Circassia Limited, (“Circassia“, “we“, “us“, “our“) is committed to protecting the privacy and security of your Personal Information. This Notice explains who we are, why and how we process your personal information (also referred to here as personal data) and your rights and how to contact us if you need to.
This Notice applies to personal data collected by us in connection with our operations and services, which includes personal data collected through our corporate website Circassia.com, our product website niox.com (the “Sites“) as well as the products and services offered by Circassia (collectively ” Services“) and each a “Service“)
Our contact details are set out at the end of this Notice. We are the controller in relation to the personal data processed in accordance with this Notice (except where this Notice explains otherwise).
This Notice (together with any other documents referred to on it) sets out:
- Information we collect about you
- Cookies and other technologies
- How we use your information
- Our promotional updates and communications
- Who we give your information to
- Where we store your information
- How we protect your information
- How long we keep your information
- Your rights
- Changes to this notice
- Contact us
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
We may process your personal data if:
- You or the organisation you work for are a customer or a supplier of ours.
- You or the organisation you work for use our Services.
- You work for a customer or a supplier of ours, or for someone who uses our Services.
- You are a participant in one of our practitioner continuing education seminars and masterclasses.
- We identify you or engage with you as a professional expert, key stakeholder or thought leader in the field to which our Services relate.
- You are a participant in any research conducted by us.
- You are someone (or you work for someone) to whom we want to advertise or market our goods or services.
- You send us a CV, resumé, or other details of your employment history in connection with an advertised job vacancy or a general enquiry regarding job opportunities with us.
Information we collect from you or from a third party
We may process your personal data that we have either obtained from you, or obtained from somewhere else. Personal data which is not collected directly from you may be collected:
- From your employer in connection with your job and how it relates to us.
- If you use any Sites operated by us.
- From published or external sources including research, journals and peer reviews relevant to professional expertise and the medical field to which our Services relate.
- From third parties we work closely with (including, for example, business partners, sub-contractors in technical, hosting and delivery services, medical market research, crm and analytics specialists and industry and search information providers).
Personal data relating to you that we process may include:
- Your name.
- Who you work for, and your job function or department.
- Your address, phone number, email address or other contact details (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the organisation that you work for).
- Where you are a professional medical expert, details of your specialism, qualification details, an indicator of the extent of your engagement with and prescribing, in areas to which our Services relate and details of your contacts with our account representatives.
- Information about you that you give us by communicating with us by phone, by e-mail, in person, via our Sites, via social media or otherwise such as at an event or conference. It includes information you give us or that we obtain when you enquire about a product, request support or contact us to report a problem, or do any of these things on behalf of the person that you work for.
- Information relating to transactions with us involving you or the organisation you work for (for example, details of goods or services that we have supplied to, or obtained from, you or the person you work for).
- Other information relating to you which it is necessary for us to process in order to enter into or perform a contract with you or the organisation you work for (for example, right to work information) where this is necessary to enable us to carry out appropriate checks in relation to entering into employment contracts with you.
- Information about events to which you or your colleagues are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements).
- Information relating to you that you give us or we otherwise obtain when you visit us (for example, if you sign in, or you give us the registration details of your vehicle.
Information that we obtain from you when you use our Sites:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, web beacons.
- Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team.
- Country of location data – we collect information through a look-up of your country of location by reference to your IP address against public sources to provide product and service information relevant to your region. This information is collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the Sites.
Similar to other websites, our Sites utilise standard technology called “cookies” to collect information about how our Sites are used. Cookies and similar technologies are a feature of web browser software that allows web servers to recognize the device used to access a web site and online services and can be used to manage a range of features and content.
Cookies are small pieces of data that are stored by a user’s web browser on the user’s hard drive. Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Sites and the web sites visited just before and just after viewing our content.
Certain cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the Sites and will last for longer.
We may also use “Web beacons” that monitor your use of our websites. Web beacons (or Web bugs) are one-pixel transparent images (although they can be visible images as well) located on a Web page or in an e-mail or other type of message, and are hosted on a server enabling the verification of a user’s viewing or receipt of a Web page or message. Web beacons can be used to track the IP (Internet Protocol) address of the computer or device that downloaded the page on which the Web beacon appears, the URL (Uniform Resource Locator) of the page on which the Web beacon appears, the time the page containing the Web beacon was viewed, the type of browser used to access the Web page containing the Web beacon and the identification number of any cookie on the computer or device previously placed by the server hosting the web beacon. When we correspond with you via HTML capable e-mail, Web beacons let us know whether you received and opened our e-mail. On their own, cookies or Web beacons do not contain or reveal any personally identifiable information. However, if you choose to furnish the website with personally identifiable information, this information can be linked to the data stored using cookies/Web beacons.
We use the following categories of cookies:
Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. For more information about privacy at Google or to opt-out of Google Analytics see: http://tools.google.com/dlpage/gaoptout.
In addition, we have activated the IP masking feature when using Google Analytics which means that Google anonymises the last octet of the IP address it receives from user’s devices. For more information see: https://support.google.com/analytics/answer/2763052.
