Privacy Notice

This Privacy Notice (“Notice”) describes how we, ProPharma Group Holdings, LLC, and our affiliates, parent companies and associated offices (collectively “ProPharma,” “we,” “us,” “our”) collect, use, and share personal information. We offer a variety of services to pharmaceutical, medical device, biotechnology companies and other food and health care industry clients (“Clients”), including communicating with consumers about medical information related to our Client’s products, and collecting information about adverse events that may have occurred in connection with these products (collectively “Client Services”). When we receive information for our own purposes, such as the contact or billing information of our Clients, the processing of that information is described by this Notice. When we receive or process information on behalf of one of our Clients while performing Client Services, you should review this Notice as well as our Client’s privacy policy.

Types Of Information We Collect

Our information collection practices are determined by whether you have a relationship with us and/or the type of Client Services we have been retained by a particular company to provide. In providing our Client Services, we receive personal information from our Clients, collect personal information on behalf of our Clients, and process that information on their behalf. In other situations, we receive personal information for our own use. The following provides examples of the type of information that we collect about individuals based on how they interact with us, and based upon the Client Services we have been asked to perform.

We collect information in a number of ways, including by telephone if you call one of our centers, online form when you fill out a form, automatically when you visit our website, or through chats when you engage with us through an online chat.

Visitors of our Website

The following describes information we collect from individuals who contact us or who use our websites, applications, content and related features (collectively, the “website”).

Context Types of Data Primary Purpose for Collection and Use of Data
Cookies and First Party Tracking We use cookies and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a web site is viewed. See our Cookie Statement for more information. We have a legitimate interest in making our website operate efficiently.
Cookies and Third Party Tracking We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites. See our Cookie Statement for more information. We have a legitimate interest in engaging in behavior-based advertising and capturing website analytics. Where required by law, we base the use of third party cookies upon consent.
Email Interconnectivity If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. We have a legitimate interest in understanding how you interact with our communications to you.
Mailing List When you sign up for one of our mailing lists we collect your email address or postal address. We share information about our products and services with individuals that consent to receive such information.
Support If you contact us for support (by e-mail or by phone) we will collect your name, e-mail address, phone number, country, state/province, as well as any other content that you send to us, in order to reply. We have a legitimate interest in receiving, and responding to, your inquiries or issues.
Website Interactions We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser. We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.
Web Logs We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, referring website, URL clickstream data, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page, and/or a date/time stamp for visitors. We have a legitimate interest in monitoring our networks and the visitors to our websites. Among other things, it helps us understand which of our services is the most popular.

Clients

The following describes information we collect from our Clients in connection with performing Client Services.

Context Types of Data Primary Purpose for Collection and Use of Data
Information About Clients We collect the name and contact information of our Clients and their employees with whom we may interact. We have a legitimate interest in contacting our Clients and communicating with them concerning normal business administration such as services and billing.
Providing communications platforms for our clients We collect the name, and contact information, of our Clients and their employees with whom we may interact. We use the information to perform Client Services in accordance with the instructions of our Clients. Our Clients, in turn, are expected to have a lawful purpose in processing such information.
Providing consulting services to our clients, which might include training. We collect the name, and contact information, of our Clients and their employees with whom we may interact. We use information providing by our clients to us to perform Client Services in accordance with the instructions of our Clients. Our Clients, in turn, are expected to have a lawful purpose in processing such information.

Patients, Caregivers and Medical Professionals

Where we provide Client Services, we may interact with patients directly, as well as caregivers and medical professionals. While providing Client Services, our Client’s control the purpose for our information collection, and the means by which we collect information. As a result, their privacy policy governs how the information that we collect is used, and their instructions to us control our information processing. The following describes the type of information we collect in connection with providing certain Client Services.

