This Website collects Personal Data from its Website Users. This Privacy Policy sets out the basis on which your personal data as a Website User will be processed by Small Pharma, as a data controller. If you visit our Website, we may use your Personal Data in connection with your request for or use of our services. Please read the Privacy Policy carefully to understand how we will use your Personal Data. If you are a current or prospective patient of a clinical trial, please see the Clinical Trial notice that has been or will be provided to you for further details about how your personal data will be processed and how to exercise your data subject rights.
This document can be printed for reference by using the print command in the settings of any browser.
Data Controller
If you have any questions about your personal data, how we look after it, or if there are any changes to your personal data, please contact us using the details below:
Small Pharma
6-8 Bonhill Street
Workers Leagues
EC2A 4BX
Contact email: nina.kumari@smallpharma.co.uk
Types of personal data collected and how the personal data is collected
When you access the Website, you may provide us with Personal Data, and we may collect and process such Personal Data in accordance with this Privacy Policy.
The types of Personal Data that this Website collects, by itself or through third parties are: Usage and Technical Data; Tracker (for example, Cookies); first name; last name; email address; device information; geographical location, and other personal identifiers. Additional data may be collected about you from the correspondence that you send to us, any conversations you have with us, and any feedback you give us.
We do not intentionally collect any types of “special category personal data”, such as information relating to individuals’ health data, however, we may inadvertently collect such data if you submit an enquiry to us about an existing or future clinical trial and voluntarily provide details of your personal health circumstances.
Further details on each type of Personal Data collected are provided at the end of this privacy policy or by specific explanation texts displayed prior to the data collection.
Personal Data may be freely provided by the User, or, in case of Usage and Technical Data, collected automatically when using this Website.
Unless specified otherwise, all Personal Data requested by this Website is mandatory and failure to provide this Data may mean we will not be able to provide some features of this Website. In cases where this Website specifically states that some Personal Data is not mandatory, Users are free not to provide this Personal Data.
Any use of Cookies – or of other tracking tools – by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in this Privacy Policy and in the Cookie Policy.
Users are responsible for any third-party Personal Data obtained, published, or shared through this Website and confirm that they have the third party’s consent to provide the Personal Data to Small Pharma.
SECURITY OF YOUR PERSONAL DATA
Small Pharma takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of Personal Data. However, we cannot guarantee your Personal Data will be free from every security risk that may be possible when your information is sent to and from the Website.
This Website may include links to third-party websites which may collect your Personal Data. We have no control over what these websites do with your Personal Data. Please check the policies on these websites which will tell you what they do with your Personal Data.
Personal Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated.
SHARING OF YOUR PERSONAL DATA
In addition to Small Pharma, in some cases, your Personal Data may be disclosed to third parties in limited circumstances so that we can operate our Website and comply with our legal duties.
Your Personal Data may be accessible to certain types of persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, investor relations agency, mail carriers, hosting providers, email marketing providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by Small Pharma. We may transfer your Personal Data if we are involved whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganisation, dissolution, bankruptcy, or other change of ownership or control. We may disclose your Personal Data if reasonably necessary with regulators, law enforcement agencies, or where mandatory under a court order. We may also share your personal data to enforce our legal rights. An updated list of these parties may be requested from Small Pharma at any time.
LEGAL BASIS OF PROCESSING
Small Pharma may process Personal Data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes;
- The provision of Personal Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- The processing of Personal Data is necessary for compliance with a legal obligation to which Small Pharma is subject;
- The processing of Personal Data is related to a task that is carried out in the public interest;
- The processing is necessary for the purposes of the legitimate interests pursued by Small Pharma or by a third party, for example, to run and operate the Website, run our business, and maintain our records.
In any case, Small Pharma will clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
WHERE WE STORE YOUR PERSONAL DATA
The Data is processed at the Owner’s operating offices (the UK) and in any other places where the parties involved in the processing are located.
Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. We will not transfer or store your Personal Data outside of the European Economic Area (EEA) or the UK, except to selected third parties that we have instructed to help us to provide the services to you.
