Data protection and privacy policy
OncoSil Medical (“we“/“our“ and as defined below under Who we are) is committed to safeguarding your privacy.
This privacy policy sets out our approach to data privacy, explaining why and how we process (collect, use and disclose) your personal information (“personal data”), and your rights in relation to your personal data.
Questions relating to this privacy policy, including any requests to exercise your legal rights in relation to your personal data, can be conducted via the email address privacy@oncosil.com.
Content:
- Who we are
- Information we collect about you
- Legal basis for processing of personal data
- How do we use your information
- Cookies and other technologies
- Our updates and communications
- Where do we transfer/store your personal data
- How do we protect your personal data
- How long do we keep your personal data
- Who we give your personal data to
- Your rights
- How to exercise your rights
- Changes to this policy
Who we are
We are an innovative global biotechnology company focused on interventional oncology and trading under the name OncoSil Medical.
This trading name includes our respective controlled, managed and affiliated entities in providing medical devices to people around the world.
View the OncoSil Medical Subsidiaries.
Information we collect about you
Personal data are data which contain individual information on personal or factual circumstances for instance; name, address, email-address, telephone number, date of birth, age, sex, social security number and photos are all examples of personal data and sensitive data such as health data may also be covered.
The type of personal data that may be collected will depend on OncoSil Medical’s relationship with you, and the circumstances of the data collection.
We may process your personal data (which we have either obtained directly from you or from somewhere else) if:
- you are our prospective partner (e.g. healthcare professional), patient or service supplier;
- you otherwise use our technology;
- you work for a client or a supplier of ours; or
- you are someone (or you work for someone) to whom we want to advertise or market our technology or events.
Personal data which is not collected directly from you may be collected from:
- your employer (e.g. your clinic) in connection with your profession and how it relates to us;
- third parties we work closely with, including but not limited to trustees, funds, business partners, sub-contractors in technical, payment and healthcare services, analytics providers, and search information providers;
- Governmental bodies, regulators, or any other similar establishments; or
- any websites operated by us which you use.
Personal data collection methods we may use include:
- communication in person;
- communication by phone, email, fax, SMS or any other electronic communication method;
- communication by letters, notices, information sheets or any other paper-based communication methods; or
- using our website, social media channels, or other technologies.
Personal data relating to you that we may process includes:
- “Identity data” including first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, your job function, your employer or department; if you are a healthcare professional (HCP), we might ask you in a second stage to provide further task specific information, e.g. about your qualification (type of HCP) and area of clinical interest.
- “Contact data” including billing address, postal address, email address and telephone numbers including frequency of contact (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the company (e.g. clinic) that you work for);
- “Financial data” including bank account and other payment method details;
- “Transaction data” including details about payments to and from you and other details of services you have received from us;
- “Profile data” including your username and password, your interests, preferences, feedback and survey responses. It also includes information you give us or that we obtain when you use our website, obtain or subscribe to our services, enquire about a healthcare service, place a healthcare service request, enter a survey, or contact us to report a problem, or do any of these things on behalf of the person that you work for;
- “Client data” including information about how you use our technology, website, as well as personal data which can include identity, contact, financial, transaction and profile data of you and/or your family members, beneficiaries, employees or employers, or other third persons about whom we need to collect personal data by law, or under the terms of a contract we have with you;
- “Marketing and communications data” including your preferences in receiving marketing from us and your communication preferences. This may include information about healthcare events to which you or your colleagues are invited, and your personal data and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements, but excluding sensitive data); and
- “Technical data” including:
- The Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- Information about your visit to our website, such as the full uniform resource locators (URL), clickstream to, through and from our website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from a page, any phone number used to call our central switchboard number, and direct dials or social media handles used to connect with our fee earners or other employees; and
- Location data which we may collect through our website and which provides your real-time location in order to provide location-based communication (where requested or agreed to by you) to deliver content or other communications that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the website. See our Cookies policy for more information on the use of cookies and device identifiers on the website.
Legal bases for processing of personal data
We will only process (collect, use and disclose) your personal data if we have a lawful reason to do so. The legal basis for processing personal data by us will be one of the following:
- the data subject (you) has given consent to the processing of personal data for one or more specific purposes (“your consent”);
- the processing is necessary for the performance of a healthcare service you are party to or in order to take steps at your request prior to you entering into a healthcare service;
- the processing is necessary in order for us to comply with our legal obligations;
- the processing is necessary for the purpose of our legitimate business interests.
