Privacy Policy - Envision the Patient

Privacy Notice
Envision Pharma Group (“Envision Pharma Group”/”we”/”us”/”our”) respects an individual’s right to privacy. This Privacy notice explains our approach to any Personal Information that we collect through an individual’s use of this website https://www.envisionthepatient.com and/or any of our social media accounts (“Websites”).

In particular, this notice describes:

Who we are.
How we collect Personal Information.
What Personal Information we collect.
How we use and disclose Personal Information, and the legal basis for use.
How long we keep Personal Information.
How we protect Personal Information.
International transfers of Personal Information.
An individual’s rights regarding their Personal Information.

“Personal Information” means any information or a set of information that identifies or is used by or on behalf of Envision Pharma Group to identify an individual.

Who we are
Envision Pharma Group is a full-service global medical strategy and communications agency, and our services include the provision of market-leading hosted software applications.

“Envision Pharma Group” refers to Envision Pharma Group Limited (registered in England and Wales under company no. 10117262), its parent companies and its and their respective subsidiaries. For the purposes of applicable data protection law, Personal Information will be controlled by the Envision Pharma Group entity that an individual is dealing or communicating with and each such entity is regarded as an independent data controller of the relevant Personal Information. This Privacy notice applies to all such entities.

This website (www.envisionthepatient.com) is operated by Envision Pharma Limited (registered in England and Wales under company no. 04486293).

How we collect Personal Information
The Personal Information that we process includes:

Individuals use our Websites (including downloading content).
Individuals contact us via our Websites including those using any “Contact Us” functionality for requests in relation to sales, support, demonstrations, or in relation to open employment opportunities.
Individuals apply for open employment opportunities advertised on our Websites.
Individuals request information and/or materials from us.

What Personal Information we collect
The Personal Information that we may collect includes:

Personal contact details such as name, title, addresses, telephone numbers, email addresses and business
contact information.
Position and employer.
Educational and career history (e.g., information in CVs).
Information relating to current employment.
Date of birth.
Gender.
Marital Status and next of kin information.
Nationality.
Photographs.
Information provided to us regarding marketing preferences.
Technical information (such as Internet Protocol (IP) address) from visits to this website.
Any other information relating to individuals which they may provide to us without request.

How we use and disclose Personal Information, and the legal basis for use
We only use Personal Information when the law allows us to do so. Most commonly, we will use Personal Information in the following circumstances:

Where we need to perform relevant contract.
Where we need to comply with a legal and regulatory obligations.
Where it is necessary for our legitimate interests (or those of a third party such as our clients).

The types of Personal Information that we use depends on the relevant circumstances; however, some of the key types of Personal Information that we may use together with the relevant basis for such use and details of any third parties with whom such information is shared, are set out below. Please also see our Cookies notice.

Purpose for which we use Personal Information	Legal basis for use	Third party organisations with whom Personal Information may be shared
To send requested information about us and/or our services.	Legitimate interests.	None.
To provide content requested or downloaded from our Websites and to obtain feedback regarding such content.	Legitimate interests.	None.
To market our services including communicating about updates, news, newsletters and event invitations which are relevant to the individual’s activities and in line with stated preferences.	Legitimate interests. Consent.	None.
For the purposes of recruitment.	Legitimate interest. Consent.	Third party technology service providers such as applicant tracking systems. Professional advisers.
To manage our relationship with our clients and potential clients.	Legitimate interests. Performance of a contract.	Third party vendors that we engage (where required).
To manage our relationship with our vendors and potential vendors.	Legitimate interests. Performance of a contract.	None.
To provide and improve our website.	Legitimate interests.	Web service providers and cookie providers.
To compile anonymous statistics including for managing our business performance and assessing client satisfaction to improve our services.	Legitimate interests.	None.
To enable us to provide webinars, meetings and events.	Legitimate interests.	Third party travel and hospitality service providers that we engage.

“Third-party organisations” does not include any companies within Envision Pharma Group. However, we are an international business and any Personal Information provided to us may be shared with and used by an entity within Envision Pharma Group (including those outside of the United Kingdom and European Economic Area (“EEA”).

Where necessary, or for the reasons set out in this notice, Personal Information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose Personal Information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify the individual before we do this, unless we are legally restricted from doing so.

Our services include the provision of hosted software applications to our clients. If an individual provides Personal Information via a website portal of one of our hosted software applications licensed to a client of ours, that individual is providing Personal Information to that client and should ensure he/she understands how their Personal Information may be used. Reference should be made to the relevant client company’s privacy policy which may be published on such website portal, or available on such client company’s corporate website. In such circumstances, the relevant client company is the data controller. We do not access or use such Personal Information save as permitted or required under our contractual arrangements with our clients. Neither do we distribute such Personal Information to any third parties.

