Privacy Policy by Clinovate

We, the company, Clinovate NET GmbH & Co. KG together with its employees (hereinafter referred to as ‘Clinovate’), respect and protect your data and right to privacy. The statements on this page are intended to give you information as to which personal data we collect from you, and for what purpose. Furthermore, we inform you about your rights under the existing and applicable data protection laws as set out by the EU General Data Protection Regulation, and inform you of who are individuals to contact for further information and queries.

Download Privacy Policy
Datenschutzerklärung Deutsch

Our Privacy Policy

Clinovate GmbH & CO KG is a German company based in Munich. We are IT service providers in the field of medical software. As a processing and storing company of your data, we assure the legality of all our processes to protect your personal data. If you have any questions about this privacy policy, or any concerns regarding the protection of your data, please contact our data protection officer:

Clinovate NET GmbH & CO KG

Data Protection Officer
Pettenkoferstraße 30
80336 Munich - Germany

This privacy statement specifically refers to the personal information of users who have registered and logged on to one of our software products as individuals. We also collect information needed for the regular communication between us and people interested in our products.
We collect your personal information when you contact us, e.g. as an interested party, applicant or customer. In particular, if you are interested in our products, registering with our systems, or contacting us via e-mail or telephone, or using our products and services as part of existing business relationships. We also process data from our online services, which we need to control and ensure the data integrity of our services.

Registration on our website

When registering for the use of our personalized services, some personal data will be collected depending on the user's role. If you are registered with us, you can access contents and services that we only offer to registered users. Registered users also have the option of changing or deleting the data specified during the registration at any time. Of course, we also provide you with information about the personal data we hold about you at any time. We are happy to correct or delete any data specific to you at your request, as far as no statutory storage requirements contradict this action. To contact us with such a request, please use the contact details provided at the top of this this privacy policy document.

SSL Encryption

To protect the security of your information during transmission, we use state-of-the-art encryption techniques (such as SSL) over HTTPS.

Comments left by users

In addition to this information, including the date of their creation and the username previously selected by the website visitor are also stored on our website. This is for our security, as we may be prosecuted for any illegal content on our website, even if it was created by users.


Newsletters are shared based on your explicit consent, and we will periodically send you our newsletter or equivalent information via e-mail to your specified email address. For the receipt of the newsletter, the collection of your E-Mail address is sufficient. When you sign up to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers can also be notified of circumstances via email which is relevant to the service or the registration (for example, changes to the newsletter offer or technical conditions). For an effective registration, you need a valid e-mail address. In order to verify that an application was actually made by the owner of an e-mail address, we use the "Double opt-in" procedure. For this purpose, we log the order of the newsletter, the dispatch of a confirmation email and the receipt of the requested answer. Further data is not collected. The data will be used exclusively for the newsletter and not forwarded to third parties. You may revoke your consent to the storage of your personal data and its use for the newsletter dispatch at any time. Each newsletter contains a link to this. In addition, you can unsubscribe at any time directly on this website or tell us your request via the contact information given at the end of this Privacy Notice.

Contact form

By sending us any kind of query, either directed to us by e-mail or contact form, you give us voluntary consent to get in touch with you. This requires the specification of a valid e-mail address. This serves to assign the request and the subsequent answering of the same. The specification of further data is optional. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions.

Upon completion of the request you have made, personal data will be automatically deleted. Depending on the role of the user, we will store the following personal information in our systems:
- personal Identification
e.g. first and last name, address, e-mail address, telephone
- employer-related data
e.g. name of employer, address, e-mail address, telephone
- bank account
e.g. Bank Name, IBAN, BIC, Account Owner
- Connection Data
e.g. IP addresses, log data.
We use your data to enable you to take advantage of our products and services.
In order to fulfil our contracts, we must process your data. This also applies to pre-contractual information provided to us as part of registration. The purposes of data processing depend on the particular product and user role you are using (e.g. Electronic Data Capture System as SPONSOR, CRO or CENTER)

Execution of the contractual relationship
To complete your registration and thus establish the contractual relationship, we require your address, telephone number, and e-mail address to contact you. After your successful signup and initial registration, further data may be requested from us, depending on the user role assigned to you. As an example, we request order data for the processing of payment services and, according to the order, transfer payment data to SPONSOR, CRO and the CENTER (payee).
CENTERS must establish a Primary Investigator (PI) role in studies. The personal data of the PI are legally stored with the recognition of the role and duties of a PI.

