Privacy policy

Effective Date: 03.01.2021


We are Gray Consulting, Inc. dba Clincierge® (“we,” “us,” “Clincierge,” or “Gray Consulting”). Clincierge provides travel and lodging assistance, expense management, administrative, and other specialized solutions to clinical trial (“Trial”) participants (including, as appropriate, their caregivers) (collectively, “Trial Participants”) on behalf of our clients, which include Trial sponsors, Contract Research Organizations (CROs), and Trial sites (e.g., a hospital or clinic) (collectively, “Clients”). The services that we provide through Clincierge are collectively referred to herein as our “Services.” This Privacy Policy applies to the information collected online at (our “Website”) as well as to information collected by us offline in connection with our Services.

We have taken efforts to distinguish between the categories of individuals whose information we collect – namely, Trial Participants, Client business contacts, and Website visitors (who may also be Trial Participants or Client business contacts). In some cases, however, our activities apply generally. Thus, use of the terms “you” or “your” herein refers to all persons whose information we collect, whether a Trial Participant, Client business contact, or other individual.  

Finally, note that our practices involving your information are subject to applicable laws in the places in which we operate. This means that we engage in the practices described in this Privacy Policy in a particular country or region to the extent permitted under the laws of those places.

Information We Collect

In the course of operating our Website and providing our Services, we collect the following types of information:

  1. Information Collected in Connection with our Services and Website

Services: We collect certain personal information from Trial Participants when providing our Services, including first and last name, mailing address, email address, phone number, information relating to a Trial Participant’s travel plans to and from the Trial, and any other information that a Trial Participant chooses to provide to us, such as health-related information needed for special accommodations or other aspects of our Services.

Because Clincierge acts as a “business associate” of Trial sites when providing our Services to Trial Participants, any personal information collected or received in this context is also considered Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and any regulations promulgated thereunder (collectively, “HIPAA”).

Website: Website visitors may also choose to provide us with certain personal information by contacting us through the Website or according to the instructions on the Website (by phone or email) or by responding to questions on the Website. This personal information may include full name, company name, title, email address, phone number, and any other information that such Website visitor chooses to provide (such as within a free-text message box).

Other: We also collect certain personal information from the business contacts of prospective or current Clients, such as name, title, email address, and business address, such as when you contact us on our Website or email, through referrals, trade shows and conferences, or where we may contact you via our direct sales team.

  1. Cookies

Please see our Cookie Policy below.

  1. Aggregate Data

In an ongoing effort to better understand the visitors to our Website and the recipients of our Services, we may analyze information in aggregate or, in the case of PHI (and as allowed pursuant to any applicable Business Associate Agreement) in “de-identified” form, to operate, maintain, manage, and improve our Website and Services. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners, including, without limitation, our Clients. We may also disclose aggregated user statistics in order to describe the Website or the Services to current and prospective business partners and to other third parties for other lawful purposes.

Purpose of Collection and Use

We use the information that we collect from you under this Privacy Policy to provide our Website and Services; to respond to general inquiries; to solicit feedback regarding our Website and Services; to provide relevant content on our Website; to send invoices and receive payments; to maintain and improve our Website and Services; and to communicate with you regarding the Trials for which Trial Participants have registered (or sponsor, operate, or support, in the case of Clients).

Transfer to Third Parties

We may share personal information related to Trial Participants with our Clients in connection with their hosting and administration of the Trials (unless a Client must remain “blind” to the Trial Participants, as in the case of Trial sponsors). With a Trial Participant’s prior approval, we may share personal information with such Trial Participant’s bank for reimbursement of Trial expenses to which she is entitled, to the extent such function has been designated to us as part of our Services to the Client.

We may disclose personal information to our service providers but only to the extent needed to enable them to provide such services. For example, we may share a Trial Participant’s personal information with our travel assistance and logistics partners, so that they may book transportation or accommodation on such Trial Participant’s behalf in connection with a Trial. Other such companies that may receive your personal information include: direct marketing vendors, billing support, customer service, data storage and hosting services, sales support, and technical assistance.  To the extent that our service providers have access to your PHI, we require that they also sign Business Associate Agreements as required by HIPAA.

Related Entities; Business Transfers

We may share your personal information with any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us for aggregation, analysis, and benchmarking purposes.

In the event of a merger, reorganization, dissolution, or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this Privacy Policy.

Disclosure to Public Authorities

We are required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation, including, but not limited to, in response to court orders and subpoenas.

Opt-out for Direct Marketing

We may engage in direct marketing to the business contacts of our Clients regarding our Services. These business contacts may opt out at any time from the use of your personal information for such direct marketing purposes by contacting us at Please allow us a reasonable time to process your request. We do not engage in direct marketing to Trial Participants.

Access to Your Personal Information

You have the right to correct, amend, or delete your personal information where it is inaccurate or has been processed in violation of this Privacy Policy. We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable time to respond to your inquiries and requests. Note that, fulfilling or responding to requests submitted by Trial Participants relating to the above may require approval of our Clients on behalf of which we provide the Services.

