Envision Pharma Group (“Envision Pharma Group”/”we”/”us”/”our”) respects an individual’s right to privacy. This policy explains our approach to any Personal Information that we collect or obtain via our websites, including: https://www.envisionpharmagroup.com; https://www.alligentgroup.com; https://www.curo.co.uk; and https://www.touchcreative.co.uk (“Websites”).
In particular, this policy describes:
“Personal Information” means any information or a set of information that identifies or is used by or on behalf of Envision Pharma Group to identify an individual.
Envision Pharma Group refers to Envision Pharma Group Limited (company no. 10117262) and its subsidiaries. Unless otherwise stated, Envision Pharma Limited (company no. 04486293) will be the data controller as regards Personal Information collected or obtained via our websites.
Our Data Protection Officer can assist with any questions and can be contacted at either of the following:
Privacy@EnvisionPharmaGroup.com
Envision Pharma Group
FAO: The Data Protection Officer
26-28 Hammersmith Grove
London
W6 7HA
United Kingdom
Envision Pharma Group is a full-service global medical strategy and communications agency, and our services include the provision of market-leading hosted software applications.
We may collect Personal Information from individuals in the course of our business, including through the use of our websites, when we are contacted or information is requested from us, when individuals apply for job vacancies, or when our services are engaged. Sometimes Personal Information is not sought by us but is delivered or sent to us without prior request.
The Personal Information that we process includes:
We will only use Personal Information when the law allows us to do so. Most commonly, we will use Personal Information in the following circumstances:
The types of personal data that we process depends on the relevant circumstances; however, some of the key types of Personal Information that we may process together with the relevant basis for processing and details of any third parties with whom such information is shared, are set out below. Please also see our Cookies Policy.
|
Purpose for which we use Personal Information |
Legal basis for processing |
Third-party organisations with whom Personal Information may be shared |
|
To send requested information about us and/or our services. |
Legitimate interests. |
None. |
|
To market our services including communicating about updates, news, newsletters and event invitations which are relevant to the individual’s activities and in line with stated preferences. |
Legitimate interests. |
None. |
|
For the purposes of recruitment. |
Legitimate interest.
Consent. |
Third-party technology service providers such as applicant tracking systems.
Professional advisers. |
|
To manage our relationship with our clients and potential clients. |
Legitimate interests.
Performance of a contract. |
None. |
|
To provide and improve our website. |
Legitimate interests. |
Web service providers and cookie providers. |
|
To compile anonymous statistics including for managing our business performance and assessing client satisfaction to improve our services. |
Legitimate interests. |
None. |
|
To enable us to provide events. |
Legitimate interests. |
Third-party travel and hospitality service providers. |
|
To provide services to our clients, including the handling of Personal Information of others on behalf of our clients. |
Legitimate interests.
Performance of a contract. |
Third-party service providers. |
“Third-party organisations” does not include any of our group companies. We are an international business and any information provided to us may be shared with and processed by any of our group entities around the world.
Where necessary, or for the reasons set out in this policy, Personal Information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose Personal Information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify the individual before we do this, unless we are legally restricted from doing so.
As described above, our services include the provision of hosted software applications to our clients. If an individual provides Personal Information via a website portal of one of our hosted software applications licensed to a client of ours, that individual is providing Personal Information to that client and should ensure he/she understands how their Personal Information may be used. Reference should be made to the relevant client company’s privacy policy which may be published on such website portal, or available on such client company’s corporate website. In such circumstances, the relevant client company is the data controller. We do not access or use such Personal Information save as permitted or required under our contractual arrangements with our clients. Neither do we distribute such Personal Information to any third parties.
Personal Information will be retained in accordance with our global data retention policy which categorises all of the information held by us and specifies the appropriate retention period for each category of Personal Information. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our general business purposes.
Any Personal Information processed by us as part of providing hosted software applications to our clients will be retained for as long as that client’s account is active or as needed for us to provide the relevant services, and as required to comply with legal or contractual obligations.
A key principle of data protection legislation is that Personal Information must be dealt with securely by means of “appropriate technical and organisational measures”. This involves considering matters such as risk analysis, organisational policies, and physical and technical measures, all of which contribute to ensuring the confidentiality, integrity and availability of systems and processes. Envision Pharma Group is certified under ISO/IEC 27001:2016, which is an auditable international best practice standard that formally outlines requirements for an Information Security Management System.
In addition, the data centres in which our servers are located in respect of our hosted software applications are also certified under ISO/IEC 27001:2016. Reports pursuant to SSAE 18/ISAE SOC 1 Type 2, SOC 2 Type 2 and SOC 3 Type 2 can also be provided in relation to such data centres upon request.
We may need to transfer Personal Information to locations outside of the European Economic Area (the “EEA”).
The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that Personal Information remains protected and secure in accordance with applicable data protection laws. EU standard contractual clauses are in place between all Envision Pharma Group companies that share and process Personal Information.
In addition, Envision Pharma Group complies with the principles of the EU-US and Swiss-US Privacy Shield Framework regarding the transfer of Personal Information from the EEA or Switzerland to the United States and has certified to the Department of Commerce that it adheres to the Privacy Shield principles. To view our certification, please visit www.privacyshield.gov. Please also see our Privacy Shield Policy which should be read in conjunction with this policy.
The European Union’s General Data Protection Regulation provides certain rights for individuals.
An individual is entitled to request details of the information we hold about them and how we process it. They may also have a right to have Personal Information rectified or deleted; to restrict, object or withdraw consent to our processing of that information, to stop unauthorised transfers of Personal Information to a third party and, in some circumstances, to have Personal Information relating to them transferred to another organisation. Such individual may also have the right to lodge a complaint in relation to our processing of Personal Information with a local supervisory authority.
If an individual objects to the processing of their Personal Information, or withdraws their consent to processing after having initially provided it, we will respect that choice in accordance with our legal obligations but it is likely this will make it impractical for us to deal with the relevant individual.
Envision Pharma Group may revise or update this policy from time to time.
Last updated 21 March 2019
