Introduction

The following statement explains our policy regarding the personal information Britannia Pharmaceuticals Ltd (“Britannia” or “we”) collect about you.

Protection of your privacy is very important to us; this is why we process your personal data in accordance with all relevant legal requirements.

Personal Data

Personal data means any information that relates to you and can be used to identify you as an individual whether directly or indirectly, including your name and e-mail-address. This policy sets out:

  • Your rights;
  • What personal data we hold and why we process it;
  • The legal grounds which allow us to process your personal data;
  • Where the data comes from, who gets to see it and how long we keep it;
  • How to access your personal data and other rights that you have; and
  • How to contact

Individual Rights

According to Articles 13 and 14 and the provisions of UK General Data Protection Regulation (the “UK GDPR”), you can exercise the following rights:

  • Right to access –you are entitled to receive a copy of all personal data we hold about you. Please send any requests for access to your personal data to Britannia Pharmaceuticals Limited, 200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GP or at [email protected].
  • Right to data portability – you are entitled to receive the personal data that you have provided to us in a structured, commonly used and machine-readable manner. You have the right to receive your personal data in an easily transferable format. Wherever reasonably possible, Britannia will provide your data in such way.
  • Right to rectification – you are entitled to request that we correct any inaccurate personal data we hold about you
  • Right to be informedyou have the right to be informed about the collection and use of your personal data.

If you believe, and we agree, that any information we hold about you is inaccurate, we will correct and rectify it and where practicable, destroy the inaccurate information. If we do not agree or feel unable to decide whether the information is inaccurate, we will make a note of the alleged error and keep this on file.

  • Right to restriction of processing– If the processing of your personal data is based on your consent, you always have the right to object or withdraw your consent with effect for the future. The lawfulness of the processing based on your consent until you withdraw your consent remains unaffected.
  • Right to erasure (“right to be forgotten”) – you have the right to require us to remove all personal data we hold about you where you withdraw your consent to the processing and there is no overriding obligation on us to process your personal data; or your personal data is being unlawfully processed. However, where we have a legal obligation to retain data by the Medicines and Healthcare products Regulatory Agency and the General Medical Council, we will continue to do so.
  • Right to object – you have a right to object to your personal data being processed in certain circumstances.
  • Rights related to automated decision making, including profiling – you have the right not to be subject to solely automated decisions, including profiling, which may have a legal or similarly significant effect on you.

In order to exercise any of the rights mentioned above, you can contact us at Britannia Pharmaceuticals Limited, 200 Longwater Avenue, Green Park, Reading, Berkshire RG2 6GP or alternatively at [email protected].

Additionally, you have the right to lodge a complaint with the regulator, the Information Commissioner’s Office (the “ICO”), if you are not happy with the manner in which we process your data. Further information about the ICO and what they can do for you can be found at https://ico.org.uk/.

Collection and Processing of Personal Data

We process the following personal data for the following purposes:

Data from business partners / customer data / supplier data

This encompasses any data from customers or business partners processed in the course of a business relationship with us. This applies in particular to the following personal data: contact details of our business partners (name, position, business contact details, e-mail address, telephone and fax numbers and information about the business relationship).

We process this data for the purposes of conducting the business relationship, concluding contracts, processing orders, carrying out analyses and evaluations. This processing is carried out on the basis of Article 6(1)(f) of the GDPR. If the basis for the processing is a legitimate interest within the meaning of Article 6(1)(f) of the GDPR, our legitimate interest lies in responding to enquiries and conducting business contact relationships. The provision of your personal data is required for the business relationship. This means that if you decide not to provide us with your personal data, it is not possible to conduct the business relationship.

In order to inform and advise you, we keep and maintain your contact data and information about your specialisations with the help of Actis, who are situated at Courtyard Barns, Choke Ln, Maidenhead SL6 6PT. This will be information as provided by you, as well as confirmation of what information you would like to receive from us, and also the manner in which you would like us to contact you, via your explicit consent. This processing is carried out on the basis of the “balancing of interests clause” of the GDPR, but also on the basis of ‘Consent’. In addition to this, we may have received your personal data from publicly accessible sources on the Internet.