How long we keep Personal Information
Personal Information will be retained in accordance with our global data retention policy which categorises all of the information held by us and specifies the appropriate retention period for each category of Personal Information. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our general business purposes.

How we protect Personal Information
A key principle of data protection legislation is that Personal Information must be dealt with securely by means of ‘appropriate technical and organisational measures’. This involves considering matters such as risk analysis, organisational policies, and physical and technical measures, all of which contribute to ensuring the confidentiality, integrity and availability of systems and processes. Envision Pharma Group is certified under ISO/IEC 27001:2013, which is an auditable international best practice standard that formally outlines requirements for an Information Security Management System.

International Transfers
We may need to transfer Personal Information to locations outside of the EEA.

The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures (such as the EU standard clauses) to ensure that Personal Information remains adequately protected and secure in accordance with applicable data protection laws.

An individual’s rights regarding their Personal Information
Under certain circumstances, an individual has rights under certain data protection legislation with respect to their Personal Information which may include some or all of the following:

The right of access. Subject to certain exceptions, this is the right to request a copy of the Personal Information we hold about an individual and how we use it.
The right to rectification. This is the right to require relevant Personal Information be corrected, if it is inaccurate or incomplete.
The right to erasure (right to be forgotten). This is the right to request the removal or deletion of Personal Information that we use about an individual, unless we are required to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims, or if there is no compelling reason for us to continue using it.
The right to restrict use. This is the right to request that we restrict our use of Personal Information where: (i) such Personal Information is inaccurate, (ii) our use is unlawful, or (iii) we no longer need to use such Personal Information for a particular purpose and we are unable to delete the Personal Information due to a legal or other obligation.
The right to data portability. This is the right to request that we transmit the relevant Personal Information to a third party, provided that the individual provided such personal data to us and that we are using such personal data on the basis of that individual’s consent or in order to perform our obligations under contract with the individual, and the use is carried out by automated means.
The right to object. This is the right to object to us using Personal Information if the use is based on our legitimate interest. We will comply with requests unless we have a compelling legitimate basis for such use which overrides the individual’s interests and rights, or our use relates to the establishment or exercise of the defense of a legal claim.
The right to withdraw consent. If we are using Personal Information pursuant to the lawful basis of consent, the individual has the right to withdraw such consent at any time.
Automated individual decision-making and profiling. This is the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Such individual may also have the right to lodge a complaint in relation to our use of Personal Information with a local supervisory authority.

If an individual objects to our use of their Personal Information, or withdraws their consent to our use after having initially provided it, we will respect that choice in accordance with our legal obligations but it is likely this will make it impractical for us to deal with the relevant individual.

The California Consumer Protection Act
The California Consumer Protection Act ("CCPA") also provides certain rights to California consumers.

A California consumer is entitled to request details of the information we hold about him or her and how we use it and, under certain circumstances, has the right to request that his or her Personal Information be deleted. Such requests may be submitted through the following methods:

By calling this toll free number: +1 888 230-8287; or
By emailing the Email address below.

We will acknowledge receipt of any request within ten (10) days and begin the process of verifying such request. Depending upon the sensitivity of the data collected and the nature of the request, we are required to verify an individual’s identity to a reasonable degree of certainty or a reasonably high degree of certainty. A reasonable degree of certainty requires matching at least two pieces of personal information provided via the toll free number or Request Form with information already maintained by us. Whereas, a reasonably high degree of certainty requires matching at least three pieces of personal information. The verification process also requires us to consider whether it is likely the submitted request is fraudulent.

A California consumer may also designate an authorized agent to make a request under the CCPA on the California consumer’s behalf. When a request is submitted by an authorized agent, we will require written evidence of the authorization and, except when the authorized agent has a power of attorney pursuant to California Probate Code sections 4000 to 4465, we will also need to verify the agent’s identity as well as the consumer’s identity.

Please be aware, that the CCPA prohibits discriminatory treatment of a California consumer that exercises his or her right conferred by the CCPA.

Further questions
Our Data Protection Officer can assist with any questions and can be contacted at either of the following:

By Email:

DPO.EnvisionPharma@twobirds.com

By Post:

Bird & Bird DPO Services SRL
Avenue Louise 235 b 1
1050 Brussels
Belgium
Attention: DPO for Envision Pharma Group

Changes to this notice
Envision Pharma Group may revise or update this notice from time to time.

Last updated: 14 May 2024