Skip to content

Privacy Policy

Book your free call
Home/Privacy Policy /

Last Updated: 01OCT2025

Introduction

Franklyn Health and its affiliates, subsidiaries and related entities (collectively referred to herein as “Franklyn Health”, “we”, “our” or “us”), respects the privacy of our customers, partners and other website visitors (“you” or “your”). This Privacy Policy (“Policy”) describes how we collect, process, share, and safeguard personal data that is collected via our website (www.franklynhealth.com) (“Website”) and when you engage with our services generally (collectively “Services”). It also tells you about your rights and choices with respect to your personal data, and how you can contact us if you have any questions or concerns.

This Privacy Policy applies to all websites, apps and services operated by Franklyn Health. This includes:

  • Visitors to our website(s).
  • Clients, sponsors, suppliers, and other business contacts.
  • Clinical trial participants (volunteers, patients).
  • Job applicants for roles at Franklyn Health.

This Policy does not apply to:

  • Employees, as employee data is covered by a separate internal Staff Privacy Notice.
  • Personal data we process as a processor or service provider on behalf of our customers (for example, sponsors of clinical studies) when providing services to them. For example, if we process your personal data as part of the service we provide to our customers, such customer will act as the controller and its privacy policy will govern the processing of your personal data.

Who we are

Franklyn Health Limited (with principal place of business at Lister House, Lister Hill, Horsforth, Leeds, LS18 5AZ, United Kingdom) will be the controller of your personal data in accordance with data protection laws of the European Economic Area and the United Kingdom.

If you have any questions or comments about this Privacy Policy, please submit a request to privacy@franklynhealth.com. We have appointed an external Data Protection Officer (DPO). Any privacy enquiries sent to us will be reviewed internally and, where appropriate, directed to our DPO. Please indicate “For DPO” in the subject line.

Franklyn Health is based outside the EU and under the EU GDPR, we are required to appoint an EU representative. The purpose of an EU representative is to make it easy for people in the EU to contact us should they wish to exercise their rights or make a complaint or enquiry in relation to how we are processing their Personal Data. It is also a contact point for the supervisory authorities located in the EU. You may contact them directly at the address below, or you may contact us at privacy@franklynhealth.com and we will ensure your enquiry is forwarded appropriately.

Contact person: Daniel Madsen
Address: Monday, Paseo del Muelle Uno S/N, 29016 Málaga

Email: privacy@franklynhealth.com (please indicate “For EU Representative” in the subject line)

What personal data we collect

We collect personal data from you in the following ways:

  • Contact information and communications: when you request an RFI/RFP, engage with our services as a customer (such as a sponsor) representative or as a supplier representative, or if you have any enquiries, you may provide us with:
  • your full name
  • email address
  • phone number(s)
  • address(es)
  • country
  • job title and company you work for
  • selection of which services you are interested in
  • message in the contact form
  • details about the clinical study you are engaged with when you communicate with us
  • information related to the browser or device you use to access our website
  • internet browser and operating system
  • any other information you provide
  • Trial Volunteers: we may collect personal data about trial volunteers from the clinical studies we assist as a clinical research organisation (“CRO”), such as full name, email address, phone number, age, and gender. We may also collect sensitive data such as health and ethnicity data. The data collected will vary depending on the nature and requirements of the specific trial, so it is not possible to provide an exhaustive list in this Policy. Study volunteers should refer to the patient information form provided for their specific study for full details on the health data collected by the Sponsor.

Some common examples of sensitive data that may be collected from trial volunteers are:

  • Ethnicity
  • Underlying health conditions, allergies, and medical history
  • Medications taken
  • Mental health information
  • Pregnancy and reproductive health
  • Diet, smoking, alcohol consumption, and drug use
  • Religion, philosophical beliefs, political opinion, trade union membership, sexual orientation
  • Biometric data and genetic samples

Note that this data is only collected:

  • With explicit consent, or
  • Where required by law/regulation for scientific research and public health, subject to safeguards.

