Data Management Policy

1. Purpose

The purpose of this policy is to ensure that all personal, academic, and administrative data collected by Clueo Clinical is managed responsibly, in compliance with applicable privacy laws and in line with best practices for data protection.

2. Scope

This policy applies to:

• All learners, members, and program participants of Clueo Clinical.
• All data collected through our learning management system (LMS), e-commerce platform, customer relationship management (CRM), and support channels.
• Employees, contractors, and third parties who process data on behalf of Clueo Clinical.

3. Data Collection

We collect and process data that is necessary to deliver our programs and services, which may include:

• Contact information (name, email, phone).
• Enrollment and payment records.
• Course progress and completion records.
• Certificates issued.
• Support and communication history.

4. Data Retention

• Participant data will be retained for the duration of the program or course.
• In the event of program completion or discontinuation (no ongoing payment or active enrollment), Clueo Clinical will retain participant records for 12 months.
• After this period, all personal and training-related data will be erased except for minimal verification records (name, course completed, completion date, and certificate ID). These records are retained solely for the purpose of confirming training history and certificate authenticity.

5. Data Deletion

• After the 12-month retention period, all detailed personal, training, and payment data will be permanently erased.
• Verification records (name, courses/programs completed, completion date, certificates ID) will be stored in a secure database and may be retained for verification purposes.
• Once deleted, detailed course activity or payment data cannot be recovered.

6. Exceptions

Some data may be retained beyond the 12-month period if:

• Required by applicable law or regulation.
• Necessary to resolve disputes, enforce agreements, or maintain security.

7. Data Security

Clueo Clinical uses industry-standard measures to protect all stored data, including:

• Encrypted data storage and transfer.
• Access controls limited to authorized personnel.
• Regular audits of data handling practices.

8. Participant Rights

Participants may request:

• Access to their stored data.
• Correction of inaccurate information.
• Early deletion of data (prior to the 12-month retention period), subject to identity verification.

Requests can be made by contacting support@clueoclinical.com.

9. Policy Updates

Clueo Clinical may update this policy from time to time to reflect changes in operations, regulations, or technology. Updates will be published on our website, and participants will be notified of significant changes. Continued use of Clueo Clinical Services will imply consent.

Name: Dr. Alberto Nicotra
Position: Chief Operating Officer
Date: 24/09/2025
Signature: Alberto Nicotra
Review date of Policy: 24/09/2025