DATA PRIVACY POLICY
Urgo Limited (“Urgo”, “we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Notice for Healthcare Professionals (“HCPs”, “you”, or “your”) (“Privacy Notice”) describes our practices regarding the collection, use, and disclosure of your Personal Data (as defined below) when you visit any of our websites (“Website”), and interact with us online or offline. This Privacy Notice also describes your privacy rights in connection with Personal Data we collect and process about you.
This Privacy Notice will not apply to Personal Data collected and processed by us:
- If you are an individual other than an HCP;
- Should you apply for a job with us; or
- In the course of your employment with us.
1. Personal data collected
We collect the following categories Personal Data:
- Personal identifiers: name, residential and business address, home and business telephone number(s), email address(es), and National Provider Identifier (NPI), IP address;
- Commercial and financial information: payment information, account information, and details of any financial relationship with us, inquires or requests for assistance regarding our products or services;
- Professional or employment-related information: name of your practice, academic background, professional designation, medical specialty, licensing and disbarment status, publications and information about public speeches, and additional Personal Data you provide in your curriculum vitae or other similar documents or communications;
- Education information: academic background and credentials;
- Internet or electronic network information: your browser type, operating system, domain names visited, click activity, referring websites, the date and time and length of visit of your visit to our Website or other websites or mobile applications;
- Audio and visual information: audio and visual recordings of presentations given by you; and
- Inferences drawn from any of the above data to create a profile reflecting your interests as they relate to the types of products and educational offerings provided by us.
We retain the categories of Personal Data we collect for as long as we need for a legitimate business purpose. The criteria used to determine the retention periods include: (i) how long the Personal Data is needed to provide / receive the services and operate the business; (ii) the type of Personal Data collected; and (iii) whether we are subject to a legal, contractual or similar obligation to retain the Personal Data (e.g., mandatory data retention laws, government orders to preserve data relevant to an investigation or data that must be retained for the purposes of litigation or disputes).
3. Sources From Which we Collect Personal Data
We collect Personal Data from you when you: (i) attend or register to attend an event sponsored by us; (ii) participate in one of our advisory boards or speak at an event on our behalf; (iii) request information from us about our products or services; (iv) apply for a grant, donation or sponsorship; (v) respond to one of our surveys; or (vi) otherwise interact with us including, via the Website. We may also collect your Personal Data from patients, other HCPs or medical professionals, dispensing entities, from data brokers specializing in HCP data, and from publicly available sources.
4. Legal Basis
Legal basis to process user’s personal data are:
- your consent: in some cases, we ask for your consent to collect and process your personal
- our legitimate interest: we may process your personal data based on our legitimate interests in communicating or managing our interactions with you regarding our products and
- a legal obligation: we may need to process your personal data to comply with applicable laws/regulations.
5. Recipients
User’s personal data that we process will only be accessible by a limited list of recipients with a need to know in accordance with the purposes described in this policy or where required by law, including but not limited to:
- the departments and personnel of our Company and other legal entities of Urgo Group;
- our Company’s suppliers and service providers (in particular those managing and hosting the Site) who may be called upon to access users’ personal data for purposes strictly necessary for their work;
- to the competent authorities in certain cases defined by the
6. Cookies and Other Technologies
We collect some of the Personal Data above through “cookies” and other similar technologies. Cookies are small, sometimes encrypted text files that are stored on computer hard drives by websites that you visit. They are used to help users navigate websites efficiently as well as to provide information to the owner of the website. For detailed information on the cookies we use and the purposes for which we use them, please see details about cookies we use when you visit our website in our online Privacy Notice, available here: https://www.urgomedical.co.uk/privacy-policy/.
7. How we Use Personal Data we Collect
We have set out below, a description of the ways we use your Personal Data (referred to as “processing purposes”), and which of the legal bases we rely on.
