We, EvidentIQ Group GmbH (“EvidentIQ/we“), are pleased about your visit to our website and your interest in our products and services. In the following provisions, we inform you about the type, scope and purpose of the collection and use of your personal data on our website. Personal data is any information relating to an identified or identifiable natural person. This includes in particular your name and e-mail address. 

The use of our website is generally possible without providing personal data. You are neither obliged to call up this website nor to provide personal data. However, the active provision of personal data is required, for example, in the case of registration for a newsletter. If you do not provide us with personal data for the purposes listed below, you may not be able to use the functions of this website or some of its services.


1.     Provider and data protection officer

Provider of the website and controller in the sense of data protection law is the

EvidentIQ Group GmbH
Große Johannisstr. 7
20457 Hamburg

Managing directors: Andreas Weber, Manuel Neukum, Axel Jansen, Lars Kloppsteck, Helge Hofmeister, Franciscus Pijpers

Phone: +49 (0) 89 4522775 000

E-mail: info@evidentiq.com

You can reach EvidentIQ’s data protection officer at

krupna LEGAL

Dr. Karsten Krupna
Am Sandtorkai 77
20457 Hamburg

Phone: +49 (0) 40 31976927

E-mail: karsten-krupna@xclinical.com


2.     Data processing for enabling website use

Every time you access content on our website, connection data is transmitted to our webserver. This connection data includes:

  • the IP address (Internet Protocol address) of the respective users,
  • the date and time of the request,
  • the referrer URL,
  • device numbers such as UDID (Unique Device Identifier) and comparable device numbers, device information (e.g. device type) and
  • the browser type / the browser version.

This connection data is not used to draw conclusions about the person of the user or merged with data from other data sources, but serves to provide the website. After 7 days at the latest, the data will be anonymized by shortening the IP address at domain level. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR.  


3.     Newsletter

If you have expressly consented, you will receive a newsletter on EvidentIQ products and services via e-mail. To receive our newsletter, only your e-mail address is required. This is marked accordingly (*).

In connection with your registration to receive the newsletter, we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 7 days, your information will be blocked and automatically deleted after one month.

The processing of your personal data in connection with the newsletter is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

You can revoke your consent to receive newsletters at any time with effect for the future towards EvidentIQ. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. To exercise the revocation, you will find a corresponding link at the end of each e-mail newsletter. Alternatively, you can revoke your consent at any time, e.g. by sending an e-mail to info@evidentiq.com.

When you register for the newsletter, we also store your IP address and the time of registration in order to fulfill our legal documentation obligations. The legal basis for data processing in this case is Art. 6 para. 1 sentence 1 lit. c GDPR.


4.     eCOA application

If you are a patient participating in a clinical trial conducted with the clinical data management software solution “EvidentIQ eCOA”, you have the option to use our eCOA application by way of browser access on our website. eCOA is a software in the field of clinical studies that, among other things, optimizes data collection in real time directly from the proband and offers numerous solutions for this purpose. Within the eCOA application on our website, you can fill out questionnaires about your current state of health, particularly with regard to the clinical trial in which you are participating.


4.1.  Login

You can access the eCOA application via the login function. For this purpose, you must first enter your e-mail address, which you provided as part of the clinical trial, as your user name and select your password (“login data”). A password should be at least 8 characters long and, if possible, always consist of a combination of upper and lower case letters, numbers and special characters. Problematic are trivial words like “ABC” or keyboard sequences (e.g. “qwert” or “asdfgh”), all kinds of names (e.g. of friends, acquaintances, colleagues, family members, pets), names of cities and buildings, comic characters, car brands, car license plates, terms, dates of birth, telephone numbers, common abbreviations, etc.

Login data must be kept strictly secret. If a disclosure has nevertheless been made, for example to enable access to certain databases by third parties in an emergency, the password must be changed immediately. For your own protection, it is prohibited to reuse passwords that have already been used.

In addition, your IP address and the time of access are stored by us in the context of a login. This is necessary to ensure the security of our information technology systems. EvidentIQ also sets a session cookie each time you log in. This session cookie prevents automatic logout during active use of the user account or related services. After the respective logout, the session cookie is automatically deleted within a few minutes.

