1. Information we collect
Device Data: We may also collect data about the device you’re using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.
We may also ask for:
- Identity Data: includes full name, employment, role and location, as well as how you heard about Healx;
- Contact Data: includes email, telephone, social media preferences and account details;
- Participation Data: includes details of any relevant involvement you may have with any of our research, trials or studies and personal data you may disclose to us for the furtherance of such activities; and
- KOL Data: includes details of key opinion leaders, name, role, contact details and areas (and extent) of expertise.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2. Legal bases for processing
We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have an appropriate lawful basis for doing so. These lawful bases depend on the services you use and how you use them, meaning we collect and use your information where:
- it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us);
- it’s necessary for our legitimate business interests (and is not disproportionate to your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests;
- you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter);
- where the processing is necessary for the substantial public interest (typically for the prevention or detection of crime or the establishment, defence or furthering of legal claims); or
- we need to process your data to comply with a legal obligation.
Where you consent to our use of information about you for a specific purpose, you have the right to withdraw your consent at any time (but this will not affect any processing that has already taken place). Please note that if you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you are under 18 years of age, you must have, and warrant to the extent permitted by law to us, that you have your parent or legal guardian’s permission to access and use the website and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this website or the products and/or services offered on or through it.
We don’t keep personal information for longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. While we retain personal information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security.
If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.
3. Collection and use of information
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact, Participation and key opinion leader (KOL) Data from you by filling in forms or by your corresponding with us by post, phone, email or otherwise. This includes personal data you provide when signing up to one of our programmes, such as the Rare Treatment Accelerator.
- Automated technologies or interactions. As you interact with our website, we will automatically collect Log and Device Data about your equipment, browsing actions and patterns. We collect this data by using cookies and similar technologies.
- Indirect interactions. If you are a key opinion leader (KOL Data) or a colleague of an individual who submits an application to one of our collaboration programmes or studies (Name, Contact and/or Participation Data), then we may collect personal information indirectly about you.
We may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes:
- to enable you to customise or personalise your experience of our website (necessary for our legitimate business interests);
- to contact and communicate with you (performance of a contract with you; necessary for our legitimate business interests; or with your consent depending on the channel of communication);
- for internal record keeping and administrative purposes (necessary for our legitimate business interests; necessary to comply with a legal obligation);
- to enable you to take part in, and make a decision on your suitability for, a programme or project we are hosting, such as the Rare Treatment Accelerator or to gather feedback during or after such programme(s) (performance of a contract with you; necessary for our legitimate business interests) ;
- where otherwise legally required or necessary in the substantial public interest; and
- for analytics, market research and business development, including to operate and improve our website, associated applications and associated social media platforms (necessary for our legitimate business interests).
4. Disclosure of personal information to third parties
We may disclose personal information to third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators.
5. International transfers of personal information
The personal information we collect is stored and processed where we or our partners, affiliates and third-party providers maintain facilities. We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
Where we transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to the ones in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction and this might mean that you will not be able to seek redress under our jurisdiction’s privacy laws.
6. Your rights and controlling your personal information
Where our processing of your personal data is based on your consent (see Personal data purposes table below), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know.
Where our processing of your personal data is based on the legitimate interests lawful basis, you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim. Where we are processing your personal data for direct marketing purposes, you have the right to object to that processing.
Depending on the circumstances, you may have the right to:
- access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the recipients or categories of recipients to whom it is disclosed and the period for which it will be stored;
- require us to correct any inaccuracies in your personal data without undue delay;
- require us to erase your personal data;
- require us to restrict the processing of your personal data;
- receive the personal data which you have provided to us, in a machine-readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated; and
- object to a decision that we make which is based solely on automated processing of your personal data. Please contact our data protection manager using the details at the end of this notice if you wish to exercise any of these rights.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
10. Limits of our policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
11. Changes to this policy
Healx Data Protection Manager
This policy was last updated on the 16 December 2019