What is specifically analysed and processed by Clinovate?
We process your personal data in order to unmistakably associate the input you make with our systems with your person. Based on your IP address, we analyse the results of login protocols and log files of our web services in order to ensure the efficiency and functional safety of our applications and to comply with the requirements of Good Clinical Practice as well as the FDA. We analyse information that we collect from website visits, in particular, we analyse incorrect access attempts and rights violations.

Measures for your safety
We use your personal information in the following cases: to protect you and the study data you enter against fraudulent activity and misuse of information. This may happen in some circumstances if you have been the victim of identity theft (e.g. phishing), your personal information has been disclosed or your computer has been hacked. To ensure the IT security of our systems, in order to understand and document facts in the event of legal disputes.

We use your data only with your consent

If you have given us consent to the processing of personal data for specific purposes, the processing of this data is lawful.

You can revoke your consent at any time
This also applies to the revocation of declarations of consent that you submitted to us before the entry into force of the European Data Protection Regulation (GDPR), i.e. before 25 May 2018. The revocation of the consent does not affect the legality of the processed data until the revocation dates.

We process your data due to legal requirements.
Your personal information at Clinovate

Only those individuals who have access to your data to protect our legitimate interests or to fulfil our contractual and legal obligations will have access to your data.

Your personal data outside Clinovate

We oblige ourselves to maintain the privacy of all personal data. We may only pass on this personal data if required by law or if you have given your consent.

A legal obligation to forward your personal data to external parties is particularly relevant for the following recipients:
Public authorities, regulators and bodies such as law enforcement agencies,
such as police, prosecutors, courts, lawyers, and notaries.

To meet our contractual obligations, we cooperate with other companies
These are also required by law to obtain personal data from them to handle the required care. The following companies are included:

M-net Telekommunikations GmbH, Emmy-Noether-Straße 2, 80992 Munich, Phone: +89 452000 - For the areas Internet connection, leased lines, telecommunications
MUC Research GmbH, Karlsplatz 8, 80335 Munich, Phone: +49 89 558703630 - For the areas Statistical Analyses, Study Coordination
SPONSOR These data can be found in the imprint of the respective study page.

Service providers who support us
Services employed by us may, for the purposes described above, receive data if they maintain data secrecy and comply with special confidentiality requirements. These can be, for example, companies in the categories of IT services, telecommunications or consulting. Basically, we encrypt all communication by state of the art technological standards. In particular, telecommunications companies may have access to data originating from our systems, e.g. which we send by e-mail. We secure ourselves here by the query of standard processes in the companies. Nevertheless, all telecommunication providers need to obey to telecomunication secrecy § 88 Par. 1 telecommunications law as well as the § 206 exp. 5 StGB, which prohibits the unauthorized listening, suppression, utilization or disfiguring, of telecommunication (telex, telephone, radio, and telegraph) messages.

Under no circumstances will we sell personal information to third parties.
When you contact us, we will respond to all your questions as soon as possible.

In some cases, we cannot or may not provide any information. If legally permissible, we will always inform you promptly in this case of the reason for the refusal. You have the right to file a complaint. What rights do you have as a prospect or customer of Clinovate when it comes to the processing of your data? Details can be found in the respective provisions of the European General Data Protection Regulation (Articles 15 to 21):

Your right to information and rectification

You may request information about your personal data processed by us. If your details are not (anymore) correct, you can request a correction. If your data is incomplete, you can request a completion. If we have shared your information with third parties, we will inform those third parties about your correction - if required by law.

