We are Women in Pharma Ltd (“Women in Pharma”). Women in Pharma is a support communityand networking organisation providing resources and events designed toencourage, inspire and support the next generation of women who work in pharma,biotech, femtech, life sciences and the consultancies that support us.
Women in Pharma Ltd is aprivate limited company registered in England & Wales 14527328. Ourregistered address is 7 Berber Road London England SW11 6RZ. We are registeredwith the Information Commissioner’s Office under 00016341704.
We have a moral and legal responsibility to respect your privacy and take care of any personaldata we hold about you, in compliance with the data protection legislation.
We are the data controller for the personaldata we process about our subscribers, enquirers, employees,contractors and visitors to our website. This privacy notice tells you what to expect when we handle personal data as a data controller.
We sometimes process personaldata as a ‘data processor’. This is when handle personaldata on behalf of our clients. In these cases, we process thisinformation upon our clients’ written instructions under a contract. Any collection or use of that information is limited to the purpose of providing the service to ourclients.
If you have any queries about thisprivacy notice or the services we offer, please email us at info@womeninpharma.network
Transparency
We are committed to protecting and respecting your privacy. We will always tell you what data weare collecting about you and how we use it and will never ask for more information than weneed to. We will not share your data with any third parties, unless you have consented to this;they are a trusted partnerworking on our behalf; or the laws allow us to, and we will never sell your data.
Security
We are committed to following industry best practices to ensure your data is stored safelyand securely. We will protectthe information we process aboutyou from accidental orunlawful access, disclosure, loss, damage or destruction.
Control
We will always give you controlover the communications you receive from us and you can stopor tell us you no longer wish to receive these, at any time, by unsubscribingor emailing info@womeninpharma.network
Personal data means any information that can be used to identify you directly or indirectly, for example by your name, an identification number, your locationdata, an onlineidentifier or any factors relating to your physical,physiological, genetic, mental, economic, cultural or social identity.
Most of the personal data we process is provided to us directly by you, for example when you:
• make an enquiry by email, telephone, throughout website or via social media
• provide us with information about yourself during the course of our relationship with you
• attend a Women in Pharma event or webinar
• sign up to our newsletters, blogs and promotions
• work with us as an employee or contractor
• visit our website
We may also collect personal information about you indirectly, for example through:
• public sources e.g. websites professional networking and social media sites
• cookies and tracking technologies operating on our website
When someone contacts us asking about our services through our website, via social media, by email or over the telephone; we collect their name,contact details and the nature of their enquiry. We collect this information for our legitimate interests as a company, to be able to respond to their enquiryand keep a record of our communications with them.
We collect the name and emailaddress of our clients and information about the service they have purchased. We need this information so we can fulfil our contract with our clients,or take steps at their request,prior to entering into a contract with them. We also collect this informationfor our legitimateinterests in maintaining records for accounting, legal and insurance purposes.
To contribute to the delivery of our services to our clients and in pursuit of our legitimate business interests, the meetings that we have with clients are recorded. We use the meeting recordings to assist us in the creation of materials for our clients.Recording the meetings allows us to revisit the discussions and ensure that the materials we create meet the client brief and exceed client expectations. We use a range of video and voice recording software to record both in-person and remote meetings.
We strive to deliver an exceptional service including remembering our clients food and drink preferences so that we may accommodate them during client meetings or at any events they may attend.This contributes to our legitimate business interest of providing our clients with exceptional service and encouraging repeated client contracts.
To deliver a personalised client experience, from time to time we may choose to send clients gifts or cards in recognition of celebratory events. To ensurethat our clients who work remotely receive these, we may send these to a client’s home address, given to us by the client themselves or their employer. Clients who do not wish to receive celebratory gifts or cards can opt-out at any time by contacting info@womeninpharma.network.
We have a legitimate business interest to market our services. We use online advertisements to reach prospective clients whilst they are using social media sites including Facebook, Instagram, X and Linkedin. To reach the most relevant prospects, we share existing client names and email addresses with these social media sites to allow them to identify our clients’ social media profiles. The social media sites then identify similar users of their platforms who are not alreadyour clients and surface our advertisements to them whilst they are using their social media account. To enhance the success of this activitywithin the Linkedinplatform, we also share the name of our clients employers. Clients who do not wish for us to include their personal data within this activitycan opt-out at any time by contacting info@womeninpharma.network.
