Western Region Healthcare Professional Privacy Notice
Introduction
This Privacy Notice (“Notice”) is made available by Linical Europe GmbH and its affiliated entities (“Linical”, “the Company”, “We”, “Us” or “Our”) to Healthcare Professionals (HCP) we engage with (“you”, “your” or “user”). This Notice is intended to assist (i) HCPs and (ii) HCPs acting as a representative or contact person for a healthcare organisation (HCOs) in understanding how we collect, process, secure, and transfer your Personal Data. We also describe how you can contact us to learn more information about our privacy practices.
This Notice is intended to address processing activities where Linical acts as a Data Controller for your Personal Data, such as when we contact you to ascertain your interest in participating in a clinical trial.
This Notice is not intended to address processing activities where Linical acts as a Data Processor instructed by a clinical trial sponsor acting as a Data Controller, such as when we process and store your CV and other professional details relating to your participation in a particular clinical trial as part of a clinical trial master file according to clinical trial regulations. In such cases, it is the responsibility of the clinical trial sponsor Data Controller to provide you with a separate Privacy Notice which describes how the clinical trial sponsor processes your Personal Data. Linical may be asked by the clinical trial sponsor to provide you with this separate clinical trial sponsor Privacy Notice. Linical takes no responsibility for the accuracy or completeness of any clinical trial sponsor Privacy Notice, as this responsibility lies solely with the relevant clinical trial sponsor Data Controller.
Other individuals interacting with Linical (employees, candidates, vendors and business partners) are provided with separate information about how we handle their personal information.
Please note that a separate Website Privacy Notice is available for website users and other third parties, available here.
It is important that you read this Notice together with any other privacy notice that we may provide you with so that you are fully aware of how and why we are processing your personal data. This Notice supplements any other privacy notices and privacy policies which we may provide to you and is not intended to supersede them.
Definitions
For the purposes of this Linical Healthcare Professional Privacy Notice:
Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Aggregated Data means summarised data derived from your Personal Data. Examples are statistical or demographic data. It is not considered Personal Data in law as this data will not directly or indirectly reveal your identity.
Company refers to Linical Europe GmbH, Hahnstrasse 40, 60528 Frankfurt am Main, Germany, and its Affiliates.
Data Controller, for the purposes of both UK GDPR and EU GDPR, refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data. For the purpose of both UK GDPR and EU GDPR, the Company is the Data Controller.
Data Processor, for the purposes of both UK GDPR and EU GDPR, refers to the Company’s Service Providers.
Data Protection Legislation, means all applicable laws and regulations relating to data protection and privacy anywhere in the world, to the extent applicable to the Services, including, as applicable: (a) where applicable, any state or federal laws or regulations of the United States of America (“USA”) governing the privacy or security of personal data; (b) where applicable to processing activities relating to the European Union (“EU”) or European Economic Area (“EEA”), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“EU GDPR”) as amended from time to time, and any applicable data protection laws, regulations, and secondary legislation of any Member State of the EEA, in each case as amended or updated from time to time; (c) where applicable to processing activities relating to the United Kingdom (“UK”), the Data Protection Act 2018 and the UK GDPR as defined in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018 (collectively the “UK GDPR”; and collectively with the EU GDPR, the “GDPR”) as amended from time to time, and any applicable data protection laws, regulations, and secondary legislation of the UK; and, (d) where applicable to processing activities in Switzerland, the Federal Act on Data Protection of 19 June 1992 (SR 235.1) (as amended) (“FADP”). Unless otherwise specified, “Controller”, “Processor”, “Personal Data”, “Processing” (and variants thereof), “Data Subject”, and “Personal Data Breach” shall have the same meaning as under the GDPR or, as applicable, any substantially corresponding terms as defined under any other applicable Data Protection Legislation.
