Change location:

INTRODUCTION

Proveca is a pharmaceutical company, specialising in identifying, developing and licensing off-patent medicines with unmet priority health care needs, with a focus on the paediatric market. The Proveca Group are committed to keeping your personal data safe. This Privacy Policy sets out how the Proveca Group uses and protects your personal data.

Welcome to Proveca Group Privacy Policy.

Our group of companies includes, Proveca Ltd, Proveca Pharma Ltd, Proveca GmbH, Proveca Italy s.r.l, Proveca (France) SAS and will be referred to in this document as “Proveca”, “our Group”, “the Company” , “our” or “we”.

Here at Proveca we are passionate about respecting your privacy and we are highly committed to protecting your personal data.

When we refer to “your” personal data we are referring to you personally and, where it is applicable, to any individuals who are connected to your business, such as employees, consultants or workers, who you request that we process data for, in the provision of our services and where you supply goods or services to us.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

Proveca Ltd is the controller for the personal information we process unless otherwise stated and is responsible for your personal information. However, we accept that in some circumstances we are a processor of personal data and, in some cases, of special categories of personal data. Where we process your personal data on behalf of another controller, we will only process your personal data as instructed by that controller and within the guiding principles of the data protection laws.

Proveca Ltd is registered in the United Kingdom with the Information Commissioner’s Office (ICO). Our ICO registration is: ZB801257

GENERAL INFORMATION

All your personal data will be held and used in accordance with the relevant data protection laws.

Your personal data may be stored in or accessed from multiple countries. Whenever we transfer personal information to other jurisdictions, we will ensure that the information is transferred in accordance with this Privacy Policy and as permitted by applicable data protection laws.

For individuals based in the UK, all personal data will be held and used in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 and any other legislation relating to the protection of personal data.

For individuals based in the European Economic Area (EEA), all personal data will be held and used in accordance with the General Data Protection Regulation (“EU GDPR”) and any other legislation relating to the protection of personal data.

If you are located outside of the United Kingdom, or the EEA, you may have certain rights and protections under applicable laws regarding the processing of your personal data. No matter which country you are accessing our services from we will use appropriate safeguards to protect your personal data in accordance with this Privacy Policy and the applicable data protection laws.

We know that the processing of your personal data is fundamental to the delivery of our services and our Group is committed to complying with data protection laws which requires us to process personal data adhering to the following data protection principles and we will ensure that your personal data;

  1. will be used lawfully and fairly;
  2. will be used, and stored in a transparent way;
  3. will be collected for valid purposes that have been clearly explained to you and not used for other purposes, unknown to you;
  4. will be accurate and kept up to date;
  5. will be kept securely; and
  6. will only be kept for as long as is necessary.

We are committed to our compliance with data protection laws and take our obligations seriously and we have built them into our day to day and strategic processes.

WHO TO CONTACT

This Policy tells you what to expect when we collect personal information from you. It also explains how we will store, handle and keep your personal information safe however, you may have specific questions or wish to exercise your legal rights.

If you have any questions about our use of your personal information, you can contact us at:

Full Name Proveca Ltd.
Address WeWork
One St Peter’s Square
M2 3DE
Manchester, UK
Telephone +44 161 468 2627
e-mail info@proveca.com

WHAT IS “PERSONAL DATA”?

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

THE TYPES OF PERSONAL DATA WE COLLECT

Personal data we may collect, use, store and transfer about you, which we have grouped together, are as follows:

  • Identity Data includes first name, last name, username or similar identifier, title/occupation;
  • Contact Data includes billing address, delivery address, workplace address, email address and telephone numbers;
  • Special category data, also known as sensitive personal data, which includes information about your physical or mental health, health conditions, and other clinical metrics including environmental, socio-economic, and behavioural information pertinent to health and wellness;
  • Financial Data includes bank account and / or payment card details;
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;
  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website;
  • Usage Data includes information about how you use our website, products, and services;
  • Marketing and communications data includes your preferences in receiving marketing from us and your communication preferences.

