Market Access Privacy Notice
Last updated: 21st February 2020
This Privacy Notice (“Privacy Notice”) for The Research Partnership Limited and its affiliates, The Research Partnership Inc and The Research Partnership Healthcare Asia Pte Ltd, (“The Research Partnership”, “we”, “our” or “us”),explains how information that may be collected from you (“you” or “your”) may be used. This information may be collected in connection with your participation in market access studies with Research Partnership.
Research Partnership takes your privacy seriously. We may update this Notice from time to time and shall indicate on our website (www.researchpartnership.com) when changes have been made.
We collect data on behalf of our research sponsors (our clients). The types of research engagements we conduct include face to face, telephone and online market research.
All the data we collect is presented to the sponsors in aggregate form. We do not share any of your Personal Data with our sponsors. The only exception may be in the reporting of any Adverse Events you may mention during the course of the market research engagement; however, your Personal Data would only be shared with your consent. In case of a refusal, your Personal Data will not be released as part of the reporting process.
Research Partnership is registered with the Information Commissioner’s Office in the United Kingdom as a Data Controller in accordance with the provisions of the Data Protection Act 2018. Further details of the registration are available at www.ico.org.uk/
Research Partnership is proud to be members of the pharmaceutical market research governing bodies and the main market research associations listed below and we follow their guidance on all matters relating to market research codes of conduct, data protection and adverse event reporting.
- Intellus Worldwide
- Market Research Society, Singapore
- What Personal Data do we collect?
- How will we use your Personal Data?
- For how long will we retain your Personal Data?
- To whom will we disclose your Personal Data?
- How do we protect your Personal Data?
- How can you access and update your Personal Data?
- Changes to this Notice
- How to contact us
What Personal Data do we collect?
Personal Data is collected from you when you register with us, via publicly available sources or via referrals.
We collect your name, email address, former institutional affiliation(s), phone number(s), banking details, and additional elements of Personal Data which would be specific to the research engagement and for which we would obtain your specific consent to allow for such collection.
We will not sell, share, transfer, or rent any Personal data to any third-parties in ways different from what is disclosed in this Privacy Notice and our Terms and Conditions. We shall not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you. To that end, we will take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. We use reasonable efforts to maintain the accuracy and integrity of Personal Data and to update it as appropriate.
How will we use your Personal Data?
We use Personal Data that we collect for the following business purposes, without limitation:
(1) maintaining and supporting our services, delivering and providing the requested services including payment of honoraria to our research participants, and complying with our contractual obligations related thereto;
(2) satisfying governmental reporting, tax, and other requirements;
(3) storing and processing data, including Personal Data, in computer databases and servers located in the United Kingdom and Ireland;
(4) verifying identity of our research participants;
(5) as requested by our research participants;
(6) for other business-related purposes permitted or required under applicable local law and regulation; and
(7) as otherwise required by law.
Our legal basis for the processing of your Personal Data is legitimate interest.
We reserve the right to make automated decisions, including using machine learning algorithms, about you to optimize the services offered and/or delivered.
For how long will we retain your Personal Data?
Access Partnership has a responsibility to maintain records relating to our research activities, in accordance with legal obligations, client contractual terms and suggested industry guidelines, and will retain your Personal Data according to the following retention guidelines:
This applies to the Profile Data you provide to us and which we may collect from public sources. We will retain your Profile Data until you request removal from our list.
Market Access (Survey) Data and associated research materials
This applies to all Market Access (survey) data and associated research materials (screeners, questionnaires, audio files, adverse event reports, meeting invites, etc.). We will retain this data for a period of ten (10) years or per the guidelines dictated by our client contractual terms if different from our internal retention guidelines, after which time disposal will be completed in a secure manner. The retention period for the specific research engagement in which you participate will be shared as part of the consent process.
Your Banking Details
If you provide your banking details for the purpose of incentive processing and fulfilment via bank transfer, we retain these details for no longer than three months after which time disposal will be completed in a secure manner.
To whom will we disclose your Personal Data?
We do not share your Personal Data with third-parties including, without limitation, our financial institution, our client’s pharmacovigilance departments, audio conference service providers (e.g. Cisco WebEx), transcription providers, and auditors and tax authorities who are working on our behalf and need access to your Personal Data to carry out their work for us.
We may provide Personal Data to such third-parties for the following purposes, without limitation: incentive processing and fulfilment, Adverse Event reporting, recording of market research surveys, transcription of market research interviews, auditing purposes and governmental reporting, tax, and other requirements.
We may share your information in connection with a merger, sale of company assets, financing or acquisition of all or a portion of our business to another company, if any. In this event, we will notify you before information about you is transferred and becomes subject to a different privacy notice.