Your right to delete personal information pertaining to you

You retain the right to delete your personal data, and you may request the immediate deletion of your personal data for any of the following reasons: If your personal data are no longer needed for the purposes for which they were collected, if you revoke your consent and there is no other legal basis whatsoever, If your personal information needs to be erased in order to comply with legal requirements. Please note that a claim to erasure depends on whether there is a legitimate reason regarding the further processing of data required.

Your right to restrict the processing of your personal data

You retain the right to restrict the processing of your personal data. You have the right to request a restriction on the processing of your personal data for one of the following reasons:
If the processing is not lawful and you require a restriction of use instead of deletion
If the accuracy of your personal data is disputed by you and we were able to verify the accuracy of the information
If we no longer need your data for the purposes of processing, but you need them for assertion, exercise or defence against legal claims.
If you have objected, although it is not certain that your interests will prevail.

Your right to object

We may process your data for legitimate interests or for the interest of the greater public. In these cases, you have the right to object to the processing of your data.

Your right to file a complaint

In these cases, you have the right to object to the processing of your data. Your right to object individual cases may be employed wherein you are not satisfied with our response to your request. In these cases, you are entitled to file a complaint with the Data Protection Officer of Clinovate, as well as with the responsible data protection supervisory authority. You can always contact the supervisory authority responsible for you with a complaint. Your competent supervisory authority depends on the state of your domicile, your work or the alleged infringement. A list of regulators (for the non-public sector) with address can be found at:

Your right to data portability

You have the right to access all personal data, which we have received from you in a portable format.
As part of our business relationship, we require the following personal information from you:

Data required for the establishment and conduct of a business relationship
Data necessary for the performance of the associated contractual obligations
Data we are legally required to collect

Without such personal data, we are generally unable to conclude or enter or execute a contract with you. If you do not provide us with the necessary information and documents, we are entitled to discontinue any business relationship you are seeking with Clinovate.

Access to our systems can only be guaranteed if the required data sets are complete.
The revocation of your data will block your access.
We will not store your data for longer than we need for the respective processing purposes.

We adhere to the principles of data avoidance and data economy. Therefore, we only store your personal data for as long as is necessary to achieve the purposes mentioned here or as required by the various periods of storage provided by law. If the data is no longer required for the fulfilment of contractual or legal obligations, these are deleted at regular intervals, unless their temporary storage is still necessary.

When is this the case?

The fulfilment of commercial and tax retention obligations: In particular, the Commercial Code and the Tax Code are mentioned.
The time limits for storage or documentation specified therein are up to 10 years..

The receipt of evidence for legal disputes within the framework of the statutory limitation provisions: Civil law prescription periods can amount to up to 30 years, whereby the regular limitation period is three years. Furthermore, the legal requirements for the retention of data from clinical studies and non-interventional studies amount to at least 10 years and can be up to 30 years.

This data includes audit and trail data, i.e. data identifying who, when, why, and how a record has changed.

Information about your right to object

You have the right to object to the processing of your personal data for reasons that arise from your particular situation. The prerequisite for this is that the data processing takes place in the public interest or on the basis of a balance of interests. In the event of an objection, we will no longer process your personal data. Unless we can demonstrate compelling legitimate grounds for the processing of those data that are in your interests, personal rights and interests predominate. Or your personal data serves the assertion, exercise or defence of legal claims.

The objection can be free of form and should be directed to:

Clinovate NET GmbH & CO KG
Data Protection Officer
Pettenkoferstr. 30
80336 Munich


Web Analysis

Cookies are used to carry out the web analysis. Within them, we store exclusively pseudonymous data - data from which a third party cannot derive any personal reference. The storage of names, addresses or other personal data remains unaffected. The pseudonymised data serve exclusively to control our internet contents, to protect and to guarantee their correct function.

All data from this analysis as well as the pseudonymous data will in no case be sold to third parties..


The privacy policy is updated regularly by us. We point out on our side on all significant changes to the privacy policy. Please read the Privacy Policy occasionally or as advised by us, so that you are always aware of how we protect the information we collect.

By the continuous use of the site by you, you agree with the current version of the privacy policy.