We collect the name and work email address of clients and potential clients who we believe will benefit from receiving our newsletters, resources, blogs and promotions. We collect this information to meet our legitimate business interests of marketing our services and products.
If a person unsubscribes, we remove them from our mailing list but retain their contact details in a separate database. We need to retain this information for our ‘legitimate interests’ to ensure we do not contact them again in the future.We keep subscriber data until they unsubscribe, if the email address becomes invalid or if we believe they no longer want to receive communications from us.
We collect the name and contact details of individuals who enquire about, or book, to attend a webinar or event hosted by us. We also collect the name and contact details of any speakers invited to take part in a webinar or event. We process this information to pursue our legitimate
interests, i.e. to run the event or webinar, confirm attendance, and to let the attendee know about future events whichwe believe they may be interested in attending.
Where we have chosen to hire an event space, it is possible that the owner of the event space may require us to share personal data with them relating to attendees in order to manage the event sign-in. The building owner may also operate CCTV which Women in Pharma is not responsible for. Where this is the case, we stronglyadvise event attendees to read the privacynotice relating to the owner of the building in whichthe event is being held.
We may choose to record webinars and take photographs or videos during our events to create promotional material or for internal reviewpurposes so that we may learn from webinars and events and improve them. We do this in pursuit of our legitimate business interests. Attendeescan opt-out of being recorded or captured within photographs or videosat any time by contacting us in personduring the eventor email info@womeninpharma.network
We keep contact details relating to those who have registered for an event or webinar for as long as we believe they may be interested in receivingcommunications about our webinars and events,or until they unsubscribe. Attendees can opt-out from receiving communications about future events and webinars at any time by emailing info@womeninpharma.network.
Client leads
We collect the name, job role and work email address and phone numbers of employees working for potential clients, collaborators or eventparticipants, who we think would be interested in receiving information aboutour company’s services; this is known as ‘B2B’ or ‘business to business’ marketing. This informationis only collected either from the individuals themselves, via a third-party where the individual has given consentfor their data to be shared, or from public sources, such as company websitesor where the employeehas published their name, and contact details on a networking site (such as LinkedIn)and therefore would have a reasonable expectation that companies like us, may contact them to make introductionsand market their services.
We collect this information to pursue our legitimate interests, to be able to promoteand market our services.Contact leads can opt-out from receiving communications from us at any time, by unsubscribing or emailinfo@womeninpharma.network
Job applicants
We receive Curriculum Vitae (CVs) and application forms from people who apply for jobs with us. This will often include the individual’s name,contact details, experience, education and a personal statement to supporttheir application. We collect this information with the person’s consent and for our legitimate interests to be able to assessthe suitability of the individual and where relevant, invite them to interview.
Employees
We collect information about our employees, such as their name, date of birth, contact details, recruitment information, evidenceof their right to work, contract, bank details and other employment information. We collect this information to enable us to fulfilour contract with theemployee or to take stepsat the request of the employee, priorto entering into a contractwith
them. For example, to ensure they are paid; make pensionand tax contributions on their behalfand provide employee services and benefits to them. We also collectthis information to pursueour legitimate interests, for exampleto recruit employees, maintain a registerof our employees (past and present) for insurance, legal, tax and pension purposes and to assist in the preventionor detection of crime (including fraud).
During the course of employment,we collect information about the employee’s performance including trainingsessions completed, appraisals, one-to-one notes, reasonsfor absence and information relating to any disciplinaries or grievances. We also publish images of our employeeson our website and information about theroles they do toallow prospective clients tounderstand more about our business and how our employees contributeto our success. It also allows prospective clients to reach out to the individual that they feel best suitstheir needs.
We sometimes collect ‘specialcategory data’ about our employees, for example information about their disabilities, health and dietary needs or religious beliefs. Our lawful bases to processthis type of data falls under contractand employment. We need this information so we can makereasonable adjustments in the workplace and carry out our legal obligations under employment(such as the Equality Act and Healthand Safety Act),as well as safeguarding the welfare of theemployee and where relevant colleagues.
