Privacy statement

Here is a summary of our Data Protection Statement. The complete statement is included below, and we encourage you to read it.

We are: Uniphar Pharma Division

As part of the Uniphar Group, the Uniphar Pharma Division comprises legal entities in the UK and Europe.

To understand more about the Uniphar Pharma Division and Services, please visit https://www.uniphar.ie/static/services/commercial-clinical/commercial-solutions/. This Data Protection Statement applies to all the following companies in the Uniphar Pharma Division. The companies within the Uniphar Pharma Division may be data controllers, which means they have a relationship with you and control the use or processing of personal data. For queries related to any of the Uniphar Pharma Division companies, please contact the relevant Uniphar Company unipharpharma@uniphar.co.uk.

Uniphar Commercial UK Limited

11 Davy Court, Castle Mound Way, Central Park, Rugby, Warwickshire, CV230UZ

Uniphar Commercial Ireland Limited

4045 Kingswood Road, Citywest Business Park, Dublin, Ireland, D24 V06K

Uniphar Pharma Nordics AB

C/O unity Hammarby Sjöstad, Heliosgatan 13120 78 Stockholm, Sweden

Uniphar Pharma BV

C/O Flevopoort I, Minervaweg 2, 8239 DL Lelystad, Netherlands

Uniphar Commercial (E4H) UK Limited

3 Waterloo Farm Courtyard, Stotfold Road, Arlesey, Bedfordshire, SG15 6XP

Durbin UK trading as Uniphar Durbin UK Limited

Unit 5 Swallowfield Way, Hayes, UB3 1DQ

Uniphar Durbin Ireland Limited

4045 Kingswood Road, Citywest Business Park, Dublin, Ireland, D24 V06K

Uniphar Commercial Solutions

4045 Kingswood Road, Citywest Business Park, Dublin, Ireland, D24 V06K

Uniphar People UK Limited

11 Davy Court, Castle Mound Way, Central Park, Rugby, Warwickshire, CV230UZ

Devonshire Healthcare Services

Unit 5 Swallowfield Way, Hayes, UB3 1DQ

InnerStrength

4045 Kingswood Road, Citywest Business Park, Dublin, Ireland, D24 V06K

Point of Care

4045 Kingswood Road, Citywest Business Park, Dublin, Ireland, D24 V06K

Dial a Chemist

Clayton Business Park, 4 Petre Rd, Clayton-le-Moors, Accrington BB5 5JB

References to “Uniphar Pharma Division” herein mean companies processing personal data. Other companies in the Uniphar Group will have their own separate data protection statements.

Every individual has a right to understand how their data (definition below) is being used and to exercise control over it using data protection rights that are set out in the General Data Protection Regulation (“GDPR”). This Data Protection Statement seeks to ensure that you know:

  • what Personal Data we collect from you
  • what we are doing with your Data
  • that we will only use your Data for the purposes set out in this Data Protection Statement, your rights, and how you can exercise control over your Data

We make the following commitments. We will:

  • Not send you marketing emails if you do not want to receive them
  • always ensure that we only share your Personal Data with third parties where necessary and with appropriate safeguards in place
  • ensure appropriate technical and organisational measures are in place to protect your Data and keep it secure

You can access our full Data Protection Statement below. In it, we provide further information about what Personal Data we collect, what we use it for, why we collect it, what our legal basis is, who we share it with and how long we retain it. We also provide detailed information about your rights to your Data. If you have further questions, please contact us using the contact details above.

You have the right to complain to a supervisory authority, particularly in the country where you reside, place of work or place of the alleged infringement, if you consider that the processing of Personal Data infringes the GDPR.

Contact details for the relevant Supervisory Authorities are set out below for your information:

The contact details for the Data Protection Commission (DPC) in Ireland are:
Online Form: https://forms.dataprotection.ie/contact
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Tel: +353 578 684 800 or +353 761 104 800

The contact details for the Information Commissioners Office (ICO) in the UK are:
Contact Information: https://ico.org.uk/global/contact-us/
Live Chat: ico.org.uk/livechat
Helpline: 0303 123 1113

The contact details for the IMY Swedish Authority for Privacy Protection in Sweden are:
Email: imy@imy.se
Post: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden
Tel: +46 (0)8 657 61 00

The contact details for the Dutch Personal Data Authority in the Netherlands are:
Post: PO Box 93374, 2509 AJ The Hague
Tel: +31 (0)88 1805 250

We will post any changes on the Website and, when doing so, will change the effective date at the top of this Data Protection Statement. Please check the date you last used our services to see if there have been any changes since you last used those services.

In some cases, we may provide you with additional notice of changes to this Data Protection Statement via email. We will always provide you with any notice before the changes take effect where we consider the changes to be material.

Data Protection Statement for Uniphar Pharma

This Data Protection Statement was last updated on 15/01/2024

If you have any questions about this Data Protection Statement or how we are using your Personal Data, please contact:

Data Protection Officer
4045 Kingswood Road,
Citywest,
Dublin,
D24 V06K Ireland
Email: dpo@uniphar.co.uk

When we refer to “Personal Data” in this Data Protection Statement, we mean any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

As part of the Uniphar Group, the Uniphar Pharma Division comprises legal entities in the UK and Europe.