The legal basis for the processing of your data in connection with access to the eCOA application, login and the use of the IP address as well as the session cookie is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is in particular to provide you with easy access for data collection via our website.

However, the institute conducting the study / the sponsor is responsible for further data processing. The data processing is carried out under the legal basis applicable to the institute / sponsor. This is regularly your consent given to the respective institute / sponsor pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR; insofar as special categories of personal data are concerned pursuant to Art. 9 para. 2 lit. a GDPR. “Special categories” of personal data are, according to Art. 9 para. 1 GDPR, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data uniquely identifying a natural person, health data, or data concerning a natural person’s sex life or sexual orientation. In individual cases, the legal basis for data processing may also result from special legal regulations, e.g. Art. 9 para. 2 lit. h GDPR and § 22 BDSG. We ourselves process your data on the basis of the data processing agreement concluded between the institute or the sponsor and us.


4.2.  Data processing during the use of the eCOA application

Within the eCOA application, you may periodically complete questionnaires that include your current health status and other questions related to the primary disease and any improvement or worsening of your condition. Regarding the respective questionnaires, you may receive a corresponding notification to the e-mail address you have provided.

Your entries will be stored first within the eCOA application in pseudonymized form. Subsequently, this data may be imported into a separate clinical data software to be linked with the clinical data already existing about you. Within this secondary software, the personal data can then be viewed by medical staff or other persons subject to appropriate confidentiality obligations.

The institute conducting the study / the sponsor is responsible for data processing. The data processing is based on the legal basis applicable to the institute / sponsor. This is regularly your consent given to the respective institute / sponsor according to Art. 6 para. 1 sentence 1 lit. a GDPR; if special categories of personal data are concerned according to Art. 9 para. 2 lit. a GDPR. In individual cases, the legal basis for data processing may also result from special legal regulations, e.g. Art. 9 para. 2 lit. h GDPR and § 22 BDSG. We ourselves process your data on the basis of the data processing agreement concluded between the institute or the sponsor and us.


4.3.  Data transfer within the eCOA application

In order to achieve the purposes described earlier in this privacy policy in connection with the eCOA application, we use as a so-called „sub-processor” Amazon Web Services, EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg and use hosting services in a data center in Frankfurt am Main. Where necessary, we have concluded with Amazon Web Services a data processing agreement in accordance with Art. 28 GDPR. In addition, in the event of data transfer to a third country, appropriate safeguards are in place in the form of the new EU standard data protection clauses to ensure an adequate level of protection.  


5.     Data processing for the demand-oriented design of the website / cookies

The tracking tools and other services used by us are listed in sections 6 ff. The legal basis for the processing of your data follows from Art. 6 para. 1 sentence 1 lit. f GDPR, unless otherwise stated in sections 6 ff. Our legitimate interest then consists in the demand-oriented design of the website.

In order to make the use of our website as pleasant as possible for you, we use so-called “cookies”, i.e. small text files that are sent to your browser by a web server and stored on the hard drive of your end device. This enables us to recognize the end device you are using when you use our website.

Most browsers are set in such a way that cookies are automatically accepted. You can deactivate the storage of cookies in your browser and have the option of deleting them from your hard drive at any time. However, you can also use your browser to prevent the setting of certain cookies only (e.g. cookies from third parties), for example if you wish to prevent web tracking. You can find more information on this in the help function of your browser. 

We would further like to point out that you can also install a plugin in your browser to protect your privacy, which offers the possibility of preventing tracking – e.g. AdBlock, Ghostery or NoScript (please refer to the data protection information of the respective plugin provider). 

Finally, please note that if you disable cookies, you may not be able to use all the features of this website to their full extent.

Details of the cookies used on the website can be found in the cookie banner and in the following provisions.


6.     Cookie consent with Usercentrics

This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device and to document this in a data protection compliant manner. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (“Usercentrics“).

When you access our website, the following personal data will be transferred to Usercentrics:

  • Your consent(s) or revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your end device
  • Time of your visit on the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to attribute the given consents or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.


