Internet Data Privacy Policy

Version 3.0 effective since 06-Oct-2022

Carpathian Research Group  


Please note: our web-site uses cookies, refer to “Cookie Policy” (integral part of this document) below in the text!



Effective the 25th of May 2018, the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”) apply. It states that your specific, clear, freely given and unambiguous consent is needed to store your Personal Data on our systems.

When submitting your personal information through our web-site at and giving your Consent the Carpathian Research Group (hereafter could be referred as “CRG”) will store and process your Personal Data under all current data privacy regulations, including the GDPR. We will continue to do so until this Consent is withdrawn, or for as long we are required to save it for a clear legal, contractual, or administrative reason.

Therefore, we are very committed to keeping your data updated.

Under the GDPR, Carpathian Research Group considers itself as both DATA CONTROLLER and DATA PROCESSOR.

Legal company details are:

Main office:

Limited Liability Company “Carpathian Research Group

49, Shevchenka str., 76018, Ivano-Frankivsk, Ukraine

Tel.: +38 066 328 54 81

United Kingdom office:

“Carpathian Research Group” LTD

Company registration number: 12399424

47 Well Vale Drive, Chapel St Leonards, PE24 5SE, UK

Poland office:

Carpathian Research Group Sp. z o.o.

  1. Pl. Jana Kilinskiego 2, 35-005, Rzeszow, Poland

Tel.: +48 532 617 723

Please know that you are always free to exercise your privacy rights to access, review, modify, and delete your Personal Data that we have saved, or to object to or restrict processing of your Personal Data, or request portability of your Personal Data.

We will gladly assist you in exercising your privacy rights. You can contact us at

We have concluded that your Personal Data is safe with us and is always being handled in line with the intent of the General Data Protection Regulation.

Your Data is stored on encrypted servers with access restricted to only authorized staff.

We always respect your right to access, review, modify, and delete your Personal Data that we process in accordance with European Laws.

We recognize your right to object to or restrict processing of your Personal Data, or request portability of your Personal Data.

We have always, and will always, reach out to you to verify accuracy of the Personal Data we have stored.

We will, without fail, obtained your Personal Consent before sharing your Personal Data, or a part thereof, with any our third-party.

The purpose of the GDPR is to provide a set of standardised data protection laws across all the Member States of the EEA. This should make it easier for EU citizens to understand how their data is being used and stored.

Carpathian Research Group together with Third Party Vendors are committed to protecting your Personal Data, as we recognize your privacy rights as a data subject, and your right to confidentiality as a data controller or processor.

We aim to be transparent by providing information to individuals and organizations about how we will collect and use their Personal Data in our organisation.

We assure you that any cases of a breach of your Personal Data will be promptly reported to you by CRG as we become aware of a breach, and we commit to informing an applicable independent Supervisory Data Authority concerned, if and when mutually agreed with you, or legally obliged by applicable law(s).

We appreciate the trust that you place in us by sharing your Personal Data with CRG.

We aim to always process your Personal Data in accordance with our mutual agreement, and with due diligence, maintaining the highest level of confidentiality.

We aim to always provide clear and fair information on how your Personal Data is used, and we will be transparent about what information we collect and how it is or will be processed.

Within available organizational and technological means, we will take measures to protect your Personal Data from being used without your consent and will keep it secure from the moment it arrives, as part of our business processes.

We aim to comply with all applicable data protection laws and regulations. In case of any data loss, we will inform relevant supervisory authorities in the applicable country.

Please note that CRG does not actively use, collect, determine, or disclose Sensitive Personal Data without your consent, other than as required by law.

We prefer you do not share Sensitive Personal Data with CRG, unless it could legally or physically impact your ability to perform the services, we, or our clients, request from you, or that you offer.

Sharing of sensitive data is needed to provide services for a specific project.

Cookie policy

Cookie is a small file that can be placed on your device that allows us to recognize and remember you. It is sent to your browser and stored on your computer’s hard drive or mobile device/tablet. When you visit our web site, we may collect information from you automatically through cookies.

We use the following types of cookies:

  • Performance – cookies which measure how often you visit our site and how you use it. We use this information to understand how we can improve your experience with the use of content of our web site. For example, we collect information about which of our pages are most frequently visited and by which type of users. We also use third-party cookies to help with performance. For example, Google Analytics cookie gives us information such as your browsing between pages and whether you have downloaded anything.
  • Functionality – cookies that are used to recognise you, remember your preferences or settings when you return to our site, to collect information about the content you viewed, the links followed, information about your browser, device, and IP address.

OUR SITE HAS NO FUNCTIONALITY TO DISABLE COOKIES. By selecting “I ACCEPT” to the pop-up cookie message at our website you agree to the terms and conditions of this CRG Internet Privacy Policy.


Who are we and what is our legitimate interest?

Carpathian Research Group are a group of commercial companies of clinical research professionals involved in conduct of clinical trials of investigational medicinal products and medical devices.

Legitimate business interest

The exchange and storage of Personal Data and the management and retention thereof, is at the heart of our business, and is fundamental for our continued existence and the continuity of our Services.

In order to maintain, expand and further develop our business, and to be able to support the needs of our Clients and our Third Party Vendors, we assess that it is our legitimate business interest to record and retain Personal Data of prospective and current Third Party Vendors, as well as Client contacts, current and past projects, requirements, and Confidential Business Data (as described in a separate policy, and governed by signed corresponding Confidentiality (Non-disclosure) Agreements, and/or Services Agreements); for prolonged periods of time.

Data we collect

CRG may with legitimate interest actively or passively collect, or be the Receiving Party of, Personal Data about you from different sources, which include:

Data you give us directly

The types of information we may collect from you directly through your interaction with our site include your:

  • Name
  • Email address.

Data we collect from other sources

We may request, or be the Receiving Party of, Personal Data about you from other legitimate sources, including information from commercially available sources, such as public databases and data aggregators, and information from third parties.

Any Personal Data provided by you to CRG through, but limited to, registration, administration, contract data, project data or CV submission, with and use of, our applications, such as website, e-mail, other third-party technological service providers, will only be used for the following purposes by CRG:

  • updating and enhancing database records; and
  • defining areas of interest to you and improving the services to meet Clients’ and Third Party Vendor’s requirements; and
  • delivering products and services, communicating with you about products and services; and
  • advising you of other products and services which may be of interest; providing, only with your clear, unambiguous and freely given consent, your contact details and other facilitating information (such as CVs, or company and project information) to CRG Clients and Third Party Vendors; and
  • to prevent fraudulent activities and data entries; and respond to inquiries and requests; and
  • to provide you with information and access to resources that you have requested or might interest you; and
  • register you to become part of the supporting services CRG provides to its Clients and Third Party Vendors, such as training, or ad-hoc consultancy.

Legal basis for processing of Personal Data

If you are from the European Economic Area (EEA), our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

Data processing shall be lawful only if and to the extent that at least one of the following applies:

  • the data subject has given consent to the processing of his or her Personal Data for one or more specific purposes
  • processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to
  • entering into a contract
  • processing is necessary for compliance with a legal obligation to which the controller is subject
  • processing is necessary to protect the vital interests of the data subject or of another natural person
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Data, in particular where the data subject is a child.

If you are from outside the EEA, please seek legal advice what the local lawful bases of processing local data are.

If we collect and use your Personal Data in reliance on our or a third party’s legitimate interests and those interests are not already listed above (see “Data We Use” section), we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us at

Duration of your rights

If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time, should you choose to do so. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

To make such requests, you can send an email to

We will consider and handle all requests in accordance with applicable laws.

You also have the right to complain to your local data protection supervisory authority at any time.