If we do transfer or store your Personal Data outside of the EEA, we will ensure we have put adequate measures in place in order to protect your Personal Data to an equivalent data protection standard as in the UK and the EEA.
You can ask us for more information about where we may transfer or store your Personal Data and how we will take steps to ensure your Personal Data is protected by using the contact details at the top of this policy.
RETENTION OF YOUR PERSONAL DATA
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for in the first place as set out in this Privacy Policy or as otherwise required by applicable laws. We store your Personal Data in line with legal, regulatory, financial, and good-practice requirements.
Therefore:
- Personal Data collected for purposes related to the performance of a contract between Small Pharma and the User shall be retained until such contract has been fully performed and for a longer period if required.
- Personal Data collected for the purposes of Small Pharma’s legitimate interests shall be retained as long as needed to fulfill such purposes.
Small Pharma may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, Small Pharma may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted.
If you would like further information on how long Small Pharma keeps your Personal Data, please contact us using the details set out at the top of this policy.
The purposes of processing
Personal Data about a User is collected to allow Small Pharma to provide its Website and Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), to respond to User enquiries if Users submit enquiries about becoming a shareholder or investor relation enquiries, to respond to enquiries about recruitment, business or media-related enquiries, to respond to clinical trial related enquiries, to send Users marketing and promotional material if Users sign up to receive it (unless consent is not required under the soft opt-in exception), to identify any problems, defects or issues with the Website, to optimise the performance of the Website, to monitor operations, User activity and networks to detect any malicious or fraudulent activity, as well as the following: displaying content from external platforms (such as Youtube and Vimeo for video hosting), Advertising, Analytics, Tag Management, Handling productivity-related activity, Platform services and hosting, Contacting the User and Remarketing and behavioural targeting.
For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.
Detailed information on the processing of personal data
Personal Data is collected for the following purposes and using the following services:
ANALYTICS
The services contained in this section enable Small Pharma to monitor and analyse web traffic and can be used to keep track of User behaviour.
Google Analytics (Google Ireland Limited)
Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy – Opt Out.
Quantcast Measure (Quantcast Corporation)
Quantcast Measure is an analytics service provided by Quantcast Corporation.
Personal Data processed: Tracker; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
LinkedIn conversion tracking (LinkedIn Insight Tag) (LinkedIn Corporation)
LinkedIn conversion tracking (LinkedIn Insight Tag) is an analytics and behavioral targeting service provided by LinkedIn Corporation that connects data from the LinkedIn advertising network with actions performed on this Website. The LinkedIn Insight Tag tracks conversions that can be attributed to LinkedIn ads and enables to target groups of Users on the base of their past use of this Website.
Users may opt out of behavioral targeting features through their device settings or by visiting their LinkedIn account settings.
Personal Data processed: device information; Tracker; Usage Data.
Place of processing: United States – Privacy Policy.
Google Ads conversion tracking (Google Ireland Limited)
Google Ads conversion tracking is an analytics service provided by Google Ireland Limited that connects data from the Google Ads advertising network with actions performed on this Website.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy.
Facebook Ads conversion tracking (Facebook Pixel) (Meta Platforms Ireland Limited)
Facebook Ads conversion tracking (Facebook pixel) is an analytics service provided by Meta Platforms Ireland Limited that connects data from the Facebook advertising network with actions performed on this Website. The Facebook pixel tracks conversions that can be attributed to ads on Facebook, Instagram, and Audience Network.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy.
Mailchimp data analytics (Owned by Intuit, Inc.)
Mailchimp data analytics is an analytics service provided by Intuit, Inc.
Personal Data processed: Tracker; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out .
CONTACTING THE USER
Contact form (this Website)
By filling in the Contact Us form with their Personal Data or by sending an email to the specific contact email addresses provided, the User understands that Small Pharma will use these details to reply to requests about becoming a shareholder or for further information about Small Pharma, recruitment, business or media enquiries, investor relation inquiries, clinical trial-related enquiries or any other enquiries.
