ClinicalHawk (“ClinicalHawk,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or otherwise interact with us.

By using our website, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use immediately.

Privacy Policy

1. Data Controller

2. Information We Collect

ClinicalHawk is the data controller of your personal data. If you have questions or concerns about how your data is handled, please contact us using the details in Section 15.

We collect the following categories of personal information:

a. Information You Provide

• Name, surname, email address, phone number, organization, job title, and city.

• Payment and billing details (if applicable).

• Any information you provide when contacting us, registering for services, or subscribing to newsletters.

b. Information Collected Automatically (Device Information)

• IP address, browser type, time zone, language settings.

• Cookies and similar tracking technologies.

• Pages you view, referral websites, and interactions with our website.

c. Sensitive or Special Category Data

• We generally do not collect sensitive data (e.g., health, biometric, or religious information).

• If collected in the context of our clinical systems, such data will be processed in compliance with applicable healthcare regulations (e.g., HIPAA, GDPR).

3. How We Use Your Information

We use your data to:

• Provide, operate, and improve our website and services.

• Process transactions and manage accounts.

• Communicate with you (including newsletters, marketing, and service updates).

• Ensure website security and prevent fraud.

• Comply with legal obligations and regulatory requirements.

• Conduct analytics, research, and service improvement.

• Where applicable, support clinical trial management in compliance with regulatory standards.

4. Legal Bases for Processing (GDPR & UK-GDPR)

We use your data to:

• Consent – when you opt-in for marketing communications.

• Contract – to provide services you request.

• Legitimate Interests – to improve services, secure systems, and detect abuse.

• Legal Obligation – when required by applicable law.

5. Your Rights

Under GDPR / UK-GDPR

• Right to be informed.

• Right of access.

• Right to rectification.

• Right to erasure (“right to be forgotten”).

• Right to restrict processing.

• Right to data portability.

• Right to object.

• Rights regarding automated decision-making and profiling.

Under CCPA / CPRA (California Residents)

• Right to know what categories of data are collected and shared.

• Right to request access to your personal information.

• Right to deletion.

• Right to opt out of sale or sharing of personal information.

• Right to non-discrimination for exercising privacy rights.

Under CCPA / CPRA (California Residents)

• Right to confirmation of processing.

• Right to access, correction, and erasure.

• Right to grievance redressal.

• Right to nominate a representative in case of incapacity.

To exercise your rights, contact us at info@clinicalhawk.com. We will respond within the legally required timeframe.

6. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tools to:

• Enable website functionality.

• Analyze usage and improve user experience.

• Deliver targeted advertisements or marketing (where applicable).

You can control cookies through your browser settings or opt out via cookie banners where available.

7. Data Retention

We retain your personal information only as long as necessary for the purposes stated in this policy or as required by law. When data is no longer needed, we will securely delete, anonymize, or aggregate it.

8. Data Sharing and Third Parties

We may share your information with:

• Service providers (e.g., hosting, analytics, payment processors).

• Business partners involved in service delivery.

• Regulatory authorities where legally required.

• In business transactions such as mergers, acquisitions, or asset transfers.

All third parties are required to safeguard your data and use it only for the purposes specified.

9. International Data Transfers

Your information may be transferred to and stored in countries outside your own (including the US, Canada, EU, and India). We use appropriate safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent mechanisms to ensure your data is protected.

10. Children’s Privacy

Our website and services are not directed to individuals under 18. We do not knowingly collect data from children. If we become aware of such collection, we will delete it promptly.

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including encryption, access control, and monitoring. However, no system can guarantee 100% security.

12. Data Breach Notification

In the event of a personal data breach, we will notify affected individuals and regulators as required by applicable laws.

13. Automated Decision-Making and AI

If we use AI or automated tools in processing personal data (e.g., clinical trial data insights), we ensure transparency, fairness, and human oversight. You have the right to request information on such processing and to object to automated decision-making.

14. Policy Updates

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last Updated” date. If changes are significant, we will notify you by email or website notice.

15. Contact Information

For questions or to exercise your rights, contact us: Email: info@clinicalhawk.com

16. Change Log

Version 2.0 – Last Updated: September 1, 2025

• Added compliance details for India DPDP Act, 2023 and US state privacy laws (CCPA/CPRA).

• Introduced sections on cookies, data retention, children’s privacy, AI/automated decision-making, and data breach notification.

• Updated international transfer safeguards.

Version 1.0 – Effective: May 1, 2022

• Initial release of Privacy Policy covering GDPR compliance, data collection, user rights, and security measures