Privacy Policy

Last updated: April 8, 2026

Introduction

This Privacy Policy describes how RAN BIOLINKS CANADA LTD (“RAN BIOLINKS”, “we”, “us”, “our”) collects, uses, discloses, and safeguards information in connection with MAESTRO ECMS — our electronic content and compliance management platform for life sciences and research organizations — and the public marketing properties we operate (including this website).

MAESTRO ECMS processes highly sensitive categories of information, including professional identifiers, workforce training records, and content that may relate to clinical, quality, or research operations. We apply data minimization, strict access controls, contractual safeguards with customers and vendors, and security measures designed for regulated environments.

By using our website or MAESTRO ECMS (as authorized by your organization), you acknowledge the practices described in this Policy. If you do not agree, please discontinue use or contact us before proceeding.

Who is responsible for your information

For visitors to this website and for commercial relationship data (e.g., demo requests), RAN BIOLINKS generally acts as the organization responsible for determining the purposes and means of processing.

For data entered into MAESTRO ECMS workspaces, your employer or contracting organization is typically the party that determines why and how that data is processed (for example, which SOPs are published, which training is mandatory, and retention rules for quality records). RAN BIOLINKS processes such data as a service provider / processor on documented instructions, except where we must process certain information independently (for example, billing, security, legal compliance, or aggregate service improvement subject to contract).

Employees and contractors of a customer organization should contact their privacy or IT administrator first for requests relating to workspace content and account profiles.

Information we collect

Information you or your organization provide

  • Business contact data: Name, email, phone, job title, organization name, and message content when you request a demo, subscribe to updates, attend webinars, or correspond with us.
  • Account and directory data: User identifiers, display names, organizational affiliation, role labels, department or site assignments, authentication factors (where enabled), and notification preferences for MAESTRO ECMS.
  • Workspace content: Documents, attachments, version metadata, training programs and completions, onboarding checklists, validation packages and artifacts, compliance reports, CAPA records, comments, and other materials your organization uploads or creates in the platform.
  • Billing and procurement data: Where applicable, billing contacts, purchase order references, and payment-related information processed by us or our payment service providers.

Information collected automatically

  • Technical and security logs: IP address, device type, browser, operating system, approximate location derived from IP, timestamps, session identifiers, and similar data used to secure the service, troubleshoot, and detect abuse.
  • Usage and audit telemetry: Actions taken within MAESTRO ECMS (for example, document views, approvals, training completions) as required for feature operation, subscription metering, and immutable audit trails that customers rely on for GxP and internal governance.
  • Cookies and similar technologies: On this marketing website, we may use cookies or local storage for session continuity, preference storage, or analytics. You may control cookies through your browser settings; strictly necessary cookies may be required for site function.

Information from third parties

  • Identity providers: If your organization enables single sign-on, we may receive identifiers and attributes from your IdP.
  • Integration partners: Where you connect third-party systems, we may receive data those systems transmit pursuant to your configuration.

How we use information

We use personal and organizational information for purposes that include:

  • Providing MAESTRO ECMS: Hosting, operating, maintaining, and supporting the platform; authenticating users; enforcing role-based access; delivering notifications; generating exports and reports.
  • Security and integrity: Detecting, preventing, and responding to fraud, abuse, and security incidents; maintaining backup and disaster-recovery processes.
  • Compliance and legal: Meeting applicable laws; responding to lawful requests; enforcing our agreements; preserving records where litigation or regulatory obligations require.
  • Product improvement: Analyzing aggregated or de-identified usage to improve reliability, performance, and usability, consistent with our agreements and this Policy.
  • Communication: Service announcements, support responses, and — where permitted — marketing about MAESTRO products. You may opt out of marketing emails using the mechanism provided in those messages.

Where required by law, we rely on appropriate bases such as performance of a contract, legitimate interests (balanced against your rights), legal obligation, or consent, as applicable to the processing context.

How we share information

We do not sell personal information. We may share information as follows:

  • With your organization: Administrators and authorized users within your tenant can see workspace data and activity in accordance with their permissions.
  • Service providers (subprocessors): Cloud infrastructure, email delivery, monitoring, customer support tooling, and similar vendors that process data on our behalf under written agreements requiring confidentiality and appropriate security.
  • Professional advisers: Lawyers, auditors, or insurers where necessary and subject to confidentiality obligations.
  • Legal and safety: When we believe disclosure is required by law, regulation, legal process, or governmental request; to enforce our terms; or to protect the rights, safety, or property of RAN BIOLINKS, our users, or the public.
  • Business transfers: In connection with a merger, acquisition, financing, or sale of assets, subject to appropriate continuity commitments and notice where required.

International transfers

Your information may be processed in Canada and, depending on deployment choices and support operations, in other countries where we or our subprocessors maintain facilities. We implement appropriate safeguards — such as contractual clauses and technical measures — consistent with applicable law. See also our Data Residency page for regional hosting options.

Retention

We retain information for as long as necessary to fulfill the purposes described in this Policy, including:

  • For MAESTRO ECMS tenant data, for the term of the subscription and as specified in the customer agreement (including post-termination export or deletion windows).
  • For audit, security, and compliance logs, often for extended periods where customers or law require defensible records.
  • For marketing contacts and website logs, for durations aligned with business need and law.

Customers may define additional retention or archival rules for certain record types within the bounds of their agreement and product capabilities.

Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data we process. A high-level description appears in our Security Overview. No method of transmission or storage is completely secure; we encourage customers to implement strong authentication and least-privilege access policies.

Your privacy rights

Depending on where you reside, you may have rights to access, correct, delete, port, or restrict certain personal information, or to object to certain processing. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial private-sector laws may apply; public-sector and health-sector organizations may be subject to additional statutes (for example, provincial health information acts).

To exercise rights relating to MAESTRO ECMS workspace data, contact your organization’s administrator. To exercise rights relating to data RAN BIOLINKS holds as controller (for example, your marketing contact details), contact us using the information below. We may need to verify your identity before responding.

Children’s privacy

MAESTRO ECMS and our marketing websites are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If you believe we have collected such information, please contact us so we can take appropriate steps.

Changes to this Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. Where changes are material and we have your contact details, we may provide additional notice as appropriate.

Contact

For privacy questions, requests, or complaints regarding RAN BIOLINKS’ processing practices, contact us via ranbiolinks.com/contact. We will work with you and, where applicable, your organization to address legitimate concerns.