To understand more about the Uniphar Pharma Division and Services offered, please visit www.unipharcommercial.com. This Data Protection Statement applies to all the following companies in the Uniphar Pharma Division. The companies within the Uniphar Pharma Division may be data controllers, which means they have a relationship with you and control the use or processing of personal data. For queries related to any of the Uniphar Pharma Division companies, please contact unipharpharma@uniphar.co.uk:

Uniphar Commercial UK Limited

11 Davy Court, Castle Mound Way, Central Park, Rugby, Warwickshire, CV230UZ

Uniphar Commercial Ireland Limited

4045 Kingswood Road, Citywest Business Park, Dublin, Ireland, D24 V06K

Uniphar Pharma Nordics AB

C/O unity Hammarby Sjöstad, Heliosgatan 13120 78 Stockholm, Sweden

Uniphar Pharma BV

C/O Flevopoort I, Minervaweg 2, 8239 DL Lelystad, Netherlands

Uniphar Commercial (E4H) UK Limited

3 Waterloo Farm Courtyard, Stotfold Road, Arlesey, Bedfordshire, SG15 6XP

Durbin UK trading as Uniphar Durbin UK Limited

Unit 5 Swallowfield Way, Hayes, UB3 1DQ

Uniphar Durbin Ireland Limited

4045 Kingswood Road, Citywest Business Park, Dublin, Ireland, D24 V06K

Uniphar Commercial Solutions

4045 Kingswood Road, Citywest Business Park, Dublin, Ireland, D24 V06K

Uniphar People UK Limited

11 Davy Court, Castle Mound Way, Central Park, Rugby, Warwickshire, CV230UZ

Devonshire Healthcare Services

Unit 5 Swallowfield Way, Hayes, UB3 1DQ

InnerStrength

4045 Kingswood Road, Citywest Business Park, Dublin, Ireland, D24 V06K

Point of Care

4045 Kingswood Road, Citywest Business Park, Dublin, Ireland, D24 V06K

Dial a Chemist

Clayton Business Park, 4 Petre Rd, Clayton-le-Moors, Accrington BB5 5JB

References to “We“, “Us“, the “Company“, “Uniphar Pharma“, and “Uniphar Commercial” shall apply to the Company in the Uniphar Pharma Division that is processing your Personal Data.

We provide Commercial Solutions to the pharmaceutical, medical device and healthcare industries. To learn more about the Uniphar Pharma Division and the services offered, please visit https://www.uniphar.ie/static/services/commercial-clinical/commercial-solutions/.

The Uniphar Pharma Division is part of the Uniphar Group, the largest wholesaler and service provider for Ireland’s pharmaceutical and healthcare sectors.

This Data Protection Statement applies solely to the companies in the Uniphar Pharma Division that are listed above. It includes detailed information about the types of Personal Data that we process and how we use, manage and protect that Personal Data.

To provide our services, we need to process Personal Data. We are committed to protecting individuals’ rights and Data Protection following data protection legislation, including the General Data Protection Regulation in Europe (the “GDPR“).

We are committed to implementing the highest data protection standards.

This Data Protection Statement describes our approach to data protection. It sets out the basis on which any Personal Data we collect from you or that you provide will be used by us where we are controllers of that Personal Data for the GDPR. Please read this Data Protection Statement carefully to understand our views and practices regarding the Personal Data we collect and how we will treat it.

This Data Protection Statement provides specific information relating to the following individuals whose Personal Data we process:

Contact Description
Business Contacts This includes suppliers, partners, shareholders, and other business contacts of Uniphar Pharma, including customers of our outsourcing and resourcing services.
General Contacts This includes all other individuals whose Personal Data we process that are not covered in the other sections above, including website users and details of next of kin/emergency contact details and referees.
Healthcare Professionals

This includes all Healthcare Professionals such as:

  • General Practitioners (GP)
  • Medical Practitioners, including Nurse Practitioners and Doctor of Medicine
  • Clinicians
  • Allied Health Professionals
  • Pharmacists
  • Physicians
  • Therapists
  • Any other professional regarding a Healthcare specialist in the Healthcare sector
Candidates This includes any person who engages with us to help them find a job, someone we have placed with a Business Contact, whether on a permanent or a contract basis or someone we identify as a potential job seeker.

 

Please select the relevant tab below to you, where you can view the categories of Personal Data processed. For each category, we have included an example of the type of Personal Data that may be part of that category:

Business Contacts

CLICK HERE for further details on Business Contacts Categories of Personal Data Processed

General Contacts

CLICK HERE for further details on General Contacts Categories of Personal Data Processed

Healthcare Professional Contacts

CLICK HERE for further details on Healthcare Professional Categories of Personal Data Processed

Candidate Contacts

CLICK HERE for further details on Candidate Categories of Personal Data Processed

We process all personal data lawfully and follow the requirements of the law. The GDPR sets out the legal grounds for processing Personal Data. When the Company processes Personal Data, it is generally on one of the following legal bases:

Contract

We will process Personal Data where necessary to perform our obligations relating to or following any contract that we may have with you or to take steps at your request before entering that contract (e.g. our Terms of Service).

For certain processing activities, we may rely on your consent. Where we cannot collect consent for a processing activity, we will only process the Personal Data if we have another lawful basis for doing so. You can withdraw the consent provided by you at any time by contacting us at dpo@uniphar.co.uk

Legitimate Interest

At times, we will need to process your data to pursue our legitimate business interests, for example, for administrative purposes, to collect debts owed to us, to provide information to you, and to expand our business opportunities. We may contact you regarding market research, complete customer surveys, operate, evaluate, maintain, develop and improve our websites and services, maintain their security, and protect intellectual property rights. We will not process your Data on a legitimate interest basis where the impact of the processing on your interests or fundamental rights and freedoms outweighs our legitimate interests. You may object to any processing we undertake on this basis. If you do not want us to process your Personal Data based on our legitimate interests, contact us at dpo@uniphar.co.uk, and we will review our processing activities.

