1. Introduction

3Analytics (“Company”, “we”, “our”, “us”) provides cloud-based software platforms supporting regulated activities, including pharmacovigilance signal management and related data processing services.

We are committed to protecting personal data and maintaining the confidentiality, integrity, and availability of information processed within our systems.

This Privacy Notice explains how we collect, use, store, and protect personal information.

 

2. Our Role in Data Processing

Depending on the context:

  • We act as a Data Controller when processing personal information related to website visitors, marketing contacts, and direct client communications.
  • We act as a Data Processor when providing SaaS services to clients who control the data uploaded into our systems.

Where we act as a Data Processor, data handling is governed by contractual agreements with our clients.

 

3. Information We Collect

A. Website & Business Contact Data

We may collect:

  • Name
  • Business email address
  • Phone number
  • Organization details
  • IP address and browser information

B. Client SaaS Platform Data

When providing services to clients, we may process:

  • User account information
  • System activity logs
  • Audit trail records
  • Data submitted by clients in accordance with contractual agreements

We do not independently determine the purpose of client-submitted data processing.

 

4. Purpose of Processing

We process information for:

  • Providing and maintaining SaaS services
  • User authentication and access control
  • Regulatory compliance support
  • System security monitoring
  • Performance optimization
  • Customer communication and support
  • Legal and contractual compliance

 

5. Legal Basis for Processing

Where applicable, processing is based on:

  • Contractual necessity
  • Legitimate business interest
  • Compliance with legal obligations
  • Consent (where required)

 

6. Data Security Safeguards

We implement technical and organizational measures including:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest (where applicable)
  • Role-based access controls
  • Multi-factor authentication (where applicable)
  • System audit trails and logging
  • Periodic vulnerability assessments
  • Controlled vendor management processes
  • Secure development lifecycle practices

Access to personal data is limited to authorized personnel only.

 

7. Data Segregation & Multi-Tenant Controls

For SaaS environments:

  • Client data is logically segregated.
  • Access is restricted based on tenant configuration.
  • Administrative access is controlled and monitored.
  • Audit logs track user activities.

 

8. Data Retention

Personal data is retained only for as long as necessary to:

  • Fulfill contractual obligations
  • Meet regulatory requirements
  • Support system auditability
  • Comply with applicable laws

Retention periods are governed by internal Data Retention Policies.

 

9. Data Sharing and Subprocessors

We may engage trusted third-party service providers, including:

  • Cloud hosting providers
  • Infrastructure providers
  • Security service providers

All subprocessors are contractually obligated to maintain confidentiality, security, and compliance standards.

A list of subprocessors may be made available upon request.

 

10. International Data Transfers

Where personal data is transferred across jurisdictions:

  • Appropriate contractual safeguards are applied.
  • Security controls are enforced.
  • Transfers are conducted in compliance with applicable data protection laws.

 

11. Data Protection Impact Assessment (DPIA)

Where required, we conduct risk-based assessments to evaluate privacy impacts associated with high-risk processing activities.

 

12. Data Breach Management

In the event of a confirmed security incident affecting personal data:

  • The incident will be assessed promptly.
  • Clients will be notified without undue delay, where contractually required.
  • Regulatory notifications will be made where applicable.

 

13. Individual Rights

Subject to applicable laws, individuals may request:

  • Access to personal data
  • Correction of inaccurate data
  • Deletion (where legally permissible)
  • Restriction of processing
  • Data portability (where applicable)

Requests may be submitted to the contact details below.

14. Cookies & Tracking

Our website may use cookies and analytics tools to enhance user experience and monitor performance. Users may control cookie settings through their browser.

 

15. Children’s Data

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors.

16. Changes to This Privacy Notice

This Privacy Notice may be updated periodically. Updated versions will be posted on our website with revision dates.

 

17. Contact Information

For privacy-related inquiries:

Data Protection Officer
Email: privacy@3analytics.com