Retention of Personal Information

We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized, or as otherwise permitted by law. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally.

How We Protect Your Personal Information

We will implement reasonable and appropriate security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in processing, the nature of such data, and applicable laws and regulations.


We do not knowingly collect any personal information from children under the age of thirteen (13) through our Website or Services. If you are under the age of 13, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide personal information to us without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us, please contact us at and we will endeavor to delete that information from our databases.

Links to External Websites

Our Website may contain links to third-party websites, including, without limitation, those of Clients (“External Sites”). We have no control over the privacy practices of these External Sites and are not responsible for their privacy policies or practices. You should check the applicable third party’s privacy policy and terms of use when visiting any External Sites, and before providing any personal information to such External Sites.

Important Notice to Non-US Residents

Our servers are located in the US. If you are located outside of the US, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the US. Your decision to provide such data to us, or to allow us to collect such data through our Website or through the provision of our Services, constitutes your consent to this data transfer to the extent permitted under applicable law.

Your California Privacy Rights

We do not monitor, recognize, or honor any “Do Not Track” signals or similar signals.

General Data Protection Regulation (GDPR)

Natural persons located in the European Economic Area (“EEA”) should review the GDPR Privacy Notice here.

Changes to this Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time, and will post any changes on our Website as soon as they go into effect. By accessing or using our Website or by using our Services after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please refer back to this Privacy Policy on a regular basis.

How to Contact Us

If you have questions about this Privacy Policy, please contact in one of the following ways:

E-mail us at (preferable for fastest response)

Call us at 215.413.2034 or

Write to us at Gray Consulting, Inc. 190 N. Independence Mall West, Suite 201 Philadelphia, PA 19106

Cookie Policy


What Is A Cookie?

When visiting our Website, we may collect other information about you through technologies such as “cookies.”

When accessing or otherwise using a website, small pieces of data concerning your device and your visit are stored within your web browser (including when browsing on a mobile device), which can be retrieved upon future visits. These pieces of data make up a small file called a “cookie.” Information collected via cookies includes the type of device you use, your operating system, IP address, browser type, and geographic location, and ties it to a randomized ID called a “cookie ID,” rather than your name, address, or other similar “direct” identifiers.

First and Third-Party Cookies

Both first-parties (i.e., the operator of the website you are visiting) and third parties (such as analytics or advertising companies) can store their own cookies on your web browser. These are typically referred to as “first” or “third-party” cookies, respectively. When you visit the website again, the cookie allows that website (or other third parties) to recognize your browser and any stored information (such as user preferences).

Cookies “Lifespan” (Session vs. Persistent)

We use two types of first/third-party cookies: session cookies and persistent cookies. Session cookies are temporary cookies that remain on your device until you leave the Website. Session cookies are typically essential to make our Website work correctly, as they enable you to move around our Website and use our features. Persistent cookies remain on your device for longer or until you manually delete it (how long the cookie remains on your device will depend on the duration or “lifetime” of the specific cookie and your browser settings). 

Persistent cookies help us recognize you as an existing user of the Website, so it’s easier and convenient to return to the Website or interact with our Services without signing in again or changing certain settings (as applicable). In addition, persistent cookies help us understand your use of our Website during the lifetime of the persistent cookie or, potentially, your interactions with any of our advertisements on other websites. 

How Do We Use Cookies?

In our case, we primarily use persistent analytics cookies (primarily those provided through Google Analytics, though we may use other similar services) to collect information regarding how visitors use our Website, for example, which pages they go to most often, how long they stay on a page, what page or other website they came from, what general geographic area they are from, and similar “usage information.” We use this information to understand the utility of our Website and to generally optimize and improve it.

In some cases, we may wish to use advertising-related cookies, such as those that determine the effectiveness any of our marketing-related efforts (such as whether you clicked on any ads we displayed on other sites or a link to our Website through popular search engines). 

How To Control Cookies

You can control and/or delete cookies as you wish – for details, see or otherwise consult your browser’s privacy settings or related documentation. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit our Website in the case some services and functionalities cease to work (however, this should be an unlikely occurrence).

With respect to Google Analytics, which Clincierge uses on the Website, Google provides an opt-out mechanism for various browsers as set forth here:

GDPR Privacy Notice

This General Data Protection Regulation (GDPR) privacy notice (this “GDPR Notice”) is included in our Privacy Policy and applies to the ‘personal data,’ as defined in the GDPR, of natural persons located in the United Kingdom or European Economic Area processed by Clincierge (collectively, “European Individuals,” “you,” or “your”). Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them elsewhere in the Privacy Policy or, if not defined herein or elsewhere in the Privacy Policy, the GDPR. To the extent of any conflict between this GDPR Notice and any other provision of the Privacy Policy, this GDPR Notice shall control only with respect to European Individuals and their personal data.

