Data Processing Addendum (GDPR)
This Data Processing Addendum forms part of the SciFlow™ Terms of Service.
This Data Processing Addendum ("DPA") governs the processing of personal data by SciFlow™ on behalf of its customers in accordance with the General Data Protection Regulation (GDPR).
1. Roles of the Parties
The Customer acts as Data Controller.
SciFlow™ acts as Data Processor.
2. Scope of Processing
SciFlow™ processes personal data solely for the purpose of providing regulatory planning and metadata management services.
The platform does not process regulated clinical data or scientific submission documents.
3. Categories of Data
Personal data may include:
- User account information
- Contact details
- Platform usage metadata
4. Security Measures
SciFlow™ implements appropriate technical and organizational measures, including:
- Encrypted communications
- Role-based access control
- Logical tenant separation
- Structured audit logging
- Secure cloud infrastructure
5. Subprocessors
SciFlow™ may engage cloud infrastructure providers and service partners to support service delivery. All subprocessors are subject to contractual data protection obligations.
6. Data Subject Rights Assistance
SciFlow™ will assist customers in responding to data subject requests under GDPR, where applicable.
7. Personal Data Breach Notification
SciFlow™ will notify the Customer without undue delay upon becoming aware of a personal data breach affecting Customer data.
8. Data Deletion or Return
Upon termination of services, Customer data will be deleted or returned in accordance with contractual terms.