMPANY NAME] ("we", "us", "our") collects, uses, and protects personal data when you use SurveySTATA (the "Platform") — a web-based survey platform for structured study data collection.
We are committed to protecting your privacy and processing your personal data in accordance with Regulation (EU) 2016/679 (GDPR), the French Data Protection Act (loi Informatique et Libertés), and applicable national law.
1. Who We Are (Data Controller)
[YOUR COMPANY NAME]
Registered address: [ADDRESS]
Contact email: [EMAIL]
Data Protection contact: [DPO EMAIL]
Where we process personal data on behalf of a Client who has engaged the Platform, that Client is the data controller and we act as data processor. A Data Processing Agreement (Art. 28 GDPR) governs that relationship.
2. Platform Design — HCP-Only Access
The Platform is designed exclusively for use by healthcare professionals (HCPs). Study subjects — patients or research participants — never interact with the Platform, never receive access links, and are never asked to create accounts.
Clinical observations are entered by HCPs against an auto-generated, pseudonymous subject code (e.g. LYN-0001). This code is generated by the Platform using a site-prefix and sequential counter — it is not derived from any patient information. The mapping between subject code and real patient identity is held only at the clinical site (in the HCP's own records or the hospital information system). The Platform infrastructure never receives, stores, or has any mechanism to obtain that mapping.
This constitutes pseudonymisation under GDPR Art. 4(5). GDPR applies in full; the Platform does not process anonymised data.
3. What Personal Data We Collect and Why
3a. Platform account holders (HCPs — Admins, Coordinators, Monitors, Analysts, Auditors)
| Data | Purpose | Lawful basis |
|---|---|---|
| Name, email address | Account creation, login, team management | Contract (Art. 6(1)(b)) |
| Argon2 password hash | Authentication — plaintext password is never stored | Contract (Art. 6(1)(b)) |
| IP address, user-agent | Security — rate limiting, audit trail, fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Session token (server-side only) | Keeping you authenticated; expires after 8 hours of inactivity | Contract (Art. 6(1)(b)) |
| Audit log entries | Accountability and regulatory compliance | Legal obligation (Art. 6(1)(c)) |
3b. Study data entered by platform users
HCPs enter the following data on behalf of the Client (controller). No patient direct identifiers are collected by the Platform at any point.
| Data | Purpose | Lawful basis |
|---|---|---|
Platform-generated subject code (e.g. LYN-0001) | Link responses to a pseudonymous study participant — not derived from patient information; the Platform cannot re-identify | Legitimate interest (Art. 6(1)(f)) / as determined by the Client controller |
| Clinical observations and survey answers | Study data collection for the Client's purposes | Determined by the Client (controller) |
| Signer name and professional role | Electronic attestation of the HCP who submitted the data — stored encrypted at rest | Determined by the Client (controller) |
| IP address (at time of submission) | Audit trail integrity — stored in an append-only log | Legitimate interest (Art. 6(1)(f)) |
| HCP consent confirmation timestamp | Record that the HCP confirmed data processing consent on behalf of the study subject before submission | Legal obligation |
What we never collect: patient names, initials, dates of birth, medical record numbers, national identification numbers, contact details, or any other information that directly identifies a study subject. Age is captured in years only; gender at conventional categorical levels.
4. How We Protect Your Data
- Encryption at rest: Subject codes, signer names, and signer roles are encrypted using AES-256-GCM before storage.
- Encryption in transit: All data is transmitted over TLS 1.2 or higher (HTTPS enforced in production).
- Role-based access control: Each user sees only the data relevant to their assigned role and study site.
- Append-only audit log: All significant actions are recorded in an audit log protected against modification at the database level.
- Tamper-evident submissions: A SHA-256 checksum is computed over submitted answers at the time of signing.
- EEA data residency: All data is stored exclusively on servers within the European Economic Area. No data is transferred outside the EEA.
5. Data Retention
We retain personal data for the period specified in the Client's study configuration (typically up to 10 years from data collection, in line with the Client's regulatory obligations). Login attempt logs and IP rate-limit records are purged automatically after 30 days.
On termination of the service agreement, all data is exported and/or deleted within 30 days of written request, except audit log records required for ongoing compliance.
6. Sharing Your Data
We do not sell or share personal data with third parties for marketing purposes. We share data only with:
- Cloud infrastructure providers within the EEA — for hosting, storage, and related services. All sub-processors are listed in our Sub-Processor Register available on request.
- The Client — who is the data controller for study response data and has signed a Data Processing Agreement with us.
- Supervisory or judicial authorities — if legally required.
7. Your Rights (Data Subjects)
Under GDPR, you have the following rights in relation to your personal data:
- Access (Art. 15): Request a copy of the personal data we hold about you.
- Rectification (Art. 16): Request correction of inaccurate data. Contact us at [EMAIL].
- Erasure (Art. 17): Request deletion of your data. For HCP account data, contact us directly. For study response data, use the self-service erasure link on your submission confirmation page.
- Portability (Art. 20): Receive your study response data in a structured machine-readable format via the download link on your completion page.
- Objection (Art. 21): Object to processing based on legitimate interest. Contact us at [EMAIL].
- Restriction (Art. 18): Request restriction of processing in certain circumstances.
Where processing is carried out under the instructions of a Client (controller), we will forward your request to that Client and assist them in responding within the required timeframe.
To exercise any right: [EMAIL]. We will respond within 30 days.
8. Cookies
The Platform uses a single server-side session cookie to keep you authenticated. This cookie is:
- Strictly necessary — the Platform cannot function without it.
- Not used for advertising, tracking, or analytics.
- Set to expire after 8 hours of inactivity.
- Marked
HttpOnlyandSecurein production environments.
No third-party analytics, advertising, or tracking cookies are used on the Platform.
9. Supervisory Authority
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the competent data protection supervisory authority. For France:
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07
www.cnil.fr
10. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Material changes will be communicated to registered account holders by email at least 30 days before taking effect.