| Categories of Personal Data | Processing Purposes | Legal Basis |
|---|---|---|
| Where you register to attend and/or attend a sponsored event: | ||
| Personal identifiers; Audio and visual information | The administration and conduct of the relevant event, including to respond to your enquiries and communicate with you about the event. | Where we have a legitimate interest to ensure the effective administration and conduct of the relevant event. |
| Personal identifiers; Audio and visual information | Enabling the creation, distribution, broadcast or other use of any recordings made during the event. | Where we have a legitimate interest to promote the event, to leverage the learnings from the event, and to more generally operate and improve our business. |
| Personal identifiers |
To invite you to future events and to send you other promotional information about our products (where permitted by law). If you wish to stop receiving marketing or market research communications from us you can contact us using the contact details below. |
If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent. In other instances, we will send marketing communications to you where this is in our legitimate interest. |
| Personal identifiers | The storage of your Personal Data in databases for use when sending invites to future events. | Where we have a legitimate interest to manage our business and the conduct of future events. |
| All categories of Personal Data | Compliance with and satisfaction of legal obligations and regulatory requirements for purposes of financial reporting / public disclosure obligations in relation to agreements with and/or payments and benefits to HCPs and healthcare organizations. |
To comply with a legal obligation. Where we have a legitimate interest to comply with applicable transparency reporting obligations (including those in the United States). |
| Where you participate in an advisory board: | ||
| Personal identifiers; Professional or employment information; Education information; Audio and visual information | The administration and conduct of the relevant advisory board, including to respond to your enquiries and communicate with you about the advisory board. | Where we have a legitimate interest to ensure the effective administration and conduct of the advisory board. |
| Personal identifiers; Audio and visual information | Enabling the creation, distribution, broadcast or other use of any recordings made during the advisory board. | Where we have a legitimate interest to leverage the learnings from the advisory board, and to more generally operate and improve our business. |
| Personal identifiers; Professional or employment information; Education information | The storage of your Personal Data in databases for use when selecting HCPs for future advisory boards. | Where we have a legitimate interest to manage our business and the conduct of future advisory boards. |
| All categories of Personal Data | Compliance with and satisfaction of legal obligations and regulatory requirements in the context of safety data reporting activities, and for purposes of financial reporting / public disclosure obligations in relation to agreements with and/or payments and benefits to HCPs and healthcare organizations. |
To comply with a legal obligation. Where we have a legitimate interest to comply with applicable transparency reporting obligations (including those in the United States). |
| Where you are engaged to speak on our behalf: | ||
| Personal identifiers; Professional or employment information; Education information; Audio and visual information | The administration and conduct of the relevant event, including to respond to your enquiries and communicate with you about the event. | Where we have a legitimate interest to ensure the effective administration and conduct of the relevant event. |
| Personal identifiers; Audio and visual information | Enabling the creation, distribution, broadcast or other use of any recordings made during the event. | Where we have a legitimate interest to promote the event, to leverage the learnings from the event, and to more generally operate and improve our business. |
| Personal identifiers; Commercial and financial information; Professional or employment information; Education information | Meeting our contractual obligations under the speaker agreement with you including, to pay you for your speaking services. | Where necessary for performance of a contract. |
| Personal identifiers; Professional or employment information; Education information | The storage of your Personal Data in databases for use when selecting speakers for future events. | Where we have a legitimate interest to manage our business and the conduct of future events. |
| All categories of Personal Data | Compliance with and satisfaction of legal obligations and regulatory requirements for purposes of financial reporting / public disclosure obligations in relation to agreements with and/or payments and benefits to HCPs and healthcare organizations. |
To comply with a legal obligation. Where we have a legitimate interest to comply with applicable transparency reporting obligations (including those in the United States). |
| When you contact us or we communicate with you: | ||
| Personal identifiers; Audio and visual information | To respond to your enquiries and communicate with you including, where these relate to, for example, requests for funding, grants, early access programs. | Where we have a legitimate interest to manage our business, and to process and respond to your communications. |
You have a right to object to the processing of your Personal Data where that processing is carried out for our legitimate interests (including for any direct marketing or profiling purposes). Please note however, that we may not be able to fulfil such requests in all instances.
We disclose Personal Data to the following third parties for the purposes identified above:
- Service providers that manage customer information and provide patient support services, facilitate email communications, provide security services and cloud-based data storage, host our Website and assist with other IT-related functions, advertise and market our products and services, provide analytics information, and provide legal and accounting services;
- Third parties we consult and engage as part of our clinical research and compliance activities, such as research partners, ethics committees, and professional advisors, and clinical research monitors and research organizations;
- Third parties as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities;
- Third parties to help detect and protect against fraud or data security vulnerabilities; and
- Third parties in the event of an actual or contemplated sale, merger, reorganization of our entity or other restructuring.
9. Security
10. International Transfers of Personal Data
We may, for the purposes identified above, transfer Personal Data to recipients identified above, that are located in countries outside the European Economic Area (“EEA”), Switzerland and the UK, including the US, and which are not considered to provide an adequate level of data protection by the European Commission, Swiss Federal Council or UK Government.
We will ensure that such transfers comply with applicable data protection laws e.g., by entering into data transfer agreements with the recipient, relying on the recipient’s Binding Corporate Rules, or relying on the recipient’s self-certification to the EU-U.S. Data Privacy Framework (or UK Extension thereof). Transfers may also take place by relying on a derogation such as, where the transfer is necessary for performance or a contract or the establishment or defense of legal claims.
You can request further information in relation to international transfers and/or a copy of the data transfer agreements by contacting us, as detailed below.
11. Cookie Management
- Cookies
A cookie is a small computer file, a marker, which is stored and read on your computer, mobile or tablet when you visit the Site.
