MD-LedClinical Assurance
HomeSafety Site AuditAboutContact
Request a Consultation
Personal Data Processing Notice

PERSONAL DATA PROCESSING NOTICE

Website inquiries and business contacts – current operating model

PURPOSE

This Personal Data Processing Notice describes how the Company collects and processes personal data received through its public website and initial business communications.

This Notice reflects the Company’s current operating model, limited to website inquiries, email, telephone, and basic business contact activities. It does not apply to any future systems involving document exchange, client portals, or clinical data processing.

For the purposes of personal data collected via the website, the Company acts as an independent data controller.

CURRENT PROCESSING BOUNDARY

At the effective date of this Notice, the Company processes personal data only in connection with:

  • general business inquiries;
  • professional and commercial communication;
  • requests related to audit and consulting services; and
  • preliminary engagement discussions.

The following are explicitly out of scope:

  • personal user accounts or authentication systems;
  • client portals or dashboards;
  • document upload or exchange systems;
  • processing of regulated study documentation;
  • patient data intake;
  • processing of health or special category data via the website; and
  • portal-based or system-based service delivery.

PERSONAL DATA PROCESSED

The Company processes only limited personal data necessary for business communication, including:

  • name;
  • business email address;
  • telephone number;
  • employer or company name;
  • role or title (if provided);
  • inquiry content and free-text messages; and
  • related correspondence.

The Company may also process limited technical data related to website use, including:

  • IP address;
  • access logs;
  • browser and device information; and
  • basic analytics data, subject to cookie settings.

PURPOSES OF PROCESSING

Personal data is processed solely for the following purposes:

  • receiving and evaluating inquiries;
  • communicating with the individual;
  • assessing relevance of requested services;
  • arranging meetings and follow-up;
  • maintaining business communication records;
  • ensuring website security and integrity; and
  • complying with legal and professional obligations.

The Company does not use such data for profiling, large-scale marketing databases, or automated decision-making with legal or similarly significant effects.

LEGAL BASIS

Where applicable (including under GDPR), the Company relies on the following legal bases:

  • Legitimate interests – primary basis for responding to B2B inquiries and conducting professional communication;
  • Pre-contractual necessity / contract performance – where communication relates to a potential or existing engagement;
  • Legal obligation – where retention or disclosure is required by law;
  • Consent – where required (e.g., non-essential cookies or optional marketing).

Provision of personal data is voluntary; however, failure to provide certain information may prevent the Company from responding to the inquiry.

NO CLINICAL OR PATIENT DATA THROUGH THE WEBSITE

The Company does not intentionally collect or process patient-identifiable information, study subject data, medical records, or other special category data through the website.

The website must not be used to submit:

  • patient identifiers or coded subject data;
  • medical histories or laboratory results;
  • source documentation;
  • adverse event information;
  • protocol-specific subject records; or
  • any regulated clinical data.

The Company does not establish any duty to monitor, review, or process such data when submitted through uncontrolled channels.

If such data is received in error, the Company may take reasonable containment measures, including restricted handling, deletion, or redirection to an appropriate controlled process if established contractually.

DATA MINIMIZATION

The Company applies a data minimization approach consistent with its current operating model:

  • collection limited to necessary contact data;
  • avoidance of sensitive data;
  • no acceptance of clinical data via public channels;
  • restricted internal access; and
  • retention limited to necessary periods.

CONFIDENTIALITY AND ACCESS CONTROL

Personal data is treated as confidential business information and is accessible only to personnel or advisers with a legitimate need to access it.

All such persons are subject to contractual or professional confidentiality obligations.

SHARING WITH THIRD PARTIES

Personal data may be shared only where necessary with:

  • website hosting and technical service providers;
  • email and IT service providers;
  • legal, accounting, compliance, insurance, or similar advisers;
  • competent authorities or courts where required; and
  • successors in the event of corporate restructuring.

All third parties are required to process data only under appropriate confidentiality and data protection obligations.

The Company does not sell personal data and does not permit third parties to use such data for unrelated marketing purposes.

INTERNATIONAL PROCESSING

Due to the Company’s international operations, personal data may be processed in multiple jurisdictions.

Where required, such transfers are subject to appropriate safeguards, including Standard Contractual Clauses or equivalent legal mechanisms.

RETENTION

Personal data is retained only as long as necessary for:

  • handling inquiries and follow-up;
  • maintaining business records;
  • compliance with legal, tax, accounting, or insurance obligations; and
  • establishing or defending legal claims.

Retention will typically not exceed a reasonable business period unless required by law or ongoing business relationship.

DATA SUBJECT RIGHTS

Where applicable (including for individuals in the EEA), data subjects may have the right to:

  • access personal data;
  • request correction or deletion;
  • restrict or object to processing; and
  • exercise other rights provided by applicable law.

Requests may be submitted using the contact details below.

CHANGE CONTROL

If the Company introduces:

  • client accounts or authentication systems;
  • file upload or document exchange tools;
  • structured handling of client materials;
  • system-based service delivery; or
  • processing of health or special category data,

this Notice will be revised and additional legal and operational controls will be implemented before such processing begins.

CONTACT DETAILS

iTMF Consulting LLC
info@md-led.com
Sheridan, Wyoming 82801, USA

DOCUMENT CONTEXT

This Notice applies solely to the current public website use case and must be read together with:

  • Website Privacy Policy;
  • Terms of Use;
  • Cookie Notice (if applicable); and
  • internal data protection and confidentiality procedures.

Nothing in this Notice creates or implies a public channel for submission of regulated clinical documentation or patient data.

Data Processing Notice