Privacy Policy
Last updated: March 2026
Your privacy matters to us. This policy explains how we collect, use, and protect your personal information.
360 Clinical Research Consultancy is committed to protecting and respecting your privacy. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988–2018, the data controller is 360 Clinical Research Consultancy. By visiting our website or using our services, you accept and consent to the practices described in this policy.
1. Definitions
In this Privacy Policy, the following terms have the meanings set out below:
| Term | Definition |
|---|---|
| "Data Controller" | The organisation that determines the purposes and means of processing personal data. For this website, this is 360 Clinical Research Consultancy. |
| "Data Processor" | A person or organisation that processes personal data on behalf of the Data Controller. |
| "Data Subject" | A living individual about whom personal data is held or processed. |
| "Personal Data" | Any information relating to an identified or identifiable natural person. |
| "Processing" | Any operation performed on personal data, whether or not by automated means. |
| "Special Categories of Data" | Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, biometric data, or data concerning sex life or sexual orientation. |
2. Scope of This Policy
This Privacy Policy applies to personal data collected by 360 Clinical Research Consultancy through:
- Our website at 360audits.com and associated subdomains
- Direct communications with us by email, telephone, or post
- Our newsletter and marketing communications
- Our clinical research auditing and consulting services
This policy does not apply to third-party websites that may be linked from our site. We encourage you to review the privacy policies of any third-party websites you visit.
3. Data We Collect
We may collect and process the following categories of personal data:
- Identity Data: First name, last name, title, job title
- Contact Data: Email address, telephone number, postal address
- Business Data: Company name, industry sector, business role
- Technical Data: IP address, browser type, operating system, page visit history, referring URLs
- Usage Data: Information about how you use our website and services
- Marketing Preferences: Your preferences for receiving marketing communications from us
- Correspondence Data: Any information you share with us in emails or other communications
We do not knowingly collect Special Categories of Personal Data through this website. Where our consulting services require processing of such data, this will be governed by a separate data processing agreement.
4. How We Collect Your Data
We collect personal data through the following means:
- Direct interactions: When you fill in forms on our website, contact us by email, subscribe to our newsletter, or request a consultation
- Automated technologies: As you interact with our website, we may automatically collect Technical Data using cookies, server logs, and similar technologies
- Third parties: We may receive data from analytics providers such as Google Analytics, and from publicly available sources where we have a legitimate interest in processing that data
5. How We Use Your Data
We use your personal data only where we have a lawful basis to do so. The lawful bases we rely on are:
- Performance of a contract: To provide our auditing and consulting services, process enquiries, and manage our client relationships
- Legitimate interests: To improve our website and services, prevent fraud, administer and protect our business, and grow our business by understanding how our services are used
- Consent: To send you our newsletter and marketing communications where you have opted in. You may withdraw consent at any time
- Legal obligation: To comply with applicable laws and regulations, including tax and financial reporting obligations
We will never sell your personal data to third parties or use it for purposes incompatible with the purposes described in this policy.
6. Who We Share Your Data With
We may share your personal data with the following categories of recipients:
- Service providers: IT and website hosting providers, email service providers, analytics platforms, and other third-party suppliers who process data on our behalf under data processing agreements
- Professional advisers: Lawyers, accountants, and insurers who require access to your data to provide services to us
- Regulatory authorities: Where required by law or regulation, including An Garda Síochána, the Revenue Commissioners, or the Data Protection Commission
All third parties with whom we share data are required to respect the security of your personal data and to treat it in accordance with applicable data protection law. We do not allow our service providers to use your data for their own purposes.
7. Keeping Your Data Secure
We have implemented appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. These measures include:
- Encryption of data in transit using TLS/SSL protocols
- Access controls limiting who within our organisation can access your data
- Regular security assessments of our systems and processes
- Staff training on data protection and information security
Where we have given you (or where you have chosen) a password to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
8. Data Retention
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are as follows:
- Client and service data: For the duration of our engagement plus 7 years, in line with Irish legal and tax obligations
- Marketing and newsletter data: Until you unsubscribe or withdraw consent, plus 12 months thereafter
- Website enquiry data: 3 years from the date of last contact
- Technical and usage data: Up to 26 months (in line with Google Analytics defaults)
When personal data is no longer required, we ensure it is securely deleted or anonymised.