If we have a legal obligation to process Personal Data, such as the payment of taxes, we will process Personal Data on this legal ground.

We use your Personal Data to provide you with our services and assist us in our Company’s operation. Under data protection law, we must ensure that the purpose of processing is clear.

We have set out below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing. For further details on our processing activities linked to you, please select the relevant link below:

Purpose of Processing Categories of Personal Data Lawful Basis

Administration of our relationship including:

  • to manage/respond to a complaint/appeal
  • to keep you informed about the Uniphar Pharma Division
  • to notify you of updates to this Data Protection Statement.
  • Contact Data
  • Correspondence Data
  • Identification Data
  • Legitimate Interests
  • Legal Obligation
  • Contract
To meet our regulatory obligations
  • Identification Data
  • Correspondence Data
  • Legal Obligation

Managing payments and administration of the contract

  • to process payments to and from Uniphar Pharma companies
  • to fulfil our legal/contractual obligations
  • to manage/respond to complaints/issues
  • Contact Data
  • Communication Data
  • Financial Data
  • Contract
  • Legitimate Interest
  • Legal Requirement

Marketing activities

  • to personalise marketing communications
  • to respond to any requests from you
  • to send newsletters and other information that is of Interest
  • to follow up with attendees of our events/webinars and to ask for opinions about products or services.
  • for marketing and general administration
  • Marketing Data
  • Contact Data
  • Web Data
  • Correspondence Data
  • Consent
  • Legitimate Interest

Business Contacts

CLICK HERE for further details on Business Contacts Data Processing Activities

General Contacts

CLICK HERE for further details on General Contacts Data Processing Activities

Healthcare Professional Contacts

CLICK HERE for further details on Healthcare Professional Data Processing Activities

Candidate Contacts

CLICK HERE for further details on Candidate Data Processing Activities

Marketing Contacts

Uniphar Pharma will only send you marketing communications where we have a lawful basis of either consent or legitimate Interests:

Consent means that you have provided consent for us to process your data and contact you, e.g., tick a box or submit a form.

Legitimate Interest – this means we have a legitimate business interest in processing your data, except where such interests are overridden by your interests or fundamental rights and freedoms requiring personal data protection. We do not use Legitimate Interests on a default basis and only if appropriate to the circumstances after considering the purpose of processing.

Should you wish to subscribe to our services, we may add your details to our Uniphar Pharma Division mail list to send you information about Uniphar Pharma products, services or events that may be relevant. We request that all our Business Contacts only provide us with a Business Contact email address.

You will see a tick box or consent button to confirm consent is provided. You have a right to withdraw consent provided by you at any time. Please get in touch with us at unipharpharma@uniphar.co.uk to withdraw consent.

We receive Personal Data from a variety of sources. To understand the source/s of your data, please select from below:

Business Contacts

CLICK HERE for further details on Business Contacts Sources of Data

General Contacts

CLICK HERE for further details on General Contacts Sources of Data

Healthcare Professional Contacts

CLICK HERE for further details on Healthcare Professional Sources of Data

Candidate Contacts

CLICK HERE for further details on Candidate Sources of Data

Website Data

We may collect Website User Personal Data from all visitors to our Website to improve our services and develop the Website.

Personal Data is shared in certain circumstances as follows:

  • to business partners and sub-contractors for the performance of any contract relating to our services provided by Uniphar Pharma, including email, Microsoft Teams, Communication Platforms, Customer Relationship Management Systems, web developers, payment processors, data aggregators, hosting service providers, external consultants, auditors, IT consultants and lawyers;
  • To analytics and search engine providers that assist us in the improvement and optimisation of our Website;
  • If we or substantially all our Company is merged with another company or acquired by a third party, in which case Personal Data held by us will be one of the transferred assets;
  • to companies in the Uniphar Pharma Division for administration, marketing and provision of our services;
  • If we are under a duty to disclose or share Personal Data to comply with any legal obligation (including tax, audit or other authorities) or to enforce or apply any contracts that we have;
  • To protect our rights, property, or safety, or that of our Business Contacts, General Contacts, Healthcare Professionals, Candidates, or others. This may include exchanging Personal Data with other companies and organisations for fraud protection.
  • To Business partners, including pharma companies where, in the case of personal data, we have your consent
  • to Business Contacts in the case of Candidate Personal Data, relating to referees, next of kin/emergency contacts
  • to Candidates to contact Business Contacts for third-party screening and verification, including doctors or testing companies (for example, criminal record checks / pre-employment screening services and assessments)
  • to our post, distribution or courier partner to complete delivery;
  • to providers of services to Uniphar Pharma companies, including external consultants and hosting companies, marketing, legal and finance;
  • to Uniphar Pharma company insurance brokers and providers where required for administering claims;
  • to our email distribution partner and service providers in the case of marketing and newsletters;

When we engage another organisation to perform services for us, we may provide them with information concerning the performance of those functions, including Personal Data. We do not allow third parties to use Personal Data except to provide these services.

We will take all necessary steps to ensure that all Personal Data is treated securely following this Data Protection Statement and the law, including GDPR.

We have established appropriate technical and organisational procedures to safeguard and secure the Personal Data we process.

We monitor for and do everything we can to prevent security breaches of the Personal Data that we process.