Please note that as a CRO we mainly act as a data processor for this personal data on behalf of the study Sponsor. Therefore, this Privacy Policy will not apply to such processing, and volunteers should instead refer to the privacy notice referenced in their patient information sheet. However, to the extent that we process this personal data for our own purposes (for example, product or service improvement), this Privacy Policy will apply.

  • Medical staff: we may collect and process personal data about medical staff from the clinical studies we are engaged to facilitate the conduct of the trial and to keep in contact with them, such as full name and contact information (email, phone number, and address).
  • Marketing information: we may collect information about your marketing preferences, such as your choices for receiving communications from us via email.
  • Careers (job applicants): if you apply for a vacancy with us via our website, we will collect personal data such as your name, contact details (email, phone number, address), education and employment history, and other information you provide in your CV or application. For more information about how we process applicant and employee personal data, please see our Staff Privacy Notice, which will be provided to applicants during the recruitment process.
  • Automatic Data Collection. When you interact with our website or services, we and our service providers may automatically log information about you, your computer or mobile device, and our communications with you, including through the use of cookies and similar technologies. This information includes:
  • Device Information: the manufacturer and model, operating system, IP address, and unique identifiers of the device, as well as the browser you use to access our services. The information we collect may vary based on your device type and settings. We may also derive a rough estimate of your location from your IP address when you visit our website.
  • Usage Information: information about how you engage with our website, such as the types of content that you view, actions you take, the pages you visit, and the time, frequency, and duration of your activities.

Our website uses cookies and similar technologies to:

  • Enable core functionality.
  • Collect analytics on site usage.
  • Support marketing campaigns (if applicable).

For more information on our use of cookies and similar technologies, please see our Cookie Policy. You can manage cookies via this policy and your browser settings. Non-essential cookies require your consent.

Personal Data We Obtain from Third Parties

We may also obtain personal data about you from third parties, including:

Social media platforms: we maintain pages on social media platforms such as LinkedIn, X (Twitter), Facebook, and Instagram. You or the platform providers may provide us with information through your interactions with our pages. When you visit or engage with us on those platforms, the platform provider’s privacy policy will apply to your use of the platform and their collection, use, and processing of your personal data.

Other sources: we may also receive personal data about you from business partners, sponsors, investigators, or other third parties in connection with clinical trials or business relationships.

How do we use this information?

We process the personal information listed above for various purposes:

  • To provide and maintain our Services. We will use your personal data to perform our contractual obligations, when it is in our legitimate business interests or based on your consent, including to:
    • Provide, operate, maintain, and secure our Services;
    • Provide support assistance and troubleshooting;
    • Facilitating the conduct of clinical trials;
    • To send you updates about administrative matters such as changes to our terms or policies; and
    • Provide user support, and respond to your requests, questions and feedback.
  • To gather analysis or valuable information so that we can improve, monitor, personalise and protect our Services. It is in our legitimate business interests to improve and keep our Services safe, which includes:
    • Enriching your user experience and customise your relationship with us;
    • Creating and maintaining a database of medical staff regarding future clinical trials;
    • Protecting the security of our Services;
    • Preventing and detecting security threats, fraud or other criminal or malicious activities; and
    • Administering content, surveys, voting polls and other Website features
    • To monitor the usage of our Services
  • Research and development. We will use personal data to develop, analyse and improve the Services and our business when it is in our legitimate interests, or where we have your consent (for example to process sensitive data such as health data). As part of these activities, we may process personal data and/or use aggregated, de-identified or other anonymised data from personal data we collect. We anonymise data by removing information that makes the data personally identifiable. We may use this anonymised data and share it with third parties for our lawful business purposes, including to analyse and improve the Services and promote our business.
  • For marketing and advertising. We, our service providers and our advertising partners may use your personal data for the following marketing and advertising purposes:
    • Direct marketing, such as to send you informative newsletters relating to our expertise and services. Newsletters will be sent where you have given your consent to receive it, or where this is allowed under soft-opt in. You will be given an opportunity to opt-out at each Newsletter. You will only receive newsletters from Franklyn Health or one of our subsidiary companies.
    • Interest-based advertising. We may engage third-party advertising companies, such as Google and Meta, to display our ads on their online services. We may also share information about our users with these companies to facilitate advertising for our services to them or similar users on other online platforms. For more information, or to understand your choices, please visit our Cookie Policy.

