Privacy Policy (Archived)

This is an archived version. Please visit our current Privacy Policy here

Our Terms below explain what data we hold and how we use it – and why as a service user of Datapharm it is vital we hold certain pieces of information. Your privacy is important to us and we will only collect your information to deliver and improve the service we offer.

Legal Information and Privacy Policy for Datapharm Systems Users

Datapharm Limited (Company Number Company number 11275607) is committed to protecting the privacy of all individuals using our services and products (“Datapharm”, “we” and “us”). This Privacy Policy (the “Policy”) explains (i) how we process the personal information we collect about you, (ii) how you can instruct us if you prefer to limit the use of that information and (iii) what procedures we have in place to safeguard your privacy.

If you have any questions about this Policy or would like any further information please write to our privacy officer at Datapharm Limited, Cassini Court, Randalls Way, Leatherhead, Surrey, United Kingdom, KT22 7TW or email us at [email protected]. It may be helpful for a number of reasons to refer to a title rather than an individual.

What information do we collect

Personal Data means any information relating to a person who can be identified either directly or indirectly (“Personal Data”). It may include name, address, email address, phone number, credit or debit card number and IP address.

We will use, store or otherwise process any of your Personal Data in accordance with this Policy, including but not limited to your name, postal address, email address, telephone number, IP address and any other Personal Data collected on registration with Datapharm to the extent reasonably necessary to provide the offerings that are available to you by us.

Where your information is given to us by your employer for the purposes of registering you as the primary contact between your employer and Datapharm we may also process any of your Personal Data in accordance with the terms of this Policy, including but not limited to, your name, company name, job title, business email address and telephone number.

You may give us information about yourself when you complete an ‘enquiry form’ on our website This may include your name, email address, address, phone number, company and any other additional information that you may choose to provide to us.

You may give us information about yourself when you complete an event or course registration form on our website or participate in a survey for research purposes. This may include your name, email address, phone number, company and any other additional information that you may choose to provide us with.

When you visit our site, we may automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.

How we will use your personal data

Datapharm uses the information you provide us to:

  • Maintain our internal records;
  • Create and maintain your customer profile;
  • Provide you with relevant information about products, services or training;
  • Send you essential information required for the day-to-day usage of our software, such as the status of the workflow when using one of our management systems;
  • Respond to queries and requests submitted by you;
  • Personalise your interaction with us;
  • Notify you about changes to, and availability of, our services;
  • perform a contract we have entered into with you or your employer;
  • Enable our suppliers and service providers to carry our certain functions on our behalf, including the delivery of dm+d information;
  • Ensure the security of your account;
  • Develop and improve our offering, for example, by logging help desk interactions and reviewing visits to our website and its various subpages; and
  • Comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law.

We will take reasonable steps to ensure that the Personal Data we collect will be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

Grounds for Processing

To process your Personal Data lawfully we need to rely on one or more valid legal grounds. The grounds we may rely upon include:

  • the processing of your Personal Data is necessary for the performance of a contract between us;
  • your consent to particular processing activities. For example, where you have consented to us using your information to investigate and respond to queries and requests you submit to us;
  • our legitimate interests as a business (except where your interests or fundamental rights override these). For example, it is within our legitimate interests to use
  • your Personal Data to prevent or detect fraud or abuses of our Website; or
  • our compliance with a legal obligation to which Datapharm is subject. For example, we have a duty to investigate and respond to complaints made against us and may need to process your Personal Data as part of such investigation.

Disclosure of your Personal Data

There are circumstances where we may wish to disclose or are compelled to disclose your Personal Data to third parties. This will only take place in accordance with the applicable law and for the purposes listed above. These scenarios include disclosure:

  • to our employees;
  • to our auditors;
  • to our third party suppliers who need it to perform a contracted role. For example, if a pharmaceutical company submits product information via In-Demand,
  • the NHSBSA may need to contact the pharmaceutical company with questions about the data; or
  • to third party service providers and consultants in order to protect the security or integrity of our organisation, including our databases and systems and for business continuity reasons;
  • to legal advisors who may need to advise us or manage or litigate a claim;
  • to another legal entity, on a temporary or permanent basis, for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of
  • legal form, dissolution or similar event. In the case of a merger or sale, your personal data will be permanently transferred to a successor company;
  • If we believe the law requires it, or in response to any demand by law enforcement authorities in connection with a criminal investigation, or civil or administrative authorities in connection with a pending civil case or administrative investigation; and
  • to any other third party where you have provided your consent.