Once we have received your Personal Data, we will use strict procedures and security features to prevent unauthorised access and ensure that only those who need to have access to your Personal Data can access it.

We also use secure connections to protect Personal Data during its transmission. Where you have been given (or where you have chosen) a password which enables you to access services, you are responsible for keeping this password confidential. Please do not share your password with anyone.

If you think there has been any loss or unauthorised access to the Personal Data of any individual, please let us know immediately.

We may need to transfer Personal Data outside the European Economic Area (EEA), Switzerland or the UK to provide our products and services. We ensure that any transfer of Personal Data outside the EEA, Switzerland or the UK is undertaken using legally compliant transfer mechanisms and per the GDPR.

If we transfer Personal Data outside of the EEA, Switzerland or the UK, we generally rely on the Standard Contractual Clauses adopted by the European Commission and any applicable country standard. We may also rely on some of the other legally compliant transfer mechanisms provided under the GDPR.

Cookies are small text files placed on your computer or mobile device by websites you visit, and they help us improve the products and services we offer you. They are used to make websites work or work more efficiently, as well as to provide information to the site’s owners. Cookies may allow a website to remember your activity over a period. Cookies are optional, and you do not have to accept them.

Our Cookie Notice sets out further information on the cookies we use on the Website and the purpose behind their respective uses.

Click here for a list of cookies we collect on the Uniphar Commercial website (https://unipharcommercial.com)

Click here for a list of cookies we collect on the Pf Media website (https://pf-media.co.uk/)

Click here for a list of cookies we collect on the Star People website (https://wearestarpeople.com/)

Click here for a list of cookies we collect on the Pf Awards website (https://pfawards.co.uk/)

Click here for a list of cookies we collect on the PharmaJobs website (https://pharmajobs.co.uk/)

Click here for a list of cookies we collect on the Durbin Global website (https://durbinglobal.com/)

Our Website may contain links to and from third-party websites. If you follow a link to any of these websites, please note that they have their privacy settings, and we do not endorse them. We do not accept any responsibility or liability for these third-party websites. Please undertake the appropriate due diligence before submitting Personal Data to these websites.

Activity Categories of Personal Data Retention Period
Service Delivery Activities
  • Identification Data
  • Contact Data
  • Communications Data
Twenty-four months after completion of service delivery activities in the case where there is no further meaningful engagement.
Marketing and Promotion Activities
  • Marketing Data
  • Contact Data
  • Web Data
12 months from the date of last communication or upon unsubscribe being exercised
Website Delivery
  • Web Data
12 months
Administration of our relationship
  • Identification Data
  • Contact Data
  • Communication Data
  • Financial Data
It is necessary for the purpose for which the data is used.
E-commerce Services
  • Ecommerce Data
  • Marketing Data
  • Web Data
Seven years from the termination of the contract
Managing payments and administration of the contract
  • Identification Data
  • Contact Data
  • Communication Data
  • Financial Data
Seven years
Management of Corporate Affairs
  • Identification Data
  • Contact Data
  • Communication Data
  • Financial Data
Seven years unless required to retain indefinitely

In some circumstances, we cannot specify the period we will retain your Personal Data. In such cases, we will determine the appropriate retention period based on balancing your rights against our legitimate business interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances, such as where required for the purposes of legal claims.

For further information on your data retention, please select from the following:

Business Contacts

CLICK HERE for further details on Business Contacts Retention of Data

General Contacts

CLICK HERE for further details on General Contacts Retention of Data

Healthcare Professional Contacts

CLICK HERE for further details on Healthcare Professional Retention of Data

Candidate Contacts

CLICK HERE for further details on Candidate Retention of Data

In some instances, we may retain Personal Data for longer than specified here if required under relevant laws or in case of any legal claim.

You have various rights relating to how your Personal Data is used.

Right of access to the Personal Data we hold on you

You have the right to ask for all the Personal Data we have about you. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you, the details of the processing, the categories of personal data concerned, and the recipients of the personal data.

We will provide the first copy of your Data free of charge. However, we may charge you a reasonable fee for any additional copies.

We cannot give you access to a copy of your Personal Data in some limited cases, including where this might adversely affect the rights and freedoms of others.

Right of rectification of Personal Data

You should let us know if there is something inaccurate in your Personal Data.

We may not always be able to change or remove that Personal Data. However, we will correct factual inaccuracies and may include your comments in the record to show that you disagree.

Right of erasure of Personal Data (right to be forgotten)

In some circumstances, you can ask for your Personal Data to be deleted, for example, where:

  • Your Data is no longer needed because it was collected in the first place
  • You have removed your consent for us to use your Personal Data (where there is no other lawful basis for us to use it)
  • There is no lawful basis for the use of your Personal
  • Deleting Personal Data is a legal

Where your Personal Data has been shared with others, we will do what we can to make sure those using your Personal Data comply with your erasure request.

Please note that we can’t delete your Personal Data where:

  • We are required to have it by law
  • It is used for freedom of
  • It is used for public health
  • It is used for scientific or historical research or statistical purposes where deleting the Personal Data would make it difficult or impossible to achieve the processing objectives.
  • It is necessary for legal

Right to restrict what we use your Personal Data for

You have the right to ask us to restrict what we use your Personal Data for where:

  • You have identified inaccurate Personal Data and have told us of it
  • We have no legal reason to use the Personal Data, but you want us to restrict what we use it for rather than erase it altogether.

When Personal Data is restricted, it can’t be used other than to store it securely and, with your consent, to handle legal claims and protect others, or where it’s for important public interests.

