If you have any questions in relation to this policy or generally how your personal data is processed by us please contact our Data Protection Responsible Person by email at [email protected]; or by letter addressed to: The Data Protection Responsible Person, Accord-UK Ltd, Whiddon Valley, Barnstaple, Devon, EX32 8NS, United Kingdom.
This policy applies to any personal data that we collect about you when:
- you visit our websites or apps, including: www.accord-healthcare.com/uk;
- you voluntarily provide such personal data when registering with us;
- you voluntarily submit personal data to us using the forms on our websites or apps;
- you submit personal data to us when you otherwise make contact with us, including in person, by email, by phone or through social media; or
- third parties legally provide us with such personal data, as described in section 5.C below.
2. WHO ARE WE?
We are a controller of your information which means that we are responsible for looking after it. We will use your personal data fairly, lawfully and in a transparent manner, and in accordance with the applicable Data Protection Laws.
3. HOW WILL WE USE YOUR PERSONAL DATA?
4. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?
The types of personal data we collect depends on the interactions you have with us, but mainly these may include:
- name and contact data (including your name, postal address, telephone number, e-mail address and other similar contact data);
- data in order to satisfy identification requirements when exercising any of your rights under Data Protection Laws (including your passport, photo driving licence or national identity card);
- financial data when receiving payments from us, making payments to us, or making or requesting donations/sponsorships;
- demographic data (including data such as your age, gender and country of residence) when informing us of an adverse event, making a quality complaint or submitting a medical query to us, or when sending your CV or submitting a job application to us;
- health related data, when informing us on an adverse event;
- your academic and professional background data when sending your CV or submitting a job application to us or when your CV is provided to us for quality assurance purposes;
- background and other checks: details revealed by background checks, by drugs testing and by alcohol testing; as well as details revealed by criminal record checks and criminal conviction data as lawfully requested when submitting a job application to us and expressly authorized by a law of the European Union or its Member States;
- information about your visits to our premises, including your image taken when accessing our premises and /or in CCTV footage;
- information about your calls to our customer service team, including a recording of such calls;
- information about your participation in an Accord advisory board meeting, including a recording of the discussions taking place during the advisory board meeting;
- information about your provision of consultancy services, including a recording of the advice provided to us; • information about you obtained at a meeting with you, or at an event such as a conference, exhibition or congress, including events hosted by third parties or managed by third parties on our behalf, including the capture of your image in a photograph or video footage taken at our stand or elsewhere within the event for promotional purposes;
- information about you in the context of any merger or acquisition (“M&A”) transaction concerning our business; and/or
- website or app usage data (including how you and your device interacts with our websites or apps); and/or
- where applicable, including for applicants in the UK:
- immigration status details including details of your nationality and immigration and including copies of your passport, biometric residence permit and other immigration documents; and/or
- other personal data required as part of immigration applications, including immigration history.
Each time you visit our websites or apps we may also automatically collect information and personal data about your computer for system administration including, where available, your IP address, operating system and browser type. We do this to help us identify returning visitors, enable visitors to move more easily around our websites or apps, and to assist in building up an anonymous profile based on visitor's browsing patterns across the sites. Please see our Cookies Policy for further information about what information may be automatically collected when you visit our websites or apps.
5. WHERE DO WE GET THIS INFORMATION FROM?
We collect some of your information directly from you, either through information that you give to us or information that we collect during your visits to our websites or apps or through your communications with us. We also obtain some information from other third parties, including the ones described in sub-section C below.
Please note that we may combine personal data we receive from other sources with personal data you give to us and personal data we collect about you.
A. When do you give us information about you?
You may share personal data about yourself and your circumstances by:
- filling in forms on our websites, registering to use our websites, and continuing to use our websites;
- filling in forms on our patient support app, registering to use our patient support app, and continuing to use our patient support app;
- exercising one of your rights under Data Protection Laws;
- reporting an adverse event, making a quality complaint or submitting a medical query to us;
- providing your business card to us;
- providing services to us;
- signing in at reception on one of our premises;
- submitting a job application or sending your CV to us;
- making payments to us or receiving payments from us;
- making or requesting donations/sponsorships;
- giving us information about yourself in any communications with us either by telephone, e-mail, post, through our websites/apps or otherwise;
- negotiating, entering into and maintaining a commercial agreement with us; and/or
- eventually purchasing a product directly from us.
You are not obliged to provide your personal data to us. However, if you do not provide your personal data to us, we may not be able to provide services to you, respond to your queries, allow you onto our premises, process your job application or otherwise contact you.