How do we use your information
The below table sets out the purposes for which we obtain your personal data, aligned with the legal basis for our processing as such:
Purpose / Activity | Types of data | Legal basis for processing including of legitimate interest |
---|---|---|
To process and provide you our technology included but not limited to:
|
Identity data
Contact data Financial data Transaction data Special categories of Personal data |
Performance of a contract with you
Necessary for our legitimate interests |
To manage our relationship with you will include:
|
Identity data
Contact data Profile data Marketing and Communications data |
Performance of a contract with you
Necessary to comply with a legal obligation Necessary for our legal interests |
To enable you to participate in an event or complete a survey | Identity data
Client data Contact data Profile data Marketing and Communications data |
Your consent
Performance of a contract with you Necessary for our legal interests |
To administer and protect our business and our website | Identity data
Contact data Technical data |
Necessary for our legal interests
Necessary to comply with a legal obligation |
To deliver relevant website content and advertisements to you and measure or understand their effectiveness | Identity data
Contact data Profile data Marketing and Communications data Technical data |
Necessary for our legal interests |
To use data analytics to assess and improve:
|
Technical data
Identity data Contact data |
Necessary for our legal interests |
To provide you with the information and communications such as newsletters which are of interest for you | Identity data
Contact data Profile data Marketing and Communications data |
Your consent |
Cookies and other technologies
Our use of cookies and other similar technologies to process personal data is explained in our Cookies policy which you can read.
Our updates and communications
- Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal data for marketing analysis and to provide you with newsletters and information about (online) events by email, letter, telephone or using our website.
- You can object to receiving further marketing at any time by using the “Contact us” link on our website and informing us accordingly or selecting the “unsubscribe” link at the end of any of our marketing communications to you.
- We shall then cease to contact you in the manner you have indicated. Your data will be retained unless you request for it to be removed.
Where do we transfer/store your personal data
As a global biotechnology company, the data that we process in relation to you may be transferred to, and stored at, a destination that may not be subject to high-level data protection laws. It may also be processed by staff who works for us or for one of our suppliers.
We may transfer your personal data in order to:
- store it;
- enable us to provide healthcare products to (and fulfil our contract with) you. This includes order fulfilment, processing of payment details, and the provision of support services;
- facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overruled by your rights; or
- meet any legal requirement to transfer such personal data.
In particular, we may transfer your personal data to the following countries: view list. Where your personal data is transferred to one of these countries, we will ensure that a transfer only takes place if an appropriate level of protection exists with the recipient and suitable safeguards are provided.
How do we protect your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. For example, all personal data you provide to us is stored on our secure servers or on the secure servers of our service providers.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to access your data. They will only process your personal data on our instruction and they are subject to a duty of confidentiality.
OncoSil Medical websites may contain links to other websites. OncoSil Medical does not share personal information with those websites, and OncoSil Medical is not responsible or liable for the privacy policies or the content of any other linked websites
How long do we keep your personal information?
We will only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
For further details regarding our retention periods please send an email to privacy@oncosil.com
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you and is not considered as personal data anymore) for research or statistical purposes in which case we may use these data indefinitely without notifying you.
Who we give your personal data to
We may share your personal data with:
- Any other member of the OncoSil Medical group, which means any OncoSil Medical Ltd subsidiary and their affiliates, who support our processing of personal data under this privacy policy. If any of these parties are using your personal data for direct marketing purposes, we will only transfer the personal data to them for that purpose with your prior consent;
- Appropriate third parties including:
- our business partners, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of healthcare business with you; and
- our auditors, legal advisors and other professional advisors or service providers;
- In relation to personal data obtained via our website:
- analytics and search engine providers that assist us in the improvement and optimisation of our website, subject to the cookies section of this privacy policy.
We may disclose your personal data to appropriate third parties:
- if an OncoSil Medical or its subsidiary, or substantially all of its assets are acquired by a third party, in which case personal data it holds about its clients will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our contractual terms or other agreements with you; or
- to protect the rights, property, or safety of OncoSil Medical, our clients, customers, healthcare professionals, patients, or others. This includes exchanging data with other companies and organisations for the purposes of fraud protection and to prevent cybercrime.
Your rights
In accordance with the legal requirements, you have the right to:
- withdraw your consent: Where the processing of your personal data by us is based on consent, you have the right to withdraw that consent at any time by contacting us at the contact details at the beginning of this privacy policy. You can also change your marketing preferences at any time as described in the Our updates and communications section;
- be informed by us about the personal data concerning you, i.e. you might receive information about the personal data processed by us about you;
- request the rectification or erasure of your personal data held by us;
- request that we restrict the processing of your personal data in certain circumstances;
- under certain circumstance object to the further processing of your personal data including the right to object to marketing as mentioned in the ‘Our updates and communications’ section of this policy; and
- data portability, i.e. receiving your personal data in a structured, commonly used and machine-readable format.
How to exercise your rights
You may exercise any of your rights listed above in relation to your personal data at any time by contacting us. You are not required to pay any charge for exercising your rights.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to complain to a data protection supervisory authority about our processing of your personal data. For more information, please contact your local data protection authority.
Changes to this privacy policy
We may from time to time make changes to this privacy policy. Any changes will be published here on our website (and in the case of substantive changes, will be notified to you by email) and will be effective as of the date of publication (which will also be noted on our website). This privacy policy was last updated in April 2021.