7.     Tracking tools / other services


7.1.  Google Analytics

Our website uses the tracking tool “Google Analytics”. This is a service provided by Google Ireland Limited, a company incorporated and regulated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This tracking tool helps us to make the website more interesting for you and to improve the user experience. In doing so, data on the use of our website is stored in pseudonymous user profiles. Cookies can also be used for this purpose. In addition, data from various devices, sessions and interactions can be linked to a so-called “user ID”. The generated information is usually transferred to a Google server in the USA and stored there.We would like to point out that on our website Google Analytics has been extended by the “anonymizeIp” function. This means that your IP address is first shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only then transferred to a Google server in the USA.

The shortening of the IP address is an additional measure pursuant to Art. 25 para. 1 GDPR for the protection of users, but it does not result in anonymization of the complete data processing. Thus, when Google Analytics is used, in addition to the IP address, other usage data is also collected that is to be assessed as personal data, such as identification features of the individual users, which also allow a link to an existing Google account, for example.

On our behalf, Google will use the information obtained via Google Analytics to evaluate your use of our website, to compile reports on website activity and to provide us with other services related to website and internet usage. The pseudonymized usage profiles are not merged with personal data about the bearer of the pseudonym without a separately granted consent.

For more information about Google Analytics, see:

https://support.google.com/analytics/answer/2790010?hl=de  

Please note that Google also has independent access to your data collected via Google Analytics and can also use this data for its own purposes. For example, Google may combine this data with other data about you, such as your search history, personal account, usage data from other devices and any other data that Google has about you.

The legal basis for our processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You give your corresponding consent via our cookie banner. Please note that Google is a company from the USA. According to a recent ruling of the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain circumstances your data may be processed by US authorities for control and monitoring purposes. If you still wish to give your consent to the use of this tool, you can select this via the cookie banner. After implementation of the new EU standard data protection clauses, these will form the legal basis for data transfers to third countries.


7.2.  Google Ads Conversion

In order to advertise our products and services on external websites with the help of advertising media and to determine the success of our advertising measures, we use the “Google Ads Conversion” service. These advertising media are delivered by Google via so-called “Ad Servers”. If you access our website via a Google ad, Google Ads will store a cookie on your end device. These cookies usually lose their validity after 30 days and do not serve to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

The aforementioned cookies enable Google to recognize your internet browser. Therefore, provided that you have visited certain websites of an Ads customer and the cookie stored on your computer has not yet expired, Google and the Ads customer can recognize that you have clicked on the ad and were redirected to this page. Cookies cannot be tracked through Ads customer websites. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We also only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media, in particular we cannot identify you on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our knowledge as follows: Through the integration of Ads Conversion, Google receives the information that you have called up the relevant part of our internet presence or clicked on an advertisement from us. If you are registered at a Google service, Google can assign the visit to your account. Even if you are not registered at Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.

You can find more information about data privacy at Google here: https://support.google.com/google-ads/answer/93148 https://ads.google.com/intl/de_de/home/faq/gdpr/

The legal basis for our processing of your data is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You give your corresponding consent via our cookie banner. Please note that Google is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. If you nevertheless wish to consent to the use of this tool, you can do so via the cookie banner. After implementation of the new EU standard data protection clauses, these will form the legal basis for data transfers to third countries.


7.3.  HubSpot

For our online marketing activities, we use the service of HubSpot Inc., a software company based in the USA, 25 First Street, Cambridge, MA 02141 USA, with an office in Ireland, Ground Floor, Two Dockland Central, Guild St, North Dock, Dublin, D01 K2C5, Ireland (“HubSpot“).

HubSpot is an integrated software solution that we use to cover various aspects of our online marketing. These include: E-mail marketing, contact management (e.g. user segmentation & CRM) and data processing via contact forms. We use all collected information exclusively to optimize our marketing measures.

The legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You give your corresponding consent via our cookie banner. Please note that HubSpot is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. If you nevertheless wish to consent to the use of this tool, you can select this via the cookie banner. After implementation of the new EU standard data protection clauses, these will form the legal basis for data transfers to third countries.


