INITIALIZING...

Privacy Policy

1.      Purpose and Scope

K2 Development Solutions (K2DS) is a Contract Research Organization (CRO) providing services to clients (e.g., pharmaceutical/biotechnology companies and other CROs).

This Privacy Policy explains how K2DS collects, uses, discloses, and protects personal data in the course of its business activities. It applies to all employees/staff external consultants and venders working in collaboration with the K2DS.

This Policy is designed to comply with applicable data protection laws, including the Act on the Protection of Personal Information (APPI) of Japan and the General Data Protection Regulation (GDPR) of the European Union, where applicable.

 

2.      Categories of Personal Data

The K2DS may collect the following categories of personal data:

  • Personally Identifiable Information: Name, email address, physical address, telephone number, and information collected or obtained during clinical trials (including medical and health-related data)
  • Device Information: Hardware model, IP address, browser type, operating system, and other technical identifiers
  • Website-Related Information: Usage data, inquiry content, and browsing history on the Company's website

3.      Legal Basis and Purpose of Processing

The K2DS processes personal data only when there is a lawful basis to do so, including:

  • Compliance with legal obligations (e.g., regulatory reporting, clinical trial documentation)
  • Performance of a contract or pre-contractual measures
  • Legitimate interests pursued by the Company (e.g., research and development, safety monitoring), provided such interests are not overridden by the rights of the data subject
  • Consent, where required (e.g., for certain types of data collection or communications)

Purposes of processing include:

  • Compliance with applicable laws and regulations
  • Advancement of research and development activities
  • Management and documentation of clinical trials
  • Safety monitoring of investigational products
  • Communication with stakeholders

 

4.      Data Sharing and Disclosure

The Company does not disclose personal data to third parties except in the following cases:

  • With the explicit consent of the data subject
  • To service providers or contractors acting on behalf of the Company, under appropriate data protection agreements
  • When necessary to protect the vital interests of the data subject or others
  • When required by law, regulation, or court order
  • In the context of cross-border data transfers, appropriate safeguards (such as Standard Contractual Clauses under GDPR or adequacy decisions) will be implemented to ensure the protection of personal data

5.      Data Protection and Security Measures

The K2DS implements appropriate technical and organizational measures to protect personal data from loss, theft, unauthorized access, disclosure, alteration, or destruction.

 

Governance

An information security framework is established under the direction of the Representative Director to ensure continuous improvement.

 

Data Protection and Security Officer 

A designated Security Officer, appointed by the Representative Director or the Board member, is responsible for overseeing the implementation of security measures.

 

Confidentiality and Access Control 

  • Access to personal data is restricted to authorized personnel only
  • Data is encrypted both at rest and in transit
  • Personal data is handled in accordance with APPI and GDPR requirements
  • Regular security audits are conducted, and corrective actions are documented and implemented as needed

Training and Awareness 

All relevant personnel receive regular training on data protection and information security. Training records are maintained appropriately.

 

Incident Response 

In the event of a data breach or security incident, response team/personnel is activated under the direction of the Representative Director or a designee. The team/personnel will promptly investigate, contain, and mitigate the incident, notify relevant authorities and data subjects as required by law, and implement corrective measures to prevent recurrence.

 

6.      Use of Cookies

The K2DS website does not use cookies within the meaning of the EU ePrivacy Directive or similar tracking technologies. No analytics, marketing, or session cookies are set, and no information is stored on or retrieved from your device. Accordingly, no cookie consent banner is displayed.

 

7.      Data Subject Rights

Data subjects have the following rights under applicable data protection laws:

  • Right to access their personal data
  • Right to request correction or deletion of inaccurate or outdated data
  • Right to restrict or object to processing under certain conditions
  • Right to data portability (where applicable)
  • Right to withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Right to lodge a complaint with a supervisory authority (e.g., Personal Information Protection Commission in Japan or a Data Protection Authority in the EU)

Requests may be submitted through the K2DS’s designated contact channels. Requests related to clinical trial data will be handled in accordance with applicable laws and ethical guidelines.

 

8.      Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations (e.g., GCP, pharmacovigilance, or tax laws). After the retention period, data will be securely deleted or anonymized.

 

9.      Updates to This Policy

This Privacy Policy may be updated from time to time in response to changes in legal or regulatory requirements or operational needs. Significant changes will be communicated via the Company's website or other appropriate means.

 

10.      Contact

For inquiries, concerns, or requests regarding this Privacy Policy or the Company's handling of personal data, please contact us using the contact email listed on our website.

SCROLL