SIRO - Privacy Policy

Last Updated: 25 Aug 2025

SIRO Medical Writing Private Limited, (hereinafter referred to as “SIRO,” “we,” “us,” or “our”), is committed to protecting the privacy and security of your personal data. This Privacy Policy (“Policy”) explains how we collect, use, disclose, and protect your personal data in connection with our medical writing services, including the processing activities. It applies to individuals whose personal data we process, including clients, sponsors, employees, clinical study participants, and other stakeholders.

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable. This Policy provides transparency about our data processing practices and your rights regarding your personal data.

1. Who We Are

SIRO is a provider of medical writing services, specializing in the preparation of clinical study documents, regulatory submissions, safety documents and other scientific communications. Our registered office is at 16th floor, Hoechst House, Nariman Point, Mumbai- 400021, Maharashtra, India. For the purposes of data protection laws, we act as a Data Controller for certain processing activities (e.g., employee data of SIRO and SIRO’s subsidiaries’, subcontractors, affiliates etc. ) and as a Data Processor for others (e.g., client/sponsor and clinical study participant data), as outlined below.

If you have any questions about this Policy or our data practices, please contact our Privacy Compliance Officer at:

2 Personal Data We Collect

We collect and process personal data as part of our medical writing services. The categories of personal data and the purposes for processing are detailed below, based on our processing activities.

2.1Client/Sponsor Communication

To communicate with clients and sponsors regarding medical writing services, project updates, and contractual obligations. Name, contact numbers, email address, address are the personal data of client or sponsor point of contacts (POCs) would be collected directly from the clients/sponsors or third parties (e.g., partner organizations). The data is shared internally within SIRO group as approved and required for project management and externally with vendors (e.g., MS SharePoint) as necessary to fulfil contractual obligations.

2.2Sharing: Employment Purposes

To manage employee relationships, including recruitment, payroll, and HR administration. Name, contact information, email address, other details (e.g., employment history, qualifications) are the personal data to be collected. The data to be collected directly from the employees. Shared internally within SIRO for HR purposes. No external sharing with vendors unless required for HR- related services (e.g., payroll processing) as necessary for contractual obligation (to fulfil employment contracts).

2.3Case Report Forms (CRFs)

To process clinical study participant data for the preparation of Common Technical Documents (CTDs) and other regulatory submissions. Participant details (e.g., identifiers), biological test data, health data are the personal data collected of are the personal data collected of Clinical study participants which is collected from third parties (e.g., clinical research organizations or sponsors) as necessary to perform the contractual obligations (to fulfil contracts with sponsors for medical writing services) and data is shared internally within SIRO for document preparation and externally with vendors (e.g., MS SharePoint) as necessary to fulfil contractual obligations.

2.4Non-Personal Data

We may also collect non-personal data, such as anonymized or aggregated data, to analyze trends, improve our services, or meet regulatory requirements. This data does not identify individuals and is not subject to this Policy.

3. How We Use Your Personal Data
We use your personal data for the following purposes:
  • To Provide Services: To deliver medical writing services, including preparing clinical study documents, communicating with clients/sponsors, and managing employee data.
  • To Comply with the Contracts: To meet contractual obligations with clients, sponsors, and employees.
  • To Comply with Legal Obligations: To adhere to applicable laws, regulations, or legal requests (e.g., responding to subpoenas or regulatory audits).
  • To Improve Our Services: To analyze anonymized data to enhance our processes and service quality.
  • To Prevent Fraud: To screen orders or transactions for potential fraud or risk, particularly in clinical study data processing.
We do not use your personal data for purposes beyond those stated in this Policy unless we obtain your explicit consent or are required by law.
4. How We Share Your Personal Data
We may share your personal data in the following circumstances:
  • Internally: Personal data is shared within SIRO for project management, HR administration, or document preparation, as outlined in the Records of Processing Activities (RoPA) document.
  • With Vendors: We share data with service providers (e.g., MS SharePoint) to support our operations, such as data storage and project management. These vendors are bound by contractual obligations to protect your data and comply with applicable data protection laws.
  • With Third Parties: We may share data with third parties (e.g., regulatory authorities, auditors) to comply with legal or regulatory requirements or to fulfil contractual obligations with clients/sponsors.
  • In Corporate Transactions: If SIRO is involved in a merger, acquisition, or asset sale, your personal data may be transferred to the new owners, with prior notification to you.
We do not sell your personal data or share it with third parties for marketing purposes.
5. Cookies and Tracking Technologies
Our website and services may use cookies to enhance user experience and analyze traffic. Cookies are small data files stored on your device for record-keeping purposes. We use:
  • Essential Cookies: To ensure the functionality of our website and services.
6. Data Security
We take reasonable precautions to protect your personal data from unauthorized access, loss, misuse, or alteration. Our security measures include:
  • Encryption of data in transit and at rest.
  • Access controls to restrict data access to authorized personnel only.
  • Regular security audits and compliance with industry standards.
Despite our efforts, no system is completely secure. If you suspect a security breach, please contact us immediately at dataprivacy@siroclinpharm.com
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy or to comply with legal obligations. For example:
  • Client/Sponsor Data: Retained for the duration of the contractual relationship and as required by law.
  • Employee Data: Retained for the duration of employment and as required by labor laws.
  • Clinical Study Participant Data: Retained as per regulatory requirements for clinical studies (e.g., ICH-GCP guidelines).
When personal data is no longer needed, we securely delete or anonymize it.
8. Your Rights
Depending upon your jurisdiction, you may have the following rights regarding your personal data:
  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data, subject to legal obligations.
  • Restriction: Request restriction of processing under certain conditions.
  • Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Object: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Withdraw consent where processing is based on consent.
To exercise these rights, contact our Privacy Compliance Officer at dataprivacy@siroclinpharm.com We will respond within the timeframes required by applicable law (e.g., 30 days under GDPR). If you are not satisfied with our response, you may contact your local data protection authority.
9. International Data Transfers
SIRO operates globally, and your personal data may be transferred to jurisdictions outside your country of residence (e.g., India, where our registered office is located). We ensure that such transfers comply with applicable data protection laws, using mechanisms such as:
  • Standard Contractual Clauses (SCCs) for transfers to third countries.
  • Adequacy decisions by the European Commission, where applicable.
10. Third-Party Links
Our website or services may contain links to third-party websites or services (e.g., client portals, regulatory authority websites). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
11. Updates to This Privacy Policy
We may update this Policy to reflect changes in our practices or legal requirements. We will accordingly update our website. The updated policy will take effect upon posting. Please check this page periodically for updates.
12. Contact Us
For questions, complaints, or to exercise your data protection rights, contact our Privacy Compliance Officer:
  • Email: dataprivacy@siroclinpharm.com
  • Address: Asmaco House, Plot No. B-41, Unit No. 201, 2nd Floor, Road No. 27, Wagle Industrial Estate, Opp. I.T.I, Thane (West)- 400604, Maharashtra, India
If you are not satisfied with our response, you may contact your local data protection authority.