Data Privacy Notice

Who we are:

Eradigm Ltd is a company whose registered office is: New Derwent House, 69-73 Theobalds Road, London WC1X 8TA. We take the security of your personal information very seriously. The information below explains how we use any information that you share with us during our engagements. If you have any concerns or queries regarding this, then you can contact us through our Data Manager whose details appear below.

Data Protection Lead:

Patrick Romano

Email: dataprotectionquery@eradigm.com

Phone: 020 3929 0534

Website: https://eradigm.com/

Types of information we collect:

We collect information that will help us to identify you, such as names, email addresses, telephone numbers and such like.
We may also collect sensitive information in the form of medical details that are relevant to our work in the field of pharmaceutical research, including but not limited to your medical record number and any medications you may have taken.

How do we obtain information:

We may obtain information through multiple sources and methods including but not limited to primary research, online searches and publicly available information sources, third-party sources where relevant and applicable.
We may retain information that you share with us in the form of emails, letters, telephone conversations, social media channels and through personal interaction.
Where information is collected on the basis of consent you will be informed of the method of withdrawing the same, but in any event you may contact the Data Manager should that be omitted for any reason.

How we use your information:

The information we collect may be used to enable us to deliver services to our clients, to share information with you or to contact you when it is deemed necessary in the fulfilment of our contractual obligations.
We may use your information to improve our services or to communicate with you about things that may be relevant to you in the future.

Retention:

Records, data, and Information collected will only be used for the purposes for which it is collected and will be retained in line with our data retention Policy, for no longer than is necessary for the fulfilment of our obligations or legitimate interests for which we have a lawful basis for retention. For most types of data this will be 3 years.
Data that may be required at a future time to allow us to meet our legal obligations, such as accounting and contractual data, may be retained for up to 7 years.
Data will be stored securely using all reasonable efforts to prevent unauthorised use, loss or modification and will be securely deleted when it is no longer required.

Data Protection:

“Data Protection Legislation” means the EU General Data Protection Regulation 2016/679 and the Data Protection Act 2018; together with all other applicable legislation relating to privacy or data protection.

Eradigm, and any Group Company, will process your personal data for legal, personnel,

administrative and management purposes in accordance with Data Protection Legislation and its privacy policy.

If Eradigm needs to process any special categories of personal data (as defined in Data Protection Legislation) e.g., information about your physical or mental health or condition, it will seek your specific consent to do so.

Third-Party Services

We may share your information with third-party partners such as appointed contractors and appropriate stakeholders, subject to stringent conflict of interest guidelines.
We will always disclose the intent to share information with third parties and may obtain consent to do so where another lawful basis for processing has not been established. The lawful basis for processing such information will usually be that it is in the Legitimate Interest of the business to do so.
Data may be processed by: Microsoft; Mavenlink; XLink & Mailchimp without further notice, subject to continuing due diligence and data sovereignty controls. Other services may be used when necessary, having undergone a suitable assessment deemed to be safe and compliant with this regulation and applicable UK laws.
We may share your information with our clients, regulatory bodies, supervisory authorities or other legal entities where there is a clear lawful obligation to do so, and this will be our legal basis for processing such information.
Any personal data we share will either remain within the UK or be transferred only to countries or organizations that provide an adequate level of data protection as required by UK GDPR, ensuring your data is handled securely and in compliance with legal standards.

Exclusions:

We do not, accept liability for occurrences between your device and the boundary of our information infrastructure.
You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.

Your rights

The right to be informed: You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR.
Right to access: You have the right of access, commonly referred to as subject access, giving individuals the right to obtain a copy of personal data as well as other supplementary information. It helps individuals to understand how and why we are using their data and check if this is being done lawfully.
Right to rectification: You have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.
Right to erasure: You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
Right to restrict processing: You have a right to restrict the processing of your personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of data.
Right to data portability: You have the right to data portability, giving individuals the right to receive personal data provided to a controller in a structured, commonly used, and machine-readable format. Additionally, providing the right to request that a controller transmits this data directly to another controller.
Right to object: You have the right to object to the processing of your personal data. This effectively allows you to ask us to stop processing your personal data. The right to object only applies in certain circumstances. Whether it applies depends on our purposes for processing and our lawful basis for processing.
Right To Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw that consent at any time. Once consent is withdrawn, we will cease processing your data unless we have another lawful basis to do so. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal. If you wish to withdraw your consent, you may contact us using the details provided in this notice.
Rights related to automated decision-making and profiling: Eradigm do not embark on activities of this nature.

You may contact us using the information at the top of this notice to exercise your rights. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Complaints

If for any reason you are not satisfied with the way a complaint has been handled, you have the right to complain. Escalating your complaint to a supervisory authority within the European Union. For the United Kingdom, this is the Information Commissioner’s Office (ICO), who is also our lead supervisory authority. Its contact information can be found at https://ico.org.uk/global/contact-us/. This process extends to other relevant supervisory authorities in line with regional compliance specifications.