B. When do we collect information about you?
We may collect personal data about you:
- when you visit our websites or apps, including details of your visits, such as Internet Protocol (IP) address used to connect your computer to the internet, MAC addresses, traffic data, location data, your login information, time-zone setting browser type and version, browser plug-in types and versions, operating system and platform, weblogs, cookies and other communication data, and the resources that you access. For more information please see our Cookies Policy;
- when you visit our premises, including your image in CCTV footage;
- when calling our customer service team, including a recording of such calls;
- when you participate in an Accord advisory board meeting, including a recording of the discussions taking place during the advisory board meeting;
- when you provide to us consultancy services, including a recording of the advice provided to us; and/or
- when attending an event such as a conference, exhibition or congress, including events hosted by third parties or managed by third parties on our behalf.
C. From which third parties do we receive information about you?
We may receive personal data about you from other third parties, including from:
- your work colleagues, when giving to us your contact details for business purposes;
- a third party when reporting an adverse event, making a quality complaint or submitting a medical query to us on your behalf;
- your authorised representative (such as your proxy, parent or legal guardian);
- providers of contact information, which provide legal contacts databases;
- government agencies, which provide publicly accessible information;
- statutory or other official bodies, such as the Home Office (including UK Visas and Immigration) for applicants in the UK;
- recruitment agencies/organisations;
- our external salesforce;
- third party due diligence providers;
- CCTV systems providers;
- your current company, within the context of a M&A transaction or when providing a service to us; and/or
- your previous employer, or similar, where we request references if you are applying for a job with us and we have your freely given consent to do so.
6. WHY DO WE NEED YOUR PERSONAL DATA?
We may use the personal data we collect for the following purposes:
- to communicate with you regarding any requests or queries you may submit;
- to monitor, track and respond to medical/health queries, quality complaints and adverse events;
- to negotiate, enter into and manage commercial agreements with you or the organisation that you represent, including ordinary business transactions and M&A transactions;
- to meet contractual, legal, regulatory and compliance requirements;
- to inform you or your organisation of any news on our products and/or business that we reasonably believe could be of interest to you (as appropriate in accordance with the Data Protection Laws). If you would like to stop receiving such information from us at any time, please unsubscribe by following the instructions provided in any such emails that we send to you, or use the contact details at the beginning of this policy. You may also wish to sign up to one or more of the preference services (also known as “Robinson Lists”) operating in the UK, such as the Telephone Preference Service, the Corporate Telephone Preference Service and the Mailing Preference Service. These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving;
- to ensure that you, your organisation, our employees or us comply with applicable laws, our code of conduct and our related internal policies;
- to ensure that you are the authorised representative (such as a proxy, parent or legal guardian) of a third party when you are interacting with us on his/her behalf;
- to administer our websites, patient support apps and to provide customer services;
- to handle complaints, train our employees and to improve our quality and service standards;
- to enable you to visit our premises, including for the purposes of site security, the protection of product and business confidentiality, environmental and health and safety;
- to establish, exercise or defend legal claims;
- to process your job application;
- to promote Accord’s presence or participation in an event;
- to make a payment to you and/or receive a payment from you;
- to analyse the use of our websites or apps;
- for applicants in the UK:
- checking you are legally entitled to work in the UK;
- submitting immigration applications on your behalf or assisting you with applications and applying for and issuing certificates of sponsorship;
- complying with our obligations as a Tier 2 sponsor, including in relation to retaining records of the recruitment process and details of applicants who applied for the role;
- carrying out background checks;
- complying with our legal or regulatory requirements; and/or
- other purposes that we have communicated to you.
7. WHICH IS THE LEGAL BASIS FOR USING YOUR DATA?
A. Necessary for the entry into or performance of a contract (Article 6.1.b of GDPR)
When you enter into a transaction with us, a contract between you and us will have been formed. In order for us to negotiate, enter into and fulfil our obligations under such contract (e.g. to allow you to place an order for goods or services), we may need to collect, process and share (as further detailed below) your personal information. Please contact [email protected] for further information.
B. Legitimate business interests (Article 6.1.f of GDPR)
- provide your organisation with products and services as requested by your organisation;
- respond to your claims or queries;
- carry out research to understand our customers and how they use our products and services;
- develop and improve our products and services provided to you or your organisation and to our other customers;
- assess potential transactions with your organisation;
- enforce or apply the rights of your organisation or our rights under any contract between your organisation and us;
- monitor staff performance, train staff and improve our processes;
- ensure health and safety at our premises and that any related processes are effective;
- ensure that you, your organisation, our employees or us comply with applicable laws, our code of conduct and our related internal policies;
- ensure the security of our premises and that any related processes are effective;
- ensure high standards of quality and safety of our products;
- support processes and procedures to assist with the prevention and detection of crime or other unlawful activity;
- establish, exercise or defend legal claims; and/or
- showcase our participation in certain events to pharma industry third parties via other events, social media or our websites.
