Privacy Policy
Background
This privacy policy sets out how medac Pharma LLP uses and protects any personal data, that it collects and processes, in line with the General Data Protection Regulations (GDPR).
medac Pharma LLP is committed to ensuring that all personal data is held securely and only in line with an identifiable lawful basis for processing as set out by the GDPR.
If you have any queries concerning your personal information or any questions on medac Pharma’s use of the information, please contact: info@medacpharma.co.uk.
Data protection office details
medac Pharma does not employ a DPO (Data Protection Officer) as an individual, as they do not meet the following conditions that make it compulsory i.e. they:
1) are not “a public authority”
2) do not “carry out large-scale [or indeed, any] systematic monitoring of individuals”
3) do not “carry out large-scale processing of special categories of data”
medac Pharma does however have a member of staff (Office Manager) who has the responsibility of Data Protection within their role remit.
The Principles of GDPR recognised and adhered to by medac Pharma LLP
- Lawfulness, fairness and transparency of data held
- Purpose (of data held) limitation
- Data (held) minimisation
- Accuracy (of data held)
- Storage (of data) limitation
- Integrity and confidentiality (security) of data held
- Accountability (of data held)
The rights a person has as an individual under GDPR as recognised by medac Pharma LLP
(including an individual in their working capacity)
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
General – Healthcare professionals
What information might medac Pharma collect that is considered “personal identifiable” data?
In the event that contact information is processed for the purposes of carrying out the services of medac Pharma LLP, the following information about you, in your working capacity, will be collected:
- Contact name
- Contact job title
- Contact work email address
- Contact work phone number
- Contact work address
Why does medac Pharma store this personal data?
Personal data that is collected about you, in your capacity as a member of staff for your company, is held for the purposes of communicating with you in a work capacity and delivering medac Pharma’s services. It allows medac Pharma to; provide you with awareness about its existing products, arrange meetings with you, inform you of new products, inform you of training, courses and conferences.
Where does medac Pharma store your personal data?
Your data will be kept within work email and phone contacts. It is also stored within the CRM system Ellusion where you have consented for your information to be stored.
What is medac Pharma’s lawful basis for processing it?
6(1)(b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
Medical information – enquiries, complaints, adverse reactions
As a Patient: When you contact medac Pharma with a query or complaint about a product or to register an adverse reaction, some information will be taken.
When a query is made
What information is collected that is considered “personal identifiable” data?
- Name
- Contact data
- Nature of the query
Why does medac Pharma store this personal data?
This information is stored so that the query can be responded to or in the event that it is needed for a follow up on the query.
Is this information shared with anyone?
This information is not shared with anyone.
Where does medac Pharma store your personal data?
Within a secure in-house database.
What is medac Pharma’s lawful basis for processing this data?
6(1)(b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
When a complaint is made
What information, from you, does medac Pharma collect that is considered “personal identifiable” data?
- Name
- Contact Data
- Nature of the complaint
Why does medac Pharma store this personal data?
This information is stored so that the complaint can be responded to or in the event that a follow up on the complaint is required.
Is this information shared with anyone?
This information is not shared with anyone.
Where does medac Pharma store your personal data?
Within a secure in-house database.
What is medac Pharma’s lawful basis for processing this data?
6(1)(b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
When an adverse reaction is reported
What information, from you, does medac Pharma collect, that is considered “personal identifiable” data?
- Name
- Contact data
- Gender
- Date of birth/age/age group
- Nature of the reaction
Why do we store this personal data?
This information is stored so that a response can be given or in the event that a follow up on the response is required.
Is this information shared with anyone?
This information is not shared with anyone.
Where does medac Pharma store your personal data?
On a secure in-house database.
What is medac Pharma’s lawful basis for processing this data? (two are given as some sensitive information can be collected**)
6(1)(b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
And
6(1)(e) – Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
** if the information provided contains health information two lawful basis are required.
As a Healthcare professional: When you contact medac Pharma with a query or complaint about a product or to register an adverse reaction some information will be taken about you and the patient.
When a query is made
What information is collected by medac Pharma that is considered “personal identifiable” data?
- Name
- Contact data
- Nature of the query
Why does medac Pharma store this personal data?
