AEQUUS RESEARCH PRIVACY POLICY

DECEMBER 2020

About us

Aequus Research Limited is an international market research agency, based in London and is a company incorporated in England under company registration number 04256527.

Aequus are committed to protecting the privacy of all personal data we collect, be that relating to survey participants, clients, employees, or partner details and we promise that we will never share, rent, or sell your personal data to any third party without your consent or a lawful basis, and never supply your information to others for the purposes of direct marketing.

This privacy notice explains why we need personal data, how we use it, with whom it may be shared and how we will keep it safe. We may update this notice from time to time, so you should check this page from time to time to make sure that you are happy with any changes

What is considered ‘personal data’?

Personal data is quite simply any piece of information that could be used to identify a specific person, whether on its own, for example with a name and address, or in combination with other pieces of data, for example, a driving licence ID number or telephone number.

The definition is very wide and personal data includes other information from which you may be identified, for example from a photograph, CCTV footage, a voice recording, biometric or genetic information and location data.

Any personal data provided to us will only be used in accordance with this privacy policy.

Categories of personal data

We process personal data for the following reasons:

Research Purposes

Why we need your information

We require your personal data to allow us to perform market research to help pharmaceutical companies develop and improve their products and services.

We are specialists in health-related market research and operate in a highly regulated sector, we will therefore always ask individuals for their consent to process personal data especially when it relates to a medical condition.

As a market research agency, we sometimes compile lists of personal data already in the public domain to help identify and contact opinion leaders or healthcare professionals in a particular field.

On what legal basis do we process your information?

Participation in market research is voluntary and individuals will be asked for their explicit consent to take part in the research. You have the right to withdraw consent and stop taking part in the market research at any point, see the ‘Your Rights’ section below.

With your permission we shall also retain and use your information to re-contact you at a future point in order to complete the market research.

Where we identify and capture personal data from the public domain, we do this using the legitimate interest lawful basis however, we must stress that any research would only be continued with your consent.

What Information we capture

When performing research, we collect personal data from two distinct audiences: private individuals or patients, and healthcare professionals (HCP).

For private individuals we, or our data processors, collect your name, address, contact details, including phone numbers and email, details about your medical conditions and if appropriate next of kin. If you participate in video or audio research we will also capture your physical image and voice. We may also collect other personal data which you volunteer to us and which is relevant to the specific market research in question. Where possible we will fully or partly anonymise your information, as by blurring your image in any video recording.

For healthcare professionals we, or our data processors, will collect your name, professional qualifications, company name if appropriate, address, contact details, including phone numbers and email and if appropriate your bank details. We may also collect other personal data which is relevant to the specific market research for which you have volunteered and if you participate in video or audio research we will also capture your physical image and voice. Healthcare professionals may provide us with details relating to their patients, but this would be wholly anonymised and therefore not considered personal data.

In both cases if you interact with us via a computer, smartphone or other electronic device we may receive details of your device including your IP and MAC address, software used and country location.

How we obtain and process your Information

For individuals we will obtain your details in one of three ways; you will provide the information to us directly, we will be sent the information by our client or data processor, or the information will be extracted from a previously completed research study.

For healthcare professionals we may obtain your details directly from you, from the public domain or from third party with the express purpose of sending an invitation for you to participate in a specific market research project.

Research participants be they an individual or HCP, will have personal data captured whilst taking part in interviews in person, over the phone, or during an online survey. We will also record details of any enquiries, discussions or interactions that you have with us and if relevant with our processors which relates to the research project.

Where we store your information and retention timescales

Your personal data may be stored in a number of locations. We utilise the Microsoft Office 365 platform and so all emails and data will be held on a server within the UK or EU. If you are part of the Moments research project, your data will be held in a secure server in Hungary which is within the EU.

We will ask fieldwork agencies to assist us with our research and they will usually be based within the country of the participant, and so they may be based outside of the UK and EU. You will be informed by the fieldwork company how your information will be used and where it will be stored when you are approached to participate in the trial or research.

We do not store your personal data for any longer than is necessary. The exact length of time we keep it for will depend on any mandated legal timelines, any Regulator guidance and will depend on any specific client or market research project obligations, this will be advised to you in the research paperwork.

Research performed by online survey, or via videoconferencing will be hosted in a range of countries depending on the audience being targeted, this will include storage in the UK, EU and globally. Appropriate safeguards will be in place to protect any recordings taking place to protect the survey results including any audio and/or video recordings which may be made.

The retention period for holding your data in relation to research projects will commence immediately after the data is captured and either 7 years or longer if mandated by law. If the trigger point or retention period is different you will be informed before you take part in the market research interview.

Once your data is no longer required all electronic and manual copies of your personal data will be safely and securely destroyed.

What information we may share and with whom

We may need to share personal data with a very limited number of other companies, for example to help us analyse the market research findings.

We may share a recording of a market research interview with a specialist transcription agency who will type the interview up for us. We do this so that we do not have to revisit the audio recording. Where possible, we will let you know if this is required before the interview takes place.