Processor Disclosure

We serve as a data processor (a “processor”) when providing our administrative and logistics support in connection with Trials on behalf of our Clients, such as transportation and expense management services to Trial participants. When serving as a processor, we have certain obligations under the GDPR including only processing personal data at our Clients’ instructions, providing assistance with fulfilment of rights requests, and implementing appropriate security for personal data. Our Clients are responsible for obtaining any required consents or authorizations for a European Individual’s use of our Services; in many cases, Clincierge will provide a draft “consent form” to our Clients, as reviewed and approved by such Clients, and provide such consent form to European Individuals on such Clients’ behalf. We will forward any inquiries, complaints, or requests received from European Individuals with respect to our Services to the appropriate Clients and await instructions before taking any action.

Controller Disclosure and Details

We are a data controller of personal data regarding the following categories of European Individuals: business contacts for European-based Clients and vendors (collectively, “Business Contacts”) for the purposes and under the legal bases described in the table below. As a data controller we decide why and how personal data relating to Business Contacts is processed.  The personal data described below is provided to us either in the course of your performance of contractual duties for the organization for whom you work or on a voluntary basis in the course of your general business dealings with us (or your colleagues within your organization, such as those that provide your contact details as appropriate for the dealings in question or from third parties who may recommend you).  If this data is not provided to us, then we, you, or the organization for whom you work may be unable to perform certain contractual obligations or communicate effectively.

Business Contacts

Service-Related Communications: Outside of communications relating to clinical trial participants (i.e., where we serve as a “processor”), we process service-related communications with our Clients pursuant to our, our Clients, and clinical trial participants’ legitimate interests in performing our contracts, including any related Statement of Work. Given the low sensitivity of the data (i.e., basic contact details and correspondence) and routine nature of the communications, these legitimate interests are balanced with the rights and freedoms of the individuals to which such communications relate.  
Procurement-Related Communications: We will process communications (comprising basic contact details and correspondence) with the procurement and legal departments of our Clients and vendors which is in our and our Clients’ legitimate interests. These legitimate interests are to establish and develop a commercial relationship for the purposes of providing our Services and to facilitate their provision.

Our representative in the European Union is:

ePrivacy GmbH (“ePrivacy”)

Große Bleichen 21
20354 Hamburg
Germany Phone +49 40 60 94 518 – 10
Fax +49 40 60 94 518 – 20
Mobile +49 151 23 44 99 00


Clincierge personnel shall receive and process your personal data for the purposes described herein. Such personal data is also disclosed to the following recipients in connection with these purposes:

  • Other Business Contacts (in the course of the procurement or provision of services)
  • Amazon Web Services (an IT services company that provides hosting services)
  • Microsoft (a software company that provides Office 365, its cloud-based software)
  • Internal and external auditors and our legal and other professional services providers


The length of time for which we retain your personal data is determined by several factors including the purposes for which we use that information and our obligations under applicable laws.

We may need your personal information to establish, bring, or defend legal claims. In general, given this purpose, we typically retain your personal information for seven (7) years from the end of the year in which we receive it. The exceptions to this are where:

  • the law (including a court, regulator, or other authority) requires us to hold your personal information for a longer period or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
  • you exercise your right to require us to retain your personal information for a period longer than our stated retention period;
  • we bring or defend such legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
  • the information is no longer reasonably necessary, in our discretion, for the purposes discussed herein (in which case we may earlier delete such information).

Your GDPR Rights

As a natural person, you have a right to: (i) request access to, correction and/or erasure of your personal data; (ii) object to processing of your personal data; (iii) restrict processing of your personal data; and (iv) request a copy of your personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. You may exercise these rights by contacting: with the subject line “GDPR Notice.”

You also have the right to lodge a complaint about the processing of your personal data with an appropriate data protection authority, and, as applicable, to exercise third-party beneficiary rights under Clincierge’s Standard Contractual Clauses.

Contact details for the EU data protection authorities can be found at: and for the UK data protection authority can be found at

Objecting to Legitimate Interest/Direct Marketing

You may object to personal data processed pursuant to our legitimate interest. In such case, we will no longer process your personal data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your personal data for direct marketing purposes by clicking “Unsubscribe” within an automated marketing email or by submitting your request to with the subject line “GDPR Notice” (the latter for instances where, for example, you would not like to receive follow-ups from our sales team). In such case, your personal data will no longer be used for that purpose.

Transfer of Personal Data Outside the UK or EEA

For data transfers, we may rely on appropriate Standard Contractual Clauses to ensure adequate protection for your personal data or a derogation under Article 49 of the GDPR (such as when you give us your explicit consent). 

Disclosure to Public Authorities

Clincierge may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Corporate Restructuring

In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this GDPR Notice.

Updates to this GDPR Notice

If, in the future, we make any material changes to this GDPR Notice relating to our controller obligations, we will provide you with the relevant information at a reasonable time prior to those changes taking effect and the “Effective Date” at the top of this page will be updated accordingly.

How to Contact Us

Clincierge is located at 190 N. Independence Mall West, Suite 201 Philadelphia, PA 19106. Please use this address or, preferably, reach out to regarding any questions, complaints, or requests regarding this GDPR Notice; please include the subject line “GDPR Notice.”

We are monitoring the impact of the COVID-19 Delta Variant on the travel and clinical trial industries.