Skip to content
Clinic Logo NeuroBehavior Clinic

Privacy Policy

This Privacy Policy explains how we collect, use, and protect your personal information in compliance with GDPR and Swiss data protection laws.

1. Introduction and Scope

This Privacy Policy details how NeuroBehavior Clinic ("we," "us," or "our") collects, uses, protects, and shares your personal data. It applies to all data collected through our website, during research participation, clinical consultations, and any other interactions. We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).

2. Data Controller Information

The entity responsible for your personal data (the "data controller") is:
NeuroBehavior Clinic
c/o Hospital Clínic de Barcelona
Barcelona, Spain
For any questions regarding your data, please contact our Data Protection team at: privacy@neurobehaviorclinic.com.

3. What Data We Collect and How

Data You Provide Directly

This includes information you give us when you contact us, apply for a position, or enroll in a study, such as your name, email address, phone number, and professional or medical history.

Research and Clinical Data

For participants in our studies or clinical services, we collect specific data as outlined in your informed consent form. This can include sensitive data such as neuroimaging scans (fMRI, EEG), behavioral task performance, cognitive assessments, and clinical interviews. All such data is pseudonymized or anonymized whenever possible.

Data We Collect Automatically

When you visit our website, we may collect technical data like your IP address, browser type, and operating system for security and analytical purposes.

4. How and Why We Use Your Data (Lawful Basis)

To Conduct Scientific Research

Processing research data to answer scientific questions. Lawful Basis: Your explicit consent (Art. 9 GDPR) and our legitimate interest in scientific advancement (Art. 6 GDPR).

To Provide Clinical Services

Using your data for assessment, diagnosis, and intervention planning. Lawful Basis: Performance of a contract with you and your explicit consent (Art. 6 & 9 GDPR).

To Communicate With You

Responding to your inquiries or sending you information about our work. Lawful Basis: Our legitimate interest to engage with the public and scientific community (Art. 6 GDPR).

For Legal and Ethical Compliance

Meeting our obligations to regulatory bodies, ethics committees, and funding agencies. Lawful Basis: Legal obligation (Art. 6 GDPR).

5. Data Sharing and International Transfers

We do not sell your data. We only share it under strict conditions:

  • With Academic Collaborators: For joint research projects, data is always pseudonymized and shared under strict Data Sharing Agreements.
  • With Service Providers: We use third-party services (e.g., for data storage) that are contractually bound to protect your data.
  • With Legal Authorities: If required by law or a court order.

When data is transferred outside of Switzerland or the EU (e.g., to a research partner in the US), we ensure it is protected by legally-recognized mechanisms like Standard Contractual Clauses (SCCs).

6. Data Retention

We retain data only for as long as necessary:

  • Research Data: Typically for a minimum of 10 years after study completion, as required by good scientific practice and funding bodies.
  • Clinical Records: As required by Swiss/Spanish law (typically 10-20 years).
  • Contact Information: For as long as we are in active communication, and for a reasonable period thereafter.

7. Data Security

We implement robust technical and organizational measures to protect your data, including:

  • Encryption: Data is encrypted both at rest (on our servers) and in transit (over the internet).
  • Access Control: Strict, role-based access ensures only authorized personnel can view sensitive data.
  • Pseudonymization: Personal identifiers are removed from research data and replaced with a code whenever possible.
  • Regular Audits: We conduct regular security assessments and staff training.

8. Your Rights Regarding Your Data

Under GDPR and FADP, you have the right to:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct any inaccurate data.
  • Erasure ("Right to be Forgotten"): Request deletion of your data, subject to our legal and ethical obligations.
  • Restrict Processing: Limit how we use your data.
  • Data Portability: Receive your data in a machine-readable format.
  • Object: Object to us processing your data based on legitimate interests.
  • Withdraw Consent: Withdraw your consent at any time for future processing.

To exercise these rights, please contact us at privacy@neurobehaviorclinic.com. You also have the right to lodge a complaint with a relevant supervisory authority, such as the Spanish Data Protection Agency (AEPD) for our main center in Spain, or the Federal Data Protection and Information Commissioner (FDPIC) for our research lab in Switzerland.