Most of the personal data we process is provided to us directly by you for the purpose of providing you with our services.

SPECIAL CATEGORIES OF PERSONAL DATA

Sensitive information or special category data is information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics   or genetic characteristics, criminal background or trade union membership (“Special Category Personal Data”).

As a customer, in particular one who accesses our medical information services and/or products, we collect and process some special categories of personal data regarding individuals who are connected to our customers, such as patients and carers.

The collection and processing of Special Category Personal Data is limited to the provision of medical information services and/or products to our customers and in fulfilling our duty with them.

We may also collect and process Special Categories of Personal Data about you, if you are a Candidate or an Employee, in which case a separate Job Applicant Privacy Notice (can be viewed from the career page of our Proveca global website https://www.proveca.com/about/careers/) and an Employee Privacy Notice (from the internal HR Hub) are available.

WHEN DO WE COLLECT AND PROCESS PERSONAL DATA?

We will only use your personal data if we have a proper reason to process it and the law allows us to do so.

We may collect and process personal data in a variety of ways, including when you:

  • Interact with us directly via a telephone call, in-person discussion, networking event, virtual meeting, conference, Proveca app etc.
  • Visit our website or social media channels;
  • Register; attend online or face-to-face one of our events or seminars;
  • Enter into a Health Care Professional (“HCP“) Services Contract with us;
  • Become a prospective customer;
  • Become a client;
  • Apply for work experience or job with us;
  • Become an Employee;
  • Work with us in a business relationship capacity such as a consultant, referrer or similar, supplier or any other third party

FAILING TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law or under the terms of a contract that we have with you, and you fail to provide the data when requested, we may not be able to perform the contract.

In such cases, having exhausted all avenues, we may be unable to start providing services or cancel the services however this will only occur following formal notification with an opportunity to rectify matters.

KEEPING IT ACCURATE

In fulfilling our data protection law commitments, it’s important that the personal data we hold about you is accurate and up to date. As such, please keep us informed of any changes so that we can update our records and maintain our all-important relationship with you.

USE OF COOKIES

A cookie is a small text file which is placed onto your computer (or other electronic devices) when you use our website. It is used to monitor traffic and behaviours on a website.

Our websites use a cookie control system allowing you on each visit to the website to allow or disallow the use of cookies on your computer/device. This complies with recent legislation requirements for websites to obtain explicit consent from users but you can set your browser not to accept cookies if you prefer. For more details about which exact cookies we use on each of our sites, you can find more information on the lower left or lower right corner of each page of our sites.

We use the following types of cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website or make use of services.

Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

If you use your browser settings to block all cookies (including necessary cookies) you may not be able to access all or parts of our website.

Third parties may also use cookies, over which we have no control. To deactivate the use of third-party advertising cookies, you may visit the consumer page to manage the use of these types of cookies.

THIRD PARTY LINKS

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or policies.

When you leave our website, we encourage you to read the Privacy Policy of every website you visit.

REASONS WHY WE USE YOUR PERSONAL DATA AND CONSENT

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data. We will only use your personal data when the law allows us to do so.

Lawful Basis for processing personal data:

We have set our lawful basis for processing of persona data, and we will use your personal data in the following circumstances:

  • Where you have consented before the processing.
  • Where we need to perform a contract, we are about to enter or have entered with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation; and
  • Where there is a substantial public interest in processing information, for the purposes of detecting and preventing crime.

In certain circumstances, we need your personal data to comply with our contractual obligations or to pursue our legitimate interests in a way which might be reasonably expected as part of our running our business. For example, in order to deliver the services to you, we need to use the information you provide us to enable us to provide those services and / or goods ordered.

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

We most commonly use your personal data when we need to perform the contract which we have entered into with you, where we need to comply with a legal or regulatory obligation or where it is necessary for our legitimate business interests (and your interests do not override ours).

If you are a HCP/delegate we may disclose your personal data based on legitimate interest or if you have consented and signed our Disclosure Form as part of your HCP Services Contract we shall make public disclosures of certain personal data in order to comply with the ABPI Code of Practice.

Other than for HCP’s, we do not rely upon consent as a legal basis for processing your Personal Data.

MARKETING

We strive to provide you with choices regarding certain personal information uses, particularly around marketing and advertising.

If you have given your consent to receive marketing emails you can withdraw this at any time, or if we are relying on our legitimate interests to send you marketing, you can object. In either case, just let us know. If you have received a direct marketing email from us and no longer wish to do so, the easiest way to let us know is to click on the unsubscribe link at the bottom of our marketing emails or email us at info@proveca.com .

We may contact you in relation to any similar products or services we have previously supplied. Otherwise, we would rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers via email or text message. You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

We generally do not share your personal data with any other company for marketing purposes but in the unusual event that we do, we will obtain your express consent for this.

DISCLOSURE OF YOUR PERSONAL DATA

The reasons we may share your data with third parties are:

  • if we are under a legal or regulatory duty to do so,
  • if it is necessary to do so to enforce terms and conditions of sale or other contractual rights,
  • it is necessary to provide you with the goods and/ or services requested,
  • to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity,
  • where such disclosure is necessary to protect the safety or security of any persons or property, and/or
  • otherwise as permitted under applicable law.

We may have to share your Personal Data for the purposes of providing our services.

We may share your personal data with any member of our Group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. We will share your personal data within our Group so that we can provide you with the relevant services, which include where you act as a consumer or customer, or where you act in a business capacity as a supplier, retailer or commercial contact.

We will only ever share your personal data with trusted third parties. These include, but this list is not exhaustive;

  • Service and software providers such as Microsoft 365 (CRM), Pension Portals, Fact3, Jenson, ProPharma (PPG), Regenold, etc who act as processors;
  • Professional Advisers acting as processors including lawyers, insurance brokers and insurers, tax specialists, auditors, business consultants, recruitment agents, banks, and accounting services who provide consultancy;
  • HM Revenue & Customs, European Medicines Agency, ABPI (Association of the British Pharmaceutical Industry) and Disclosure UK, Medicines and Healthcare products Regulatory Agency (MHRA), Health Products Regulatory Authority (HPRA), Regulators, Money Laundering Agents and other authorities who require reporting of processing activities;
  • Third Party providers for marketing or event booking services such as Travel Counsellors or similar;

We require all third parties to respect the security of Personal Data and to treat it in accordance with the data protection laws and any other applicable law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process it for the specified purposes and in accordance with our strict instructions.

We seek to ensure that all of our chosen third-party providers are compliant with data protection laws. Our contracts with third parties make it clear that they must hold personal data securely, abide by the principles and provisions of data protection rules, and only use information as we instruct them to.

TRANSFERRING DATA OUTSIDE OF THE UK AND THE EEA

We are based in the UK and throughout Europe and do not transfer your personal data outside of the UK and / or the EEA except where this is necessary for the provision of our services and for any performance of our contract with you. Where we do transfer your personal data outside the country of origin we will make sure that suitable safeguards are in place, by agreeing expressed contractual arrangements, and we have procedures in place to ensure your personal data receives the protections as stipulated by the relevant data protection laws.

For all transfers of your personal data to other jurisdictions, we will ensure that the information is transferred in accordance with this Privacy Policy and as permitted by applicable data protection laws.

DATA SECURITY

Our IT team will take appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We only engage with a provider if they are able to comply with data protection laws and any other applicable laws. Our cloud system such as Microsoft 365  securely hold our data on our cloud providers’ systems.

In addition, our internal controls mean that we limit access to your personal data to those employees, agents, contractors and other third parties on a “need to know” basis. If they process your personal data as part of their role they do so under a duty of confidentiality.

In the event of any suspected or actual data breach we will ensure that correct procedures are followed and will notify you of a breach where relevant.