Context Types of Data Primary Purpose for Collection and Use of Data
Adverse Event Reporting If you contact us to report an adverse event relating to one of our Clients, we may receive, as is needed in a particular situation, your name, date of birth, demographic information (address, city, country/state, phone number), medical history, gender, race, biometric and genetic data, pregnancy and breast-feeding data, drug (dose, frequency, history, action taken following event), event description/outcome, and concomitant medications, as well as any other content that you provide to us. We use the information to perform Client Services in accordance with the instructions of our Clients. Our Clients, in turn, are expected to have a lawful purpose in processing such information.
Call Recording If you contact us via phone regarding inquiries related to one of our Client’s products, to report an adverse event, or in connection with other Client Services, we may record such telephone conversations if directed by our Client. We use the information to perform Client Services in accordance with the instructions of our Clients. Our Clients, in turn, are expected to have a lawful purpose in processing such information.
Medical Information If you contact us regarding medical information about one of our Client’s products, we may receive, as is needed in a particular situation, your name, age, demographic information (address, city, country/state, phone number), medical history, gender, race, biometric and genetic data, drug (dose, frequency, history), and concomitant medications, as well as any other content that you provide to us, in order to reply. We use the information to perform Client Services in accordance with the instructions of our Clients. Our Clients, in turn, are expected to have a lawful purpose in processing such information.

Human Resources

Context Types of Data Primary Purpose for Collection and Use of Data
Job Applicants If you apply for a job posting we collect information necessary to process your application or to retain you as an employee. This may include, among other things, your Social Security Number or National Insurance Number. Providing this information is required in some jurisdictions to be considered for employment. We use information about job applicants in anticipation of a contract of employment. In some contexts, we are also required by law to collect information about applicants. We also have a legitimate interest in using your information to evaluate candidates for job openings.
Employees and Former Employees If you become an employee, the type of information that we collect will be described in our separate Employee Privacy Notice. Our purposes for collecting and using employee, and former employee, information are described in a separate Employee Privacy Notice.

If you are located in Canada, our lawful basis for processing your data is generally consent. If you would like specific information about your lawful basis of processing in this jurisdiction, please contact us as indicated in the “Miscellaneous” section.

In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. For example, if you submit a job application we may conduct a background check. If you contact us to report an adverse event, we may ask you if we can reach out to your caregiver and/or healthcare provider to obtain additional information related to your report.

To the extent we maintain and use personal information in a deidentified form, we will not attempt to reidentify the information, except for the purpose of determining whether our deidentification processes satisfy our legal obligations.

Use And Processing Of Information

In addition to the purposes and uses described above, we use information in the following ways:

  • To identify you when you visit our websites or contact us.
  • To provide our website and related services and improve the website and related services.
  • To respond to inquiries related to support, employment opportunities, or other requests.
  • To send marketing and promotional materials, including information relating to our services.
  • For internal administrative purposes, including complaints resolution, troubleshooting of our website, data analysis, quality control, staff training, testing of new features, research, statistical and survey purposes, as well as to manage our relationships.
  • To ensure the security of our business and to prevent and detect fraud.
  • To provide Client Services, including processing information in accordance with the instructions of our Clients.

Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, where we provide Client Services, we may collect information to perform our contract with our Client, but we also collect information as we have a legitimate interest in complying with our legal and regulatory obligations in the countries in which we operate. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.

Sharing Of Information

In addition to the specific situations discussed elsewhere in this Notice, we disclose information in the following situations:

  • Advertising and Marketing Partners. We share information with our advertising and marketing partners who enable us, for example, to deliver personalized ads to your devices or who may contact you by mail, email, telephone, text message or by other means.
  • Affiliates and Acquisitions. We share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
  • Clients and Third Parties As Directed By Our Clients. Where we process information on behalf of our Clients, we share your information with our Clients and other third parties as directed by our Clients.
  • Other Disclosures with Your Consent. We may ask if you would like us to share your information with other third parties who are not described elsewhere in this Notice.
  • Other Disclosures without Your Consent. We may disclose information to public authorities, such as law enforcement agencies, courts and other public bodies where we are required by law to do so, and in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.
  • Service Providers. We share your information with suppliers and service providers. Among other things service providers help us to host and administer our website, provide technical support, process payments, and assist in providing our Client Services (such as operating our call centers).

Your Choices

Depending on your country’s laws, you may make the following choices regarding your personal information. Depending upon the type of request that you make, and the nature of any Client Services that we are providing, we may respond to your request directly, or forward your request to our Clients so that they can respond to you directly.