Right to have your Personal Data moved to another provider (data portability)

You have the right to ask for your Personal Data to be returned to you or another service provider of your choice in a commonly used format. This is called data portability.

This right only applies if we’re using your Personal Data with consent and if decisions were made by a computer and not a human being. It does not apply where it would adversely affect the rights and freedoms of others.

Right to object

You have the right to object to processing your Personal Data, which is based on public Interest or legitimate interest processing. We will no longer process the Personal Data unless we can demonstrate compelling grounds for the processing.

Right not to be subject to automated decision-making

You have the right not to be subject to a decision based solely on automated processing. This right shall not apply when processing your contract is necessary. The processing is undertaken with your explicit consent, or the processing is authorised by law.

You can make a complaint

You have the right to complain to the local supervisory authority for data protection in the EU member state where you usually reside, where you work or where you think data protection law infringement occurred.

We will post any changes to this Data Protection Statement on the Website and, when doing so, will change the effective date at the top of this Data Protection Statement. Please check the date you last used our services to see if there have been any changes since you last used those services.

In some cases, we may provide you with additional notice of changes to this Data Protection Statement via email. We will always provide you with any notice before the changes take effect where we consider the changes to be material.

Thank you for reading our Data Protection Statement. Please get in touch with us at dpo@uniphar.co.uk if you have any questions. If we cannot resolve your concerns, you have the right to contact the supervisory authority in the country where you live or work or where you consider that the data protection rules have been breached.

Contact details for the relevant Supervisory Authorities are set out below for your information:

The contact details for the Data Protection Commission (DPC) in Ireland are:
Online Form: https://forms.dataprotection.ie/contact
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Tel: +353 578 684 800 or +353 761 104 800

The contact details for the Information Commissioners Office (ICO) in the UK are:
Contact Information: https://ico.org.uk/global/contact-us/
Live Chat: ico.org.uk/livechat
Helpline: 0303 123 1113

The contact details for the IMY Swedish Authority for Privacy Protection in Sweden are:
Email: imy@imy.se
Post: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden
Tel: +46 (0)8 657 61 00

The contact details for the Dutch Personal Data Authority in the Netherlands are:
Post: PO Box 93374, 2509 AJ The Hague
Tel: +31 (0)88 1805 250

1. OVERVIEW

In addition to our General – Data Protection Statement, this Data Protection Statement for Business Contacts provides further information about the Personal Data we process concerning Business Contacts. Please see the General – Data Protection Statement for information on:

  • Contact Details
  • Our Data Protection Statement
  • About Us
  • To whom does this Data Protection Statement apply?
  • Lawfulness of Processing
  • Security
  • Disclosure of Personal Data
  • Retention
  • Your Rights
  • Use of Third-Party Websites
  • Cookies
  • Amendments to this Data Protection Statement
  • Questions or Complaints

For this Business Contacts – Data Protection Statement, a Business Contact includes suppliers, partners, and other business contacts of Uniphar, including customers of our outsourcing and resourcing services.

2. Sources of Business Contact Personal Data

We will only ever source Personal Data relating to Business Contacts in a way that would be generally expected. We receive Personal Data about Business Contacts from a variety of sources, as follows:

  • the Business Contact often provides the Personal Data as part of the relationship;
  • the Personal Data may be collected from public sources;
  • the Personal Data may be collected indirectly from another person within the Company of the Business Contact;
  • the Personal Data may be collected through our Website;
  • the Personal Data may be collected indirectly from a website or a third

3. Categories of Business Contact Personal Data

Personal Data Category Description
Contact Data may include a person’s name, email address, phone number, postal address, and other communication details (e.g. Microsoft Teams)
Communications Data may include personal data in email, phone, or letter communications with us.
Marketing Data may include your contact data, any preferences in receiving marketing from us, and your communication preferences.
Financial Data may include payment details

4. Our Processing Activities – Business Contacts

The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data we collect.

In limited circumstances, we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen, we will notify you of this new purpose.

Purpose/Activity Type of Personal Data Lawful basis

Managing payments and administration of the contract

  • to process payments to and from our business
  • to fulfil our legal/contractual obligations
  • to manage/respond to complaints/issues
  • to generate placement activity on our systems for invoicing purposes
  • to communicate payroll and other financial information to Business Contact
  • Contact Data
  • Communication Data
  • Financial Data
  • Contract
  • Legitimate Interest
  • Legal Requirement

Service delivery activities

  • to inform, update and discuss Candidates that may be of Interest with Business Contacts
  • to organise and schedule interviews between Candidates and Business Contacts
  • to discuss the placement and onboarding of a Candidate
  • to consider Candidates for placement
  • send customer surveys to improve our services
  • Contact Data
  • Communication Data
  • Financial Data
  • Contract
  • Legitimate Interest

Data Analytics

  • Manage and maintain a Customer Relationship Management tool (CRM) containing data subjects’ preferences, such as preferred communication methods, clinical interest areas, and research publications.
  • Combinations of data from publicly available data sets to identify customer business-related interests, e.g. academic publications by data subjects
  • to undertake modelling based on demographic, behavioural, and geographic data to produce lead scores that may predict the jobs, locations and companies Candidates are most likely to be interested in or to predict which jobs Candidates are likely to be interested in and which Candidates our clients are most likely to hire;
  • to undertake profiling for semi-automated or manual decision-making about Candidates.
  • Analytics of customer behaviours (to include customer sentiment based upon agreed call recordings) – Process by Consent only
  • Contact data
  • Marketing data
  • Communication data
  • Voice recording
  • Legitimate Interest
  • Consent

