This notice explains how FreeGCP safeguards personal data under GDPR, CCPA, PIPEDA, and global research regulations. It forms part of the terms you accept when using our platform.
For the purposes of this Privacy Policy, the following definitions shall apply throughout this document:
Any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Entity Name: FreeGCP Training Platform
Legal Structure: Online Educational Service Provider
Primary Operations: Clinical Research Training & Certification
Jurisdiction: California, United States
Role: Data Protection Officer (DPO)
Responsibilities: GDPR Compliance & Privacy Management
Contact Method: Via secure contact form only
Contact DPOEU Representative: For GDPR purposes, we have appointed a representative in the European Union. Contact details are available upon request through our secure contact form.
In accordance with Article 5 of the GDPR and similar provisions in other privacy regulations, we adhere to the following fundamental principles when processing your personal data:
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. We ensure all processing activities have a valid legal basis and are conducted with full transparency regarding how data is collected, used, and protected.
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. We strictly limit data use to the purposes outlined in this policy.
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. We only collect the minimum data required to provide our services effectively.
Personal data shall be accurate and, where necessary, kept up to date. We implement measures to ensure data accuracy and provide mechanisms for users to update their information.
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
We process personal data only when we have a lawful basis under Article 6 of the GDPR. The specific lawful basis depends on the context and purpose of processing:
Processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract.
Processing is necessary for compliance with legal obligations to which we are subject.
Processing is necessary for our legitimate interests, except where overridden by your interests or fundamental rights.
You have given consent to the processing of your personal data for specific purposes.
We may receive limited information about you from third-party services:
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and where that is the case, access to the personal data and the following information:
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You have the right to obtain the erasure of personal data concerning you without undue delay where one of the following grounds applies:
You have the right to obtain restriction of processing where one of the following applies: the accuracy of the personal data is contested, the processing is unlawful, we no longer need the data but you require it for legal claims, or you have objected to processing pending verification of legitimate grounds.
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance where the processing is based on consent or contract and is carried out by automated means.
You have the right to object at any time to processing of personal data concerning you based on legitimate interests or for direct marketing purposes. Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for contract performance, authorized by law, or based on explicit consent.
To exercise any of these rights, please submit a request through our secure contact form. We will respond within one month of receiving your request, as required by GDPR.
Submit GDPR Rights RequestYou have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) regarding your personal information:
You have the right to request that we disclose certain information about our collection and use of your personal information over the past 12 months:
You have the right to request that we delete any of your personal information that we collected and retained, subject to certain exceptions. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
WE DO NOT SELL YOUR PERSONAL INFORMATION
We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. Therefore, we do not offer an opt-out for the sale of personal information.
You have the right not to receive discriminatory treatment for exercising any of your CCPA rights. We will not discriminate against you for exercising your privacy rights by denying goods or services, charging different prices, providing different quality of services, or suggesting you will receive a different price or quality.
You may designate an authorized agent to make a request under the CCPA on your behalf. We may request that you provide the authorized agent written permission to do so and verify your identity directly with us.
To exercise any of these rights, California residents may submit a verifiable consumer request through our secure contact form. We will verify your identity before processing your request.
Submit CCPA Rights RequestWe will acknowledge receipt of your request within 10 business days and provide a substantive response within 45 days. If we require more time (up to 90 days total), we will inform you of the reason and extension period in writing. We will deliver our response by mail or electronically, at your option.
In compliance with CalOPPA, we declare the following:
We collect personal information as detailed in Section 5 of this policy. Users can visit our site anonymously, but certain features require account creation.
Our Privacy Policy link appears on our home page and on any page where personal information is collected. The word "Privacy" is clearly displayed in the link.
Users will be notified of Privacy Policy changes via email and a prominent notice on our website. The "Last Updated" date at the top of this policy will be updated.
Users can change their personal information by logging into their account and visiting the profile settings page, or by contacting us via our secure contact form.
We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place.
We do not allow third-party behavioral tracking on our website. We use only first-party analytics for improving our services.
We implement a comprehensive security program designed to protect your personal information from unauthorized access, use, alteration, disclosure, or destruction. Our security measures include:
Critical Security Disclaimers
In the event of a personal data breach, we have established comprehensive procedures to ensure compliance with GDPR Article 33 and 34 requirements:
Upon becoming aware of a potential breach, we will:
If required, we will notify the relevant supervisory authority within 72 hours, including:
If the breach is likely to result in high risk to your rights and freedoms, we will:
Important: While we maintain robust security measures and breach response procedures, we cannot guarantee prevention of all breaches. You acknowledge and accept this risk when using our services.
For all privacy-related inquiries, data protection requests, or to exercise your rights under GDPR, CCPA, or other applicable privacy laws, please use our secure contact channels:
For privacy policy questions, data access requests, deletion requests, and other privacy matters
Contact Privacy TeamThis privacy policy was last updated on July 28, 2025. We reserve the right to update this policy at any time. Your continued use of our services constitutes acceptance of any changes.
Governing Law: This Privacy Policy shall be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of law provisions. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in California.