As indicated below, we may also pass your personal data to members of our company group (to see a full list of such group companies, please click here) and other third parties where necessary for our legitimate business interests.
We are required to carry out a balancing test of our legitimate business interests in using your personal data outlined above against your interests and rights under the Data Protection Laws. As a result of our balancing test, which is detailed below, we have determined, acting reasonably and considering the circumstances, that we are able to process your personal data in accordance with the Data Protection Laws on the basis that this is necessary for our legitimate business interests.
Legitimate interest: We have a legitimate interest in processing your information as:
- your organisation benefits from the provision of our products and services;
- we record customer services calls to monitor staff performance, train staff, and improve our processes;
- we need to assess potential transactions with your organisation;
- your organisation and us will both benefit from the ability to enforce or apply rights under any contract between us;
- we are required to ensure health and safety at our premises and have a legitimate interest in ensuring any processes are effective;
- we need to ensure that you, your organisation, our employees or us comply with applicable laws, our code of conduct and our related internal policies;
- we need to ensure the security of our premises and have a legitimate interest in ensuring any processes are effective;
- we are required to ensure high standards of quality and safety of our products,
- we have in place procedures to assist with the prevention and detection of crime or other unlawful activity;
- we would be unable to provide our goods and/or services to your organisation without processing your information;
- it is not otherwise possible for us to establish, exercise or defend legal claims;
- to be able to showcase our participation in certain events to pharma industry third parties via other events, social media or our websites; and/or
- it is not otherwise possible for us to respond to your claims or queries.
Impact of processing: We consider that it is reasonable for us to process your personal data for the purposes of our legitimate interests outlined above as such processing of your personal data does not unreasonably intrude on your privacy.
C. Consent (Article 6.1.a of GDPR)
Notwithstanding the foregoing, please note that in accordance with Data Protection Laws and other applicable laws we may, on occasion, send you marketing messages by email and post about us, our products and services and our events and offers without your consent where you or your organisation have purchased similar goods or services from us and you have not unsubscribed.
D. Compliance with a legal obligation (Article 6.1.c of GDPR)
8. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
A. Group Companies
- for internal reporting purposes;
- compliance purposes;
- within the context of an M&A transaction;
- for the provision of intra-group quality assurance services;
- for the provision of intra-group financial services;
- for the provision of intra-group legal services;
- for the provision of intra-group recruiting services;
- for the provision of intra-group IT services.
B. Third-party services providers
We (and the members of our group of companies) may also disclose your personal data to carefully selected third-party service providers who provide services such as:
- data security, website hosting, cloud hosting, storage solutions, software as a service (SaaS) and other IT services;
- pharmacovigilance and medical queries handling services;
- legal, regulatory, tax and recruitment services;
- translation, legalization and notarization services;
- customer relationship management (CRM) services;
- external salesforce services; and
- access control and security services.
We will only share your information with these suppliers where this is necessary for them to provide us with the services we need. We do not share your information with third parties for marketing purposes.
Please contact [email protected] for further information.
C. Legal and regulatory requirements
We may also disclose your personal data as required by law, including laws outside your country of residence, to comply with a court order or to comply with other legal or regulatory requirements, for example, to the relevant agencies responsible for the supervision and safety monitoring of medicines, data protection supervisory authorities or tax authorities. With applicants in the UK, we may also share your personal data with your legal advisers and also the Home Office (including UK Visas and Immigration).
D. Transfers outside of the European Economic Area
The information which we collect about you may be transferred outside the European Economic Area as detailed in sections A, B and C above.
While some members of our group and third-party services providers are located in countries whose laws (according to the European Commission) do not offer the same level of protection to personal data as that granted by countries within the EEA, such as Intas Pharmaceuticals Ltd (Corporate House, Nr. Sola Bridge, S. G. Highway, Thaltej, Ahmedabad, 380 054, Gujarat, India) and Lambda Therapeutic Research, Ltd (Lambda House, Plot No. 38, Survey no. 388, Near Silver Oak Club, S. G. Highway, Gota, Ahmedabad, 382481, Gujarat, India), we and the members of our group of companies adopt appropriate security measures to prevent unauthorised and unlawful use of personal data. Furthermore, such transfers are usually supported by contractual commitments between such group entities and/or third parties to ensure that the relevant technical and organisational and other safeguards required by the Data Protection Laws have been put in place.
For further information on transfers outside of the European Economic Area and/or specific safeguard methods adopted, please contact [email protected].