Except where consent is required, we undertake such marketing and advertising on the basis of our legitimate business interests. Where we seek your consent, you may withdraw your consent at any time

  • To comply with legal obligations and to defend Franklyn Health against legal claims or disputes.
  • To facilitate corporate acquisitions, mergers or transactions. We may use your personal data, when it is in our legitimate business interests, when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
  • For recruitment when you apply for a job with us. We may use information collected throughout the recruitment process to review our equal opportunities profile in accordance with applicable legislation. We use this information to take steps to enter into a contract with you, to meet a legal obligation or for our legitimate interests in recruitment.

Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)
If you are from the European Economic Area (EEA), Franklyn Health legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

Franklyn Health may process your Personal Data because:

  • We need to perform a contract with you per EU GDPR Art. 6(1)(b)
  • You have given us permission to do so per EU GPR Art. 6(1)(a)
  • The processing is in our legitimate interests per EU GDPR Art. 6(1)(f), and it is not overridden by your rights
  • To comply with the law per EU GDPR 6(1)(c)

Where we rely on our legitimate interests as a legal basis, we ensure that those interests are balanced against your fundamental rights and freedoms, and we only process personal data where our interests are not overridden by your interests or rights under data protection law.

Retention of Data
Franklyn Health will retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, or as required by law. Retention periods vary depending on the type of personal data and the context of processing. In particular:

  • Clinical trial data: retained in accordance with applicable laws and Good Clinical Practice requirements. This typically means at least 15 years after the completion of the relevant trial, or longer where required by law or contractual obligations with the study sponsor.
  • Client and supplier data: retained for the duration of the business relationship and for up to 7 years thereafter, to comply with tax, contractual, and regulatory obligations.
  • Website enquiry data: retained for up to 2 years from the last interaction, unless a longer period is required by law.
  • Marketing data: retained until you withdraw your consent or opt out of receiving marketing communications, after which we will promptly suppress your details from marketing lists.
  • Job applicant data: retained for up to 12 months after the recruitment process ends, unless you consent to a longer retention period or we are legally required to keep it for longer.
  • Technical and usage data (cookies, logs, analytics): retained in line with our Cookie Policy, generally no longer than 13 months.

After these periods, data will be securely deleted, anonymised, or pseudonymised to prevent re-identification.

How we share your personal data

We may share your personal data with the following third parties:

  • Service providers: to assist us in meeting business operational needs and to perform certain services and functions, we may share personal data with our vendors and service providers, including providers of hosting services, cloud services, other information technology services providers, event management services, payment services, marketing services and customer support services. Pursuant to our instructions, these parties will access, process, or store personal data while performing their duties for us.
  • Advertising partners: third party advertising companies for the interest-based advertising purposes described above. The disclosure of this information may constitute a data “sale” under certain privacy laws.
  • Professional advisors: we may share personal data with our professional advisors such as lawyers and accountants where doing so is necessary to facilitate the services they render to us. 
  • Legal requirements: we do not volunteer your personal data to government authorities or regulators, but we may disclose your personal data where required to do so to comply with laws and regulations applicable to us as described above.
  • Business transaction: if Franklyn Health is involved in a merger, acquisition or asset sale, financing due diligence, reorganisation, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal data may be sold, transferred, or otherwise shared including as part of any due diligence process. 
  • Affiliates: we may share your personal data with our affiliated companies.

International data transfer

Your information, including Personal Data, may be transferred to — and maintained on — computers or servers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Our team and service providers are located in the European Union, the United Kingdom and The United States. Additionally, personal data is stored on servers located in the EEA, UK, and U.S.

Unfortunately, the process of transmitting of information via the internet is not completely secure. While we take appropriate measures to protect your personal data, please note that transmission over the internet carries inherent risks; any transmission is at your own risk.

