Privacy Policy

Last updated: 8 of April of 2021

Legal Notice

The owner of the website accesible through the URL (From now either , ShareCRF or the Platform, indistinctly) is Inetsys, S.L. (from now, Inetsys), with NIF ESB82722224 and address C\ Valladolid 38, 28941 Fuenlabrada, Madrid (Spain). For any questions, doubts, complaints or suggestions regarding ShareCRF, please write us to or call us to (+34) 91 119 63 03.

Following this Legal notice, the privacy policy of ShareCRf is displayed which regulates the collection and treatment of personal data through the website accessible through the URL by its responsible, Inetsys and its acceptance implies conformity with it.

Basic Information on Data Protection

Responsable: Inetsys S.L. +info

Purpose: Manage access, information and notification of users to the platform. +info

Legitimation: Consent of the interested party. +info

Recipients: No data will be transferred to third parties, except legal obligation. +info

Rights: Access, rectify and delete data, as well as other rights, as explained in the additional information. +info

Who is responsible for the processing of your data?

The platform and its database of Users, Clients and Contacts belongs to Inetsys, with NIF ESB82722224 and address calle Valladolid 38, 28941, Fuenlabrada (Madrid) Spain.

Phone: +34 91 119 63 03
Email Address:

Data Protection Officer (DPO):

Email Address:
Data Protection Officer (DPO):

Registration Data: Commercial Register of Madrid. Volume 15,609, Book 0, folio 155, section 8, Sheet M-262792

Why do we treat your personal data?

All personal data collected by Inetsys through ShareCRF will be included in a file that is the responsibility of the said company to process, by automated and non-automated means, in accordance with the following purposes:

  • The personal data provided to enrol as a Registered User of the Platform will be used by Inetsys in order to manage said enrolment and to allow the Registered User to make use of the tools and functionalities available on the Platform for Registered Users at any time, as appropriate. This data will also be used to contact Registered Users in the event it becomes necessary.
  • Personal data provided to Inetsys through any contact form or as a consequence of using any of the contact methods (email addresses, telephone, etc.) published on ShareCRF will be used to meet the request and contact the sender in order to answer their question, query, complaint or suggestion.
  • The personal and banking data provided by the Clients to enrol as such and / or to contract the services offered by Inetsys on ShareCRF will be used in order to manage their registration on the Platform and to provide them with the contracted services, making the appropriate tools available to them, through ShareCRF, as well as to correctly manage payments as appropriate and to obtain a means of contact with the Subscribers.

What kind of data do we deal with?

It is important to understand the difference between customer data and user data from the platform:

  1. Client data: We refer to Client Data, to all data entered by any User in the data collection applications generated by the Subscribers of our service. Our subscribers use our service to create case report forms to collect and manage the data of their clinical studies. All the information managed, and stored is those forms are considered Customer Data.
  2. User data: We refer to User Data mainly to the data collected in the user registration form of the platform, as well as other forms of contacts or similar.

You must take into account that the Client Data that you provide with the use of the Platform, especially when participating in clinical trials or medical studies, will be collected by the Subscriber who would have invited you to register and / or participate in a trial or study and for those Registered Users participating in the trial with permits to see such data, according to the information that they had offered to you. Regarding the information you provide with your use of the Platform as a Registered User, Inetsys is configured as a Treatment Manager in accordance with the terms indicated in the European Data Protection General Regulation (GDPR).

The Platform possesses the technology to implant cookies on the equipment terminal that users use to browse. The use of this technology can be blocked or disabled at any time through the browser's configuration options. For more information, consult our Cookies policy.

What is the legitimacy for the treatment of your data?

The acceptance of this Privacy Policy implies giving consent to Inetsys to send their own advertising and to carry out advertising campaigns about news and products, unless, at the time of providing the information, the box intended to register opposition to this had been ticked. This consent may be withdrawn at any time by informing Inetsys of this through an email message addressed to:

Email Address:

To which recipients will your data be communicated?

The data will not be transferred to third parties, except legal obligation or those cases when are required by third companies or provides of inetsys for the correct offering of our services. This data will be only the strictly necessary for Inetsys to offer its products or services and neither Inetsys nor the third companies will make use of your data different from that indicated in this policy or in the Terms and Conditions of the Service.

The list of User data processors is shown below:

Product/Service Company Purpose Geographical location of data Security Measures Implemented
AWS Amazon Web Services, Inc Hosting of data storage and processing services Germany and Ireland
Asana Asana , Inc User support management USA Standard Contractual Clauses (SCC)
Notion Notion Labs, Inc. User support management USA Standard Contractual Clauses (SCC)
Mailchimp (Mandrill) The Rocket Science Group, LLC Sending transactional emails from ShareCRF USA Standard Contractual Clauses (SCC)
ActiveCampaign ActiveCampaign, LLC Sending group e-mails for ShareCRF communications USA Standard Contractual Clauses (SCC)

The list of Customer data processors can be consulted at Data Processing Addendum.

We are committed to inform you of any corporate change that implies a new ownership of the data you have entrusted to us, giving you the option to exercise your rights.

What are your rights when you provide us with your data?

At any time, the data subject may exercise the rights listed below. To do this, simply send your request to Inetsys, S.L., Calle Valladolid 38, 28941, Fuenlabrada (Madrid), Spain, or to the email address (see below). In the cases in which ShareCRF does not have enough proof to identify the issuer of the request in a trustworthy manner, ShareCRF may require the interested party to provide proof of identification. Once received and validated it will proceed to exercise the requested rights of the interested party.

  1. To obtain confirmation as to whether we are processing personal data concerning them, or not.
  2. To access your personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data are no longer necessary for the purposes that were collected.
  3. In certain circumstances, data subjects may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.
  4. In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. We will stop processing the data, except for overriding legitimate reasons, or the exercise or defense of possible claims.
  5. To portability, which implies that the personal data of the data subject are transmitted directly from one controller to another, without having to be previously transmitted to the data subject himself, provided that this is technically possible.
  6. To withdraw the consent given.
  7. To complain to the Supervisory Authority: if you consider that your rights have not been respected, you can file a complaint by writing to the Spanish Data Protection Agency located at Calle Jorge Juan, 6, 28001 Madrid or use the electronic headquarters: In both cases, you must accompany the relevant documentation.
  8. To submit a complaint to our Data Protection Officer (DPO) (see below).
Email Address:
Data Protection Officer (DPO):