Your Personal Data
When you visit our website, we may use the following cookies:
| Category of Data | Purpose for Data Processing |
| Basic information | Your name (including prefix or title), gender, civil status, age and date of birth. |
| Contact information | Any information you provide to us that allows us to contact you, e.g. your personal or business email address, personal or business mailing address, personal or business telephone numbers, emergency contact information. |
| Employment information | Information relevant to your past and current positions of employment or consultancy, e.g. title, seniority, unit/department, location, supervisor(s) and subordinate(s), employment status, employment history, curriculum vitae (CV), etc. |
| Education information | Information relevant to your past and current education or qualifications, e.g., university degrees, exam results, licenses, etc. |
| Financial information | Any financial information e.g. any payments, bank details and bank account number, insurance details, etc. |
| Expenses information | Information included in your expense reports and information needed by Linical to process such reports according to its policies, e.g. places you have been to for business, invoices, vehicle licence plate number. |
| Audiovisual recordings | We may collect photographs, video and audio recordings of you, e.g., recording videoconference meetings, or when you upload or share your photographs and videos for operational purposes. |
| Infrastructure interactions | Information generated by Linical to enable the use of our IT assets, products, systems, networks and communication channels. Information related to your use of our IT assets, products, systems, network services and communication channels, such as laptops, desktops, tablets and mobiles issued by us, Internet/Website use and access, corporate email, or provided tools or applications. |
| Opinions | Information you provide when you participate in our surveys or conversation channels. |
| Special Category Personal Data | Information related to your health as may be required to reasonably accommodate you, such as accessibility measures, dietary requirements, etc. |
| Criminal Convictions and Offences Data | Information related to your unspent criminal convictions and offences. |
We also collect, use and share Aggregated Data for various purposes. For example, your website usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Notice.
It is important that the Personal Data we hold about you is accurate and current. You are responsible for making sure the information you give us is accurate and up to date. You must tell us if anything changes, as soon as possible.
Our Processing Purposes
We collect your Personal Data when you:
- Contact Linical in relation to collaborating with us
- Interact with our Clinical Operations teams;
- Take part in our business operations;
- Use our IT assets, products, systems, networks and communication channels;
- Respond to surveys; and
- Otherwise provide it to us.
We will also collect your information through:
- Business intelligence sources;
- Industrial contacts;
- Background check providers;
- Social media platforms (such as LinkedIn) or other publicly available sources.
We may process your Personal Data for the following purposes:
| Personal Data Category | Lawful Basis | Purpose |
| • Basic information • Contact information • Employment information • Education information • Audiovisual recordings • Infrastructure interactions • Opinions • Special Category Personal Data • Criminal Convictions and Offences data |
Our Legitimate interest in contacting you in a commercial capacity GDPR, Article 6(1)(f) |
Commercial Contact Contacting you in a commercial capacity to ascertain your interest in collaborating with us, including any feasibility or site selection checks or assessments, professional reviews (applications, CVs, interviews), maintaining contact records and collaborator databases, screening, background checks, and criminal record checks; and, sourcing references, where applicable. |
| • Basic information • Contact information • Employment information • Education information • Financial information • Expenses information • Audiovisual recordings • Infrastructure interactions • Opinions • Special Category Personal Data • Criminal Convictions and Offences data |
Contractual obligation GDPR, Article 6(1)(b) | Ongoing Collaboration For the purposes of negotiating a contract with you, or for performing and maintaining our contract with you, in relation to ongoing collaboration, including any ongoing contact, professional reviews, recordkeeping, maintaining collaborator databases, financial payments and expenses, and other processing as may be necessary for the purposes of conducting the contract. |
| • Basic information • Contact information • Employment information • Education information • Financial information • Expenses information • Audiovisual recordings • Infrastructure interactions |
Our Legitimate Interests in running our business GDPR, Article 6(1)(f) |
Business Operations For the purposes of conducting Linical’s operations, including, but not limited to: managing and allocating company assets and human resources; strategic planning and project management; audits; maintaining records relating to business activities; and, re-organisations, mergers and acquisitions. |
| • Basic information • Contact information |
Contractual Obligation GDPR, Article 6(1)(b) |
Communication Communicating with you and facilitate your communication with others. |
| • Basic information • Contact information • Opinions |
Our Legitimate Interests in conducting surveys GDPR, Article 6(1)(f) |
Surveys Communicating with you and requesting your opinion and feedback on our Service for the purposes of conducting surveys. |
|
• Basic information |