Personal Data processed: email address and any personal data contained in your message (including your first and last name and any other information you voluntarily provide).
Email Marketing
By registering and providing your express consent to receive email marketing on the Contact Us form, the User’s email address will be added to the contact list of those who may receive Small Pharma promotional or marketing emails. If you are a business (including a director, officer, or employee of the organisation), shareholder or have previously purchased services from us, we will assume you are happy to receive relevant marketing communications unless you have previously opted out of such communications. This is based on our legitimate interests in promoting our business to provide offers for relevant services. We will not send email marketing communications to any past, current, or future patients of our clinical trials.
If you change your mind about receiving marketing emails, you can withdraw your consent at any time by clicking on the “unsubscribe” link at the bottom of each email. If you choose to withdraw your consent to receive marketing emails, we will still be able to send you service emails that are necessary for our relationship with you.
Personal Data processed: email address, first name, last name
MANAGING CONTACTS AND SENDING MESSAGES
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
Mailchimp email marketing (Intuit, Inc.)
Mailchimp is an email address management and message sending service provided by Intuit, Inc.
Personal Data processed: email address, first name, last name, company name; Usage Data.
Place of processing: United States – Privacy Policy.
CONNECTING DATA
This type of service allows the Owner to connect Data with third-party services disclosed within this privacy policy.
This results in Data flowing through these services, potentially causing the retention of this Data.
Zapier (Zapier, Inc.)
Zapier is a workflow automation service provided by Zapier, Inc. that automates the movement of Data between (third-party) services.
Personal Data processed: Data communicated while using the service; email address; first name; last name.
Place of processing: United States – Privacy Policy.
DISPLAYING CONTENT FROM EXTERNAL PLATFORMS
This type of service allows you to view content hosted on external platforms directly from the pages of this Website and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Font Awesome (Fonticons, Inc. )
Font Awesome is a typeface visualization service provided by Fonticons, Inc. that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Usage Data.
Place of processing: United States – Privacy Policy.
Google Fonts (Google Ireland Limited)
Google Fonts is a typeface visualization service provided by Google Ireland Limited that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Usage Data; various types of Data as specified in the privacy policy of the service.
Place of processing: Ireland – Privacy Policy.
Video Vimeo (Vimeo, LLC)
Vimeo is a video content visualization service provided by Vimeo, LLC that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Tracker; Usage Data.
Place of processing: United States – Privacy Policy.
YouTube (Google Ireland Limited)
YouTube is a video content visualization service provided by Google Ireland Limited that allows this Website to incorporate content of this kind on its pages.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy.
HANDLING PRODUCTIVITY RELATED ACTIVITY
This type of service helps the Owner to manage tasks, collaboration, and, in general, activities related to productivity. In using this type of service, the Data of Users will be processed and may be retained, depending on the purpose of the activity in question. We use Google Workspace for the purpose of retaining any enquiries submitted to us on our Contact Us form.
These services may be integrated with a wide range of third-party services disclosed within this privacy policy to enable the Owner to import or export Data needed for the relative activity.
Google Workspace (Google LLC)
Google Workspace is an integrated suite of cloud-based productivity, collaboration and storage services provided by Google LLC. Gmail or other G Suite services are not scanned by Google for advertising purposes. In addition, Google does not collect or use data inside these services for advertising purposes in any other way.
Personal Data processed: email address; first name; last name.
Place of processing: United States – Privacy Policy.
PLATFORM SERVICES AND HOSTING
These services have the purpose of hosting and running key components of this Website, therefore allowing the provision of this Website from within a unified platform. Such platforms provide a wide range of tools to Small Pharma – e.g. analytics, user registration, commenting, database management – that involve the collection and handling of Personal Data.
WordPress.com (Automattic Inc.)
WordPress.com is a platform provided by Automattic Inc. that allows the Owner to build, run and host this Website.