This notice explains how FreeGCP safeguards personal data under GDPR, CCPA, PIPEDA, and global research regulations. It forms part of the terms you accept when using our platform.
For the purposes of this Privacy Policy, the following definitions shall apply throughout this document:
Any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Entity Name: FreeGCP Training Platform
Legal Structure: Online Educational Service Provider
Primary Operations: Clinical Research Training & Certification
Jurisdiction: California, United States
Role: Data Protection Officer (DPO)
Responsibilities: GDPR Compliance & Privacy Management
Contact Method: Via secure contact form only
Contact DPOEU Representative: For GDPR purposes, we have appointed a representative in the European Union. Contact details are available upon request through our secure contact form.
In accordance with Article 5 of the GDPR and similar provisions in other privacy regulations, we adhere to the following fundamental principles when processing your personal data:
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. We ensure all processing activities have a valid legal basis and are conducted with full transparency regarding how data is collected, used, and protected.
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. We strictly limit data use to the purposes outlined in this policy.
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. We only collect the minimum data required to provide our services effectively.
Personal data shall be accurate and, where necessary, kept up to date. We implement measures to ensure data accuracy and provide mechanisms for users to update their information.
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
We process personal data only when we have a lawful basis under Article 6 of the GDPR. The specific lawful basis depends on the context and purpose of processing:
Processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract.
Processing is necessary for compliance with legal obligations to which we are subject.
Processing is necessary for our legitimate interests, except where overridden by your interests or fundamental rights.
You have given consent to the processing of your personal data for specific purposes.
We may receive limited information about you from third-party services:
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and where that is the case, access to the personal data and the following information:
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
You have the right to obtain the erasure of personal data concerning you without undue delay where one of the following grounds applies:
You have the right to obtain restriction of processing where one of the following applies: the accuracy of the personal data is contested, the processing is unlawful, we no longer need the data but you require it for legal claims, or you have objected to processing pending verification of legitimate grounds.
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance where the processing is based on consent or contract and is carried out by automated means.
You have the right to object at any time to processing of personal data concerning you based on legitimate interests or for direct marketing purposes. Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for contract performance, authorized by law, or based on explicit consent.
To exercise any of these rights, please submit a request through our secure contact form. We will respond within one month of receiving your request, as required by GDPR.
Submit GDPR Rights RequestYou have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) regarding your personal information:
You have the right to request that we disclose certain information about our collection and use of your personal information over the past 12 months:
You have the right to request that we delete any of your personal information that we collected and retained, subject to certain exceptions. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
WE DO NOT SELL YOUR PERSONAL INFORMATION
We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. Therefore, we do not offer an opt-out for the sale of personal information.
You have the right not to receive discriminatory treatment for exercising any of your CCPA rights. We will not discriminate against you for exercising your privacy rights by denying goods or services, charging different prices, providing different quality of services, or suggesting you will receive a different price or quality.
You may designate an authorized agent to make a request under the CCPA on your behalf. We may request that you provide the authorized agent written permission to do so and verify your identity directly with us.
To exercise any of these rights, California residents may submit a verifiable consumer request through our secure contact form. We will verify your identity before processing your request.
Submit CCPA Rights RequestWe will acknowledge receipt of your request within 10 business days and provide a substantive response within 45 days. If we require more time (up to 90 days total), we will inform you of the reason and extension period in writing. We will deliver our response by mail or electronically, at your option.
In compliance with CalOPPA, we declare the following:
We collect personal information as detailed in Section 5 of this policy. Users can visit our site anonymously, but certain features require account creation.
Our Privacy Policy link appears on our home page and on any page where personal information is collected. The word "Privacy" is clearly displayed in the link.
Users will be notified of Privacy Policy changes via email and a prominent notice on our website. The "Last Updated" date at the top of this policy will be updated.
Users can change their personal information by logging into their account and visiting the profile settings page, or by contacting us via our secure contact form.
We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place.
We do not allow third-party behavioral tracking on our website. We use only first-party analytics for improving our services.
We implement a comprehensive security program designed to protect your personal information from unauthorized access, use, alteration, disclosure, or destruction. Our security measures include:
Critical Security Disclaimers
In the event of a personal data breach, we have established comprehensive procedures to ensure compliance with GDPR Article 33 and 34 requirements:
Upon becoming aware of a potential breach, we will:
If required, we will notify the relevant supervisory authority within 72 hours, including:
If the breach is likely to result in high risk to your rights and freedoms, we will:
Important: While we maintain robust security measures and breach response procedures, we cannot guarantee prevention of all breaches. You acknowledge and accept this risk when using our services.
For all privacy-related inquiries, data protection requests, or to exercise your rights under GDPR, CCPA, or other applicable privacy laws, please use our secure contact channels:
For privacy policy questions, data access requests, deletion requests, and other privacy matters
Contact Privacy TeamThis privacy policy was last updated on July 28, 2025. We reserve the right to update this policy at any time. Your continued use of our services constitutes acceptance of any changes.
Governing Law: This Privacy Policy shall be governed by and construed in accordance with the laws of the State of California, without regard to its conflict of law provisions. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in California.