We transfer your personal data to the following categories of recipients: service providers and/or any company within the STADA group (to which we belong) as required to reasonably carry on our business and process your request. This may include STADA Arzneimittel AG (STADA) companies in Germany and in other countries. Categories of external service providers may be: IT service providers, waste disposal service providers, shipping services, auditors, consultants or authorities. In some cases both the STADA companies and potential service providers that we may transfer your personal data to may be located outside the UK and EU.

Data from Patients

Our nurse support team processes the personal data and sensitive personal data of patients they support. This includes the following personal data: the patient’s name, gender, date of birth and address, their healthcare professional’s details and locations involved in their care (e.g. consultant), hospital, medical history and any adverse events, and details of product therapy, including full dosage history.

We process this data in order to support patients using our products. The nurse support team processes this data for the purpose of treatment, support and follow-up visits. Furthermore, the data may be used to conduct business analyses, for instance effective management of the nurse team. This processing is based on Article 6(1)(c) of the GDPR as we, and our nurses, are required by the Medicines and Healthcare products Regulatory Agency and the General Medical Council to process and retain this data.

Participation in the support program is not mandatory. This means that you are not obligated to provide us with your personal data. If you decide not to provide us with your personal data, our nurse support team will not be able to assist you.

The nurse support team is also supported by external nurses which are provided by IQVIA IES UK Limited, 500 Brook Drive, Green Park, Reading, Berkshire, RG2 6UU (“IQVIA”), with whom we have adequate and the necessary contractual and GDPR compliant documentation in place. The nurses use a secure Customer Relation Management system (CRM) database.

Additionally, our customer services department may also collect personal data directly from patients who need assistance with our products. The customer services team may also have a limited view of the information on the nurses and customer services database to allow Britannia to send you any equipment or replacement equipment that may be needed.

Your data is processed mainly in the United Kingdom. However, it may also be possible for foreign affiliated companies to access the data (whether or not located in the EU), for example for the purposes of maintaining our IT systems. Please also refer to section below on Reporting Side Effects.

Sales departments, in particular field sales force

Our sales departments process the personal data of pharmacists and doctors that is required to perform its tasks. This includes in particular the following personal data: data on doctors and pharmacists and, if applicable, their employees who are contacted and visited by the field staff (name, position, business contact information, e-mail address, telephone and fax number), or who are contacted by the sales department. The relevant members of the sales and marketing Team, will store any telephone numbers that are provided in the sales database by you, in their mobile phone device, as a method of your contact preference (if chosen).

We process this data in order to sell our products and to maintain the data in our CRM systems. The field sales force processes this data for the purpose of notification, execution and follow-up of field service visits. Furthermore, the data may be used to conduct business analyses, for instance analysis of sales figures, trends, etc. This processing is based on Article 6(1)(f) of the UK GDPR. If the basis for the processing is legitimate interests within the meaning of Article 6(1)(f) of the UK GDPR, our legitimate interest lies in optimising sales processes and marketing campaigns.

If data is collected directly: providing your personal data is not a legal or contractual requirement. This means that you are not obliged to provide us with your personal data. If you decide not to provide us with your personal data, the sales department will not be able to contact you.

We transfer your personal data to the following categories of recipients: IT service providers, and in some cases disposal service providers, pharmacy corporations, shipping services, consulting companies or marketing services.

Your data is processed mainly in the United Kingdom. However, it may also be possible for foreign affiliated companies (whether or not located in the UK or EU) to access the data in connection with our business.

E-mail correspondence

We process the following personal data in the scope of e-mail correspondence: personal data of the senders and recipients of e-mails (in particular name, position, business or private contact information, e-mail address, telephone number,) as well as other personal data you may disclose about yourself through your signature or in the text of the e-mail.

We process this data to communicate with all relevant stakeholders. The legal basis for processing this data is Article 6(1)(f) of the UK GDPR and our legitimate interest lies in responding to enquiries and conducting business communication.

You are not legally required to provide your personal data, but this is necessary in order to communicate by e-mail. This means that you are not legally obligated to provide us with your personal data. If you decide not to provide us with your personal data, communication by e-mail is not possible.