7.4.  LinkedIn Insight-Tag

On our website we use the conversion tool “LinkedIn Insight-Tag” of LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”). This tool creates a cookie in your web browser, which enables the collection of, among other things, the following data: IP address, device and browser properties and page events (e.g. page views). LinkedIn Ireland does not transmit any personal data to us, but provides anonymized reports on website audience and viewing performance. In addition, LinkedIn Ireland offers the possibility of retargeting via the Insight-Tag. With the help of this data, we can display targeted advertising outside our website without identifying you as a user of the website. Our legal basis for processing your data is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You give your corresponding consent via our cookie banner.

Please note that LinkedIn Ireland may also process your data outside the EU/EEA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. If you nevertheless wish to consent to the use of this tool, you can select this via the cookie banner. After implementation of the new EU standard data protection clauses, these will form the legal basis for data transfers to third countries.

For more information about the LinkedIn Insight-Tag, please see the following link. For more information about privacy at LinkedIn Ireland, please see the LinkedIn Ireland Privacy Policy.


7.5.  Google reCAPTCHA

We use Google reCAPTCHA (“reCAPTCHA”) on our website. This is a service of the provider Google. reCAPTCHA is used to check whether the data entry on our website (e.g. when registering for a newsletter) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor calls up or enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. You will not be informed separately that an analysis is taking place. The data processing is based on Art. 6 para. 1 sentence 1 lit. a GDPR. You give your corresponding consent via our cookie banner.

Please note that Google is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. If you nevertheless wish to consent to the use of this tool, you can select this via the cookie banner. After implementation of the new EU standard data protection clauses, these will form the legal basis for data transfers to third countries.

For more information about reCAPTCHA and Google’s privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.


7.6.  Google Tag Manager

We use the Google Tag Manager. Through this service from Google, website tags can be managed via an interface. However, the Google Tag Manager only implements tags. In this respect, no cookies are used and no personal data is collected. The Google Tag Manager merely triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. The data is analyzed exclusively in the respective tool (see the aforementioned explanations in section 7).


7.7.  Capterra

On our website we use the conversion tracking tool of Capterra Inc., a company from the USA with headquarters at 1201 Wilson Blvd, 9th Floor, Arlington, VA 22209, USA (“Capterra”). Capterra is a platform for software selection based on the ratings of other users.

When you trigger a so-called conversion event on our website (e.g. filling out a form to receive a demo version), a cookie is set by Capterra to recognize if and when you have triggered a conversion event. The generated information is transferred to Capterra’s servers and processed there. We receive an evaluation from Capterra about the number of conversion events in order to analyze the success of our advertising campaigns.

You can find more information about Capterra’s data processing in the privacy policy at https://www.capterra.com/legal/privacy-policy.

The legal basis for our processing of your data is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. You give your corresponding consent via our cookie banner. Please note that Capterra is a company from the USA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. If you nevertheless wish to consent to the use of this tool, you can select this via the cookie banner. After implementation of the new EU standard data protection clauses, these will be the legal basis for data transfer to third countries.


8.     Social media presence


8.1.  Data processing by EvidentIQ and legal basis

Our social media presences (LinkedIn, Twitter, YouTube and Facebook) serve the purpose of informing you about EvidentIQ as well as new developments, services and products of EvidentIQ. Depending on the offer of the respective providers, you have the possibility of different interaction (comments, recommendations etc.) e.g. in connection with our social media presence. The interaction of the users is an important criterion for us in order to carry out targeted marketing. For example, we can determine which articles are read preferentially. We therefore also use the statistics determined by the providers in this regard for our own purposes. Insofar as we process personal data of users in this context, the legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest then consists in particular in targeted information / advertising. The providers will inform you separately about the legal basis on which they process your data for their own purposes.


8.2.  Joint responsibility

In some cases, we are jointly responsible with the social media providers for processing your personal data. In this case you can assert your rights (see section 14) generally either against us or against the social media provider. However, the social media provider is the first point of contact.

We have concluded an agreement with Facebook on joint responsibility for the processing of personal data. This applies to the processing of so-called “Insights data”. These are page statistics, in particular on the interactions of Facebook users. Details on the Insights data can be found here: https://www.facebook.com/business/pages/manage#page_insights. You can view our agreement with Facebook at the following link: www.facebook.com/legal/terms/page_controller_addendum.

