Privacy Notice

MediPaCe Privacy Notice

Our contact details 

11668693 20945274 min scaled

Our contact details

Name of Data Privacy Officer: Sandeep Bagga 

Address: 5th Floor, 167-169 Great Portland Street, London, W1W 5PF 

E-mail: dataprivacy@medipace.com 

The type of personal information we collect

  • We currently collect and process the following information: 

    • Personal identifiers (for example, name, photograph, data of birth) 
    • Contacts data (for example, email address, phone number, postal address, social media links) 
    • Communication data (for example, phone calls, texts, email, or hard copy correspondence) 
    • Special category data (for example, race or ethnicity, religious, philosophical, or political opinions, sex life, sexual orientation, trade union membership, health, genetic or biometric data) 
    • Financial / transaction data (for example, bank account and payment card details)  
    • Web data (for example, IP address, length of visit, page views, website navigation paths, frequency, and pattern of your use) 

     

How we get the personal information and why we have it

  • Most of the personal information we process is provided to us directly by you for one of the following reasons: 

    • Direct interactions – this is information that you have provided to us directly when you do the following: 
    • meet the MediPaCe employees at an event  
    • during a research study (for example, as a survey respondent or research interview participant)  
    • submit an online enquiry using our contact form on our website  
    • when you email, telephone, or meet us in person to discuss what we do  
    • share your CV and / or are interested to work for us  

     

    We also receive personal information indirectly, from the following sources in the following scenarios: 

    • as you browse through our website, it may automatically collect data about your equipment, IP address, length of visit, pattern of your use. This is done to improve our services and develop our website 
    • social media sites (for example, LinkedIn, Mastodon) 

    We use the information that you have given us, in accordance with the law, in order to: 

    • fulfil our legal and contractual obligations to you (for example, contacting you about payments to and from you, for customer support, to send notifications about updates to our services) 
    • carry out marketing and promotional activities (for example, responding to requests from you, sharing information of interest to you about our company / services)  
    • provide you with our industry insight and thought leadership content 
    • conduct our services with legitimate interests where your interests and fundamental rights are not overridden  
    • comply with legal / regulatory obligation  

    We may share this information with:  

    • business partners and subcontractors for the performance of any contract relating to our services, including email, communication platforms, payment processors, external consultants, auditors.  
    • to any recruitment agency who is helping us to recruit candidates  
    • if our company is merged with another company or acquired by a third party in which personal data held by us will be one of the transferred assets  
    • if we are under duty to share personal data in order to comply with any legal obligation (including tax, audit, or other authorities) or in order to enforce or apply any contracts that we have 
    • to protect our rights, property, or safety, or that of our candidates or business contacts or others. This may include exchanging personal data with other companies and organisations for the purpose of fraud protection. 

    Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:  

    (a) Your consent. You can remove your consent at any time. You can do this by contacting Sandeep Bagga on dataprivacy@medipace.com 

    (b) We have a contractual obligation. 

    (c) We have a legitimate interest. 

How we store your personal information

  • Your information is securely stored in accordance with GDPR.  

    We keep personal identifiers, contact data, special category data and financial / transaction data for retention periods that are based on your rights and our legitimate business interests (see table below).  

    We will then dispose your information by permanently deleting from our online and offline storage. 

Retention periods:

Purpose of processing 

Categories of Personal Data 

Lawful basis  

Retention Period 

Delivery of services to clients 

  • to contact you about payments to and from you 
  • for customer relationship management 
  • to send notifications of changes / updates to our services 
  • to fulfil our legal and contractual obligations 
  • Personal identifiers 
  • Contact data  
  • Communications data  

 

 
  • Contract 
  • Legitimate interest  

 

6 years after completion of service delivery activities (this includes all personal data and project-related documents which includes training records).  

 

Note. All project-related documentation will be shared with the client prior to deletion (typically after completion of service delivery).  

Insight-gathering activities (e.g., research projects or advisory boards) 

  • to enable participation in research projects (including market research) 
  • to enable collaboration in engagement activities 
  • to fulfil pharmacovigilance responsibilities and duties to client 

 
  • Personal identifiers 
  • Contact data  
  • Communication data  
  • Special category data (e.g., health data) 
  • Financial / transaction data 
  • Consent  
  • Contract  

Signed consent forms and anonymised transcriptions will be deleted 5 years after completion of service delivery activities.  

Pharmacovigilance data that is shared with clients will be retained for 6 years. 

 

Note. Any personal information from discussions and any recordings will be deleted as soon as they have been reviewed and analysed (i.e., within timeframe of projects).  

Note. Bank and contact details will be deleted as soon as reimbursement payments are processed (i.e., within timeframe of individual projects).  

 

Marketing and promotion 

  • to respond to requests from you (e.g., via online contact form) 
  • to send email updates and other information that may be of interest  
  • to contact you as part of our business relationship  
  • Personal identifiers 
  • Contact data  
  • Communication data  
  • Web data  

 
  • Consent  
  • Legitimate interest in B2B marketing  

 

6 years in the case where no meaningful engagement has occurred.  

Recruitment (i.e., employment) 

  • to select the right candidate  
  • to interview the candidate  
  • to manage our database of prospective candidates  

 
  • Personal identifiers 
  • Contact data  
  • Communication data  
  • Special category data (e.g., diversity data) 
  • Web data  

 
  • Consent  
  • Legitimate interest in resourcing our business  
  • Contract  
  • Legal obligation  

 

6 years for candidates who are not hired.  

Processing payments (e.g., to subcontractors)  

  • to process payments to and from our business  
  • Personal identifiers 
  • Contact data  
  • Communication data  
  • Financial / transaction data  
  • Contract 
  • Legitimate interest in managing our business  

 

6 years after payments have been made.  

Administration of contracts 

  • to manage and fulfil agreements outlined in our contracts 
  • Personal identifiers 
  • Contact data  
  • Communication data  
  • Financial / transaction data 

 
  • Contract 
  • Legitimate interest in managing our business  

 

6 years after delivery of services as outlined in the contract.   

Corporate affairs 

  • to take meeting minutes 
  • to enter into partnerships and other commercial relations 
  • to undertake appropriate due diligence 
  • Personal identifiers 
  • Contact data  
  • Communication data  
  • Financial / transaction data 
  • Contract 
  • Legitimate interest in managing our business  
  • Legal obligation  

 

7 years unless required to retain indefinitely. 

Your data protection rights

  • Under data protection law, you have rights including: 

    Your right of access – You have the right to ask us for copies of your personal information.  

    Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.  

    Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.  

    Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.  

    Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances. 

    Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. 

    You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. 

    Please contact us at dataprivacy@medipace.com if you wish to make a request. 

How to complain

  • If you have any concerns about our use of your personal information, you can make a complaint to us at: dataprivacy@medipace.com  

    You can also complain to the ICO if you are unhappy with how we have used your data. 

    The ICO’s address:             

    Information Commissioner’s Office 

    Wycliffe House 

    Water Lane 

    Wilmslow 

    Cheshire 

    SK9 5AF 

     Helpline number: 0303 123 1113 

    ICO website: https://www.ico.org.uk 

Group