Women in Pharma employees are provided withcompany-owned devices to fulfil their roles. Women in Pharma uses Apple devices which use facial detection and fingerprint sensorsto log-in to thedevices. Employees that choose to enable these features do so with their explicitconsent.
On occasion the Office of National Statistics may ask us to completebusiness feedback forms to contribute to UK-wide economicanalysis reporting. Whilst the nature of these forms is to provide informationabout our business, we recognise that they may sometimes include the sharingof personal data relating to employees. We only do this when we are legally obliged to do so
Contractors
We collect information about our contractors, such as their name, contactdetails, experience, outcome of theircriminal record check(DBS) (where required), service contract and bankdetails. We collect this information for our legitimate interests, to be able to assess the suitabilityof the individual and to enable us to fulfilour contract with them or to take steps at their request, prior to enteringinto a contract with them.
We use cookies and similar tracking technologies across our website and within our emails. This technology helps you to navigate around our site, tells us how well our website is performing and allows us to present relevantadvertisements to specificwebsite users.
Cookies are small text files placedon the devices of visitorsto websites and applications. They are used to enhance the visitor’s experience and to allow us and other third parties to understandmore about how the websiteis being used and to deliver relevant marketing messages. For more informationon how we use cookies and similar technologies, please contact us at info@womeninpharma.network.
Purchases
When you make a purchase of clothing, phone cases, or other items throughour website, we collect and store specific information necessary to process andfulfill your order. This information includes personal Information like yourname, contact details (such as phone number and email), and shipping address.It also includes information about the items purchased, order number, and purchase date.
Payment details (such as credit card or payment method used), which aresecurely processed by our third-party payment provider and not stored directlyon our servers.
We retain your personal information associated with your order for aslong as necessary to fulfill the purchase, provide customer support, or complywith legal and regulatory requirements. Order details and customer profiles maybe stored longer, as permitted by law, to help facilitate returns, refunds, orproduct support.
We respect your privacy andconfidentiality and will not share your personal data with third parties,unless you have consented to this; the recipient is a trusted partner working on our behalf (a data processor); or the UK laws allow us to.
Where we use ‘data processors’ to help us manage and store our clients’ data, we have DataProcessing Agreements in place to protect any personal data they may have access to on ourbehalf. To find out who are data processors are, see section‘Where we store your data’.
Our data processors only act on our instructions and are carefully selected to ensurethey have robust securitymeasures in place and comply with the UK data protection legislation whenprocessing personal data.
There may be times when we need to disclose personaldata to other data controllers, for example:
• In the event that we sell our company or its assets
• If you provide us with your consent
• If we are under a duty to discloseyour personal data, for examplein response to a court order, request from law enforcement agencies or where we consider sharing to be in your vital interests
• To enforce or apply our terms and conditions and other agreements.
• To protect the rights,property, or safetyof our company and its employees, or others. This includes exchanging information with other companies and organisationsfor the purposes of fraud protection.
Personal data
When we collect, use and retain personal data, the data protection laws require us to have a valid lawful basis for doing so. These are set out in Article6 of the UK GDPR and relateto consent; contracts; legalobligations; vital interests; public tasks and legitimate interests. When we process more sensitiveinformation (Special Category Data) such as health information, we arerequired to have additionallawful bases to handle that information. These are set out in Article 9 ofthe UK GDPR.
The table below outlines which lawful bases we rely on when we process your personal data and how long we keep your information for:
Data Subject
Lawful bases
Retention period
Enquirers
Legitimate Interests (Article 6(1)(f))
2 Years for enquiries made that do not lead to a client contract.
Where an enquiry leads to a client contract, the enquiry information will form part of your clients file and will be held inline with client retention periods.
Clients
Legitimate Interests (Article 6(1)(f))
4 years after the contract has ended unless a different retention period is agreed
within the client contract.
Subscribers
Legitimate Interests (Article 6(1)(f))
We keep subscriber data until you unsubscribe; if the email address becomes invalid, or if we no longer believe you want to hear from us.
We retain the contact details of those who have unsubscribed indefinitely, so we know not to contact them again.
Webinar and event
attendees
Legitimate interests
(Article 6(1)(f))
2 years after the event or
webinar.