DATA RETENTION

We will only retain your Personal Data, and that which belongs to individuals connected with our business, for as long as is necessary to fulfil our contract with you or for the purposes of satisfying a commercial and marketing, legal, accounting, medical or regulatory requirement.

We assess retention on a case by case basis however; our minimum periods of retention for retaining personal data are:

  • For the entire period that you are a customer or have a business relationship with us or required to do so by law;
  • For three years after you have ceased being a customer or having had a business relationship with us in which case all personal data will be deleted with the exception of basic information such as client name, services used, main contact name and contact details and any relevant information which we feel may be of mutual benefit in the future;
  • For 6 years plus, current year in the cases of financial or payroll information;
  • For HCP’s 5 years following end of the year in which we last worked with a particular HCP or until the HCP requests that their personal data is deleted, whichever is the sooner. (Note that once disclosed, the ABPI requires that personal information will remain in the public domain for 3 years from the date of disclosure).

In some cases, we may anonymise your personal data so that it can no longer be associated with you, for research or statistical purposes and we may use this information indefinitely without further notice to you.

YOUR LEGAL RIGHTS

The data protection laws provide the following rights for individuals whose personal data is processed:

  1. The right to be informed
  2. The right to object to processing
  3. The right to rectification
  4. The right of access
  5. The right to erasure
  6. The right to restrict processing
  7. The right to data portability
  8. Rights in relation to automated decision making and profiling

Your Right to be Informed
We aim to be transparent within our Privacy Policy and provide you with information about how we use your personal data.

Your Right to Object
|In some circumstances you can stop the processing of your personal data for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Where your details are used for marketing, you can opt out at any time. You are able to unsubscribe from marketing on each contact or you can contact us to object to any processing.

Your Right to Rectification
You have the right to request the correction of your personal data when it is incorrect, out of date or incomplete. If you notify us that the personal data, we hold is complete or inaccurate we will correct or complete the information as soon as possible.

Your Right to Erasure or the Right to be Forgotten
You have the right to request that your personal data be deleted; including if we no longer need it for the purpose we collected it, you withdraw your consent or you object to its processing.

Following your request, we will erase your personal data without undue delay unless the continued retention is necessary and permitted by law. If we make the personal data public, we shall take reasonable steps to inform other data controllers processing about your erasure request.

Your Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data. This can be done in circumstances where we need to verify the accuracy of the information, if you do not wish to have the information erased or you have objected to the processing of the information, and we are considering this request. Once the processing is restricted, we will only continue to process your personal data if you consent, or we have another legal basis for doing so.

Your Right to Access
You have the right to access the personal data we hold about you. Any access request will usually be free of charge and responded to within one month. We will endeavour to provide information in the format requested, but we may charge you a reasonable fee for additional copies.

Your Right to Data Portability
You have the right to receive a copy of your personal data which you gave to us. The copy will be provided in a commonly used and machine-readable format.  You can also have it transmitted directly from us to another data controller, where technically possible.

 The right not to be subject to automated decision making and profiling.
You have the right to not be subject to solely automatic decisions (i.e., decisions that are made about you by computer without any human input) in relation to any processes that have a legal or similarly significant effect on you.

We do not carry out automated decision making and profiling. You will be notified if we make a solely automated decision which produces a legal effect or significantly affects you.

When you request to exercise your rights
You will not have to pay a fee to exercise any of the rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded or excessive, including where requests are repetitive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

How can we help?
If you have any questions that haven’t been covered, or would like us to address any complaints, questions, comments or requests regarding this privacy policy please contact us.

For further information on data protection please visit the Information Commissioner Office (ICO) website.

The Information Commissioner Office regulates data protection. If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal information, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113 or visit the website.

CHANGES TO THIS PRIVACY POLICY

We may change this privacy policy from time to time and we will do all we can to ensure continued compliance with the data protection laws.  You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access this website or use our services.

 

This is our global website, intended for visitors seeking information on Proveca's worldwide business. Our country sites can be reached by the selection bar in the top right hand corner.