We have also concluded an agreement on joint responsibility with LinkedIn Ireland with regard to so-called “page insights”. These are aggregated page statistics, whereby LinkedIn does not provide us with any personal data about you. Details on the insights data and our agreement with LinkedIn can be found at the following link.

Please note that social media providers also process your data outside the EU/EEA. According to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes.

With regard to the storage period of the data we process from you for our own purposes, please refer to our explanations under section 12. Otherwise, please observe the data protection provisions of the respective social media provider.


9.     Telephone and video conferences via Teams

We use the online platform Teams (“Teams“) for interactive communication. Teams is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, based in the USA (“Microsoft“). For more information from Microsoft about Team’s privacy practices, please click here.


9.1.  Microsoft’s own responsibility

If you access Microsoft’s website for the use of Teams, Microsoft is responsible for the data processing. However, you only need to access the website to download the software for the use of Teams. You can also use Teams if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the Teams app. If you do not wish to use the Teams app, the basic functions can also be used via a browser version.

To the extent that Microsoft processes personal data in connection with its own legitimate business operations, as described in the Microsoft Online Services Terms of Use, Microsoft is an independent data controller for such processing, whose legal basis, according to its own declaration, is “legitimate interests”. “Microsoft’s legitimate business transactions” in this context are, as evidenced by Microsoft’s statement, the following, each as an incident involving the provision of Teams to us (1) billing and account management; (2) compensation (e.g., calculation of employee commissions and partner incentives); (3) internal reporting and modeling (e.g., forecasts, revenue, capacity planning, product strategy); (4) combating fraud, cybercrime or cyber attacks that may affect Microsoft or Microsoft products; (5) improving core accessibility, privacy, or energy efficiency functionality; and (6) financial reporting and compliance with legal obligations.

Microsoft’s statement on the storage of personal data can be found here.


9.2.  Purpose of processing and types of personal data

We use Teams to conduct telephone conferences and/or video conferences, particularly in connection with online seminars for prospects and professionals and/or employment relationships (“online meetings”).

When using Teams, various types of personal data are processed by us. The type and scope of the data depends in particular on the information you provide before or during participation in an online meeting. However, in order to identify you as an authorized participant, you must at least provide your name. You can deactivate the video or microphone function at any time via the Teams application.

Personal data processed in connection with Teams include:

  • Profile data: First name, surname, telephone number (optional), e-mail address, password (if “Single-Sign-On” is not used), profile picture (optional), department (optional)
  • Meeting metadata: Subject, description (optional), participant IP addresses, device/hardware information
  • Call history data: Information on incoming and outgoing telephone number, country name, start and end time. If necessary, other connection data such as the IP address of the device can be saved.
  • Content data: You may be able to use chat, question or survey functions during an online meeting. Your text entries and other approved data are processed to display them in the online meeting.
  • For further details on data processing by Microsoft, please refer to Microsoft’s explanations von Microsoft.


9.3.  Data processing by EvidentIQ and legal basis

To the extent that personal data of employees is processed by us, the legal basis for data processing is generally § 26 para. 1 BDSG. If special categories of personal data are involved, the processing is governed by § 26 para. 3 BDSG.

If, however, in connection with the use of Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, the legal basis for data processing is generally Art. 6 para. 1 sentence 1 lit. f GDPR. In these cases, our interest lies in the effective implementation of online meetings. In addition, the legal basis for data processing when conducting online meetings is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the meetings are conducted in the context of contractual relationships. In special cases (e.g. a recording of online meetings) in which you are asked in advance for a declaration of consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.


9.4.  Data transfer to countries outside the EU

Teams is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded a data processing agreement with Microsoft in accordance with Art. 28 GDPR. An adequate level of data protection is ensured by the conclusion of the EU standard data protection clauses. If law enforcement authorities contact Microsoft with a request, Microsoft, according to its own statement, tries to redirect law enforcement authorities to request the personal data directly from us. If Microsoft is required to disclose personal information to law enforcement authorities, Microsoft will (also at Microsoft’s own statement) notify us immediately and provide a copy of the request unless prohibited by law. For more information about the data that Microsoft discloses in response to requests from law enforcement and other government agencies, please refer to Microsoft’s Law Enforcement Requests Report.