We may also disclose Personal Data under the following circumstances:
- Responding to witness summons, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims;
- When we believe it is necessary to share information to investigate or prevent fraud, or to take action regarding illegal activities, situations involving potential threats to the physical safety of any person, or as otherwise required by law;
- In rare situations, it may be necessary to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We are potentially liable in cases of onward transfers of Personal Data to third-parties, such as when third-parties that act as agents on our behalf process Personal Data in a manner inconsistent with the data protection principles. We will ensure that any third-party to which we disclose personal information provides the same level of privacy protection as is required by the applicable data protection principles and agrees in writing to provide an adequate level of privacy protection. Except as otherwise provided herein, we disclose Personal Data only to third-parties who reasonably need to know such data. Such recipients must agree to abide by confidentiality obligations that adequately comply with our compliance requirements.
We recognize that you have the right to limit the use and disclosure of your Personal Data, and we are committed to respecting those rights. We offer individuals the opportunity to opt out of disclosures of Personal Data to a third-party or the use of Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. We will comply with the applicable data protection principles with respect to disclosures of Sensitive Data including, when applicable, obtaining the explicit consent (i.e., opt in consent) of an individual prior to disclosing Sensitive Data to a third-party or using Sensitive Data for purposes other than those for which it was originally collected or subsequently authorized by the individual.
How do we protect your Personal Data?
We have implemented physical and technical safeguards to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alternation, or destruction.
For example, electronically stored Personal Data is stored on a secure network with firewall protection, and access to our electronic information systems requires user authentication via password or similar means. We also employ access restrictions, limiting the scope of staff members who have access to your Personal Data. Further, we use secure encryption technology such as SSL or a comparable standard to protect certain categories of Personal Data.
To the extent that we keep physical records containing your Personal Data, we limit access to such Personal Data to staff members whom we reasonably believe need that information to provide our services to you.
Despite these precautions, no data security safeguards guarantee 100% security all the time.
We have designated the Compliance Department to oversee our information security programme. The Compliance Department shall review and approve any material changes to this programme as necessary. Any questions, concerns, or comments regarding this Notice also may be directed to firstname.lastname@example.org. We will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that we collect.
Our personnel will receive training, as applicable, to effectively implement this Privacy Notice.
How can you access and update your Personal Data?
You have the right to obtain confirmation about whether Personal Data is included about you in our databases. Upon request, we will provide an individual access to your Personal Data within thirty (30) days of receipt of such request. We will permit an individual to know what Personal Data about him/her is included in our databases and to ensure that such Personal Data is accurate and relevant for the purposes for which we collected the Personal Data.
You may review your Personal Data stored in the databases and correct, update, modify, or delete any data that is incorrect or incomplete.
Your right to access your Personal Data may be restricted in exceptional circumstances, including, but not limited to:
- when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question; or
- where the rights of persons other than you would be violated by the provision of such access.
If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any enquiries you may have.
We will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise:
(a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or
(b) requests received from you.
Rectification and Erasure
You may request that we rectify or delete any of your Personal Data that is incomplete, incorrect, unnecessary or outdated. In making modifications to your Personal Data, you must provide only truthful, complete, and accurate information.
You may object, at any time, to your Personal Data being processed for a specific purpose.
Restriction of Processing
You may restrict processing of your Personal Data for certain reasons, such as, for example if you consider your Personal Data collected by us to be inaccurate or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration.
You may request the Personal Data you provided to us in a commonly used and machine-readable form.
Right to Withdraw Consent
You have the right to withdraw your consent at any time, without affecting the lawfulness of our processing based on such consent before it was withdrawn, including processing related to existing contracts for our Services.
To exercise any of the abovementioned rights, please contact us by phone, postal mail or email at the How to contact us section of this Privacy Notice.
We recommend that you include documents that prove your identity and a clear and precise description of your request. Please note that in some cases, especially if you wish us to delete or cease the processing of your Personal Data, we may no longer be able to provide our Services to you.
The Research Partnership is committed to ensuring privacy in all markets we work in and would therefore like to add the new California Consumer Privacy Act (CCPA) effective January 1st 2020 to our Privacy Notice to provide our users who reside in the state of California how we collect, store and use their data.
The CCPA grants the respondents’ rights as listed below which are not dissimilar to those of the EU GDPR covered already in the Research Partnership’s Privacy notice such as the ability to
- Request information
- Have personal information deleted
- Opt out of the sale of their personal information
- Be informed that personal data is being disclosed or sold
While our Privacy notice already cover the first two (requesting information or having data erased), as a market research agency we do not participate in selling personal data and will seek consent in the cases where your personal data is disclosed to the end client usually in the form of reporting adverse events.
Changes to this Notice
This Privacy Notice may be amended from time to time, consistent with applicable data protection and privacy laws and principles. We will notify you if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow you to choose whether your Personal Data may be used in any materially different manner.
How to contact us
If you have any questions or complaints about this Privacy Notice or our data collection practices, please contact us at the details listed below and specify your country of residence and the nature of your question.
The Research Partnership Ltd
81-83 Fulham High Street
London SW6 3JW
Phone: +44 (0)20 8069 5000
If you consider our processing activities of your Personal Data to be inconsistent with the applicable data protection laws, you may lodge a complaint with your local supervisory authority responsible for data protection matters.