  • Access To Your Personal Information. For information that we collect on our own behalf, we will grant you, where required by law, reasonable access to the personal information that we have about you. In some circumstances, you may request access to or confirmation about (a) details regarding our processing of your personal information, such as (but not limited to) the sources from which your information was obtained, and (b) the personal information that we have about you in a portable format. If we are processing your personal information on behalf of one of our Clients, we will forward your request to that Client and await instructions on whether access should be granted. Note that California residents may be entitled to ask us for a notice describing what categories of personal information (if any) we share with third parties or affiliates for direct marketing. You may request access to your personal information by contacting us at the address described below.
  • Changes To Your Personal Information. You may request that we update or correct any inaccurate or incomplete information by contacting us at the address described below. If we are processing your personal information on behalf of one of our Clients, we will forward your request to that Client and await instructions on any changes that they believe are appropriate. Note that we may keep historical information in our backup files as permitted by law.
  • Deletion Of Your Personal Information. You may request information about how long we keep a specific type of information, or request that we delete your personal information by contacting us at the address described below. If required by law we will grant a request to delete personal information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, comply with the instructions of our Clients, or for another one of our business purposes. If we are processing your personal information on behalf of our Clients, we will forward your request to that Client and await instructions from them on whether your information should be deleted.
  • Objection to Certain Processing. You may object to our use of your personal information by contacting us at the address described below. For example, California residents may be entitled to object to the processing of sensitive personal information for certain purposes. If we collect your personal information as part of our performance of Client Services, we will forward your objection to our Client so that they can determine the appropriate response. If you are in the Philippines, you may object to the processing personal information for direct marketing. If we have reason to continue processing your personal information, we will communicate that reason.
  • Online Tracking. We do not currently recognize automated browser signals regarding tracking mechanisms, which may include "Do Not Track" instructions.
  • Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive, or by contacting us at the address described below. If you decide not to receive promotional emails, we may still send you service-related communications.
  • Revocation Of Consent. If you revoke your consent for the processing of personal information then we may no longer be able to provide you services. In some cases, we may limit or deny your request to revoke consent if the law permits or requires us to do so, or if we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address described below. If we collect your personal information as part of our performance of Client Services, we will forward your revocation of consent to our Client so that they can determine the appropriate response.

We do not discriminate against individuals exercising rights conferred by statute. Please address written requests and questions about your rights to privacy@propharmagroup.com or call us at +44 (0)1748 828800.

Note that, as required by law, we will require you to prove your identity. We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name, the email address we have on file, or the date of your last correspondence with us. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete personal information about you in our files. If you disagree with our response to your rights request, you may appeal the decision by contacting us at privacy@propharmagroup.com.

In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual you must attach a copy of the following information to the request:

  • A completed Authorized Agent Designation Form indicating that you have authorization to act on the consumer’s behalf.
  • If you are a business, proof that you are registered with the Secretary of State to conduct business in California.

If you are in the Philippines and are a legal heir or assign of the data subject and would like to invoke the rights of the data subject, in addition to the authorized agent form, you must attach the following documents for verification purposes:

  • death certificate of the data subject;
  • birth certificate of the legal heirs and assigns.

If we do not receive the relevant pieces of information, the request will be denied.

Cookie Statement

What exactly are cookies? In order to collect the information including personal data as described in this Notice, we may use cookies and similar technology on our website. A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive, mobile phone or other device. Cookies can be first party (i.e. cookies that the website you are visiting places on your device), or third party cookies (i.e. cookies placed on your device through the website but by third parties, such as Google). For more information please visit www.allaboutcookies.org.

We use the following types of cookies on our website:

  • Strictly necessary cookies. These cookies are essential in order to enable you to move around our website and use its features. Without these cookies, the Website and related services you have asked for cannot be provided. They are deleted when you close the browser. These are first party cookies.
  • Performance cookies. These cookies collect information about how visitors use our website. They allow us to recognize and count the number of visitors and to see how visitors move around the website when they are using it and the approximate regions that they are visiting from. These are first party cookies.
  • Functionality cookies. These cookies allow our website to remember the choices you make (such as your user name, language or the region you are in, if applicable) and provide enhanced, more personal features. The information these cookies collect cannot track your browsing activity on other websites. These are first party cookies.
  • Targeting or advertising cookies. These cookies allow us and our advertisers to deliver information more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of advertising campaigns. They remember that you have visited our website and may help us in compiling your profile. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion. These are third party cookies.
  • Social media cookies. These cookies allow you to connect with social media networks such as Facebook, Twitter, LinkedIn and. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion. These are third party cookies.