10.  Data transfer

We only transfer your personal data to third parties or other recipients if this is necessary for the provision of services, if you have given your consent, if there is a legal obligation or if the transfer of data is permitted by another legal basis. Where necessary, we have concluded data processing agreements with the recipients of your data, such as Google or other service providers, in accordance with Art. 28 GDPR. We will only transfer your data to government bodies within the scope of legal obligations or on the basis of an official order or court decision.


11.  Data transfer to countries outside the EU

As far as necessary for our purposes, we will also transfer your data to recipients outside the EU if you have given your consent, if there is a legal obligation or if the transfer of data is permitted on another legal basis. Your data will also be transferred to recipients based in the USA within the scope of data processing. Please note, however, that according to a recent ruling of the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and thus a risk to the protection of your data. For example, under certain circumstances your data may be processed by US authorities for control and monitoring purposes. In addition, we continue to refer to Art. 49 GDPR with regard to the legal basis for the transfer of data. An adequate level of data protection will be ensured in the future by concluding the new so-called EU standard data protection clauses.


12.  Duration for which personal data is stored / criteria for determining the duration

Your personal data will be stored by EvidentIQ for as long as it is necessary for the aforementioned purposes of processing, in the event of an objection no compelling reasons worthy of protection oppose EvidentIQ or in the event of a revocation no other legal basis for data processing exists. In certain cases, e.g. if there is a legal obligation to retain data, your personal data will not be deleted immediately, but blocked initially.

If, in connection with the eCOA application, the data protection responsibility lies with the institute or the sponsor, please refer to the information provided by the respective controller.


13.  Data security

To protect your personal data on this website, we use a secure online transmission procedure, the so-called “Secure Socket Layer” (SSL) transmission. You can recognize this by the fact that a closed padlock symbol is displayed on the address https://. By clicking on the symbol, you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. The SSL encryption guarantees the encrypted and complete transmission of your data.


14.  Your rights

Within the framework of the legal requirements, you have a fundamental claim against EvidentIQ for

  • confirmation as to whether personal data concerning you is processed by EvidentIQ,
  • information about these data and the circumstances of processing,
  • correction, if this data is incorrect,
  • deletion, unless the processing is not justified and there is no (longer an) obligation to keep the data,
  • restriction of processing in special cases determined by law,
  • objection in case of data processing on the basis of Art. 6 para 1 sentence 1 lit. f GDPR and
  • transmission of your personal data – if you have provided it – to you or a third party in a structured, common and machine-readable format.

Insofar as the processing of your personal data is based on your consent, you have the right to revoke this consent at any time, with the consequence that the processing of your personal data will become inadmissible for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent up to the point of revocation. 

Please address your specific request in writing or by e-mail to our data protection officer (see section 1), clearly identifying yourself.

Insofar as we process your data in joint controllership with third parties within the meaning of Art. 26 GDPR (see section 8.2), the third party is centrally responsible for the exercise of all rights of the persons concerned. However, you are free to assert your rights against us as well.

If the institute or the sponsor is responsible for data protection in connection with the eCOA application, please refer to the information provided by the respective controller.

Finally, we would like to draw your attention to your right of appeal to the supervisory authority.


15.  No automated individual decision

We do not use your personal data for automated individual decisions.


16.  Amendment of the privacy policy

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adjusted accordingly. You will always find the latest version on our website.



We use cookies to personalize content and ads, provide social media features, and analyze traffic to our website. Our partners may combine this information with other data they have provided to you or collected from your use of the services. Because we value your privacy, we hereby request your permission to use the following technologies. You may change / revoke your consent later at any time by clicking on the settings in the lower left corner of the page.

Please note that according to a recent ruling by the European Court of Justice (ECJ), there is no adequate level of data protection in the USA and therefore a risk to the protection of your data. For example, under certain conditions, your data may be processed by US authorities for control and monitoring purposes. In addition, we currently refer to Art. 49 GDPR with regard to the legal basis for the transfer of data. After implementation of the new EU standard data protection clauses, these will constitute the legal basis for data transfer to third countries.

OK