Website Delivery

  • to respond to web forms completed by you
  • to promote our products and services
  • to administer the Website
  • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to ensure the safety and security of our Website and our services
  • to deliver e-learning courses to you via the websites
  • Contact Data
  • Web Data
  • Communication Data
  • Consent
  • Legitimate Interest

Marketing activities

  • to keep in contact with Business Contacts and review hiring requirements
  • to personalise marketing communications
  • to respond to any requests from you
  • to send newsletters and other information that may be of Interest
  • to inform you of events or webinars that might be of Interest
  • Marketing Data
  • Contact Data
  • Web Data
  • Consent
  • Legitimate Interest

5. Retention of Business Contact Personal Data

In some circumstances, we cannot specify the period we will retain your Personal Data. In such cases, we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances, such as where required for legal claims.

Our retention policy for Business Contact Personal Data is as follows:

Purpose of Processing Retention Period
Managing payments and administration of the Contract Seven years
Service Delivery Seven years
Website Delivery Twelve months
Marketing Activities Twelve months post-last communication with the data subject or if earlier upon unsubscribe.

1. OVERVIEW

In addition to our General – Data Protection Statement, this Data Protection Statement for General Contacts provides further information about the Personal Data we process concerning General Contacts. Please see the General – Data Protection Statement for information on:

  • Contact Details
  • Our Data Protection Statement
  • About Us
  • To whom does this Data Protection Statement apply?
  • Lawfulness of Processing
  • Security
  • Disclosure of Personal Data
  • Retention
  • Your Rights
  • Use of Third-Party Websites
  • Cookies
  • Amendments to this Data Protection Statement
  • Questions or Complaints

For this General Contacts – Data Protection Statement, a General Contact includes:

  • website users
  • details of next of kin/emergency contact details
  • Candidate referees

2. Sources of General Contact Personal Data

We will only ever source Personal Data relating to General Contacts in a way that would be generally expected. We receive Personal Data about General Contacts from a variety of sources, as follows:

  • Through access to and use of this Website
  • Information gathered from cookies as agreed by the Website user
  • from Candidates in the case of next of kin/emergency contact details and referees
  • from Business Contacts in the case of next of kin/emergency contact details/referees

3. Categories of General Contact Personal Data

The table below sets out the general categories of Personal Data that we collect in relation to Business Contacts:

Personal Data Category Description
Contact Data may include a person’s email address, phone number, postal address, and other communication details (e.g. Microsoft Teams)
Identification Data may include a person’s name, date of birth, driver’s license and passport information.
Communications Data may include personal data in email, phone, or letter communications with us.
Marketing Data may include your contact data, any preferences in receiving marketing from us, and your communication preferences.
Web Data may include information provided on any forms on our Website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
Cookie Preferences Information to enable personalisation of services, analytics gathering and your marketing preferences

4. Our Processing Activities – General Contacts

The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data we collect.

In limited circumstances, we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen, we will notify you of this new purpose.

Type of Personal Data

Purpose/Activity Lawful basis  

Use of Next of Kin/Emergency Contacts

  • to communicate with the contact in the event of an emergency
  • to ensure the safety of the Candidate
  • to communicate with Business Contacts in the event of an emergency
  • Contact Data
  • Communication Data
  • Legitimate Interest

Use of Referrals

  • to assess the Candidate
  • to contact the referee
  • to discuss the Candidate with the Business Contact
  • Contact Data
  • Communication Data
  • Legitimate Interest

Management of Corporate Affairs

  • to take minutes at board meetings
  • to contact shareholders/investors
  • to enter partnerships and other commercial relations
  • to undertake appropriate due diligence
  • Identification Data
  • Contact Data
  • Communication Data
  • Financial Data
  • Contract
  • Legitimate Interest
  • Legal Obligation

Website Delivery

  • to respond to web forms completed by you;
  • to promote our products and services;
  • to administer the Website;
  • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to ensure the safety and security of our Website and our services.
  • to enable users to join webinars and receive newsletters for products and services
  • to provide healthcare tips and educational resources to website users through the Website
  • Contact Data
  • Communication Data
  • Web Data
  • Marketing Data
  • Consent
  • Legitimate Interest

5. Retention of General Contact Personal Data

In some circumstances, we cannot specify the period we will retain your Personal Data. In such cases, we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances, such as where required for legal claims.

Our retention policy for General Contact Personal Data is as follows:

Purpose of Processing Retention Period
Use of Next of Kin/Emergency Contacts Whilst the data subject remains as an employee of the organisation
Website Delivery As agreed with the data subject, whilst the legal basis remains

1. OVERVIEW

In addition to our General – Data Protection Statement, this Data Protection Statement for General Contacts provides further information about the Personal Data we process concerning General Contacts.

