Privacy Policy and Data Protection Notice

Important Notice

This Privacy Policy explains how MOST Clinical Consulting Group collects, uses, and processes personal data under applicable data protection laws, including the European Union's General Data Protection Regulation (GDPR) and equivalent regulations. If you are a resident of the European Union, Poland, or another jurisdiction with data protection laws, this notice applies to you.

1. Data Controller Information

For privacy-related inquiries, data subject requests, or complaints, please contact MOST Clinical Consulting Group at contact@mostclinical.com.

2. Categories of Personal Data Collected

MOST Clinical may collect the following categories of personal data:

  • Contact Information: Name, email address, phone number, organization, job title, and role.
  • Business Inquiry Data: Information about your clinical pathways, operational challenges, consulting needs, and any details provided through contact forms or business communications.
  • Website Usage Data: Log files, IP address, browser type, operating system, pages visited, referring/exit pages, timestamps, and device identifiers.
  • Cookies and Analytics: Tracking cookies, analytics identifiers, and data about your interactions with website features and content.
  • Communication Records: Email correspondence, inquiry history, and any information shared during business communications.

Important: The MOST Clinical website is not designed to collect patient medical records, identifiable patient information, or protected health information. See Section 13 below.

3. Purposes of Processing

MOST Clinical processes personal data for the following purposes:

  • Responding to business inquiries and providing operational consulting information.
  • Generating leads and conducting business development activities consistent with legitimate business interest.
  • Providing customer service and managing inquiries about MOST Clinical services.
  • Sending email communications regarding services, updates, or related consulting offerings (with your consent where required by applicable law).
  • Improving website functionality, content, and user experience based on aggregate usage data.
  • Monitoring and analyzing website usage patterns for security and operational purposes.
  • Complying with legal obligations, regulations, and lawful requests by authorities.
  • Protecting the legal rights, safety, and property of MOST Clinical, users, and the public.

4. Legal Basis for Processing (GDPR/RODO)

Under GDPR and equivalent EU/member state data protection laws, MOST Clinical processes personal data on one or more of the following legal bases:

  • Consent: Where you have explicitly consented to the processing (e.g., newsletter subscriptions, optional marketing communications).
  • Legitimate Interest: Where processing is necessary for MOST Clinical's legitimate business interests, including generating leads, responding to inquiries, and improving services, where such interests are not overridden by your rights.
  • Contract Performance: Where processing is necessary to perform a contract or prepare for a potential consulting engagement with you or your organization.
  • Legal Obligation: Where processing is required to comply with applicable law, regulations, or lawful authority requests.

5. Contact Forms and Business Inquiries

MOST Clinical may process personal data you voluntarily provide through website contact forms, inquiry forms, and business communications. This data includes:

  • Your name, email, phone number, organization, and role.
  • Details about your clinical pathway challenges, operational concerns, or consulting needs.
  • Any other information you choose to include in your message.

The legal basis for processing this data is typically legitimate business interest (responding to your inquiry and evaluating potential consulting engagement) or consent (if you have explicitly opted in). Processing is necessary to provide you with responsive, relevant information about MOST Clinical services.

6. Report Downloads and Resource Access

If MOST Clinical offers downloadable reports, case studies, executive briefs, or other resources, we may collect your contact information (name, email, organization) to manage access or follow up. The legal basis is typically legitimate business interest in lead generation and resource management.

Reports and resources are provided for informational and educational purposes only. By downloading or accessing materials, you acknowledge that you have read and accept the Terms of Service and this Privacy Policy.

7. Cookies and Analytics

MOST Clinical may use cookies, web beacons, and similar tracking technologies to:

  • Enhance your browsing experience and remember your preferences.
  • Analyze website usage patterns, traffic sources, and user behavior through analytics services.
  • Enable third-party analytics, advertising, and optimization services.

Google Analytics: This website may use Google Analytics to collect aggregated usage data. Google processes data subject to Google's Privacy Policy.

Consent: Where required by applicable law (including GDPR and ePrivacy regulations), we will obtain your explicit consent before placing non-essential cookies. You may manage cookie preferences through your browser settings or our consent management tools.

8. Third-Party Service Providers and Processors

MOST Clinical uses third-party service providers to operate the website and conduct business, including web hosting, form management, analytics, and communications services. All third-party processors are contractually required to process personal data only as instructed by MOST Clinical and to implement appropriate data security measures.

