Privacy Policy
This Privacy Policy explains how PharmAdvisor Ltd collects, uses, shares and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Effective date: 10 August 2025
1. Who we are (Data Controller)
PharmAdvisor Ltd ("we", "us", "our") is the controller for personal data processed in connection with our websites and services.
PharmAdvisor Ltd6 Saddlers Court, Windsor Road, Chobham, Woking, Surrey, GU24 8LD, UK
Email: info@pharmadvisor.org.uk
2. Information we collect
- Contact details (name, email address, telephone number).
- Professional information (job title, company/organisation).
- Form submissions (e.g., trials, enquiries, intake forms).
- Uploaded documents when you request analysis or review.
- Technical data (IP address, browser type, cookies and similar technologies—see Section 9).
3. How we use personal data
- Respond to enquiries and deliver requested services.
- Run pilots and produce client deliverables; improve service quality.
- Analyse site usage and enhance user experience.
- Meet legal, regulatory, and contractual obligations.
- Manage client relationships and pre‑contract discussions.
4. Legal bases for processing
- Consent (e.g., marketing communications).
- Contract (performing a contract or taking steps at your request).
- Legal obligation.
- Legitimate interests (service improvement, analytics, security).
5. Sharing your data
We do not sell personal data. We may share it with trusted providers (hosting, analytics, form handling, AI/LLM inference) under written data‑processing agreements; with regulators or law enforcement where required; and with vetted contractors or reviewers bound by confidentiality.
6. Data retention and deletion
- We keep personal data only as long as necessary for the purposes set out in this Policy and to satisfy legal or accounting requirements.
- Service data (files, prompts, outputs) is retained for the duration of a customer relationship plus up to 12 months for audit or dispute resolution, then securely deleted or anonymised.
- Prospect and marketing data is retained until it no longer has business value or you withdraw consent.
- You may request deletion at any time; where immediate deletion is technically infeasible (e.g., backups), data will be isolated and removed at the next backup cycle (within 30 days).
7. AI processing and training‑data commitments
- No model training: Inputs/outputs sent to third‑party LLM APIs are not used to train or improve those models under our enterprise agreements.
- Enterprise/API‑only access: Interactions occur via enterprise API endpoints with zero‑retention or DPA‑bound terms; not consumer chat interfaces.
- Limited retention for debugging: Prompt/completion logs may be stored up to 30 days solely for troubleshooting, then deleted or irreversibly anonymised.
- Bring‑your‑own key (optional): Clients may supply their own LLM API keys; in that case, prompts are logged only in your vendor account.
- Sub‑processor transparency: We maintain a list of authorised LLM vendors and hosting providers on request and provide at least 30 days’ notice of material changes.
8. International transfers
Where data is transferred outside the UK, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses, plus additional measures where necessary.
9. Cookies and similar technologies
We use cookies to improve site functionality, analyse usage, and store form data during sessions. You can manage cookies in your browser settings. See our separate Cookie Policy for details (coming soon).
10. Your rights (UK GDPR)
You may request access, rectification or erasure of your personal data; restrict or object to processing; and withdraw consent at any time. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Contact us at info@pharmadvisor.org.uk to exercise your rights.
11. Security
We apply industry‑standard technical and organisational measures to protect personal data, including encryption in transit and at rest, role‑based access controls and supplier due diligence. Access is limited to authorised personnel on a need‑to‑know basis.
12. Changes to this Policy
We may update this Policy from time to time. Material changes will be posted on our website and, where appropriate, notified by email.
13. Contact
If you have questions about this Policy or our data practices, please email info@pharmadvisor.org.uk or write to the address in Section 1.
Get in touch
Follow us on LinkedIn or email steve@pharmadvisor.org.uk.