Once we have received your information, Franklyn Health will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. No transfer of your personal data will take place to an organisation or a country unless there are adequate controls in place, including appropriate technical and organisational measures to protect your data and other personal information. For international transfers of personal data, we implement appropriate safeguards (e.g. EU and UK Standard Contractual Clauses, or reliance on adequacy decisions) as required by the EU and UK GDPR. To learn more about transfer mechanisms implemented please contact us by email at privacy@franklynhealth.com.

If we do transfer your personal data outside the EEA or UK, we will use one of the following safeguards to make sure it is protected:

  • We will only transfer it to a country which the European or UK government has decided has an adequate level of protection for personal data. You can find more about such countries here
  • We will put a written contract in place between us and the recipient that incorporates EC model clauses relating to the transfer of personal data outside the EEA issued by the European Commission or the standard contractual clauses for the transfer of personal data to processors in third countries, issued by the UK Information Commissioner’s Office (“ICO”) as varied, supplemented, amended or replaced from time to time.
  • If none of the above situations apply, we will not transfer your personal data unless you have given your express consent to the proposed transfer, after having been informed of the possible risks.

Data Security

We apply appropriate technical and organisational measures to safeguard personal data, including:

  • Encryption and secure data transfer protocols.
  • Access controls and role-based permissions.
  • Regular data protection training for staff.
  • Policies for data handling, breach reporting, and incident management.

Your rights in relation to your data

The law on data protection gives you certain rights in relation to the personal data we hold on you. These are:

  • The right of access.You have the right to access and request the data that we hold on you. After receiving the request, we will tell you when we expect to provide you with the information (if applicable), and whether we require any fee for providing it to you.
  • The right for any inaccuracies to be corrected.If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it
  • The right to have information deleted.If you would like us to stop processing your data, you have the right to ask us to delete it from our systems, unless we are required to continue storing it for legal reasons or reasons of public interest. This may limit the service we can provide to you.
  • The right to restrict the processing of the data.When you contest the accuracy of your information, believe we process it unlawfully or want to object against the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will stop processing your data (other than storing it) until we are able to provide you with evidence of its lawful processing;
  • The right to portability. In certain circumstances, you may have the right to require that we provide you with an electronic copy of your personal information either for your own use or so that you can share it with another organisation. Where this right applies, you can ask us, where feasible, to transmit your personal data directly to the other party. This can only be done if the processing is done in accordance with your consent or for the performance of a contract.
  • The right to object to processing of your personal data.You have the right to object to the way we use your data where we are using it for our legitimate interests
  • Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
  • Right not to be subject to automated decisions. You also have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. Franklyn Health currently does not use personal data for automated decision-making or profiling that produces legal or significant effects, unless explicitly stated in study documentation and subject to your consent.

If you wish to exercise any of the rights explained above, please contact us at privacy@franklynhealth.com .

Links to other websites

Our Website may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every website you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.

Children

We do not intend for children to use our Website. We do not intentionally gather personal data about visitors who are under the age of 18 or who are considered a minor in the jurisdiction in which you are accessing our Website or Services. If a child has provided us with personal data, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe we may have any information from a child under age 18 or an individual considered a minor in the applicable jurisdiction, please contact us at privacy@franklynhealth.com. If we learn that we have inadvertently collected the personal data of a child under 18 or the equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.

Complaints

If you wish to lodge a complaint about how we process your personal data, please contact us at: privacy@franklynhealth.com. We will endeavour to respond to your complaint as soon as possible. Depending on where you reside, such as if you reside in the European Economic Area or United Kingdom, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred. EU data subjects can find their supervisory authority here: https://edpb.europa.eu/about-edpb/board/members_en .If you are based in the United Kingdom, your regulator will be the Information Commissioner’s Office (ICO). You can make a complaint via https://ico.org.uk/make-a-complaint/ .

Changes and updates to this policy

We will update this Policy from time to time. Updates will be posted on this page with a revised “last updated” date. Please review this Policy periodically for any changes. Changes to this Policy are effective when they are posted on this page. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.

Contact us

If you have any question regarding our privacy policy, please contact us at privacy@franklynhealth.com.