1.0 Our commitment to your privacy
This Privacy and Cookies Policy outlines QC Medica LLP ("we", "our", "the Company" or "QC Medica") practices with respect to information collected from users who access our website at www.qcmedica.com ("Site") or otherwise share personal information with us (collectively: "Users"). QC Medica is committed to protecting and respecting your privacy. We take our responsibilities regarding the security of information that we have collected seriously. This privacy policy sets out how we use and protect the information that you provide to us. Please read this policy carefully. If you have any questions, please contact
info@QCMedica.com
In this policy QC Medica is the controller for the personal data.
This Privacy Policy provides information on:
• how we use your personal data;
• types of personal data we collect;
• sources of your personal information;
• legal grounds for processing your personal data;
• sharing your personal data;
• retention of personal data;
• how we use Cookies and other tracking technology;
• our policy on correcting and updating personal data;
• making a complaint about our handling of your personal data.
It also includes specific information for exercising your rights under the:
• General Data Protection Regulation (GDPR) (see Your data protection rights);
2.0 People who have contacted us with a request for information
2.1 How we use your information?
If you have requested information from QC Medica, we will collect and process the personal data that you provide in order to respond to your request. Unless you consent to the contrary, we shall only use your personal data to provide the information you have requested.
We may collect some or all of the following personal data (this may vary according to your relationship with us):
• Name
• Address
• Email address
• Telephone number
• Business name
• Job title
• Profession
• IP Address
We will process your personal information where there is a legitimate interest in us doing so, if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights). For example, if you are requesting information about a company or a service from QC Medica then we may pass your personal data onto another member of the partnership to enable them to appropriately respond to your request. Again, unless you consent to the contrary, that member shall only use your personal data to provide the information you have requested.
2.2 If you apply to work with us?
Our Recruitment Privacy Notice explains how and why we use your personal data, including how long we keep it and who we share it with. Please contact careers@qcmedica.com for more information.
2.3 If you are employed by us
Our Workplace Privacy Notice explains how and why we use your personal data, including how long we keep it and who we share it with. You will be given the Workplace Privacy Notice if you are offered employment by us.
2.4 Commercial communications
We obtain information directly from you, via normal business channels such as email, telephone, video conferencing etc. and in person, for example at conferences and events. Personal data is required to allow QC Medica to provide our services to our clients. We will not share your personal information with any third parties save with your permission or required or allowed by law, for example, to obtain legal advice. If you have contacted us, then we shall rely on our legitimate interests to record your information. If we wish to record any sensitive information about you, for example, about your dietary requirements, then we will have to have a legal reason to do so, or ask for your explicit consent. If we are in negotiation with you for goods or services then we shall rely upon contractual obligations to process the information, as we will either have a contract in place, or be in negotiations to enter into one.
2.5 Business contacts, marketing & administration
If you are a business contact, we will ask you if you would like to receive regular communications from us, and we shall do this in accordance with any guidelines concerning the data protection or ePrivacy (electronic marketing) regulations. You can change your preferences at any time, and if you ask us to stop communicating with you, we shall action this request immediately. QC Medica needs to manage the business for example, processing invoices, entering into contracts and to do that we rely on our legitimate interests, legal obligations and fulfilment of our contractual obligations. We may use your personal information to obtain legal advice or if it is necessary to defend a legal claim or pursue a bad debt, and we may have to pass your information to public authorities and organisations where the law requires us to do so. To ensure that emails and ICT networks have not been compromised we will monitor network traffic and may process personal data as a result of this monitoring.
2.6 Email Marketing
QC Medica stay in touch with our clients and prospects using email and to do this we use an email broadcast company. Emails will either be fully opted-in by the subscriber, or we shall be relying on the soft-opt-in rule within the e-Privacy legislation. Within our emails we utilise web beacon technology, sometimes called pixels, which allows us to see whether the email was delivered, which links were clicked and so on. This is to help us offer a better, more relevant service. The only information collected will be IP address, date/time, general location and device details. We never share this information or any of your details with third parties.
