Privacy Policy
Last updated: March 20261. Introduction
SubjectRX Ltd ("SubjectRX", "we", "us", "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store and share your personal data when you visit our website, use our services, or participate in research projects facilitated by SubjectRX.
SubjectRX is registered in England and Wales and operates as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Who This Policy Applies To
This policy applies to clients, research participants (healthcare professionals and patients), and website visitors.
3. What Personal Data We Collect
3.1 Clients and prospective clients
Name, job title, business email, company name, telephone number, project details, correspondence records, payment and invoicing information.
3.2 Healthcare professional participants
Name, contact details, professional email, job titles and employer details, therapeutic areas of expertise, LinkedIn profile, conflict of interest declarations, participation history, honorarium details.
3.3 Patient and caregiver participants
Name, contact details, health condition or area of personal experience, country of residence, participation history, compensation details, charitable donation preferences.
3.4 Website visitors
IP address, browser type, pages visited, device information, referring URLs.
4. How We Use Your Personal Data
We use your data to provide our services, respond to enquiries, manage research engagements, process payments, and comply with legal obligations.
5. Special Category Data
Health information provided by patient participants is special category data under UK and EU GDPR. We process this data only where you have given explicit consent or where processing is necessary for research purposes in the substantial public interest.
6. How We Share Your Personal Data
We share participant information with clients only to the extent necessary for each research project. We work with specialist local recruitment partners and service providers who are contractually bound to handle data in accordance with applicable law. We do not sell personal data.
7. International Data Transfers
SubjectRX operates globally. Where we transfer data internationally, we ensure appropriate safeguards including Standard Contractual Clauses approved by the ICO or European Commission.
8. Data Retention
| Data type | Retention period |
|---|---|
| Client records | 7 years from end of relationship |
| Participant records | 3 years from last participation |
| Website enquiry data | 2 years |
| Financial records | 7 years (legal requirement) |
| Compliance records | 6 years |
9. Your Rights
Under UK GDPR and EU GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. California residents also have rights under the CCPA. To exercise any right, contact privacy@subjectrx.com.
10. Cookies
We use essential cookies necessary for the website to function, and analytics cookies with your consent.
11. Security
We have implemented appropriate technical and organisational measures to protect personal data, including encrypted data transmission (HTTPS) and access controls.
12. Contact Us
SubjectRX Ltd · 124 City Road · London · EC1V 2NX · privacy@subjectrx.com
You have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk.