Home
> GDPR & Data Processing Agreement (DPA)

GDPR & Data Processing Agreement (DPA)

GDPR & Data Processing Agreement (DPA)

1. Introduction

CliniApps Private Limited (“we”, “our”, “us”) is committed to protecting the privacy and personal data of individuals in accordance with the General Data Protection Regulation (“GDPR”) and applicable data protection laws.

This policy explains how we collect, use, store, disclose and protect personal data when you visit our website or engage with our services.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Subject: The individual whose personal data is processed.
  • Controller: The entity that determines the purposes and means of processing personal data.
  • Processor: The entity that processes personal data on behalf of the Controller.
  • Processing: Any operation performed on personal data (collection, storage, use, transfer, deletion).

3. Roles & Responsibilities

CliniApps Private Limited acts as:

  • Data Controller for website visitors, inquiries and business communications.
  • Data Processor when providing services such as language translation, document management, archival or other contracted services to clients.

4. Personal Data We Collect

We may collect the following categories of personal data:

  • Contact information (name, email address, phone number)
  • Organization and professional details
  • Website usage data (IP address, browser type, cookies)
  • Client-provided data required for service delivery
  • Communication records


We do not intentionally collect sensitive personal data unless contractually required and lawfully permitted.

5. Purpose of Processing

Personal data is processed for:

  • Responding to inquiries and service requests
  • Contract execution and service delivery
  • Regulatory and legal compliance
  • Quality assurance and internal audits
  • Website functionality and security
  • Business communication and support

6. Legal Basis for Processing

We process personal data under one or more of the following legal bases:

  • Consent of the data subject
  • Performance of a contract
  • Legal or regulatory obligation
  • Legitimate business interests
  • Protection of vital interests (where applicable)

7. Data Processing Agreement (DPA) – Key Commitments

When acting as a Data Processor, CliniApps agrees to:

  • Process personal data only on documented instructions from the Controller
  • Ensure confidentiality and staff training
  • Implement appropriate technical and organizational security measures
  • Assist Controllers with:
    • Data subject rights requests
    • Data breach notifications
    • Data protection impact assessments (DPIAs)
  • Not engage sub-processors without prior authorization
  • Ensure sub-processors comply with GDPR obligations
  • Delete or return personal data upon contract termination
  • Allow audits and inspections as legally required

8. Data Security Measures

We implement industry-standard safeguards including:

  • Access controls and role-based authorization
  • Encryption and secure storage
  • Non-magnetic secure storage for digital media (where applicable)
  • Physical security and restricted access
  • Regular system monitoring and audits

9. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes outlined, or as required by law, regulatory, or contractual obligations.

10. Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure:

  • Adequate safeguards (Standard Contractual Clauses or equivalent)
  • Compliance with GDPR cross-border transfer requirements

11. Data Subject Rights

Under GDPR, data subjects have the right to:

  • Access their personal data
  • Rectification of inaccurate data
  • Erasure (“Right to be Forgotten”)
  • Restriction of processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

Requests can be made by contacting us at the details below.

12. Cookies & Tracking Technologies

Our website may use cookies for:

  • Essential website functionality
  • Analytics and performance improvement

Users may manage cookie preferences through browser settings.

13. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the Controller without undue delay
  • Assist with regulatory reporting where required
  • Take immediate corrective actions

14. Third-Party Disclosure

We do not sell or trade personal data.
Data may be shared only with:

  • Authorized service providers
  • Regulatory or legal authorities (if required)
  • Sub-processors under strict confidentiality obligations

15. Policy Updates

We reserve the right to update this policy to reflect legal or operational changes.
Updates will be published on this page.

16. Contact Information

For GDPR or data protection inquiries, contact:

CliniApps Private Limited
Address: 8th Floor, Premchand House Annexe, 
Behind Popular House, 
Old High Court Road, Ashram Road, 
Ahmedabad – 380009, Gujarat, India

📧 Email: info@cliniapps.com
📞 Phone: +91-6359200066 / +91-9512553332

Last updated: January 2026

Stay Ahead.

Subscribe for Expert Insights.

Subscribe to receive regulatory updates, industry insights and best practices in clinical research support.