2.7 People who participate in our market research, health outcomes or observational research projects
2.7.1 How we use your personal data:
QC Medica and its suppliers use your personal data for conducting market research, health outcomes or observational research projects (‘research’) either as QC Medica or on behalf of our clients. We use your personal data for the following purposes:
• Performance of research and analysis either as QC Medica or on behalf of our clients;
• Monitoring and keeping records of communications between you and QC Medica staff;
• Compliance with our contracts with our clients;
• Sharing of information, as needed, with translators, analysts, data processing companies, fieldwork agencies;
• Adherence and compliance with legal and regulatory obligations, requirements and guidance.
2.7.2 Types of personal data we collect:
The nature of the personal data collected about you will depend on your relationship with QC Medica and the type of work we conduct. QC Medica typically uses a network of fieldwork partners and clinical sites to recruit participants to participate in a research project and conduct interviews. (‘fieldwork partner’). Please read the fieldwork partner’s privacy policy for further information about the data that they collect and what it is used for. Typically, the fieldwork partner assigns a respondent identifier to minimise the personal data collected by QC Medica. Types of personal data that maybe collected include:
• Respondent identifier assigned by the fieldwork partner;
• Information submitted by you during a research interview or when completing a paper or internet questionnaire. This may include information on age, gender, nationality, health data: including, for example, disease specific experience or drug purchasing/prescribing history, Adverse Events;
• System access information, such as usernames, passwords and other personally identifiable information;
• Your bank account details;
• Remuneration, including honoraria/fees for service and expenses payment in relation to your participation in, and contribution to, programmes and services;
• Your contact details, such as title, name, email address, mobile/telephone number and company information such as job title/role, office location, mobile/telephone number.
2.7.3 Sources of your personal information:
Most of the personal information QC Medica processes is provided directly by you, or by the fieldwork partner. Sometime the sponsoring client may provide a list of names for the purposes of contacting potential respondents. QC Medica will follow the client’s instruction on processing the personal data but will ensure that the personal data is processed according to data protection legislation including assurance that the list of names can be legitimately used for the intended research purpose.
2.7.4 Legal grounds for processing your personal data:
Under data protection legislation, there are various grounds on which we can rely when processing your personal data. In some contexts, more than one ground applies. Typically, for research QC Medica relies on Legitimate Interests and Consent. QC Medica may also be required to use your personal data to comply with its legal obligation.
2.7.5 Consent:
To process your personal data, we obtain your explicit consent. This means that before we collect any information from you, we ensure that you are provided with full details about the purpose and nature of the project and what will happen to the information we collect.
2.7.6 Withdrawal of your consent:
If we have relied on consent as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent. See section Your data protection rights.
2.7.7 Legitimate interests:
Examples of personal data that maybe processed using legitimate interests:
• Maintaining records relating to your participation in research projects;
• Adhering to legislation, governmental and regulatory bodies guidance. Adhering to good governance requirements, such as internal reporting and compliance requirements;
• Audit requirements;
• Monitoring and keeping records of communications between you, the fieldwork partner and QC Medica staff.
2.7.8 Sharing your personal data:
In some cases, we may need to share personal information with third parties that provide research services in support of the research project e.g. translators, analysts, data processing companies, fieldwork agencies. Any third party that receives personal information is obligated to follow all the same privacy protection regulations as followed by QC Medica.
2.7.9 Retention of personal data:
QC Medica will not retain your personal information for longer than is necessary. At the end of the research project QC Medica redact (remove) the personal data no longer required for the project. This means that most of the personal data collected during the research project is deleted and there is minimal personal data retained by QC Medica.
2.8 People who engage in our medical communications, medical education and publication programmes
2.8.1 How we use your personal data:
QC Medica and its suppliers use your personal data for running medical communications, medical education and publication programmes (‘programmes’) either as QC Medica or on behalf of our clients. We use your personal data for the following purposes:
• Booking travel and providing other logistical support on your behalf when participating in, or providing services related to programmes;
• Monitoring and keeping records of communications between you and QC Medica staff;
• Evaluation of medical experts both for QC Medica and our clients whom we support to deliver medical communication programmes;
• Sharing of information, as needed, with our clients and suppliers;
• Contacting your nominated contact in event of an emergency;
• Compliance with our contracts with our clients;
• Adherence to legal and regulatory obligations, requirements and guidance.