Please see the General – Data Protection Statement for information on:

  • Contact Details
  • Our Data Protection Statement
  • About Us
  • To whom does this Data Protection Statement apply?
  • Lawfulness of Processing
  • Security
  • Disclosure of Personal Data
  • Retention
  • Your Rights
  • Use of Third-Party Websites
  • Cookies
  • Amendments to this Data Protection Statement
  • Questions or Complaints

For this Healthcare Professional – Data Protection Statement, a Healthcare Professional Contact includes:

  • General Practitioners (GP)
  • Medical Practitioners, including Nurse Practitioners and Doctor of Medicine
  • Clinicians
  • Allied Health Professionals
  • Pharmacists
  • Physicians
  • Therapists
  • Any other professional regarding a Healthcare specialist in the Healthcare sector

2. Sources of Healthcare Professional Contact Personal Data

We will only ever source Personal Data relating to General Contacts in a way that would be generally expected. We receive Personal Data about General Contacts from a variety of sources, as follows:

  • you often provide Personal Data to the Healthcare Professional;
  • the Personal Data may be collected from public sources;
  • the Personal Data may be collected when you sign up for a service;
  • Personal Data may be collected when you register for a conference or an event
  • the Personal Data may be collected through our Website;
  • the Personal Data may be collected indirectly from a website or a third party;

3. Categories of Healthcare Professional Personal Data

The table below sets out the general categories of Personal Data that we collect in relation to Healthcare Professional Contacts:

Personal Data Category Description
Contact Data may include a person’s email address, phone number, postal address, and other communication details (e.g. Microsoft Teams)
Identification Data may include a person’s full name, surname, specialist job function, therapy area, department
Communications Data may include personal data in email, phone, or letter communications with us.
Marketing Data may include your contact data, any preferences in receiving marketing from us, and your communication preferences.
Web Data may include information provided on any forms on our Website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

4. Our Processing Activities – Healthcare Professionals

The table below sets out the purpose for which we collect your Personal Data, our lawful basis for doing so, and the Personal Data we collect.

In limited circumstances, we may need to use your Personal Data for purposes other than those stated when we collected the Personal Data. Should this happen, we will notify you of this new purpose.

Purpose/Activity Type of Personal Data Lawful basis

Website Delivery

  • to respond to web forms completed by you;
  • to promote our products and services;
  • to administer the Website;
  • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to ensure the safety and security of our Website and our services.
  • to deliver e-learning courses to you via the website/s
  • Contact Data
  • Web Data
  • Marketing Data
  • Consent
  • Legitimate Interest;

Data Analytics

  • Manage and maintain a Customer Relationship Management tool (CRM) containing data subjects’ preferences, such as preferred communication methods, clinical interest areas, and research publications.
  • Combinations of data from publicly available data sets to identify customer business-related interests, e.g. academic publications by data subjects
  • Analyse behaviours to manage marketing campaigns and send you marketing communications related to products and services.
  • Contact data
  • Marketing data
  • Communication data
  • Voice recording
  • Legitimate Interest
  • Consent

Marketing activities

  • to keep in contact with Healthcare Professional Contacts and review requirements
  • to personalise marketing communications
  • to respond to any requests from you
  • to send newsletters and other information that may be of Interest
  • to inform you of events or webinars that might be of Interest
  • to deliver and organise our conferences, seminars, events
  • to follow up with attendees of our events/webinars and to ask for opinions about our products or services
  • Marketing Data
  • Contact Data
  • Web Data
  • Consent
  • Legitimate Interest

5. Retention of Healthcare Professional Contact Personal Data

In some circumstances, we cannot specify the period we will retain your Personal Data. In such cases, we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances, such as where required for legal claims.

Our retention policy for Healthcare Professionals Personal Data is as follows:

Purpose of Processing Retention Period
Website Delivery 12 months
Marketing Activities Twelve months post-last communication with the data subject or if earlier upon unsubscribe.

1. OVERVIEW

In addition to our General – Data Protection Statement, this Candidate Data Protection Statement provides further information about the Personal Data we process concerning Candidates.

Please see the General – Data Protection Statement for information on:

  • Contact Details
  • Our Data Protection Statement
  • About Us
  • To whom does this Data Protection Statement apply?
  • Lawfulness of Processing
  • Security
  • Disclosure of Personal Data
  • Retention
  • Your Rights
  • Use of Third-Party Websites
  • Cookies
  • Amendments to this Data Protection Statement
  • Questions or Complaints

For this Candidate – Data Protection Statement, a Candidate includes any person who engages with us to help them find a job or applies for a role we have advertised or someone we have placed with a Business Contact, whether on a permanent or a contract basis or someone we identify as a potential job seeker.

As a recruitment service provider, we connect Candidates looking for a job with organisations seeking to hire Candidates on a permanent or contract basis.

We specialise in recruiting and placing candidates, providing contract and permanent employment solutions across various industries, including pharmaceuticals, medical devices, and healthcare.

2. Sources of Candidate Data

We receive Personal Data about Candidates from a variety of sources. Usually, a Candidate provides us with certain information directly, for example, when the Candidate sends us their CV, applies directly for a position advertised on the Uniphar website, or interacts with our communications (e.g. websites and advertisements).

We may also receive Personal Data about a Candidate when:

  • The Candidate applies to a position advertised on a third-party job’s Website;
  • The Candidate may be sourced from publicly accessible platforms such as LinkedIn;
  • The Candidate may be sourced from third-party CV providers such as jobs websites that provide CV search facilities and where users have made their CV data available to registered customers of these sites and
  • The Candidate’s nominated referees or other individuals may provide us with Personal Data relating to the Candidate.

3. Categories of Candidate Personal Data

The table below lists the general categories of personal data we collect concerning candidates.

