Last updated: 8 of April of 2021
The owner of the website accesible through the URL https://www.sharecrf.com (From now either , ShareCRF or the Platform, indistinctly) is Inetsys, S.L. (from now, Inetsys), with NIF ESB82722224 and address C\ Valladolid 38, 28941 Fuenlabrada, Madrid (Spain). For any questions, doubts, complaints or suggestions regarding ShareCRF, please write us to or call us to (+34) 91 119 63 03.
|Basic Information on Data Protection||Detail|
|Purpose||Manage access, information and notification of users to the ShareCRF.com platform.||+info|
|Legitimation||Consent of the interested party||+info|
|Recipients||No data will be transferred to third parties, except legal obligation||+info|
|Rights||Access, rectify and delete data, as well as other rights, as explained in the additional information||+info|
Who is responsible for the processing of your data?
The ShareCRF.com platform and its database of Users, Clients and Contacts belongs to Inetsys, with NIF ESB82722224 and address calle Valladolid 38, 28941, Fuenlabrada (Madrid) Spain.
Phone: +34 91 119 63 03
Data Protection Officer (DPO): Registration Data: Commercial Register of Madrid. Volume 15,609, Book 0, folio 155, section 8, Sheet M-262792
Why do we treat your personal data?
All personal data collected by Inetsys through ShareCRF will be included in a file that is the responsibility of the said company to process, by automated and non-automated means, in accordance with the following purposes:
- The personal data provided to enrol as a Registered User of the Platform will be used by Inetsys in order to manage said enrolment and to allow the Registered User to make use of the tools and functionalities available on the Platform for Registered Users at any time, as appropriate. This data will also be used to contact Registered Users in the event it becomes necessary.
- Personal data provided to Inetsys through any contact form or as a consequence of using any of the contact methods (email addresses, telephone, etc.) published on ShareCRF will be used to meet the request and contact the sender in order to answer their question, query, complaint or suggestion.
- The personal and banking data provided by the Clients to enrol as such and / or to contract the services offered by Inetsys on ShareCRF will be used in order to manage their registration on the Platform and to provide them with the contracted services, making the appropriate tools available to them, through ShareCRF, as well as to correctly manage payments as appropriate and to obtain a means of contact with the Subscribers.
What kind of data do we deal with?
It is important to understand the difference between customer data and user data from the ShareCRF.com platform:
- Client data: We refer to Client Data, to all data entered by any ShareCRF.com User in the data collection applications generated by the Subscribers of our service. Our subscribers use our service to create case report forms to collect and manage the data of their clinical studies. All the information managed, and stored is those forms are considered Customer Data.
- User data: We refer to User Data mainly to the data collected in the user registration form of the ShareCRF.com platform, as well as other forms of contacts or similar.
You must take into account that the Client Data that you provide with the use of the Platform, especially when participating in clinical trials or medical studies, will be collected by the Subscriber who would have invited you to register and / or participate in a trial or study and for those Registered Users participating in the trial with permits to see such data, according to the information that they had offered to you. Regarding the information you provide with your use of the Platform as a Registered User, Inetsys is configured as a Treatment Manager in accordance with the terms indicated in the European Data Protection General Regulation (GDPR).
The Platform possesses the technology to implant cookies on the equipment terminal that users use to browse. The use of this technology can be blocked or disabled at any time through the browser's configuration options. For more information, consult our Cookies policy.
What is the legitimacy for the treatment of your data?
To which recipients will your data be communicated?
The data will not be transferred to third parties, except legal obligation or those cases when are required by third companies or provides of inetsys for the correct offering of our services. This data will be only the strictly necessary for Inetsys to offer its products or services and neither Inetsys nor the third companies will make use of your data different from that indicated in this policy or in the Terms and Conditions of the Service.
The list of User data processors is shown below:
|Product/Service||Company||Purpose||Geographical location of data||Security Measures Implemented|
|AWS||Amazon Web Services, Inc||Hosting of data storage and processing services||Germany and Ireland|
|Asana||Asana , Inc||User support management||USA||Standard Contractual Clauses (SCC)|
|Notion||Notion Labs, Inc.||User support management||USA||Standard Contractual Clauses (SCC)|
|Mailchimp (Mandrill)||The Rocket Science Group, LLC||Sending transactional emails from ShareCRF||USA||Standard Contractual Clauses (SCC)|
|ActiveCampaign||ActiveCampaign, LLC||Sending group e-mails for ShareCRF communications||USA||Standard Contractual Clauses (SCC)|
The list of Customer data processors can be consulted at Data Processing Addendum.
We are committed to inform you of any corporate change that implies a new ownership of the data you have entrusted to us, giving you the option to exercise your rights.
What are your rights when you provide us with your data?
At any time, the data subject may exercise the rights listed below. To do this, simply send your request to Inetsys, S.L., Calle Valladolid 38, 28941, Fuenlabrada (Madrid), Spain, or to the email address. In the cases in which ShareCRF does not have enough proof to identify the issuer of the request in a trustworthy manner, ShareCRF may require the interested party to provide proof of identification. Once received and validated it will proceed to exercise the requested rights of the interested party.
- To obtain confirmation as to whether we are processing personal data concerning them, or not.
- To access your personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data are no longer necessary for the purposes that were collected.
- In certain circumstances, data subjects may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.
- In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. We will stop processing the data, except for overriding legitimate reasons, or the exercise or defense of possible claims.
- To portability, which implies that the personal data of the data subject are transmitted directly from one controller to another, without having to be previously transmitted to the data subject himself, provided that this is technically possible.
- To withdraw the consent given.
- To complain to the Supervisory Authority: if you consider that your rights have not been respected, you can file a complaint by writing to the Spanish Data Protection Agency located at Calle Jorge Juan, 6, 28001 Madrid or use the electronic headquarters: https://sedeagpd.gob.es. In both cases, you must accompany the relevant documentation.
- To submit a complaint to our Data Protection Officer (DPO) at .