2.8.2 Types of personal data we collect:
The nature of the personal data collected about you will depend on your relationship with QC Medica and the type of work we conduct, but may include the following:
• Your contact details, such as title, name, email address, mobile/telephone number and company information such as job title/role, office location, mobile/telephone number;
• Records of communications with you and other parties e.g. telephone calls, on-line meetings, emails, chat or text messages;
• Information supplied by you, your colleagues, our client or third parties, such as academic, career history, medical background, clinical practice, field of research, practice and other professional specialism information;
• Your participation in, or provision of services related to programmes that may be required to be put on public record;
• Remuneration, including honoraria/fees for service and expenses payment in relation to your participation in, and contribution to, programmes and services;
• Relevant activities associated with the work we undertake, on social media and other publicly available digital channels, used as part of services and business activities we undertake for or that which is necessary as part of our wider business engagement;
• System access information, such as usernames, passwords and other personally identifiable information that would allow QC Medica to access IT systems and/or operate on your behalf when nominated to do so by you.
We may with your consent, also retain the following:
• Your date of birth, age, gender;
• Your nationality;
• Your bank account details;
• Details of nominated contacts, such as next of kin.
2.8.3 Sources of your personal information:
Most of the personal information QC Medica processes is provided directly by you and by your administrative support staff. For example, you tell us your contact details and banking details. We may also obtain your personal data from our clients where we are running a programme or service on their behalf.
2.8.4 Legal grounds for processing your personal data:
Under data protection legislation, there are various grounds on which we can rely when processing your personal data. In some contexts, more than one ground applies. Typically, for our programmes we rely on Contract, Legitimate Interests and Consent. QC Medica may also be required to use your personal data to comply with its legal obligation.
2.8.5 Legitimate interests:
Examples of personal data that maybe processed using legitimate interests:
• Maintaining records relating to your participation in programmes;
• Adhering to legislation, government and regulatory bodies guidance and compliance requirements;
• Audit requirements;
• Tracking and record-keeping of communications between you and QC Medica staff.
2.8.6 Contract:
Example of personal data that maybe processed using the performance of a contract:
• The processing is necessary for the execution of a contract in which you are a party. The contract maybe with you and QC Medica or you and our client.
2.8.7 Consent:
Example of personal data that maybe processed where you have given specific consent to the processing of your data.
• Retaining your contact details and company information for potential future projects.
2.8.8 Withdrawal of your consent:
If we have relied on consent as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent. See section Your data protection rights.
2.8.9 Sharing your personal data:
QC Medica may share information with the following third parties when running programmes:
• Clients of QC Medica;
• Suppliers and agents, such as travel agents;
• Regulatory organisations.
2.8.10 How long do we keep your personal data for?
QC Medica will not retain your personal information for longer than is necessary. The period for which we keep your personal data will be determined by several criteria, including the purposes for which we are using the information, the amount and sensitivity of the information, the potential risk from any unauthorised use or disclosure of the information, and our legal and regulatory obligations. Typically, to comply with our legal and regulatory obligations we will retain your personal data for up to 10 years.
3.0 If you use our website
When you visit our QC Medica website, we automatically use some cookies that are strictly necessary to provide our services to you and allow the website to operate; for all other cookies we need your consent. This is why when you first logged onto our website you were asked for your permission to append these non- essential cookies such as Google Analytics/Click Dimensions. We do not make any attempt to find out the identities of those visiting our websites. We will not associate any data gathered from these sites with any personally identifying information from any source. If we do want to collect personally identifiable information through our websites, we will ask your permission and explain what we intend to do with it. Appropriate security measures are in place, in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from our websites.
3.1 Reason for using Cookies
Like most websites we use ‘cookies’ to collect anonymous statistics about how people use the site, and to help us keep it relevant for the user. Cookies ‘remember’ bits of information from your visit to the site. to tell us how many people have visited each web page, how they got there, and where they navigate from there. The data collected is completely anonymous and does not store any personal details. A cookie is a simple text file that’s stored on your computer or mobile device by a website’s server. Only that server can retrieve or read the contents of that cookie. Each cookie is unique to your web browser. So, if we put a cookie on your computer, it can’t be read by any other website. If you don’t want your web visits to be tracked for statistical purposes like this, you can disable the cookies from the cookie banner that is displayed when you first log onto our website or by clicking the cookie tab. You can also set your computer to block cookies at any time. The way in which you do this depends upon the web browser which you use. Go to http://www.allaboutcookies.org/
to find out more.
