Data Protection Considerations

April 24, 2026

version 03

Flex Databases provides software solutions supporting clinical trial conduct across all stages. One of our key priorities is ensuring the confidentiality and integrity of customer data. We are committed to maintaining high standards of data protection and privacy.

Flex Databases implements robust security controls to protect customer data, ensure compliance with applicable regulations, and mitigate potential risks. This approach is essential for building trust and delivering a high level of service.

Our security framework is designed in alignment with recognized standards and regulations, including:

  • 21 CFR Part 11
  • HIPAA
  • GDPR

Under GDPR, Flex Databases acts as a data processor, while our customers act as data controllers. The data controller determines what data is collected and how it is processed and stored. Flex Databases processes personal data strictly in accordance with the controller’s documented instructions and contractual agreements.

To support our customers in fulfilling their data protection obligations, Flex Databases provides the following technical and organizational controls:

  • robust access control mechanisms;
  • encryption of all data in transit using TLS/SSL protocols with strong cryptographic algorithms (e.g., SHA-2, AES);
  • secure access to user interfaces via HTTPS.

The Flex Databases platform is a modular, web-based system provided under contractual agreements. It is typically delivered as a Software as a Service (SaaS) solution, where applications are hosted and made available to customers via the cloud.

Cloud-based delivery means that data storage and processing take place on servers hosted by Flex Databases in subcontracted data centers. These data centers are subject to formal vendor assessment in accordance with SOP-QA-011 “Purchasing and Vendor Assessment” prior to engagement.

Personal data processing is designed in compliance with applicable data protection regulations. Data Protection Impact Assessments (DPIAs) are performed where required. Data processing details are agreed with customers, and Data Processing Agreements (DPAs) are executed using either the Flex Databases template or a customer-provided template.

For European customers, data is stored within qualified data centers located in the European Union.

The implemented technical and organizational measures (TOMs) include, but are not limited to:

Use of ISO 27001-certified data centers, verified through vendor assessment procedures;

  • Multi-layered firewall protection with a default deny-all configuration;
  • Strict network access controls, with only explicitly authorized ports and hosts permitted;
  • Segregation of environments (TEST, QA, PROD) using separate VLANs and security groups;
  • 24/7 monitoring of data center infrastructure;
  • Physical security controls, including:
    • electronic access control systems with logging;
    • secured perimeter fencing;
  • Continuous monitoring, including:
    • access logging;
    • video surveillance of entry and exit points.

A designated Data Protection Officer (DPO) provides GDPR training to staff and ongoing guidance on data protection matters.

For any data privacy-related inquiries, please contact: dl_privacy@flexdatabases.com

Blog

July 17, 2026
Why Long-Established eClinical Platforms Are Slowing Down Modern Clinical Trials 

What Sponsors Should Really Look For When Choosing an eClinical Platform?  Today, every established vendor offers all kinds of system modules, document management capabilities, and a long list of compliance certifications.  On paper, they appear remarkably similar, making it increasingly difficult for sponsors and CROs to distinguish between solutions based on feature lists alone.  In reality, they couldn’t be more different.  Most enterprise eClinical platforms can […]

July 16, 2026
Customize CTMS Dashboards for Every User

Every clinical trial role requires different information. CRAs need to track upcoming monitoring visits, Project Managers need study performance metrics, and clinical operations teams need enrollment and site activity data. In this video, see how Flex Databases CTMS allows every user to create a personalized dashboard without affecting other users. Learn how to add or […]

July 15, 2026
How ITS Cut Manual Safety Tracking by 60% and Strengthened PV Oversight Across Clinical Trials

About Integrated Therapeutic Solutions Integrated Therapeutic Solutions (ITS) is a clinical research organization conducting multi-country clinical trials and supporting post-marketing needs across a growing sponsor portfolio. As case volumes increased, so did the complexity of managing pharmacovigilance activities from safety event intake and workflow tracking to regulatory reporting and cross-functional coordination with clinical operations teams. […]

July 7, 2026
Is Your EDC Really Modern If Someone Still Has to Re-Enter Every Serious Adverse Event?

Clinical industry has finally embraced AI, sponsors run decentralized trials and data is now collected in real time. But still one of the most critical workflows in every study – handling adverse events (AEs) – surprisingly depends on copy-paste. Most sponsors assume that if they have an Electronic Data Capture (EDC) system and a Pharmacovigilance […]

Contact us

Get in touch to discuss compliance, implementation, demos, pricing

We are here for all of your questions! Tell us more about yourself and we will organize a tailored live demo to show how you can power up your clinical trials processes with Flex Databases.