This information is stored so that the query can be responded to or in the event that a follow up on the query is required.
Is this information shared with anyone?
This information is not shared with anyone.
Where does medac Pharma store your personal data?
On a secure in-house database.
What is medac Pharma’s lawful basis for processing this data?
6(1)(b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
When a complaint is made
What information from you does medac Pharma collect that is considered “personal identifiable” data?
- Name
- Contact Data
- Nature of the complaint
Why does medac Pharma store this personal data?
This information is stored so that the complaint can be responded to or in the event that a follow up on the complaint is required.
Is this information shared with anyone?
This information is not shared with anyone.
Where does medac Pharma store your personal data?
Within a secure in-house database.
What is medac Pharma’s lawful basis for processing this data?
6(1)(b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
When an adverse reaction is reported
What information, from you, does medac Pharma collect that is considered “personal identifiable” data?
- Name of healthcare professional
- Contact data of healthcare professional
- Nature of the reaction
- Initials of the patient
- Gender of the patient
- Date of birth/age of patient
Why does medac Pharma store this personal data?
This information is stored so that a response can be given or in the event that a follow up on the response is required.
Is this information shared with anyone?
This information is not shared with anyone.
Where does medac Pharma store your personal data?
Within a secure in-house database.
What is medac Pharma’s lawful basis for processing this data? (two are given as some sensitive information can be collected**)
6(1)(b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
And
6(1)(e) – Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
** if the information provided contains health information two lawful basis are required.
Event & course registration & participation
When you register for a medac Pharma LLP event, your information will be used for the purposes of managing the event such as (but not limited to): the creation of delegate lists, to inform you of event details and to contact you after the event for feedback.
Information that may be taken:
- Name
- Contact information (email, phone, address)
- Job title
- Dietary requirements (if applicable)
- Access requirements (if applicable)
The information is stored securely and is only shared with project delivery partners for the purposes of delivering the event or course.
What is medac Pharma’s lawful basis for processing this data?
6(1)(b) – Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
Supplier information
For the purposes of paying suppliers information such as company bank details and company address are stored within the Sage accounting system. The main contact for the company may also be stored including first name, last name and company email and company phone number.
Sage is stored on the company server but when required can be accessed via a secure VPN or Sage remote access. Both have been checked to verify that there is the required level of security. For more information on Sage online security, please see Sage Online Services – Security statement.
Your rights under the GDPR further explained and how medac Pharma ensure they are met
Subject access request
If you would like access to the data that medac Pharma LLP hold on you then please email: info@medacpharma.co.uk – your query will be dealt with within one month at no charge.
Right to no contact
If you would like to request that medac Pharma no longer contacts you, please email a medac Pharma representative or email info@medacpharma.co.uk. A “do not contact” alert will be put on any data that is held on you.
Right to rectification
If you believe that medac Pharma LLP holds data on you that is inaccurate, and you would like to have it rectified please email: info@medacpharma.co.uk.
Right to erasure & the right to restrict processing
If you would like the data that medac Pharma LLP holds on you to be erased or for us to no longer process your data then please email: info@medacpharma.co.uk.
Please note that in some circumstances it is not possible to erase your data, where the lawful basis for processing allows. In the event of this, a full explanation will be given.
Security & breaches in GDPR legislation
medac Pharma LLP is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, medac Pharma LLP has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
In the unlikely event that there is a breach of the legislation, medac Pharma LLP will automatically follow the ICO guidelines in reporting a breach.
Sharing your data
medac Pharma LLP will not sell, distribute or lease your personal information to any parties out with the export partnership unless we have your explicit consent or are required by law to do so.
Information about automated decision making, including profiling
medac Pharma LLP does not undertake automated decision making or profiling.
How long will data be retained
Data is only kept for as long as is necessary or as long as the lawful basis suggests i.e. if the lawful basis is public, then it may be that this information has to be kept for the long-term benefit of the public.
Contact
You will at all times be given the option to unsubscribe from future communications.
Brexit
medac Pharma does not process or transfer personal data within the European Union and therefore does not have to take any additional steps as advised by the ICO due to the changes to legislation following Brexit.