Legal Obligation GDPR, Article 6(1)(c) |
Legal Obligations For the purposes of complying with legal, regulatory and other requirements, including, but not limited to: complying with financial regulations; record-keeping and reporting obligations; data protection exercises; and, complying with government inspections and other requests from government or other public authorities. |
| • Basic information • Contact information • Employment information • Audiovisual recordings • Infrastructure interactions |
Our Legitimate Interest in maintaining a secure work environment GDPR, Article 6(1)(f) |
Security and Monitoring Monitoring your activities in order to maintain a secure work environment, including, but not limited to: monitoring audiovisual recordings via CCTV or similar systems; monitoring your use of any Linical computer applications, internet browsing history, email, or mobile phone actions; providing you with access to Linical sites, where applicable, and monitoring your site access; and, monitoring your use of other company resources, including our IT assets, products, systems, networks and communication channels. |
| • Basic information • Contact information • Special Category Personal Data (health) |
Vital Interest GDPR, Article 6(1)(d) |
Vital Interest Monitor your health in order to safeguard and protect you, or to act in your vital interest, or the vital interest of a third party. |
| • Basic information • Employment information • Audiovisual recordings • Opinions |
Our Legitimate Interest in advertising our business GDPR, Article 6(1)(f) |
Promotional Materials and Events To include you and/or your Personal Data in promotional materials events, where appropriate, including, but not limited to: inviting you to webinars, seminars, and other events, producing audiovisual recordings of you and publicising them on various distribution channels, including websites, social media, and other platforms; and, publicising your opinions of our business. |
| • Basic information • Contact information • Employment information |
Our Legitimate Interest in advertising our business GDPR, Article 6(1)(f) |
Direct Marketing under Legitimate Interest Direct marketing to you, where you have provided your contact information, about products and services from us where you are classified as a corporate subscriber and/or the ‘soft opt-in’ applies under the EU ePrivacy Directive and/or UK PECR. |
| • Basic information • Contact information • Employment information |
Your Consent GDPR, Article 6(1)(a) |
Direct Marketing under Your Consent Direct marketing to you, where you have provided your contact information, about products and services from us where you are a sole trader, partnership or otherwise classified as an individual subscriber and/or the ‘soft opt-in’ does not apply under the EU ePrivacy Directive and/or UK PECR. |
| • Basic information • Contact information • Employment information |
Our Legitimate Interest in identifying areas for improvement or unlawful activity GDPR, Article 6(1)(f) |
Whistleblowing For whistleblowing purposes, including, but not limited to: making available processes and systems that enable stakeholders to identify and escalate concerns to Linical management, and taking appropriate steps to investigate or address raised concerns. |
Providing your Personal Data to Linical is voluntary but it is necessary if you are to take part in any of our commercial activities. Should you choose not to provide your Personal Data to us, your interaction with us may be adversely impacted, you cannot take part in any of our commercial activities, and we will not be in a position to perform a contract with you.
We may process your Special Category Personal Data for the following purposes:
| Special Category Personal Data | Condition for Processing | Purpose |
| • Special Category Personal Data (health) | Substantial Public Interest GDPR, Article 9(2)(g) |
Reasonable Adjustments We may use information about your health or disability status to consider whether we need to provide reasonable adjustments to your working conditions (e.g., if you become pregnant). |
| • Special Category Personal Data (health) | Vital Interest GDPR, Article 9(2)(c) |
Vital Interest To act in your vital interest, or the vital interest of a third party. |
Depending on the jurisdiction in which you operate and on your specific role, we may collect information about your criminal convictions and offences. We do this to satisfy ourselves that there is nothing in your criminal convictions and offences history which makes you unsuitable for collaboration. Our commercial operations require a high degree of trust and integrity, and it is therefore best practice to undertake such checks and a pre-requisite in some instances.
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with our Data Protection Policy.
We have in place appropriate policies and safeguards which we are required by law to maintain when processing such data.
Retention Periods
We will keep your Personal Data only for as long as necessary in order to complete the activities we have explained in this Privacy Notice.
In general, we will retain your Personal Data for the duration of our collaboration with you, or otherwise our point of last contact with you, plus an additional six years.
We may also retain your Personal Data for a longer period where we need to exercise, establish, or defend against legal claims.
Receipts of Your Personal Data
We share your Personal Data on a need-to-know basis, and to the extent necessary to follow laws and regulations, and to manage your employment relationship with us.
Linical might share your Personal Data with:
• Your direct employer or institution;
• Any relevant membership organisations, boards, or other bodies relevant to your education and experience; and,
• Affiliates, successors, or partner companies.
