ICR UK Limited trading as International Medical Information (referred to as IMI in this document) is the data controller and we are responsible for your data.
You may contact us by emailing email@example.com. ICR UK Limited is a company registered in the UK, registration number 05894351.
Our registered office address is ICR UK Limited, 2nd Floor, Nucleus House, 2 Lower Mortlake Road, Richmond, Surrey, TW9 2JA.
ICR UK Limited is registered with the Information Commissioner’s Office (ICO), the UK regulatory body for data protection in the UK. You have the right to contact them in regard to any issues relating to the use of your data.
Should you have any questions about how IMI processes your data, please email us at firstname.lastname@example.org, and one of our team will respond to you within a minimum of five working days, unless there are excessive, unreasonable or highly complex requests. In this instance we will contact you accordingly.
We would like to ensure that the information we hold about you is accurate and up-to-date, to ensure that we only use your data for relevant purposes.
In the context of GDPR legislation, we do not collect any Sensitive Data. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
HOW WE USE DATA
The information on our Health Care Professionals database is used within the lawful bases of CONSENT and LEGITIMATE INTEREST. By subscribing, you confirm that you are happy for us to send you information on this basis providing it falls within categories to which you have subscribed or expressed a specific interest.
You have the right to withdraw your consent at any time either by using the UNSUBSCRIBE link at the bottom of all our digital publication emails, or by emailing us at email@example.com.
PURPOSES FOR PROCESSING YOUR DATA
Please see below the ways in which we may use your data and the lawful bases on which we will process the data.
To register you as a new subscriber
To send you emails/digital publications about medical/pharmaceutical developments, updates, services, etc.
These may include:
To manage our relationship with you which may include:
Contract (depending on subscriber), Consent, Legitimate Interest
For data analysis and to gauge the success of our own and our clients’ campaigns, provide statistical reporting and understand regional and specialism demographics in the medical field.
(Please note that for this Purpose, we use statistical data only, and not individual record entries.)
Legitimate Interest in running our business. Contract for providing statistical data to our clients.
To use data analytics to develop our business, continually improve our products and services and effectively manage our customer relationships.
Legitimate Interest to continually refine our services and develop new business initiatives.
DISCLOSURE OF YOUR DATA
We do not share or sell our database to third parties. All digital emails and publications sent to you on behalf of pharmaceutical and/or medical organisations are sent by us using content provided by the organisation. These organisations have no access to, nor will be sent, any personal data.
We do use IT system providers in order to deliver our services and appropriate audit measures to ensure that providers comply with GDPR legislation, and have appropriate security and data confidentiality measures in place.
We currently do not transfer or use any Data Processors outside of the European Economic Area, however, in the instance that we should do so, we will ensure that relevant safeguards are implemented in line with the guidance provided by the European Commission.
If we use providers in the United States, we will request evidence that they are part of the EU-US Privacy Shield which requires similar protection to GDPR.
IMI has implemented technical and procedural measures to protect your data. This includes standard operating procedures respected and insisted upon for our staff, third party IT platform providers and any contractors that may require access to our database in order to fulfil their duties. They will only access and process your data in accordance with our instructions and are subject to our confidentiality agreement.
In the unlikely event of a data breach, we have a standard procedure in place and will advise you and the relevant authority where we are legally required to do so.
HOW LONG WILL WE HOLD DATA
Your data will be held only for as long as is appropriate, required and is legally permitted.
We will send you an email once per year to request that you review and update your details and preferences, and to remind you about your right to opt out of our publications. We will include an unsubscribe link within this communication.
You can, of course, unsubscribe at any time by using the link at the bottom of all our emails and publications, or by emailing firstname.lastname@example.org.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes.
You have a legal right to the following:
Further information about your rights can be found at www.ico.org.uk.
Unsubscribe requests will be actioned immediately if submitted via the unsubscribe link. Email requests will be actioned within a maximum of 10 working days. If there is any reason that this is likely to take longer, we will notify you and keep you updated. We may request additional information to speed up our respons