massivebio logo clr

Massive Bio GDPR Notice

In order to conduct our Services, Massive Bio will collect data about you that can identify you, referred to as Personal Data. This Notice is provided under the EU General Data Protection Regulation (2016/679) (‘GDPR’) and applicable local data-protection laws. It explains how Massive Bio collects, uses, shares, and protects your Personal Data.

We will obtain Personal Data directly from you or from your medical records so we can properly conduct these Services.

Massive Bio will collect and use the following types of Personal Data for these Services:

  • Contact Information
  • Health information
  • Demographic Information (age, gender, geographic location)
  • Your racial or ethnic origin
  • Genetic data
  • Identifiers derived from electronic communications (e.g., IP address, patient portal ID)

The Massive Bio Team will enter data about you and your health into a computer and dedicated software and algorithms, supervised by humans, will help the team identify suitable clinical-trial and therapeutic options for you.

Please initial one of the boxes below to indicate whether you consent to use of the automated processes described above.

Personal Data will be retained for as long as necessary to fulfill the purposes of the Services and comply with applicable legal, regulatory, or operational requirements, and in no case longer than ten (10) years unless further retention is required for anonymized or aggregated datasets.

Massive Bio may anonymize and aggregate your data for research, analytics, real-world evidence (RWE), and algorithm training to improve clinical-trial matching, diagnostics, and therapeutic optimization. Such anonymized data are no longer subject to data-protection laws.

The following categories of individuals may receive Personal Data collected about you:

  • Members of the Massive Bio team so they properly provide Services
  • Massive Bio partners, vendors, subcontractors, and trusted partners engaged in AI-based analytics, data hosting, or regulatory compliance, subject to binding contracts and confidentiality obligations
  • Clinical trial sites

Cross-Border Data Transfer:

Transfers outside the EU/EEA rely on the European Commission’s Standard Contractual Clauses or other recognized adequacy mechanisms, ensuring substantially equivalent safeguards (GDPR Arts. 44–49). For more details, see our Privacy Policy at https://massivebio.com/privacy-policy.

Your Rights:

Under GDPR Articles 15–22, you have the right to:

  • Access your Personal Data
  • Rectify inaccurate Personal Data
  • Erase your Personal Data (right to be forgotten)
  • Restrict processing of your Personal Data
  • Object to processing
  • Withdraw your consent to use your Personal Data at any time (withdrawing consent will halt new processing of identifiable data; data already anonymized or required for legal or scientific integrity may continue to be used)
  • Lodge a complaint with your supervisory authority

Controller and Contact Information:

Massive Bio acts as a data processor on behalf of healthcare providers and as a data controller for its anonymized datasets.

Data Protection Officer: Cagatay Culcuoglu

Email: [email protected]

Phone: +1-844-627-7246 (International callers: dial +1 or contact [email protected])

Fax: +1-844-742-8837