Where necessary, we transfer your personal data to the following categories of recipients: employees of affiliated companies as well as external service providers assisting us in responding to the request, such as IT service providers, consulting firms or auditors.

In some cases, affiliated companies and service providers that we may transfer your personal data to are located outside the UK and EU.

Contact initiated using Britannia’s digital channels

When responding to enquiries received at Britannia’s functional mailboxes, such as the customer services team, or via social media channels or via our contact pages on the Internet, we process all the data provided by the sender of the enquiry (name, company, position, business or private contact information, e-mail address, telephone number, fax number) as well as additional personal data you may disclose about yourself in writing or orally in the text of the message or in the further course of processing of the enquiry. This may also be health data.

We process this data in order to be able to answer your enquiry. If you report side effects to us through these channels, the enquiry is immediately forwarded to the responsible colleagues in our drug safety (Pharmacovigilance) department.

The legal basis for this is our legitimate interest under Article 6(1)(f) of the UK GDPR.

You are not legally or contractually required to provide your personal data. This means that you are not obligated to provide us with your personal data. If you decide not to provide us with your personal data, this has, amongst other things, the following consequences: it will not be possible to process your request.

We transfer your personal data to the following categories of recipients: recipients entrusted with processing your request or enquiry. These may be employees of affiliated companies as well as external service providers, e.g. IT service providers, consulting firms and partner laboratories, with whom we have adequate and necessary contractual and GDPR compliant documentation.

If your enquiry involves a foreign country, your data may also be transmitted to affiliated companies abroad. Some of these are located outside the UK and EU.

Business cards policy

Business cards are exchanged routinely in the scope general business contacts, trade fairs or similar events.

We process the personal data contained on the business card in order to possibly initiate contact at a later time, or to update our data and may enter the data into our Outlook address book or our CRM system.

You are not contractually or legally required to provide your personal data, therefore, you are not obligated to provide us with your personal data. If you decide not to provide us with your personal data, this has the following consequences: We do not receive and consequently do not use your business cards.

The legal basis for this is our legitimate interest under Article 6(1)(f) of the UK GDPR.

We may transfer your personal data to the responsible contact person at Britannia or as otherwise within the STADA Group.

If the matter relates to something abroad, your data may also be transmitted to affiliated companies abroad. Some of these are outside the UK and EU.

Video surveillance

Some areas of our sites are under video surveillance. In this context, footage data as well as time and geographical data on persons on our premises is processed.

We process this data to ensure security at our sites. The legal basis for this is our legitimate interest within the meaning of Article 6(1)(f) of the UK GDPR in the safety of our sites.

You are not legally or contractually required to provide your personal data, therefore, you are not obligated to provide us with your personal data. If you decide not to provide us with your personal data, however, it is not possible for you to visit Britannia sites.

We transfer your personal data to the following categories of recipients: security service providers, IT service providers and in some cases, if there are substantiated grounds for suspicion, to external authorities, with whom we have adequate contractual and GDPR compliant documentation in place.

Processing takes place exclusively in the United Kingdom.

Advertising by fax, telephone and e-mail

We conduct advertising and information measures to make our customers aware of current offers, information and services. We process the following personal data in this context: name, position, business contact information, e-mail address, telephone number, fax number.

The legal basis for this processing is your consent Article 6(1)(a) of the UK GDPR or our legitimate interest Article 6(1)(f) of the UK GDPR.

You are not legally or contractually required to provide your personal data. This means that you are not obligated to provide us with your personal data. If you decide not to provide us with your personal data, it is not possible to receive information/advertising through the above-mentioned channels for which you have not given your consent or for which Britannia cannot claim a legitimate interest.

We transfer your personal data to the following categories of recipients: call centres, post offices, shipping companies, printers and IT service providers.

Your data will be processed mainly in the United Kingdom. However, it may also be possible for foreign affiliated companies to access the data, for example for the purposes of maintaining our IT systems. We will always ensure that adequate contractual and GDPR compliant documentation is in place prior to conducting any business relationship, as well as any transfer of personal data taking place.

