MediPaCe Privacy Notice
Our contact details
Our contact details
Name of Data Privacy Officer: Sandeep Bagga
Address: 5th Floor, 167-169 Great Portland Street, London, W1W 5PF
The type of personal information we collect
We currently collect and process the following information:
- Personal identifiers (for example, name, photograph, data of birth)
- Contacts data (for example, email address, phone number, postal address, social media links)
- Communication data (for example, phone calls, texts, email, or hard copy correspondence)
- Special category data (for example, race or ethnicity, religious, philosophical, or political opinions, sex life, sexual orientation, trade union membership, health, genetic or biometric data)
- Financial / transaction data (for example, bank account and payment card details)
- Web data (for example, IP address, length of visit, page views, website navigation paths, frequency, and pattern of your use)
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- Direct interactions – this is information that you have provided to us directly when you do the following:
- meet the MediPaCe employees at an event
- during a research study (for example, as a survey respondent or research interview participant)
- submit an online enquiry using our contact form on our website
- when you email, telephone, or meet us in person to discuss what we do
- share your CV and / or are interested to work for us
We also receive personal information indirectly, from the following sources in the following scenarios:
- as you browse through our website, it may automatically collect data about your equipment, IP address, length of visit, pattern of your use. This is done to improve our services and develop our website
- social media sites (for example, LinkedIn, Mastodon)
We use the information that you have given us, in accordance with the law, in order to:
- fulfil our legal and contractual obligations to you (for example, contacting you about payments to and from you, for customer support, to send notifications about updates to our services)
- carry out marketing and promotional activities (for example, responding to requests from you, sharing information of interest to you about our company / services)
- provide you with our industry insight and thought leadership content
- conduct our services with legitimate interests where your interests and fundamental rights are not overridden
- comply with legal / regulatory obligation
We may share this information with:
- business partners and subcontractors for the performance of any contract relating to our services, including email, communication platforms, payment processors, external consultants, auditors.
- to any recruitment agency who is helping us to recruit candidates
- if our company is merged with another company or acquired by a third party in which personal data held by us will be one of the transferred assets
- if we are under duty to share personal data in order to comply with any legal obligation (including tax, audit, or other authorities) or in order to enforce or apply any contracts that we have
- to protect our rights, property, or safety, or that of our candidates or business contacts or others. This may include exchanging personal data with other companies and organisations for the purpose of fraud protection.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You can remove your consent at any time. You can do this by contacting Sandeep Bagga on firstname.lastname@example.org
(b) We have a contractual obligation.
(c) We have a legitimate interest.
How we store your personal information
Your information is securely stored in accordance with GDPR.
We keep personal identifiers, contact data, special category data and financial / transaction data for retention periods that are based on your rights and our legitimate business interests (see table below).
We will then dispose your information by permanently deleting from our online and offline storage.
Purpose of processing
Categories of Personal Data
Delivery of services to clients
6 years after completion of service delivery activities (this includes all personal data and project-related documents which includes training records).
Note. All project-related documentation will be shared with the client prior to deletion (typically after completion of service delivery).
Insight-gathering activities (e.g., research projects or advisory boards)
Signed consent forms and anonymised transcriptions will be deleted 5 years after completion of service delivery activities.
Pharmacovigilance data that is shared with clients will be retained for 6 years.
Note. Any personal information from discussions and any recordings will be deleted as soon as they have been reviewed and analysed (i.e., within timeframe of projects).
Note. Bank and contact details will be deleted as soon as reimbursement payments are processed (i.e., within timeframe of individual projects).
Marketing and promotion
6 years in the case where no meaningful engagement has occurred.
Recruitment (i.e., employment)
6 years for candidates who are not hired.
Processing payments (e.g., to subcontractors)
6 years after payments have been made.
Administration of contracts
6 years after delivery of services as outlined in the contract.
7 years unless required to retain indefinitely.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at email@example.com if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at: firstname.lastname@example.org
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk