It is important to note that:
- We do not sell subject data to third parties.
- We make it easy for you to manage your information or change preferences at any time.
- We will only use your personal data for the purpose for which it was provided to us (or for compatible purposes) in line with your stated preferences and within your reasonable expectations.
- With your authorisation we may use the data we collect on our secure system so that if you are suitable for a future study, we can contact you to give you the opportunity to participate if you wish.
This Policy sets out the basis on which any personal information we collect, or that is provided to us, will be processed. Please read the following carefully to understand our views and practices regarding personal information and how we will treat it. By visiting www.glasgowmemoryclinic.com you are accepting and consenting to the practices described in this Policy.
For the purpose of the General Data Protection Regulations (the “Regulations”), the data controller is Glasgow Memory Clinic Ltd. We are a limited company registered in Scotland under company number SC243637 and have our registered office at the Glasgow Memory Clinic, Altum Building, Todd Campus, West of Scotland Science Park, Glasgow, G20 0XA.
- Information we may collect from you
The information we collect on our Site generally falls into the following two categories: “personal information” and “non-personally identifiable information.” Personal information refers to information that lets us know the specifics of who you are (for example, your name, date of birth, address, e-mail address, telephone and mobile numbers). Non-personally identifiable information refers to information that does not by itself identify a specific individual. If we do combine non-personally identifiable information with personal information, the combined information will be treated as personal information for as long as it remains combined.
In general, we collect your personal information when you voluntarily provide it to us, such as when you register with us on our website, telephone, via GP referral or in person at roadshows, fairs and other group events. In addition, our Site may use “cookies” to gather non-personally identifiable information. You can object to processing carried out on this basis by emailing us at firstname.lastname@example.org.
- How we use your personal information
We use your personal information in the following ways:
- We will add your Personal Information as volunteered by you to our Database and use it in accordance with our preferences to identify and notify you of clinical trials for which you may be suitable and in which you may wish to participate. Lawful basis: Legitimate Interest to establish suitability for current studies and review in the event that studies arise for which you may be suitable.
- Administering registration records (including reminder letters). Lawful basis: Legitimate Interest to provide details to you on information that may be of benefit to you.
- To monitor your health, track progress and report it via confidential links to our study sponsors and pharmaceutical companies. Legal basis: Consent gained from you during the consultation and consent process, Vital Interest in ensuring your health is our top priority and Legitimate Interests in ensuring our trial study data is accurate and contributes positively toward the success of the study if applicable.
- To notify you about any changes to our service. Legal basis: Legitimate Interest in keeping you informed of changes that may affect our business and the services that we provide.
- To investigate complaints and queries. Legal basis: Legitimate interest in investigating and addressing such information provided to us in order to address matters raised and to improve our service.
- To monitor / record telephone conversations to or from you in order to ensure best quality, adherence to our policies, to improve our service standards, resolve complaints and for staff training purposes. Legal Basis: Legitimate Interests in improving our service.
- To protect the rights, property and/or safety of Glasgow Memory Clinic, its personnel and others associated with the organisation. Legal basis: Contract with our employees and third parties associated with the organisation.
- As we may otherwise determine to ensure support and operation of our systems.
Recruitment of Employees / Consultants
If you click on the ‘Careers’ section of our website, you will be presented with a summary of any current vacancies that we have. If you access a vacancy and wish to apply, you will be asked to send your CV and a brief description of the vacancy that you are applying for. This will be automatically forwarded to our HR Manager. Your details will be kept for a period of up to 6 months after which they will be deleted from our database. Legal basis: Legitimate Interest in sourcing and recruiting the best staff for our organisation.
Third Party Marketing Partners
We use third party advertising partners for a variety of marketing services which may include but are not limited to managing our website, LinkedIn, Facebook, Twitter, Google Analytics and YouTube.
Our marketing activity is managed by our third party processor via Mailchimp. The following data will be collected via Mailchimp:
- Email addresses (required field)
- First name (required field)
- Last name (required field)
- Consent box (I agree to receive future emails from Glasgow Memory Clinic (required field)
Mailing list subscribers can unsubscribe from the mailing list at any time. Neither Glasgow Memory Clinic Ltd nor its third party marketing partners will ever,
- Share your mailing data with any third party
- Use your mailing list to promote non-Glasgow Memory Clinic Ltd services
- Promote any third party on any our mailing list communication
- Copy your data
- Store your data anywhere other than on our Mailchimp account
Only authorised personnel will have access to our Mailchimp account.
Google Analytics is installed onto our website and our third party marketing partner has access to the data that it collects. This is used to track website use and traffic and will never be used for any other purpose.
Our website uses Wordfence security plug-in (www.wordfence.com) which provides the best possible security for WordPress websites. The plug-in also includes a web application firewall, a real time threat defence feed, block brute force attacks, a malware scanner, enables a view of blocked intrusion attempts, and a view of logins and logouts used for website monitoring purposes. Access to these accounts is restricted to the relevant account managers and web developers.