From time to time, we may also need to make your Personal Data available to external organisations, such as:
• Regulatory or government and law enforcement authorities;
• Professional advisors, such as auditors, accountants and lawyers; and
• Companies that provide products and services to us (such as payroll, agencies for IT systems suppliers and support, and other third parties engaged to assist us in carrying out business activities).
International Transfers
Because Linical operates globally, your data may be transferred outside of the country in which you interact with Linical, including to countries whose data protection laws substantially differ from the country in which you work or reside and may not provide the same level of data protection as in your country of residence. To accomplish the purposes described in this Notice, we may also disclose and transfer Personal Data to personnel and other departments throughout Linical, or to service providers and/or collaborators, successors, licensees, and strategic partners based overseas, to the extent that your Personal Data is shared with service providers, Linical affiliates or other third parties processing Personal Data on our behalf, which are located outside your country of residence.
For example, your Personal Data may be transferred or accessed by Linical and its affiliate entities in the United States of America and Japan.
Linical shall seek to maintain confidentiality as required within the limits of local laws in these countries.
Whenever we are required to transfer your Personal Data out of the UK or EEA, we ensure that at least one of the following safeguards is implemented:
• Transferring your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission or UK government , as applicable.
• Using specific contracts approved which give Personal Data the same protection it has in Europe including standard data protection clauses approved by the European Commission and/or the UK government, as applicable, providing adequate protection of Personal Data.
Please contact our DPO using the details set out in the Contact Us section below if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA or UK.
Security
Linical has implemented appropriate technical and organizational security measures necessary to adequately safeguard your Personal Data. These safeguards will include, for example:
• Access to Personal Data is restricted and provided only where necessary, to those employees, agents, contractors and other third parties who have a business need-to-know.
• All employees handling Personal Data receive security and data protection awareness training, will only process your Personal Data on our instructions and are subject to a duty of confidentiality.
• Employees with access to Personal Data are given the least privilege required.
• We have robust procedures in place to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
• A disciplinary policy is enforced to prevent unauthorised access.
• Where technically feasible, data is encrypted in transit and at rest.
Your Rights
request to exercise your rights in respect of your personal data. You may have the right to request confirmation as to whether Linical is processing your Personal Data, and if so:
• To request information relating to the categories of data involved, purposes of processing, recipients of your data, retention periods/criteria, and your rights as a Data Subject.
• To request access to your Personal Data that Linical is processing.
• To request Linical rectifies any inaccurate or incomplete Personal Data that Linical is processing about you.
• To request erasure or restriction of processing of any Personal Data that Linical is processing about you, subject to certain exceptions.
• To obtain a copy of your Personal Data in a commonly-used and machine-readable format and have it ported to another data controller.
• To object to the processing of your Personal Data in certain circumstances.
• To restrict to the processing of your Personal Data in certain circumstances.
• To lodge a complaint with your local Data Protection Authority or Supervisory Authority.
• To withdraw your consent for processing your Personal Data at any time, where we rely upon your consent as the lawful basis for processing.
To exercise any of the rights described above, please contact our DPO using the details set out in the Contact Us section below with a description of your request.
For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do.
If you are in the UK, you have the right to make lodge a complaint at any time to the Information Commissioner’s Office (ICO) https://ico.org.uk/, the UK supervisory authority for data protection.
If you are in the EU or EEA, you have the right to lodge a complaint at any time with the relevant supervisory authority responsible for data protection. For a list of the relevant supervisory authorities, please see https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you.
Contact Us
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this Notice or the way your Personal Data is processed, please contact our Data Protection Officer (DPO):
FAO Linical DPO
Dr. Lawrence Carter
The DPO Centre Limited
50 Liverpool Street
London
UK
EC2M 7PY
+442037971289
dpo@linical.com
Updates to This Notice
We keep our privacy notices under regular review. We reserve the right, at our discretion, to change, modify, add or remove sections of this Notice at any time. You are encouraged to review this Notice from time to time for updates, or to contact Linical for more information.
Further Information
1. For more information, see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
2. For more information, see: https://www.gov.uk/government/publications/uk-approach-to-international-data-transfers/international-data-transfers-building-trust-delivering-growth-and-firing-up-innovation
3. For more information, see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en
4. For more information, see: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/