9. Your Rights
Under GDPR and Irish data protection law, you have the following rights in relation to your personal data:
- Right of access: You have the right to request a copy of the personal data we hold about you (a Subject Access Request)
- Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you
- Right to erasure: You have the right to request that we delete your personal data in certain circumstances
- Right to restrict processing: You have the right to request that we restrict how we process your personal data in certain circumstances
- Right to data portability: Where processing is based on consent or contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format
- Right to object: You have the right to object to processing based on legitimate interests, or for direct marketing purposes
- Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal
To exercise any of these rights, please contact us at info@360audits.com. We will respond within one calendar month. If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission at www.dataprotection.ie.
10. Transfers Outside the EEA
Whenever we transfer personal data outside of the European Economic Area (EEA), we ensure an adequate level of protection is in place by using one of the following safeguards:
- Transferring data to countries that have been deemed to provide an adequate level of protection by the European Commission
- Using specific contractual clauses approved by the European Commission (Standard Contractual Clauses) which give personal data the same protection it has in Europe
- Relying on binding corporate rules where applicable
If you require further information about the specific mechanism used when transferring your personal data out of the EEA, please contact us.
11. Links to Other Websites
Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
12. Changes of Business Ownership
If 360 Clinical Research Consultancy is acquired by or merged with another organisation, your information may be transferred to the new owners so that we may continue to provide our services. In such circumstances, the new data controller will be bound by data protection obligations equivalent to those set out in this policy, and you will be notified in advance of any material change in our data practices.
13. Cookies
Our website uses cookies — small text files placed on your device — to distinguish you from other users and to improve your experience on our site. For detailed information on the cookies we use, the purposes for which we use them, and how to manage your cookie preferences, please see our Cookie Policy.
View Cookie Policy14. General
This Privacy Policy is governed by the laws of Ireland and the European Union. If any provision of this policy is found to be invalid or unenforceable by a court of competent jurisdiction, the remaining provisions will continue in full force and effect.
This policy constitutes the entire agreement between you and 360 Clinical Research Consultancy with respect to privacy and supersedes all prior or contemporaneous communications and proposals, whether electronic, oral, or written, between you and 360 Clinical Research Consultancy with respect to this subject matter.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time in order to reflect changes in law, best practice, or our data handling procedures. We will notify you of any significant changes by posting a prominent notice on our website. The date at the top of this page indicates when the policy was last updated.
We encourage you to check this page periodically for the most current information on our privacy practices.
Contact Us
If you have any questions about this Privacy Policy, or wish to exercise any of your rights, please contact us at:
360 Clinical Research Consultancy
Email: info@360audits.com
This privacy policy was prepared in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and the Irish Data Protection Acts 1988–2018.
Ready to strengthen your compliance?
Talk to our team today about how 360 Clinical Research Consultancy can help your organisation achieve and maintain regulatory compliance.
Get in TouchLatest Posts
12 min read
Welcome to the March 2026 edition of the 360 Clinical Research Consultancy Insights! In this issue, March Becomes the Implementation Month: What the UK’s Countdown Webinar Revealed
10 Mar 2026
Read More →
12 min read
Welcome to the February 2026 edition of the 360 Clinical Research Consultancy Insights! In this issue, FDA’s One-Trial Default Changes the Conversation: What February 2026 Means for Drug Development Strategy.
10 Feb 2026
Read More →
12 min read
Welcome to the January 2026 edition of the 360 Clinical Research Consultancy Insights! In this issue, UK Clinical Trial Competitiveness Becomes a 2026 Priority: Faster Assessments, Agile Regulation, and What It Means for Sponsors
10 Jan 2026
Read More →