9. HOW LONG DO WE KEEP IT FOR?
We will keep your personal data for as long as required:
- to prove compliance with applicable laws or as required by applicable laws, regulations, government agencies and other public authorities (for example in the UK it is subject to our obligations as a Tier 2 sponsor to retain details of all applicants or the role in certain circumstances);
- to maintain your account;
- to determine whether to enter into a commercial relationship with you or an organisation and to maintain such relationship;
- to maintain a business relationship with you or your organisation;
- for the provision of services to us or by us;
- to answer your queries;
- to allow us to bring or defend legal proceedings;
or as otherwise set forth below or notified by us to you.
In some circumstances, some of your data will be deleted in much shorter timescales, for example:
- images in CCTV footage are kept for a maximum of 14 days from the date of your visit to our premises;
- other access control data are kept for a maximum of 6 months from the date of your visit to our premises;
- customer services call recordings are kept for a maximum of 3 months from the date of recording;
- recruitment and interview records for unsuccessful candidates are kept for 6 months after the start date of the successful candidate;
- personal data in the context of an unsuccessful M&A transaction are kept for 12 months after the end of negotiations;
- cookies are refreshed in accordance with our Cookies Policy.
10. SECURITY OF YOUR PERSONAL DATA
When handling your personal data, we take appropriate measures reasonably designed to protect your information from unauthorised access, loss, misuse, disclosure, alteration or destruction. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our websites or apps; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
11. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
In some instances, we may be unable to carry out your request, in which case we will write to you to explain why.
|A. You have the right to request access to your personal data||You have the right to request confirmation that your personal data is being processed, access to your personal data (through us providing a copy) and other information about how we process your personal data.|
|B. You have the right to ask us to rectify your personal data||You have the right to request that we rectify your personal data if it is not accurate or not complete.|
|C. You have the right to ask us to erase your personal data||You have the right to ask us to erase or delete your personal data where there is no reason for us to continue to process your personal data. This right would apply if we no longer need to use your personal data to provide services to you, where you withdraw your consent for us to process special categories of your personal data, or where you object to the way we process your personal data (see sub-section F below).|
|D. You have the right to ask us to restrict or block the processing of your personal data||You have the right to ask us to restrict or block the processing of your personal data that we hold about you. This right applies where you believe the personal data is not accurate, you would rather we block the processing of your personal data rather than erase your personal data, where we do not need to use your personal data for the purpose we collected it but you may require it to establish, exercise or defend legal claims.|
|E. You have the right to port your personal data||You have the right to obtain and reuse your personal data from us to reuse for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you.|
|F. You have the right to object to our processing of your personal data||You have the right to object to our processing of your personal data on the basis of our legitimate business interests, unless we are able to demonstrate that, on balance, our legitimate interests override your rights or we need to continue processing your personal data for the establishment, exercise or defence of legal claims.|
|G. You have the right not to be subject to automated decisions||You have the right to object to any automated decision making, including profiling, where the decision has a legal or significant impact on you.|
|H. You have the right to withdraw your consent||You have the right to withdraw your consent, at any time, where we are relying on it to process your personal data.|
12. CHILDREN'S POLICY
We do not knowingly collect, retain or use personal data received from children under 13 years of age, and no part of our websites or appsis directed to children under the age of 13. If your child has provided us with personal information without your consent, you may inform us at [email protected], or write us a letter to the address given at the beginning of this policy. If we discover that we have received or collected any personal information from children under 13 years old, we will take steps to delete such information promptly.
13. WHAT IF YOU HAVE A COMPLAINT?
You also always have the right to lodge a complaint with the competent data protection authority of your country of residence (in the United Kingdom, the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom, www.ico.org.uk).
14. SOLE TRADERS, PARTNERSHIPS AND BUSINESSES
15. THIRD PARTY AND SOCIAL MEDIA WEBSITES AND APPS
Our websites and apps may, from time to time, contain links to and from the websites and/or apps of third parties. If you follow a link to any of these websites or apps, please note that these websites and apps have their own privacy policies and that we do not accept any responsibility or liability for these policies or your use of those websites and apps.
16. MERGER, SALE, OR OTHER ASSET TRANSFERS
If we are involved in a reorganisation, acquisition, asset sale, merger, financing, transition of services to another provider, due diligence, bankruptcy or receivership, your information may be disclosed and transferred in connection with and as part of such a transaction as permitted by law and/or contract.
18. REFERENCES TO THE EU/MEMBER STATES
For the purposes of this policy, references to the EU or its Members States shall include the United Kingdom.
This policy was last reviewed and updated in October 2019.