PRIVACY POLICY

Introduction

TMC Pharma Services Ltd and TMC Pharma (EU), (collectively TMC) are specialists in supporting Pharmaceutical Development through a full range of expert pharma/biotech services. We are committed to the highest data privacy standards, confidentiality and adherence with the EU & UK General Data Protection Regulations (GDPR)/Data Protection Act 2018.

TMC Pharma Services Ltd and TMC Pharma (EU) will operate as Joint Data Controllers of your personal data and have registered, as required, with the applicable national Supervisory Authorities for data protection.

TMC have appointed a Data Protection Officer who monitors and advises on our ongoing adherence with applicable laws.

Your Privacy

We adopt the six core principles of data protection law which are:

  1. Lawfulness, fairness and transparencywe process personal data lawfully, fairly and in a transparent manner in relation to you, the data subject.
  2. Purpose limitationwe only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.
  3. Data minimisationwe ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.
  4. Accuracywe take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.
  5. Storage limitationwe delete personal data when we no longer need it. Whilst the timescales in most cases aren’t set, we outline our retention strategy within this Privacy Notice.
  6. Integrity and confidentialitywe keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. 

Collection of your Personal Data

We collect your personal information via:

  • Disclosure directly from you or, in some cases, someone you have nominated.
  • Your employers.

This notice does not cover Personal Data which you have provided to other organisations or agencies who have shared it with us. In this case you should refer to that organisation’s Privacy Information but be assured that we will be under a contractual obligation with them, to protect your data.

Categories and Type of Personal Data Collected and processed.

We will collect your personal data where required, relevant to the type of engagement we have with you. This might be via our website, online portal, e-mail, post, telephone, or face to face engagement.

This might include:

  • Name
  • Address/Work Address
  • Telephone number(s)
  • email address(es)
  • Age
  • If you visit our offices, we will capture images of you on our CCTV system

We treat all personal data as confidential but acknowledge that we also may process special category data, such as medical or health information.

Sharing of Personal Data

Your personal data will only be shared with TMC employees or associates, if they are required to manage and administer our relationship with you or assist in providing you with support or information.

We use the services of a number of organisations who maintain and manage our IT infrastructure and facilities. Whilst these organisations aren’t permitted to use your data, they are able to access systems in which it is stored. Their access is restricted and controlled by us, and they are contractually bound to strict confidentiality.

Any commercial third party with whom we share your personal data will be viewed as a Data Processor and will only be allowed access under the provisions of a Data Processing Agreement. There may also be legal obligations under which we have to share data as requested by nationally recognised regulators or authorities.

Sharing your personal data as described above may involve transferring it to countries, including countries outside of the UK and EU/EEA, whose data protection and privacy laws may not be equivalent to, or as protective as, those that exist in your country of residence. To ensure an adequate level of data protection is provided, transfers will be done in compliance with the international data transfer restrictions that apply under data protection laws, including, where appropriate, through the use of standard contractual clauses for international transfers.

We may choose to sell, transfer or merge parts of our business. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.

Securing and Processing of your Personal Data

Your data is stored primarily within our secure network server, which has appropriate security measures in place to protect it from unauthorised access, alteration, loss or misuse.

We have also implemented appropriate data protection policies and procedures to ensure all staff maintain the confidentiality of your data.

Whilst your data is primarily stored and shared within the UK, where it is provided under contract to clients, it may be stored and processed outside of the UK or EEA.

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we will inform the data protection supervisory authority if there is a risk to your rights and freedoms. If the loss or unauthorised access of your data has potential to cause you harm we will inform you immediately.

Our legal basis for processing your personal data  

Our legal basis for the processing of your Personal Data, will depend on the nature of your engagement with us.

In general, you will have provided your personal data to us and the processing of that data will be primarily on the basis of contract or your or our legitimate interests.

How long do we keep your personal data for

Your Data will be kept as long as it is required and no longer than is necessary for the purposes for which the personal data are collected. We may need to keep some information for longer periods to meet applicable legal requirements.

You may contact us if you require further information about specific retention of your personal data.

Your rights in relation to personal data

Under the EU/UK, you have the following rights:

  • The right to be informed
  • The right of access your personal data
  • The right to rectification of inaccurate or incomplete information
  • The right to erasure in certain circumstances
  • The right to restrict processing where the data is inaccurate or you object to the reason we are processing your data.
  • The right to data portability
  • The right to object
  • Rights related to automated decision-making including profiling

You can exercise your rights by emailing our Data Protection Officer on tmcpharmadpo@clinicaldpo.com

If you have any concerns about how we handle your personal data, or if you would like to make a complaint, you have the right to do so.

We take data protection seriously and are committed to addressing your concerns promptly and transparently.

How to Raise a Complaint

You can raise a complaint by contacting our Information Governance Lead or our Data Protection Officer at:

            Phone number: +44 2034112848

            Email: tmcpharmadpo@clinicaldpo.com 

Please include the following (if possible):

  • Your name and contact information,
  • A description of your concern or the data protection issue,
  • Any relevant supporting information.

What Happens Next

  • We will acknowledge your complaint within 30 days.
  • We aim to respond fully and resolve the matter without undue delay.
  • If your issue requires more time or clarification, we will keep you informed throughout.

Your Right to Complain to the Supervisory Authority

If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the law, you can contact:

TMC Pharma Services Ltd (UK)

The UK Information Commissioner’s Office (ICO):

              Website: https://ico.org.uk/make-a-complaint/

              Phone: 0303 123 1113

              Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

TMC Pharma (EU)

The Irish Data Protection Commission:

              Website: https://www.dataprotection.ie/en/individuals/exercising-your-rights/raising-concern-commission

              Address: 6 Pembroke Row, Dublin 2, D02 X963, Ireland

Cookies 

“Cookies” are text files that a website can send to your device through your browser, which is then used to identify your device by the website. Cookies can be both “session level” (stored only for until you close your web browser), which help you efficiently navigate our web-based sites during a visit, and “persistent” (stored for a longer period, even after you close your browser), which remember relevant information such as your language preference. TMC may use both session level and persistent cookies.

The information gathered by some cookies will provide analytical information to us about your browsing of our site, IP Address and general location.

Our website provides a Cookie Policy which provides details about the types of Cookies in use and also options for setting preferences for the types of Cookies which you are comfortable to allow.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.