4.0 How long do we keep your personal data for?
We are required by law to keep your personal data only for as long as is necessary for the purposes for which we are using it. The period for which we keep your personal data will be determined by several criteria, including the purposes for which we are using the information, the amount and sensitivity of the information, the potential risk from any unauthorised use or disclosure of the information, and our legal and regulatory obligations. We keep a backup of our data to restore the original data after a data loss event. When we delete your personal data, it will be deleted from the live storage immediately but there will be a delay before it is removed from the backup data.
5.0 Who do we share your information with?
We use selected agents to process your information on our behalf, such as software providers to host our website. Such third parties will be authorised to see and use your information but only to fulfil their contractual obligations to us and will not be permitted to use it for any other purpose. We retain full responsibility for how your personal information may be used by such agents. The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff of QC Medica who are operating outside the EEA. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
We may share your personal information so that we can comply with a legal obligation to which we are subject. For example: where we are obliged to share your personal information with regulatory bodies which govern our work and services; government departments such as law enforcement and HMRC; court orders etc. We will process your personal information where there is a legitimate interest in us doing so if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights). For example, if you are requesting information about a company or a service from a member of QC Medica, then we may pass your personal data onto another member of the group to enable them to appropriately respond to your request. Again, unless you consent to the contrary, that member shall only use your personal data to provide the information you have requested. We may share your data when conducting research, running programmes, if you apply to work with us and if you are employed by us. See the relevant sections in this privacy policy. QC Medica does not sell, trade or rent your personal information.
6.0 Transfers of personal data outside the EEA
In connection with our business and for employment, administrative, management and legal purposes, we may transfer your personal data outside the EEA to members of our group and processors in the United States and on occasion other jurisdictions in which we are established. We will ensure that the transfer is lawful and that there are appropriate security arrangements. Where we need to transfer your information outside of the European Economic Area, we only do so to countries which have been determined by the European Commission to have an adequate level of data protection or by using a variety of legal mechanisms, including Standard Contractual Clauses approved by the European Commission, to help ensure your rights and protections.
7.0 How we protect your information?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. To protect your personal data QC Medica employ:
• technical measures, including but not limited to, robust network security, firewalls, anti-virus protection, regular internal and external oversight and inspection, including penetration testing, access controls, audit trails, encryption of devices and data both whilst at rest and during any transmission to and from third parties in order to keep your personal data secure.
• organisational measures including, but not limited to, training of all individuals who process personal data in data protection and information governance, the creation of and adherence to appropriate policies and procedures.
8.0 Your data protection rights
You have specific rights connected to provision of your personal information to QC Medica LLP, although in some cases these rights are subject to certain conditions and limitations. To exercise any of these rights please contact us using the contact details in section.
8.1 Right to be informed
You have the right to be told how your personal information is/will be used. This Privacy Policy and our Recruitment and Workplace Privacy notices are intended to provide a clear and transparent description of how your personal data may be used.
8.2 Right of access to your information
You can request a copy of the information held relating to you. Please ensure that you include your name and clear instructions on what you would like us to do. If you require us to supply you with details of the personal information that we hold about you, then we will provide this information free of charge and we will provide this information to you within one month of your request unless the request is complex or is numerous requests. If this is the case, we will inform you within one month of your request about the reason for the extension of time.
8.3 Right of erasure (right to be forgotten)
You have the right to have your personally identifiable data deleted.
8.4 Right of rectification
If you believe the records that QC Medica keep are inaccurate, you have the right to ask for these to be updated.
8.5 Opt-out of marketing communications
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. You can also opt- out of other forms of marketing (such as postal marketing or telemarketing), by contacting us.
8.6 Withdraw your consent
If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. Please contact us using the email address below if you have any queries relating to consent.
9.0 Complaints
If you have complaints relating to our processing of your personal data, you should raise these with the QC Medica compliance department; see section Contact details or you can raise directly with the relevant supervisory authority. In the UK: Information Commissioner’s Office (ICO). They can be contacted via their website https://ico.org.uk/
10.0 Contact details
ATTN: Compliance Department, QC Medica, 6 Middlethorpe Business Park, Sim Balk Lane, Bishopthorpe, York, YO23 2BD, UK