Privacy notice
We take your privacy very seriously. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or the regulator if you have a complaint.
This privacy notice does not apply to any third-party websites that may have links to or from our own website.
Who are we?
This privacy notice provides information on the processing of personal data by Helios Global Group Limited and its affiliates – Helios Medical Communications Limited, Selene Medical Communications Limited and Cogentia Healthcare Consulting Limited.
We collect, use and are responsible for certain personal information about you.
When we do so we are subject to certain data protection laws, including the General Data Protection Regulation (GDPR) if you are in the EU, the UK GDPR if you are in the UK and the Data Protection Act 2018. We are responsible as ‘controller’ of that personal information we process for the purposes of those laws. We are registered with the Information Commissioner’s Office as a Controller under registration number ZA317302 for Helios Medical Communications Limited, ZA797179 for Selene Medical Communications Limited and ZA241016 for Cogentia Healthcare Consulting Limited.
Key terms
It would be helpful to start by explaining some key terms used in this notice:
Personal data we collect about you
The table below sets out the personal data we will or may collect in the course of providing services to you.
We collect and use this personal data to provide services/products to you or your employer or to receive services/products from you or your employer. If you do not provide the personal data we ask for, it may delay or prevent us from providing or employing those services.
How your personal data is collected
We collect most of the above information from you. However, we may also collect information:
- From your employer
- From publicly accessible sources; details of which will be provided to you when we make contact with you
- Directly from a third party, eg:
- PubMed, LinkedIn, university websites
- Customer due diligence providers
- From a third party with your consent, eg:
- Universities, hospitals
- Via contact us on our website
- From other entities within the Helios Global Group
- Via our information technology (IT) systems, eg:
- Via our case management, document management and time recording systems
- From door entry systems and visitor logs
- Through automated monitoring of our websites and other technical systems, such as our computer networks and connections, access control systems, communications systems, email and instant messaging systems
How and why we use personal data
Under data protection law, we can only use your personal data if we have a proper reason, eg:
- You have given consent – where we need your consent, we will ask for it separately of this privacy notice and you can withdraw consent at any time
- To comply with our legal and regulatory obligations
- To fulfil our contract with you/your employer or take steps at your request before entering into a contract
- For our legitimate interests
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You have the right to object to processing based on legitimate interests. We must then stop the processing unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms or that the processing is required to establish, exercise or defend legal claims.
The table below explains what we use your personal data for and why.
Where we process special category personal data (see above ‘Key terms’), we will also ensure we are permitted to do so under data protection laws, eg:
- We have your explicit consent
- The processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent
- The processing is necessary to establish, exercise or defend legal claims
- The processing is necessary for reasons of substantial public interest
Marketing
We may use your personal data to send you updates (eg by email, text message, telephone, post or social media channels) about our services, including exclusive offers, promotions or new services.
We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. Where this is not the case, we will always ask for your consent.
In all cases, you have the right to opt out of receiving marketing communications at any time by:
- Contacting the Data Protection Manager (see ‘How to contact us’ below)
- Using any ‘unsubscribe’ link in emails
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell it to other organisations outside of the Helios Global group for marketing purposes.
Who we share your personal data with
We routinely share personal data with:
- Companies within the Helios Global Group
- Third parties we use to help deliver our services to you, eg providers of our customer relationship management system, finance system and other software platforms, IT service providers including cloud service providers such as data storage platforms, shared service centres and financial institutions in connection with invoicing and payments
- Third-party external advisors, eg lawyers, tax advisors, accountancy and technology service providers
- Companies providing services for money laundering checks and other crime prevention purposes and companies providing similar services, including financial institutions and credit reference agencies
- Other third parties we use to help promote our business, eg marketing agencies
- Third parties approved by you, eg social media sites you choose to link your account to or third-party payment providers
- Our insurers and brokers
- Our banks
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We ensure all outsourcing providers operate under service agreements that are consistent with our legal obligations.
We or the third parties mentioned above may occasionally also share personal data with:
- Our (and their) external auditors, eg in relation to the audit of our (or their) accounts, in which case the recipient of the information will be bound by confidentiality obligations
- Our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations
- Law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations
- Other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition or asset sale or in the event of our insolvency—usually, information will be anonymised but this may not always be possible and the recipient of any of your personal data will be bound by confidentiality obligations
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).
Where your personal data is held
Personal data may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above (see ‘Who we share your personal data with’).
Some of these third parties may be based outside the EEA. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data abroad’.
How long your personal data will be kept
We will not keep your personal data for longer than we need it for the purpose for which it was collected or as required by law.
As a general rule, we will keep your personal data for at least seven years from the conclusion of any contractual relationship we have with you/your employer. However, different retention periods apply for different types of personal data and for different services. Specific retention periods for Personal Data we processes is outlined in our Retention Schedule, a copy of which is available on request (see ‘How to contact us’ below).
Following the end of the of the relevant retention period, we will delete or anonymise your personal data.
Transferring your personal data abroad
It is sometimes necessary for us to transfer your personal data to countries outside the European Economic Area (EEA). This may include countries which do not provide the same level of protection of personal data as the EEA.
We will transfer your personal data outside the EEA only where:
- The European Commission has decided the recipient country ensures an adequate level of protection of personal data (known as an adequacy decision)
- There are appropriate safeguards in place (eg standard contractual data protection clauses published or approved by the relevant data protection regulator), together with enforceable rights and effective legal remedies for you
- A specific exception applies under data protection law
We regularly share personal data with Apollo Medical Communications (part of the Helios Global Group) in the USA and have implemented appropriate safeguards in the form of approved standard data protection clauses.
You can contact us (see ‘How to contact us’ below) if you would like a list of countries benefiting from a European adequacy decision, for copies of any appropriate safeguards we have implemented or for any other information about protection of personal data when it is transferred abroad.
Your rights
You have the following rights, which you can exercise free of charge:
If you would like to exercise any of those rights, please:
- Email, call or write to us – see ‘How to contact us’ below:
- Provide enough information to identify yourself (eg your full name, address) and any additional identity information we may reasonably request from you
- Let us know what right you want to exercise and the information to which your request relates
Keeping your personal data secure
We have implemented appropriate technical and organisational measures to keep your personal data confidential and secure from unauthorised access, use and disclosure. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We require our business partners, suppliers and other third parties to implement appropriate security measures to protect personal data from unauthorised access, use and disclosure.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.
How to complain
Please contact us if you have any queries or concerns about our use of your personal data (see ‘How to contact us’ below). We hope we will be able to resolve any issues you may have.
If not, contact the Information Commissioner at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.
Changes to this privacy notice
We may change this privacy notice from time to time. When we do we will publish the updated version on our website.
Updating your personal data
How to contact us
Do you need extra help?
If you would like this notice in another format (for example audio, large print, braille) or another language please contact us (see ‘How to contact us’ above).