Registering for events

We invite individuals to events directly or indirectly through third parties. In the scope of staging such events, we process the following personal data of the participants: name, position, address, place of employment, contact information, e- mail address, telephone number, fax number.

The legal basis for processing your personal data is your consent Article 6(1)(a) of the UK GDPR. You are not legally required to provide your personal data, but this is required in order to register for the event. This means that you are not obligated to provide us with your personal data. If you decide not to provide us with your personal data, you will not be able to participate in the event.

If data is not collected directly, then we receive your personal data from the place where you registered for the event, for example from the organiser. Depending on the type of event, the data may or may not be publicly available, if this is the case the participant will be made aware when registering for the event.

We transfer your personal data to the following categories of recipients: service providers assisting us in organising the event, shipping services for the purposes of sending invitations and/or information material and IT service providers.

Your data will be processed in United Kingdom or within or outside of the EU, depending on the location of the event. It is therefore possible that your data may also be processed abroad.

Newsletters

We offer different ways to subscribe to newsletters. In the scope of sending newsletters, we process the following personal data of newsletter recipients: form of address, title, name, institution, position, address, telephone number, e-mail address and possibly your customer number.

The legal basis for this processing is your consent Article 6(1)(a) of the UK GDPR or our legitimate interest Article 6(1)(f) of the UK GDPR.

You are not legally required to provide your personal data. This means that you are not obligated to provide us with your personal data. If you decide not to provide us with your personal data, you will not be able to receive our newsletters.

We transmit your personal data to agencies in order to send the newsletter.

Your data will be processed mainly in United Kingdom. However, it may also be possible for foreign affiliated companies to access the data, for example for the purposes of maintaining our IT systems.

Reporting side effects

If you inform us of suspected adverse reactions, a suspected lack of efficacy, exposure during pregnancy and lactation or other incidences relating to our products which are required to be documented, we process your personal data for the purpose of verification and investigation, to ensure safe use of our products and to fulfil our statutory documentation and reporting obligations. For this purpose, we process the following personal data from you in our central drug safety database, which we are legally obligated to maintain:

The person submitting the report to us: name, contact details, e-mail address, telephone number, medical qualification.

The person affected by suspected adverse reactions, lack of efficacy, exposure during pregnancy and lactation or other incidents requiring documentation: initials, date of birth, age, age group, gender and the health-related information that you provide and that is necessary to document and evaluate the incident.

This means health-related data is generally collected in a pseudonymised form, unless you, as the person concerned, report the incident yourself. The legal basis for processing is the relevant legislation on the safety of drugs and medical devices of the UK, European Union, the member states and third countries. We collect and process this data only to the extent that we are legally obligated to.

You are not legally required to provide your personal data, so you are not obligated to provide us with your personal data. If you decide not to provide us with your personal data, this has the following consequences: data is recorded in anonymous form. This in turn means that we cannot contact you, for example if we have any follow up questions.

Alternatively, as the person affected, you can also ask your doctor, your pharmacist, another healthcare professional with whom you are undergoing treatment, or a third party, to report the incident for you – in this case we will only receive pseudonymous data on you that does not allow you to be identified. You also have the option of sending a corresponding notification directly to the responsible authorities. If you, as a doctor or pharmacist, for instance, are subject to legal or professional obligations to report the above events, you can also fulfil your obligation by reporting directly to the responsible authorities or to your relevant professional organisations.

If data was not collected directly, then we received your data from your doctor, pharmacist or other healthcare professional with whom you are undergoing treatment, or a relative, your lawyer or other person to whom you have disclosed this information about you. We also receive data of this kind from competent supervisory authorities inside and outside the EU, either directly or via the central European database. These sources are not publicly available. In all such cases, we receive health-related personal data solely in the same pseudonymised form in which we would collect it ourselves. We only receive data in assignable form from the individuals reporting the information themselves and to the same extent to which we would collect it ourselves.