We may combine information from these types of cookies and technologies with information about you from other sources.

Cookie consent and opting out

Where required by law, the first time you visit our Website we will ask whether you consent to the placement of cookies on your device. We will respect your choice until you clear your cache, in which case we will ask you again whether you consent to the placement of cookies on your device. You, or another user of your device may also withdraw your consent at any time by modifying your browser settings or by visiting the footer of the website that you are visiting and clicking on the Cookie Settings link to adjust your preferences, where available. Please note that if you choose to decline cookies, you may not be able to fully experience the interactive features of our Website and related services.

You may also opt-out from third party cookies by selecting appropriate options on http://www.youronlinechoices.com/uk/.

How We Protect Personal Information

No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

Additionally, we maintain internal governance policies designed to protect your information. These governance policies include, but are not limited to, Written Information Security Protocols, Incident Response Plans, Data Subject Request Protocols, and Record Retention and Destruction Policies.

We retain your personal information for only as long as necessary to fulfil the purposes outlined in this privacy policy, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we obtained the information and whether we can achieve those purposes through other means, as well as applicable legal requirements.

Miscellaneous

The following additional information relates to our privacy practices:

Transmission Of Information To Other Countries

As a multi-national company we transmit information between and among our group of companies. As a result your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. For example, your information may be stored and processed outside of Quebec or other Canadian providences. Nonetheless, where possible we take steps to treat personal information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. By submitting your personal information to us you agree to the transfer, storage and processing of your information in a country other than your country of residence including, but not necessarily limited to, Australia, Japan, the United States, and the United Kingdom. In such cases, we have put in place organizational and legal measures to ensure that data transfers are lawfully conducted. Such measures include the Standard Contractual Clauses as approved by the European Commission. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction you can contact us using the contact information below. You may also request a copy of any Standard Contractual Clauses we use for the transfer of your data outside of the EEA or UK, which includes the categories of information transferred, by contacting us using the contact information below.

Third Party Applications/Websites

We have no control over the privacy practices of websites or applications that we do not own.

Changes To This Notice

We may change our privacy policy and practices over time. To the extent that our policy changes in a material way, the policy that was in place at the time that you submitted personal information to us will generally govern that information unless we receive your consent to the new privacy policy. Our privacy policy includes an “effective” and “last revised” date. The effective date refers to the date that the current version took effect. The last updated date refers to the date that the current version was last substantively modified.

Information for California Residents

California law indicates that organizations should disclose whether certain categories of information collected or transferred for an organization’s “business purpose.” You can find a list of the categories of information that we collect and share here. Please note that because this list is comprehensive it may refer to types of information that we share about people other than yourself. If you would like more information concerning the categories of personal information (if any) we share with third parties or affiliates for those parties to use for direct marketing please submit a written request to us using the information in the "Contact Information" section below. Contact Information. If you have any questions, comments, or complaints concerning our privacy practices please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.

ProPharma Group MIS Ltd

Data Protection Officer

Olliver, Aske, Richmond
North Yorkshire, DL10 5HX
United Kingdom

+44 (0)1748 828800

If you are located in the European Union, you can contact our European representative using the information below:

ProPharma Group BV

Floor 2, Schipholweg 59
2316 ZL Leiden, The Netherlands

+31 (0)71 52440 00

If you are not satisfied with our response, and are in the European Union or the United Kingdom, you may have a right to lodge a complaint with your local supervisory authority.

If you are located in Quebec, you may contact our representative at: privacy@propharmagroup.com

If you are located in the Philippines and believe we have violated your rights, you may file a complaint with the National Privacy Commission.

 

Last Revised: 01 November 2024

Effective Date: 28 October 2022