To further protect your identity we may share your video interview with a specialist film editing company, who will clip or blur any video footage with the intention of hiding your identity. Where possible, we will let you know if this sharing is required before the market research interview takes place. If research material or footage contains educationally valuable information or insights, extracts may be used in presentations and for teaching but the content will always be edited sufficiently to obscure the identity of any individuals is protected.

Any other company that receives your personal data will have a written contract in place with us and must follow all of the same data protection laws as Aequus Research.

Human Resources, Payroll and Finance

Why we need your information

To comply with employment legislation and ensure that all candidates, staff and workers are qualified, competent, vetted and receive ongoing training we shall capture personal information on both prospective and employed employees.

What Information we capture and why

In order, to consider your application, offer employment, and comply with our legal obligations, for example, the right to work within the UK, we ask for your personal details including contact details. Other information such as qualifications and work experience will be requested to ensure you are qualified to fulfil your role. Your date of birth, nationality, ethnicity and sexuality as well as any medical records that we may need to be aware of will be requested, although you can decline.

Details of marital status and next of kin will be collected as well as any other information you choose to give us.

We may anonymously ask for details of your ethnicity and sexuality to comply with anti-discrimination laws.

On what legal basis do we process your information?

Depending on the category and type of data which will be processed we will collect and process your data as required within any employment legislation or under the contractual obligations between us, and where this is not possible with your explicit consent or our legitimate interests.

How we obtain and process your Information

In most cases we shall obtain your personal data directly from you; we may obtain CVs and application forms from third-party recruitment agencies or recruitment sites, responses to reference requests will come from both individuals and corporate entities and data may be received from governmental departments and local authorities.

Where we store your information and retention timescales

Personal data related to your employment will be held in an electronic format in our company cloud server located in the UK. We shall retain all employee data for the period of your employment plus 7 years after you leave employment. Some specific documents, such as pension and insurance information may be retained for longer periods as defined in statute.

What information we may share, and with whom

We may share your information with other parties if this is in connection with your employment. This may include requesting confidential references and asking third party organisations to verify your employment history and also in connection with identity, right to work checks and for occupational health and insurance purposes.

We will share your information for payroll and tax purposes and in the event of any disciplinary, grievance or other legal matter we may share your information with our legal and professional advisers.

Your data will also be shared internally where this is necessary to facilitate your employment or support you in your role.

Client, freelancer and business partner relationships

Why we need your information

We record personal data on freelancers and business partners in order to facilitate the business relationship and to allow for commercial transactions

What Information we capture

Information captured will consist of the name of the individual, their company details including contact addresses, telephone numbers, email, social media accounts and where financial transactions are required bank accounts details and payment transaction details. Marketing preferences will also be captured along with details of any consents or permissions obtained and this may include details of the individual’s device, IP and MAC address, and country location.

How we obtain and process your Information

Information may be obtained directly from the individual, from a colleague acting on their behalf via usual business channels, such as by post, telephone, email or in a face-to-face meeting. We may also identify contacts via a public domain source such as a company website, directory or publication, or via a business networking platform such as LinkedIn.

Individuals have the option to subscribe to newsletters via a signup form on the webpage.

On what legal basis do we process your information?

If we obtain the information directly from you then we will be relying on your implied and/or explicit consent or intention to enter into a legally binding contractual arrangement. If we obtain your information from the public domain we shall rely on our legitimate interests to do so, at all times ensuring that the fundamental rights and freedoms of the individual are not overridden by the legitimate interests of Aequus Research. Where financial transactions have taken place then we shall retain details of all financial transactions in line with our legal obligations.

Where we store your information and retention timescales

Personal data relating to our business relationship will be held in an electronic format in our company cloud server located in the UK. Usually we will delete any personal data 7 years after a relationship ends, however, our contact may be infrequent and spread over decades, we will therefore retain your information indefinitely to allow us to approach you again in the future; for example, a specialist freelancer who speaks Japanese may only be required every 10 years. You can of course ask us to delete your information at any time.

What information we may share and with whom

Information will be shared internally with colleagues dealing with the relationship, and we may share with third parties if it is necessary for us to do so to fulfil our contractual or legal obligations; this may include sharing with the commissioning client, another business partner, or processor who is performing tasks on our behalf, for example a web hosting company, or email broadcast company.

Financial information will be shared with appropriate tax authorities, and if any projects are covered by any regulatory frameworks, reports or information may be shared with the appropriate regulatory authority. Legal advice may also be sought, and data may be shared with professional advisors.

Website visitors

Why we need your information

Information related to visitors allows us to understand how users interact with our website what pages they visit, how long they spend on each page, which layouts and buttons offered the best user experience.

What Information we capture

As a website visitor all we capture is your IP address, system type (PC, iPhone, Windows 10 etc), what pages you visit, general location and dates/time. This is managed via Google Analytics, which is detailed within our Cookie Policy. You will be asked to consent using our cookie banner before any non-essential cookies are used. This anonymous data is collected by Google.

If you, or your company register to use our service, we shall capture your name, contact details, marketing preferences and activity usage, which in the case of Moments includes when diary entries are created, video and audio files are uploaded and medical details which you volunteer – full details are in the Moments [add hyperlink] privacy policy.