We transfer your personal data to the following categories of recipients: To fulfil our statutory obligations with regard to ensuring drug and medical device safety, we make the data available within our central drug safety database to a closed user group consisting of the employees of STADA, its subsidiaries and external service providers directly entrusted with tasks relating to the safety of drugs and medical devices. Other employees of STADA, its subsidiaries and external service providers only receive anonymous evaluations of this data as needed, for instance of the frequency of certain events within certain patient groups. To the extent that external parties have access to the data, appropriate agreements exist to ensure an appropriate level of data protection.

Moreover, we transmit the data in accordance with our statutory reporting obligations to supervisory authorities inside and outside the EU as well as to contractual partners inside and outside the EU, to the extent that this is necessary to fulfil our statutory documentation and reporting obligations relating to the safety of drugs and medical devices, we make the data available within our central drug safety database to a closed user group consisting of the employees of STADA, its subsidiaries and external service providers directly entrusted with tasks relating to the safety of drugs and medical devices. Other employees of STADA, its subsidiaries and external service providers only receive anonymous evaluations of this data as needed, for instance of the frequency of certain events in certain patient groups. To the extent that external parties have access to the data, appropriate agreements exist to ensure an appropriate level of data protection.

Furthermore, we transmit the data in accordance with our statutory reporting obligations to supervisory authorities inside and outside the EU as well as to contractual partners inside and outside the EU, to the extent that this is necessary to fulfil our statutory documentation and reporting obligations. To the extent that data is transferred to contractual partners, corresponding protection agreements exist.

Visitor book/visitor management system

When visiting our locations, visitors (employees of external companies or other visitors) are requested to register in our visitor book/visitor management system or they are entered in such a system.

We process this data to ensure security at our sites. The legal basis for this is our legitimate interest within the meaning of Article 6(1)(f) of the UK GDPR in the safety of our Britannia sites.

You are not legally required to provide your personal data, but this is necessary to ensure security at our sites. This means that you are not legally obligated to provide us with your personal data. If you decide not to provide us with your personal data, you cannot enter our locations.

If needed, we transfer your personal data to the following categories of recipients: security service providers, IT service providers, waste disposal services, possibly to auditors and, in the event of substantiated suspicions, possibly to external authorities.

Processing takes place exclusively in the United Kingdom.

Publication of photos and videos

At internal and external events, we may take photos and videos. This involves processing the footage or images of the persons concerned and possibly the names of the persons depicted. The purpose of this processing is to carry out internal and external communication measures.

The legal basis for this processing is your consent Article 6(1)(a) of the UK GDPR.

You are not legally or contractually required to provide your personal data. This means that you are not obligated to provide us with your personal data. If you decide not to provide us with your personal data, no photos of you will be taken or published.

We transfer your personal data to the categories of recipients assisting us in this process; this includes in particular IT service providers.

Your data will be processed mainly in the United Kingdom. However, it may also be possible for foreign affiliated companies to access the data, for example for the maintenance of our IT systems.

If individual service providers or affiliated companies are located outside the EU, there may not be an adequate level of data protection compared to the level of data protection within the European Union. This means that the data protection laws in this country, to which your data may be transferred, do not offer the same protection as in the United Kingdom.

Video conferencing/online virtual meetings

Your data will be processed for conducting virtual/online meetings via e.g. MS Teams, for which personal data will be processed, including when organising and implementing such meetings (name and email address).

The legal basis for this processing is Article 6(1)(b) in the event it is pursuant to the performance of a contract.

In the event the processing is not pursuant to the performance of a contract, the legal basis for processing is legitimate interest pursuant to Article 6(1)(f), as it is necessary for effective communication for online/virtual meetings.

Updates

The continuing development of technology may mean we have to adapt our privacy policy from time to time. Britannia reserves the right to continuously amend, update and modify this policy in the interests of the business and its employees.

This Privacy Notice was last updated as of the “Last Updated” date shown above.

Contact Us

If you have any questions or comments regarding this privacy or would like to exercise your individual right, or anything in relation to the cookie policy, you can contact our Data Protection Officer at [email protected], or alternatively write to the following address:

Britannia Pharmaceuticals Ltd
200 Longwater Avenue
Green Park
Reading
Berkshire
RG2 6GP