Datapharm does not sell Personal Data it has gathered about you to third parties.

International transfer of Personal Data

We may transfer your Personal Data to a third party in countries outside the EU for further processing in accordance with the purposes set out in this Policy. In particular, your Personal Data may be transferred to our third party suppliers located abroad.

How long do we hold Personal Data?

Personal Data that we hold about you will be maintained as long as you are a registered user of one of our systems and may be held for up to seven years after you have stopped being a registered user.

Your rights in relation to your Personal Data

Data protection law provides you with certain rights, including the right to: access, rectify, withdraw consent, erase, restrict, transport, and object to the processing of, your Personal Data. You also have the right to lodge a complaint with the relevant data protection authority if you believe your Personal Data is not being processed in accordance with applicable data protection law. Further information about your rights is set out below:

  • Right to make subject access request (SAR). You may, where permitted by applicable law, request copies of your Personal Data. If you would like to make a SAR, i.e. a request for copies of the Personal Data we hold about you, you may do so by contacting us at the details set out in the “what information do we collect” section above. The request should make clear that a SAR is being made. Please quote your name and address. We should be grateful if you would also provide brief details of the information of which you would like a copy or which you would like to be corrected – this helps us to more readily locate your data. We will require proof of your identity before providing you with details of any Personal Data we may hold about you.
  • Right to rectification. You may request that we rectify any inaccurate and/or complete any incomplete Personal Data.
  • Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your Personal Data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your Personal Data is essential.
  • Right to object to processing. You may, as permitted by applicable law, request that we stop processing your Personal Data
  • Right to erasure. You may request that we erase your Personal Data and we will comply, unless there is a lawful reason for not doing so.
  • Your right to lodge a complaint with the supervisory authority. We suggest that you contact us about any questions or if you have a complaint in relation to how we process your Personal Data. However, you do have the right to contact the relevant supervisory authority directly. To contact the Information Commissioner’s Office in the United Kingdom, please visit the ICO website.


We may from time to time use various cookies that retain information about you and your use of our websites.

A cookie is a small piece of data that is transferred from a website, via your web browser and is automatically stored on your device’s hard drive. Cookies are widely used to make websites work or make them work better. Cookies provide us with information about your activities or preferences whilst using our websites and provide statistical and technical information about how you use our websites. We use this information to improve our websites and deliver a better personalised service.

How to manage cookies

Most web browsers are set to accept cookies, but if you don’t want to receive cookies, you can change your browser so that it notifies you when cookies are sent to it or you can refuse cookies altogether. If you restrict or block web browser cookies, you may find that some aspects of our websites will not work.
For more information about cookies, including how to see what cookies have been set and how to manage and delete them, please visit the All about cookies website.

Anonymous analytics cookies

Our websites use Google analytics to collect information about how visitors use our websites. For example the number of visitors, the time of visit, which pages you visited, whether you have visited the site before and what site referred you to our websites. We use the data from Google analytics to compile reports and improve our websites. For more information and to opt out of being tracked by Google Analytics, please visit the Google website.

Where we store your Personal Data

Any Personal Data that you provide will be stored on secure computers. The data will primarily be stored in the UK, but it may be stored and processed on computers located outside the European Economic Area (EEA) in accordance with current data protection guidelines.

Updates to legal and privacy policy

From time to time, Datapharm may revise this legal and privacy policy. Continued use of our services after receiving notice of a change in our privacy policy indicates your consent to the use of newly submitted information in accordance with the amendments.

This legal and privacy policy was last updated on 19th December 2018.

Request more information

If you’d like to find out more information about our services and solutions, please contact us and one of our representatives will be in touch shortly.