How we obtain and process your Information

We may collect information from you when you interact with us, for example, when you visit our website www.aequusresearch.com.

By visiting the website we will be able to see your IP address and the pages you visit. Your information is anonymous until you log in as a user, at which point we shall know your details as you will be pre-registered.

Where we store your information and retention timescales

The only data stored, if you give your consent, is held by Google Analytics, which may be held both within the European Union and globally.

What information we may share and with whom

We will only share the anonymous results of Google analytics internally with our staff and also our web designer. No individual can be identified from this aggregated data.

On what legal basis do we process your information?

We rely on user consent to process website usage and visitor analysis. If any personal data is captured in relation to a malicious attack or in order to prevent a breach of data protection legislation, we shall rely on our legitimate interests to monitor our systems and take appropriate preventative and remedial actions.

Other business activities and information

Adverse drug reactions. In the course of our research activities we may become aware of adverse reactions to drugs, we have a legal obligation to report any adverse reactions to the appropriate statutory authorities.

Surveys. We may as part of a research project or for other business purposes conduct online surveys. These services may be based in the UK, EU or Globally, and will act as data processors for Aequus Research.

Miscellaneous. In order to manage our business we need to engage in the processing of limited miscellaneous personal data, for example, processing invoices, entering into contracts, managing enquiries from official statutory bodies such as HMRC or the police, and to do that we rely on our legitimate interests, legal obligations and fulfilment of our contractual obligations.

We may use your personal information to obtain legal advice or if it is necessary to defend a legal claim or pursue a bad debt, and we may have to pass your information to public authorities and organisations where the law requires us to do so.

To ensure that emails and ICT networks have not been compromised we will monitor network traffic and may process personal data as a result of this monitoring

Where general enquiries are received, from any party, their personal details will be captured as well as details of the enquiry or complaint. This may include retaining copies of emails, letters, phone calls and making notes about any verbal conversations.

This policy may be updated from time to time and any changes to our processing of your data will be reflected in this new policy. If the changes may affect your fundamental rights, we contact you to advise you of the change.

If ownership of Aequus Research Limited is transferred to another company or we are the subject of a merger or acquisition, any data held and processed by the organisation will be transferred to the new legal entity who will contact you directly to notify you of any changes and offer you the opportunity to object to processing by that new company.

Security

We shall ensure that sufficient technical and organisational measures are in place to keep your personal information safe, whether that is in an electronic or manual format, and ensure than any third parties with whom the information is shared, or who process data on our behalf also have in place adequate measures and security. This will include not only technical cyber security measure but also staff training, appropriate policies, procedures, oversight and governance.

We will anonymise your personal data and information at the first opportunity, so it could not be linked back to you, and we will password protected and/or encrypt electronic files and store manual files under lock and key.

We require all other companies who may have access to your personal data to maintain security measures equivalent to ours.

Where possible we will store your information in the UK, the EU or EEA. Where we need or wish to store data outside of these geographical areas, we will perform adequate due-diligence and ensure contractual arrangements are in place with the third party company, and where appropriate ask for your explicit consent.

Marketing, Consents & Permissions

EMail Marketing

We do stay in touch with subscribers, clients and prospects using email and do this internally. Emails will either be fully opted-in by the subscriber, or we shall be relying on the soft-opt-in rule within the ePrivacy legislation. Within our emails we may utilise web beacon technology, sometimes called pixels, which allows us to see whether the email was delivered, which links were clicked and so on. This is to help us assess the success of campaigns and offer a better, more relevant service. The only information collected will be IP address, date/time, general location and device details. You can read more in our cookie policy.

We never share this information or any of your details with third parties.

Cookie Policy

Cookies are simple text files containing a unique code or reference which is placed on a user’s device to allow a website to operate correctly. We use both essential and non-essential cookies on our website. We will ask for your permission by way of our cookie banner before we utilise any cookies which are not absolutely essential for the operation of the site, for example before we use a Google Analytics cookie we will ask for your consent.

Full details of what cookies we use and how, can be found in our cookie policy here.

Your rights

The Data Protection Act 2018 and GDPR affords Data Subjects (that is people whose information we capture) certain rights and these are listed below for your convenience:

In certain situations, the above rights may not apply, for example if you gave your permission to use your data within a trial or research project you can withdraw your permission at any time, but we would be unable to delete that data already collected although we would anonymise or pseudonymise as far as is possible.

Contact details

If you would like to contact us, or are unhappy with the way in which your personal data has been processed you may contact Ms J. Buis, Managing Director at Aequus Research jbuis@aequusresearch.com or call on +44 (0) 208780 5959

Aequus Research is a company registered in England No. 04256527. Our registered office address is 19 Entwistle Terrace St. Peters Square, London, England, W6 9AW and we are registered with the Information Commissioner’s Office under registration number ZA448407.

Complaints

If you have any questions or concerns about how your data has, or is being processed, in the first instance contact Julie Buis whose details are listed above.

In the unlikely event you are still unhappy you many lodge a formal complaint with, or enlist the assistance of, the UK’s Information Commissioner at the following address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF

Helpline: 0303 123 1113 (local rate) or +44 1625 545 745