General information

Who are we?

Monsana BV (“Monsana”, “we”, “us” or “our”) is a technology company dedicated to improving patient access to clinical trials by connecting patients, doctors, hospitals, and pharmaceutical companies with our AI-software. Monsana uses advanced data analysis and generative AI to match patient health data with appropriate clinical trials, helping accelerate medical research and optimize patient care.

​

Monsana BV is registere in the Belgian Crossroads Bank for Enterprises under number 1010.386.444 and has its registered office at Rapertingenstraat 21, 3500 Hasselt, Belgium.​​​

​

How can you contact us?

If you have any questions, concerns, or comments about this Privacy Policy or our data practices, you may contact simeon.devos@monsana.ai or via the contact form on our website.

​

General information about this Privacy Policy

• Scope – This Privacy Policy applies to all personal data processing activities carried out by or on behalf of Monsana, including data collected through our platform and website. When Monsana processes personal data on behalf of healthcare institutions or pharmaceutical partners, please refer also to their privacy policies.

• Purpose – We want to inform you clearly about what personal data we collect, how and why we process it, who has access to it, and your data protection rights.

• Legal framework – Monsana processes your personal data in accordance with the European General Data Protection Regulation (GDPR) and Belgian data protection laws.

• Governing law – This Privacy Policy is governed by Belgian law. Any disputes related to this policy will be resolved by Belgian courts.

• Updates – We may update this Privacy Policy periodically. Please review it regularly to stay informed of any changes.

​

Monsana's role in data processing

Monsana on behalf of Clients

When Monsana processes personal data on behalf of hospitals, doctors, or pharmaceutical companies (“Clients”), the roles and responsibilities related to that data processing (such as controller, joint controller, or processor) are defined in collaboration with the Client. These roles are formalised through data processing agreements that comply with applicable data protection laws.

​

To ensure data protection, Monsana has established GDPR-compliant data processing agreements with both its Clients and any engaged subprocessors.

​

Monsana as a controller
Monsana may act as a controller when it processes personal data for its own operational purposes, such as responding to inquiries, managing recruitment, conducting marketing, or analysing website usage. These activities are carried out independently of any data processing activities performed on behalf of Clients.

​

What information do we collect?

Personal data you provide

• When you contact us (e.g., via email or contact forms), we collect your name, email, and other contact details to respond to your request.

• When you apply for a job, we collect relevant recruitment data such as your CV, contact info, qualifications, and other details.

• When you subscribe to newsletters, events, or promotions, we collect your email address and preferences.

• Please avoid sending sensitive personal data (e.g., health data, racial or ethnic data) unless strictly necessary and with explicit consent.

​

Data related to your use of our Website

We use cookies and similar technologies to analyze website traffic and improve user experience. Details are in our Cookie Policy.

​

Data from third parties

We may receive data about you from hospitals, pharmaceutical partners, or other trusted third parties involved in clinical trial matching or business collaborations.​

​​​

Why do we process your personal data?

• To provide our AI-powered clinical trial matching services, in accordance with the agreement we have with our client (e.g. your doctor, hospital, or pharmaceutical sponsor).

• To communicate with you and respond to inquiries.

• To manage job applications and recruitment.

• To send newsletters or promotional information (with consent).

• To comply with legal obligations.

• To protect our legitimate business interests, such as ensuring platform security and preventing fraud.

​

This processing takes place under Belgian regulations and is always carried out in compliance with the General Data Protection Regulation (GDPR).

​

Disclosure to third parties and data transfers

Monsana only shares your personal data with:

• Subprocessors supporting our platform operations (e.g., cloud providers, IT services), all bound by strict data protection agreements.

• Competent authorities where legally required.

All data is stored within the European Economic Area (EEA). Should data be transferred outside the EEA, we will ensure appropriate safeguards are in place.

​

Security of your personal data

Monsana implements robust technical and organizational measures to safeguard your personal data against unauthorized access, loss, alteration, or misuse. These measures align with the NIS2 Directive and ISO 27001 standards, and include regular audits, secure infrastructure, and strict access controls to ensure data security and integrity.

​

Data retention
Monsana retains personal data only for as long as necessary to fulfil the purposes outlined in this policy or to comply with legal obligations. When processing data on behalf of Clients, retention periods follow their specific instructions and applicable laws and regulations.

​

Your rights under data protection law​

Where applicable, you have the right to:

• Access and receive a copy of your personal data.

• Rectify inaccurate or incomplete data.

• Object to processing based on legitimate interests.

• Withdraw consent where applicable.

• Lodge a complaint with the Belgian Data Protection Authority.​

​

To exercise these rights, contact us at simeon.devos@monsana.ai or via our website contact form. 

​

Our Data and AI principles

Monsana is committed to ensuring strong privacy protections and responsible use of AI technologies. Our practices aim to safeguard personal data while supporting effective clinical trial matching.​

​

AI system development

• Our AI models are developed using data sources that do not involve direct patient information.

• The AI is not adapted or retrained using personal data, minimizing risks related to data exposure.

Data handling

• We limit the collection and processing of personal data to what is necessary for our services.

• Measures are in place to reduce the risk of identifying individuals from the data we process.

• Data retention policies ensure personal information is only kept as long as required.

Governance and transparency

• We conduct regular assessments to identify and manage privacy and ethical risks.

• Information about data use is made available through relevant communication channels.

• Individuals can exercise their data rights through established procedures.

• Privacy and security measures are continuously reviewed and improved.

• Any incidents such as data breaches or other risks can be reported promptly by requesting our incidents reporting template at simeon.devos@monsana.ai. ​