Personal Data Category Description
Contact Data may include a person’s email address, phone number, postal address, and other communication details (e.g. Microsoft Teams)
Identification Data may include a person’s name, date of birth, driver’s license, national tax identification number and passport information
Professional Data may include profession, Company, department, employment history, skills/ experience, membership of professional bodies
Education Data may include degrees, certificates and diplomas awarded, languages, educational history, qualifications
CV Data may include Contact Data, Identification Data, Professional Data, Education Data and information about achievements and hobbies
Financial Data includes payment and bank details, tax information, social security and salary expectations
Test Data includes the Candidate test answers and results for any job application
Health Data includes health information, including information about any disability or illness.
Application Data includes Personal Data provided as part of an application for a permanent or contract position advertised by Uniphar Pharma Division as an employment business. It includes Contact, Identification, Professional, Education, and Test Data.
Media Data includes video data and recordings from an interview with the Candidate, including Contact Data, Professional Data, Education Data, Health Data, Application Data and Communications Data.
Legal Data includes criminal record and credit checks undertaken where required as part of the application process.
Position Data includes information on salary/rate of pay, working hours and job description
Emergency Contact Data may include the name and contact details provided by a Candidate in case of an emergency.
Communications Data may include personal data in email, text, phone, or letter communications with us.
Marketing Data may include your contact data, any preferences in receiving marketing from us, and your communication preferences.
Web Data may include information provided on any forms on our Website and, to the extent that it includes Personal Data, information on the type of device you’re using, its IP address, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

4. Our Processing Activities – Candidates

We can only collect your Personal Data if we have a lawful basis for doing so.

We have set out in the table below the general purpose of processing, the categories of Personal Data processed and the related lawful basis for processing. A separate data protection notice is provided to Candidates who work for Uniphar Pharma Division on a contract basis.

Purpose/Activity Type of Personal Data Lawful basis for processing

Candidate Sourcing

  • to advertise roles on the https://wearestarpeople.com website
  • to create a record/file for the Candidate on our system and to associate all notes and tracking throughout the job search, interview, placement, onboarding and contracting process
  • to keep up-to-date information about Candidates, their job search process and their requirements to assess their suitability for current or future vacancies
  • to maintain our Candidate database
  • screening and identification of Candidates for available positions
  • to communicate with Candidates about jobs that might be of Interest to them
  • to receive and review Candidate applications
  • to understand current and expected salary, notice period and availability, current and required locations to enhance and impact the success of the matching process and ensure the Candidate is provided with the most relevant opportunities
  • to undertake modelling based on demographic, behavioural, and geographic data to produce lead scores that may predict the jobs, locations and companies Candidates are most likely to be interested in or to predict which jobs Candidates are likely to be interested in and which Candidates our clients are most likely to hire;
  • to undertake profiling for semi-automated or manual decision-making about Candidates.
  • CV Data
  • Communications Data
  • Marketing Data
  • Legitimate Interest
  • Consent
  • Candidate Applications
  • responding to Candidate queries
  • receiving and reviewing Candidate applications received from candidates directly
  • communications with Candidates re- application
  • setting up interviews with the Candidate
  • engaging with Business Contacts about the Candidate
  • CV Data
  • Communications Data
  • Consent
  • Legitimate Interest;
  • Candidate Interview
  • to arrange and undertake a Candidate Interview
  • recording notes of Candidate Interview
  • to communicate with the Candidate following the interview
  • CV Data
  • Communications Data
  • Media Data
  • Voice and Video Recording
  • Consent
  • Legitimate Interest
  • Candidate Screening
  • to identify if the Candidate is fit to work
  • to assess the Candidate
  • CV Data
  • Health Data
  • Test Data
  • Consent (Assessment of Working Capacity)
  • Candidate Placement in Permanent Position
  • to maintain the relationship with the Candidate
  • to ensure the database is maintained
  • Contact Data
  • Role Data
  • Communications Data
  • Marketing Data
  • Consent
  • Legitimate Interest
  • Candidate Finance Activities
  • to ensure salary expectations are met
  • to undertake financial audits
  • to communicate salary/fee arrangements between the Business Contact and the Candidate
  • Contact Data
  • Role Data
  • Financial Data
  • Consent
  • Legitimate Interest
  • Contract
  • Candidate IT Activities
  • to facilitate insights into activities and develop new services
  • back-up and storage of Candidate data
  • to make improvements and efficiencies in the services
  • Contact Data
  • Identification Data
  • Professional Data
  • Education Data
  • Communications Data
  • Marketing Data
  • Consent
  • Legitimate Interest
  • Website Delivery
  • to respond to web forms completed by you;
  • to promote our products and services;
  • to administer the Website;
  • for internal operations, including support, troubleshooting, data analysis, testing, research, statistical and survey purposes
  • to ensure the safety and security of our Website and our services.
  • Contact Data
  • Web Data
  • Consent
  • Legitimate Interest
  • Marketing activities
  • to respond to any requests from you
  • to send newsletters and other information that may be of Interest
  • to inform you of events or webinars that might be of Interest
  • to deliver and organise our conferences, seminars, events
  • to develop the relationship with Candidates
  • to tailor our products and services to identify suitable Candidates better, present the right opportunities at the right time, and meet Candidate needs more effectively
  • to personalise marketing information
  • to segment and distribute targeted marketing
  • Marketing Data
  • Contact Data
  • Web Data
  • Consent
  • Legitimate Interest

5. Retention of Candidate Personal Data

In some circumstances, we cannot specify the period we will retain your Personal Data. In such cases, we will determine the appropriate retention period based on balancing your rights against our legitimate interests. We may also retain certain Personal Data beyond the periods specified herein in some circumstances, such as where required for legal claims.

Our retention policy for Candidate Personal Data is as follows:

Purpose of Processing Retention Period
Candidate Sourcing As agreed with the data subject
Candidate Applications One year
Candidate Interview 18 months
Candidate Placement Seven years
Candidate Finance Seven years