Functional Cookies: These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Social Media Cookies: These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
When you visit our Sites, you have the option to accept or adjust what cookies you allow us to place on your browser through our Privacy Preference Centre. You can modify these settings at any time by visiting Cookie settings.
If you don’t want to allow cookies at all, please refer to your browser settings. Most web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting https://cookiepedia.co.uk which includes additional useful information on cookies and how to block cookies using different types of browser. Please note however, that by blocking or deleting cookies used on the Sites you may not be able to take full advantage of the Sites if you do so.
If you want to disable cookies on our Sites, you can change your browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers see: https://cookiepedia.co.uk/how-to-manage-cookies.
You can find more information about the individual cookies we use and the purposes for which we use them by visiting Cookie settings.
We will use this information to:
- Take steps in order to enter into any contract or carry out our obligations arising from any contract entered into between you or the organisation you work for and us including:
- supplying goods and services to you or the organisation you work for or receiving them from you or the organisation you work for, as the case may be;
- administering your/your organisation’s account with us;
- verifying and carrying out financial transactions in relation to payments you make in your own capacity or on behalf of your organisation
- notifying you about changes to our Services.
- Provide you with information and updates about our products or services or our company where requested or we feel may interest you or the organisation you work for, if you have given your consent to receiving promotional material from us at the point we collected your information, where required by law or otherwise in our legitimate interests provided these interests do not override your right to object to such communications. See ‘Our promotional updates and communications‘.
- Ensure in our legitimate interests that:
- content from our Sites is presented in the most effective manner for you and for your device;
- we provide you or the organisation you work for with the information, products and services you request from us;
- we assess any application for employment you submit to us;
- we may identify and understand using analysis and profiling techniques, your level of influence as a prescribing specialist and expert in a medical field to which our Services relate in order to engage and build relationships with you, to help in building mutual understanding, research, knowledge and improvements in treatments.
Information we collect about you from your use of our Sites
We will use this information in our legitimate interests, where we have considered these are not overridden by your rights:
- To administer our Sites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To keep our Sites safe and secure.
- For measuring or understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
- To improve our Sites to ensure that content is presented in the most effective manner for you and for your device.
- To allow you to participate in interactive features of our service, when you choose to do so.
Information we receive from other sources
We will combine this information with information you give to us and information we collect about you in our legitimate interests (where we have considered that these are not overridden by your rights). We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with promotional update communications or updates on our company by email, telephone or when meeting one of our representatives about our product.
You can object to further such communications at any time by selecting the “unsubscribe” link at the end of our marketing and promotional update communications to you, or by sending us an email to firstname.lastname@example.org.
You can also request that we send promotional materials to a non-personal email address instead of one which identifies you as an individual.
We may share your personal data with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy. Appropriate third parties including:
- our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for and subject to contractual and other safeguards;
- our auditors, legal advisors and other professional advisors or service providers;
- Payment processing providers who provide secure payment processing services.
- In relation to information obtained via our Sites:
- analytics and search engine providers that assist us in the improvement and optimisation of our site and subject to the cookie section of this policy.
Other disclosures we may make
We will disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy notice.
- If Circassia Pharmaceuticals Plc or substantially all of its assets are acquired by a third party, in which case personal data held by it about its clients and contacts will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you or the organisation you work for; or to protect the rights, property, or safety of Circassia, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
The data that we process in relation to you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who work for us or for one of our suppliers.
We may transfer your personal information outside the EEA:
- In order to store it.
- In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.
- Where we are legally required to do so.
We may transfer your personal information to the following countries outside the EEA:
|USA||Site Hosting||Amazon Web Services||Privacy Shield||https://www.privacyshield.gov/welcome|
|USA||Site Analytics||Privacy Shield||https://www.privacyshield.gov/welcome|
|USA||Client Relationship Management (CRM) services||Veeva Systems||Privacy Shield||https://www.privacyshield.gov/welcome|
Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, including relying on a recognised legal adequacy mechanism, and that it is treated securely and in accordance with this privacy notice.
All information you provide to us is stored on secure servers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our Sites may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
We retain personal data for as long as you have a relationship with us either commercially as a contact at our customer in order that we can meet our contractual obligations to you or your organisation, or where you are a specialist stakeholder in the field with whom we engage in our legitimate interests and for six years after that period in order to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
You have the right under certain circumstances:
- to be provided with a copy of your personal data held by us;
- to request the rectification or erasure of your personal data held by us;
- to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
- to object to the further processing of your personal data, including the right to object to marketing (as mentioned in ‘Our promotional updates and communications’ section);
- to request that your provided personal data be moved to a third party.
Your right to withdraw consent:
Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us. You can also change your marketing preferences at any time as described in ‘Our promotional updates and communications‘ section;
How to exercise your rights
You can also exercise the rights listed above at any time by contacting us at. email@example.com.
If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html). The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.
Any changes we make to our privacy notice in future will be posted on our Sites at niox.com and Circassia.com and, in relation to substantive changes, will be notified to you by e-mail where possible. This policy was last updated on 10 September 2019.
Our full details are:
Robert Robinson Avenue
Oxford Science Park
Oxford OX4 4GA
To the attention of Compliance
Tel: +44 (0)1865 405560