Client leads
Legitimate Interests (Article 6(1)(f))
2 years after the enquiry.
Where an enquiry leads to a client contract, the enquiry information will form part of your clients file and will be held inline with client retention periods.
Job applicants
Legitimate interest (Article 6(1)(f))
6 months after the application unless the applicant has given permission for us to retain
their details for longer.
Employees
Necessary for the performance of a contract (Article 6(1)(b))
Necessary for compliance with a legal obligation (Article 6(1)(c))
Legitimate interest (Article 6(1)(f)) Special Category data conditions:
Necessary for obligations in the field of employment law (Article 9(2)(b))
The data subject has given explicit consent
(Article 9(2)(a))
7 years after the employment has ended.
Contractors
Legitimate Interests (Article 6(1)(f)
Necessary for the performance of a contract (Article 6(1)(b))
7 years after the contract has ended.
Visitors to our website (information collected via cookies and tracking technologies operating on our website)
Legitimate Interests (Article 6(1)(f))
Consent (where legally required)
(Article 6(1)(a))
12 months.
We store your data in the UK , however some of our service providers store personal data outside of the UK including our email management system, Mailchimp and our Payroll provider who all store personal data in the US. Where our service providers store personal data outside of the UK, we have UK International Data Transfer Agreements with them which ensures they process our data securelyand in line with our data protection laws.
We work with the following service providers on a regular basis:
• Google Cloud
We use Google’s EU servers (in Dublin, Ireland) to securely store our business information. For more information about Google Cloud, please visit Google Cloud Privacy Notice
• Mailchimp
We use our email managementplatform, Mailchimp to send our weekly newsletter and other client emails. Formore information about Mailchimp, please visit Global Privacy Statement | Intuit
We take our securityresponsibilities very seriouslyand have put in place robust measuresto protect our data and our clients personaldata from accidental or unlawful access,disclosure, loss, damage or destruction.
Here are some examples of how we achieve this:
• Data is held on encrypted servers in the EU In the event that personal data is stored outside the UK or EEA, additional contracts (International Data Transfer Agreements) will be in placeto ensure the data is secure and protected in line with the UK GDPR, where required.
• Access to our data and systems is on a strictneed to know basis and we ensure our employeesand contractors are under an obligation of confidentiality.
• Employees receive mandatory data protection training and sign up to our Data Protection Policy.
• We have robust procedures in place to manageand report personal data security breaches, in the unlikely event of a breach occurring.
• Where we use companies who process personaldata on our behalf, we carry out duediligence checks on these companies and have written contracts in place (Data ProcessingAgreements) which require them to handle personal data in line with the UK dataprotection laws.
• We use up to date virus and malware protection software, encryption and we back updata regularly.
You have the following rights under the data protection laws:
You have the right to be told how your personal data is being processed. This privacy notice tells you how we handle your personal data.
You have the right to ask us for a copy of your personal data.
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think isincomplete.
You have the right to ask us to erase your personal data in certain circumstances.
You have the right to ask us to restrictthe processing of your personaldata in certain circumstances.
You have the right to object to us processingyour personal data where we consider this isnecessary for our legitimate interests or those of a third party.
You have the right to challenge decisions made as a result of us processing your personal data toprofile you or make automated decisions that have a legalor similarly seriouseffect on you.
You have the right to ask that your personaldata is transferred (ported) from us to another organisation or given to you. This applies to information you have given to us where we are
processing your information basedon your consent or for contractual purposes and the processing is automated.
We work to high standards when it comes to processing your personal data.We hope you will always behappy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right. If you remain dissatisfied, you have the rightto complain to the Information Commissioner’s Office. Furtherinformation about your data protection rights, can be foundon the Information Commissioner’s Office website at www.ico.org.uk
To exercise these rights, please contact us by emailing info@womeninpharma.network. Youare not usually required to pay a fee and can expect to receivea response within one calendarmonth. Further information about your data protection rights can befound on the Information Commissioner’s Office website at www.ico.org.uk
If you have any queries about this privacy notice or theservices we offer, please email us at info@womeninpharma.network addressing it to the attention of our Data Protection Officer.
We may need to update this privacynotice periodically, so we recommend that you revisitthis information from time to time.This version was last updatedon 28.10.24