- How we share your personal information
Where we use your personal information for the purposes specified above, we may also be required to share it (or some of it) with other companies who are commissioning our trial studies. Only the information required for the study statistics and monitoring will be transferred. In most circumstances personal information is transferred via secure electronic databases and software systems.
We may also share your personal information with:
- Third party service providers and agents based locally or abroad that we appoint or who act on our behalf as locum doctors or other specialist service providers that require access to certain personal information for the sole purpose of delivering the service on our behalf. Service providers and agents are restricted from using this information in any way other than to provide services for us, or services for the collaboration in which they and us are engaged.
- Sponsors of clinical trials to identify suitability for future clinical trials.
- Emergency services in the event that we need to report an accident or illness or to request emergency assistance.
- Lawyers, accountants, auditors or similar advisors who assist with our administrative processes or whom we ask for advice.
- Law enforcement agencies, courts, regulators (including health regulatory authorities), government authorities or other third parties based locally or abroad where there is a legal or regulatory obligation, or otherwise protect the rights of any third party.
- A buyer, assignee or transferee in the event that the business of this site or a part of it is sold, assigned or transferred, in which case we would require the buyer, assignee or transferee to treat Personal Data in accordance with this Policy.
- Investors and other relevant third parties in the event of an actual or potential sales or other corporate transaction related to Glasgow Memory Clinic Ltd.
- Other third parties, if authorised to do so.
- Where we store your personal information
The personal data we collect from you may also be processed, accessed, or stored in countries outside the European Economic Area (“EEA”). It may also be processed by employees and third parties who operate outside of the EEA who work for one of our suppliers or affiliates. By submitting your personal data, you agree to this transfer, storing or processing of data. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Policy and will put in place safeguards for personal data transfer outside the EEA including but not limited to:
- Personal data will only be transferred to countries that are deemed by the European Commission to have adequate data protection procedures in place;
- We will only transfer data to processors in the USA if they are part of the Privacy Shield which requires them to provide similar protection of personal data between Europe and the USA.
- How long do we keep your personal information
We retain your personal information for no longer than is necessary for the purpose in which is it collected and held. When determining relevant retention periods, we will take account of the following factors:
- Our legal obligations under applicable law to retain data for a certain period of time.
- Our obligations under contract with study sponsors / providers/ ICH-GCP Guidelines.
- The statute of limitations under applicable law.
- Other guidelines issues by relevant data protection authorities.
- The length of time for which you continue to provide consent.
Once no longer required, we will securely erase your contactable information. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put into place appropriate measures to prevent any further processing or use of the data.
- Links to third party websites
Our website may, from time to time, contain links to and from other websites. If you follow a link to or from any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
We use security methods to protect the personal information that we process, including internet standard encryption technology. However please note that whilst we take appropriate technical and organisational measures to safeguard the personal information that you provide to us, no transmission over the Internet can be guaranteed as secure. Consequently, please note that we cannot guarantee the security of any personal information that you transfer to us over the Internet.
With regard to personal information held on site, both electronically and in paper form, we pay a great deal of attention to ensuring that information is held securely, retained in non-public areas and is accessed only by those employees and third parties who require access in order to carry out their work.
We ensure that all of our employees and data processors respect the confidentiality of others’ data and that information is not disclosed to government or other legal authorities unless it is required by law or for regulatory purposes.
- Your Rights in relation to your Personal Information
The Regulations give you a number of rights (some of which will not apply in certain circumstances). The right to:
- Access (commonly known as a data subject access request) to information held about you. Your right of access can be exercised in accordance with the Regulations. If you would like to receive details of the personal information that we hold about you under the GDPR, please write to email@example.com.
- Correction where personal data held is inaccurate.
- Erasure of your personal data although this may not always be possible if there are specific legal reasons why your personal data must be retained.
- Object to the processing of your personal data where we are relying on legitimate interest (or those of a third party).
- Restriction of your personal data. This enables you to suspend the processing of your data where there is a query a to whether the data is accurate, where its use is unlawful but you want to have it retained, or where you have objected to our use of your data but we have overriding legitimate ground to retain it.
- Request transfer of your personal data to a third party.
- Withdraw consent at any time when we are relying on consent for the processing of your personal data. This may mean we are unable to provide information and services to you. If you wish to withdraw consent you should write to firstname.lastname@example.org.
We will respond to all legitimate requests within one month of receipt wherever possible. If, for some reason, we are unable to do so we will inform you in writing. If you wish to enforce your right to any of the above, we will require proof of identity before implementing your request. If your request is found to be unfounded, repetitive or excessive we may charge a reasonable fee for processing.
- Children’s Privacy
Our website is not intended or designed to attract individuals under the age of 18. We do not collect Personal Information from any person whom we know to be underage and therefore require you to tick the box in the Contact Us section to confirm that you are over 18 years of age before completing any Personal Information.