9. International Data Transfers

United States Transfer Notice: Because MOST Clinical may operate with personnel, systems, vendors, or business partners located in the United States, personal data submitted through this website may be transferred to, accessed from, or processed in the United States. Where required by applicable data protection law, MOST Clinical will rely on appropriate legal safeguards for international data transfers, such as:

  • Standard Contractual Clauses (SCCs) for transfers from the EU to third countries.
  • Contractual data processing agreements compliant with GDPR Article 28.
  • Technical and organizational security measures designed to protect data integrity and confidentiality.

By submitting personal data through this website, you acknowledge that your data may be transferred internationally and processed outside the EU/EEA. If you do not consent to international processing, please do not submit personal data through this website.

10. Data Retention

MOST Clinical retains personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact / Inquiry Data: Retained for up to 3 years or as long as necessary to respond to your inquiry or conduct related business communications, plus any period required by applicable law.
  • Website Usage / Analytics Data: Typically retained for up to 12-24 months (aggregate data may be retained longer).
  • Cookies / Tracking Data: Retained per cookie type (typically 6-24 months) as specified in our cookie management tool.
  • Email Communications: Retained for business and legal compliance purposes; you may request deletion at any time.

Where MOST Clinical is required by law to retain data (e.g., tax or regulatory obligations), we will retain data longer. After the retention period, data will be securely deleted or anonymized.

11. Your Rights Under GDPR / RODO

Under the GDPR and equivalent data protection laws, you have the following rights regarding your personal data:

  • Right of Access: You have the right to request and obtain a copy of personal data MOST Clinical holds about you.
  • Right to Correction (Rectification): You may request that MOST Clinical correct inaccurate or incomplete data.
  • Right to Erasure ("Right to Be Forgotten"): You may request deletion of your data where it is no longer necessary or where you withdraw consent, subject to legal retention requirements.
  • Right to Restrict Processing: You may ask MOST Clinical to limit how it processes your data, particularly where accuracy is contested or processing is unlawful.
  • Right to Data Portability: You may request that MOST Clinical provide your data in a structured, commonly-used, machine-readable format for transmission to another controller.
  • Right to Object: You may object to processing based on legitimate interest or direct marketing, and MOST Clinical must cease processing unless it demonstrates compelling reasons.
  • Rights Related to Automated Decision Making: You have the right not to be subject to profiling or automated decision-making that produces legal or similarly significant effects.
  • Right to Withdraw Consent: Where processing relies on your consent, you may withdraw consent at any time, though this does not affect the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact MOST Clinical at the privacy contact email above.

12. Right to Lodge a Complaint (GDPR / UODO)

If you believe MOST Clinical has violated your data protection rights, you have the right to lodge a complaint with your national data protection authority. In Poland, this is:

Polish Office for Personal Data Protection (UODO)

Urząd Ochrony Danych Osobowych

https://uodo.gov.pl

Email: kancelaria@uodo.gov.pl

You may also file a complaint with your country's data protection authority if you reside outside Poland.

13. Patient Medical Records and Protected Health Information

Important Disclaimer:

The MOST Clinical website is intended for business, educational, consulting, and professional inquiry purposes only.

Users should NOT submit through this website:

  • Patient medical records or patient documentation
  • Identifiable patient information or patient names
  • Protected health information (PHI) or healthcare data
  • Clinical case materials, lab results, or diagnostic information
  • Any other sensitive personal or medical information

If MOST Clinical engages in activities that involve handling of patient data, identifiable health information, or sensitive clinical materials, such activities must occur under a separate written agreement with appropriate security protocols, business associate agreements (if applicable), and secure data handling processes.

14. Data Security

MOST Clinical implements appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including encryption, access controls, secure infrastructure, and staff training. However, no security measure is absolutely impenetrable. MOST Clinical cannot guarantee complete security, and transmission of data over the internet involves inherent risks. You assume responsibility for protecting your login credentials and ensuring your device is secure.

15. Privacy Policy Changes

MOST Clinical may update this Privacy Policy at any time to reflect changes in practices, legal requirements, or other factors. Changes will be effective immediately upon posting to the website. Your continued use of this website and submission of personal data following such changes constitutes your acceptance of the revised Privacy Policy. We recommend reviewing this policy periodically.

16. Contact Information for Privacy Inquiries

For questions, requests, or complaints regarding this Privacy Policy or MOST Clinical's data processing practices, please contact: contact@mostclinical.com

Last Updated: July 2026