Privacy Policy

Who we are 

We are Datapharm Limited (“Datapharm”, “us”, “we”, “our”).  We are a limited company registered in England and Wales under Registration number 11275607 and we have our registered office at Cassini Court, Randalls Way, Leatherhead, Surrey, United Kingdom, KT22 7TW.  We are registered with the UK supervisory authority, Information Commissioners Office (“ICO”) in relation to our processing of personal data under registration number ZA532747. 

What we do 

We are a medicines information company providing software solutions, insight, and technology enabled evidence generation to the healthcare sector. We are committed to protecting the privacy and security of the Personal Data we process about you.  

Controller 

Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it. 

Purpose of this privacy notice 

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.  

Who this privacy notice applies to 

This privacy notice applies to you if: 

1. You visit our website. 
2. You purchase goods or services from us. 
3. You enquire about our products and/or services. 
4. You contact our customer service team. 
5. You create an account to use our platforms. 
6. You sign up to receive news from Datapharm or other promotional communications from us. 

What Personal Data is 

‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, it may include name, address, email address, phone number, credit or debit card number and IP address.  

‘Special Category Personal Data’ is more sensitive Personal Data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.   

What information do we collect 

The types of personal data we collect about you will depend on our relationship with you. For the type of Personal Data we collect see the table below in the section entitled ‘Purposes and  lawful bases.  

How we collect your Personal Data 

We collect most of the Personal Data directly from you in person, by telephone, text or email and/or via our website.  

However, we may also collect your Personal Data from third parties such as:  

• your employer for the purposes of registering you as the primary contact between your employer and Datapharm when using our platforms. 
• reputable companies who provide lead generation contact lists  
• others to whom you have provided consent 
• publicly available sources such as social media platforms  
• Events such as conferences and webinars 

Purposes and Lawful Bases 

We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances: 

Categories of individuals	Categories of Personal Data	Purpose of Processing	Lawful Basis
Pharmaceutical employees, Healthcare Professionals, Patients	Name, email address	To send you news and information on products and services where you have requested it or have signed up to marketing.	Consent
Pharmaceutical employees, Healthcare Professionals	Name, email address, phone number, company and any other additional information that you may choose to provide us with.	To facilitate events or courses you have registered for, or participated in a survey for research purposes.  Provide you with relevant information about products, services or training;	Legitimate Interests or Consent
Users of our EMC Platforms  (Pharmaceutical employees, Healthcare Professionals	Name, company name, job title, business address, business email address, telephone number, IP address	Maintain our internal records;  Create and maintain your customer profile.  Send you essential information required for the day-to-day usage of our software, such as the status of the workflow when using one of our management systems.  Notify you about changes to, and availability of, our services;  Enable our suppliers and service providers to carry our certain functions on our behalf, including the delivery of dm+d information;	Contract  Legitimate Interests
Users of our EMC Platforms  (members of the public, also known as Patients)	Name, address, email address, telephone number, IP address.	In order to create and maintain your access to our platform.   Notify you about changes to, and availability of, our services;	Legitimate Interests
Pharmaceutical employees, Healthcare Professionals, Patients	Name, Email address, telephone number and any other information provided when you contact us.	Respond to queries and requests submitted by you;	Legitimate Interest
Suppliers	Name, company name, job title, business address, business email address, telephone number	To facilitate the contract we have entered into with you to provide Datapharm with goods and services	Contract

Disclosure of your Personal Data 

There are circumstances where we may wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law. These scenarios include disclosure: 

• to our employees; 
• to our auditors; 
• to our third-party suppliers who need it to perform a contracted role. For example, if a pharmaceutical company submits product information via In-Demand, 
• the NHSBSA may need to contact the pharmaceutical company with questions about the data; or 
• to third party service providers and consultants in order to protect the security or integrity of our organisation, including our databases and systems and for business continuity reasons; 
• to legal advisors who may need to advise us or manage or litigate a claim; 
• to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of 
• legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company; 
• If we believe the law requires it, or in response to any demand by law enforcement authorities in connection with a criminal investigation, or civil or administrative authorities in connection with a pending civil case or administrative investigation; and 
• to any other third party where you have provided your consent. 

Datapharm does not sell Personal Data it has gathered about you to third parties. 

International transfer of Personal Data 

Your Personal Data may be processed outside of the UK. This is because the organisations we use to provide our service to you are based outside the UK.  

We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that: 

• Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or 
• We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf (ico.org.uk)). 

How long we keep Personal Data? 

We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.  

At the end of the retention period, your personal data will be securely deleted or anonymised, for example by aggregation with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning. 

Personal Data that we hold about you as a registered user of one of our systems will be maintained for as long as you are a registered user and may be held for up to seven years after you cease to be a registered user. 

Your rights in relation to your Personal Data 

Data protection law provides you with certain rights, including the right to: access, rectify, withdraw consent, erase, restrict, transport, and object to the processing of, your Personal Data. You also have the right to lodge a complaint with the relevant data protection authority if you believe your Personal Data is not being processed in accordance with applicable data protection law. Further information about your rights is set out below:

Right to be informed 

You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this. 

Right of access (commonly known as a “Subject Access Request”)  

You may, where permitted by applicable law, request copies of your Personal Data. If you would like to make a SAR, i.e. a request for copies of the Personal Data we hold about you, you may do so by contacting us at the details set out in the “what information do we collect” section above. The request should make clear that a SAR is being made. Please quote your name and address. We should be grateful if you would also provide brief details of the information of which you would like a copy or which you would like to be corrected – this helps us to more readily locate your data. We will require proof of your identity before providing you with details of any Personal Data we may hold about you. 

Right to rectification

You may request that we rectify any inaccurate and/or complete any incomplete Personal Data. 

Right to erasure (commonly known as the right to be forgotten)

You may request that we erase your Personal Data and we will comply, unless there is a lawful reason for not doing so. 

Right to object to processing

You may, as permitted by applicable law, request that we stop processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.  

Right to restrict processing

You have the right to restrict our use of your Personal Data.  

Right to portability

You have the right to ask us to transfer your Personal Data to another party. 

Automated decision making

You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.   

Right to withdraw consent

You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your Personal Data is essential.