In this policy, we refer to all the cookies placed and read on your terminal as “Cookies”.
- Consent
Necessary Cookies: Your prior consent is not required to store or read these Cookies, either because they do not process any personal data, or because they are strictly necessary to provide the service you request (e.g., to be able to browse the Site and enable the Site to be functional). Necessary cookies cannot be disabled.
Unnecessary Cookies: You must first give your consent before the Company and its partners, if any, store or read Cookies other than those mentioned in the previous section. These Cookies do not affect the quality of the service you request, nor the basic functionality of the Site.
You can oppose and delete Cookies used by the Company and any of its partners at any time by deleting them from your devices, by managing your browser settings, or your Cookie settings.
You can manage your Cookie settings and access Cookie details through your web browser settings.
Third party Cookies
Site functions use services offered by third parties.
If you give your consent, these third parties will store Cookies which will enable you to view content hosted by these third parties directly on the Site or share our contents.
Via these Cookies, these third parties will collect and use your browsing data for their own purposes, in accordance with their confidentiality policy.
To exercise your rights over the data collected by third parties, or for any question concerning this processing, you can contact them directly.
Google Analytics Cookies
We may use Google Analytics to improve the functionality, performance and content of the Site.
With your consent, the service “Google Analytics” offered by Google Inc (1600 Amphitheatre Parkway Mountain View CA 94043 USA, Los Angeles, California, USA), uses unnecessary Cookies.
Even if Google Analytics is used with anonymisation of your IP address, enabling Google Analytics means that your information and data collected by these Cookies may be processed outside the European Union or the European Economic Area and transferred to the USA. US authorities may access your personal data collected by Google Analytics Cookies, for security and safety reasons.
Google Inc. may also transfer information and data to third parties where required to do so by law, or where such third parties process the information and data collected by these Cookies on Google Inc.
For more information on how Google Analytics uses data and to manage your privacy settings: https://support.google.com/analytics/answer/9019185?hl=en#zippy=%2Ccet-article-aborde-les-points-suivants%2Cin-this-article
You can also choose to disable Google Analytics by installing an opt-out add-on provided by Google Inc. on your browser: https://tools.google.com/dlpage/gaoptout?hl=en
YouTube Cookies
Videos embedded directly from the YouTube video platform are available on the Site.
With your consent or by clicking on videos, the “YouTube” service offered by Google Inc (1600 Amphitheatre Parkway Mountain View CA 94043 USA, Los Angeles, California, USA) uses unnecessary Cookies
The information and personal data collected by these Cookies may be transferred outside the European Union or the European Economic Area, including to the United States. US authorities may access your personal data collected by Google Analytics Cookies, for security and safety reasons.
Google Inc. may also transfer information and data to third parties where required to do so by law, or where such third parties process the information and data collected by these Cookies on Google Inc.
- Setting up your browsers and terminals
Most browsers accept cookies by default. To block these cookies or to ask your browser to inform you when a site attempts to install a cookie on your device, please refer to your browser’s help menu or to the following sites:
- Internet Explorer: https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer
- Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
- Microsoft Edge: https://support.microsoft.com/en-us/help/10607
- Safari: https://help.apple.com/safari/mac/9.0/?lang=en#/sfri11471
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
To change the privacy settings on your smartphone or tablet please refer to the following websites:
- Android system: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=en
- Apple system: https://support.apple.com/en-gb/HT201265
Any setting change which you may make will be liable to modify your browsing on the Site and your conditions of access to certain services/functions requiring the use of Cookies. Where applicable, we decline all responsibility for any consequences due to the downgraded operation of the Site resulting from the fact that it is impossible for us to store or consult the Cookies necessary for their functioning which you have deleted or refused.
12. Social networks
The Company’s official Facebook and Instagram accounts may allow users to post their content. Users are informed that the content published on these social networks can be seen by any third party, and that users are required to be vigilant when uploading and publishing personal data on these sites or applications. The Company decline all responsibility for any damage caused by third parties resulting from the publication of their personal data by users.
13. Third Party Links
Our Website may contain social media buttons or links to third-party websites, which may have privacy policies that differ from our own. We are not responsible for the activities and practices that take place on those social media platforms or third-party websites.
14. Your Data Privacy Rights
You have the following data privacy rights which may be subject to limitations / restrictions:
- The right to request access to your Personal Data;
- The right to request that your Personal Data be corrected or deleted;
- The right to request that we restrict our processing of your Personal Data;
- The right to object to the processing of your Personal Data where it is carried out (i) for our legitimate interests – unless we can demonstrate compelling legitimate grounds for the processing, and/or (ii) for direct marketing purposes;
- The right to withdraw consent to the processing of your Personal Data; and
- The right to request that Personal Data be provided to you or a third party in a machine-readable format.
11. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. You will be informed about any material changes through a notice on our Website.