Personal Data processed: Data communicated while using the service; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
USER DATABASE MANAGEMENT
This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to this Website, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks’ profiles) and used to build private profiles that the Owner can display and use for improving this Website.
Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Website.
Mailchimp email marketing (Intuit, Inc.)
Mailchimp is an email address management and message sending service provided by Intuit, Inc.
Personal Data processed: email address; first name; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
REMARKETING AND BEHAVIORAL TARGETING
This type of service allows this Website and its partners to inform, optimize and serve advertising to Users of the Website based on past use of this Website by the User. We conduct remarketing campaigns whereby Users of the Website are retargeted with Small Pharma advertisements.
This activity is facilitated by tracking Usage Data and by using Trackers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity.
For advertising purposes, we use information about our Users (names and email addresses submitted to our Contact Us form) in order to generate “lookalike audiences” of prospective users through advertising networks. This allows us to target advertisements on respective advertising networks to potential users who appear to have shared interests or similar demographics to our existing Users, based on the advertising networks own data.
In addition to any opt-out feature provided by any of the services below, Users may opt-out by visiting the Network Advertising Initiative opt-out page.
Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.
LinkedIn Website Retargeting (LinkedIn Corporation)
LinkedIn Website Retargeting is a remarketing and behavioral targeting service provided by LinkedIn Corporation that connects the activity of this Website with the LinkedIn advertising network.
Personal Data processed: Tracker; Usage Data.
Place of processing: United States – Privacy Policy – Opt Out.
Google Ads Remarketing (Google Ireland Limited)
Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google Ireland Limited that connects the activity of this Website with the Google Ads advertising network and the DoubleClick Cookie.
Users can opt out of Google’s use of cookies for ads personalization by visiting Google’s Ads Settings.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy – Opt Out.
Facebook Retargeting (Facebook Pixel) (Meta Platforms Ireland Limited)
Facebook Retargeting is a remarketing and behavioral targeting service provided by Meta Platforms Ireland Limited that connects the activity of this Website with the Facebook advertising network. The Facebook pixel tracks activity that can be attributed to ads on Facebook, Instagram, and Audience Network.
Personal Data processed: Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy – Opt Out.
The rights of users
As a result of Small Pharma collecting and processing your Personal Data, Users may exercise the following legal rights regarding their Personal Data processed by Small Pharma.
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to processing of their Data. Users have the right to object to the processing of their Personal Data in certain circumstances where there is no need for us to continue processing it in certain circumstances..
- Object to processing of their Personal Data for direct marketing. Users have the absolute right to object to their personal data being used for the purpose of sending marketing emails.
- Access their Data. Users have the right to understand if their Personal Data is being processed by Small Pharma, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Personal Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their Personal Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Personal Data. In this case, the Owner will not process their Personal Data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Personal Data from Small Pharma.
- Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of, or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority (which in the United Kingdom is the Information Commissioner’s Office) or seek a remedy in the national courts if Users think that their rights in relation to Personal Data have been breached.
HOW TO EXERCISE THESE RIGHTS
Any requests to exercise User rights can be directed to Small Pharma through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by Small Pharma as early as possible and always within one month from the date of receipt of the request. Please note Small Pharma may need to verify your identity prior to handling your request. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful).
Additional information about data collection and processing
CHANGES TO THIS PRIVACY POLICY
Small Pharma reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Website and/or – as far as technically and legally feasible – sending a notice to Users via any contact information available to Small Pharma. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of the User’s consent, Small Pharma shall collect new consent from the User, where required.
More details concerning the collection or processing of Personal Data may be requested from Small Pharma at any time. Please see the contact information at the beginning of this document.
DEFINITIONS AND LEGAL REFERENCES
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Usage and Technical Data
Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
User
The individual using this Website who, unless otherwise specified, coincides with the Data Subject.
Data Subject
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
The natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.
Data Controller (or Owner)
The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is Small Pharma.
This Website
The means by which the Personal Data of the User is collected and processed.
Service
The service provided by this Website as described in the relative terms (if available) and on this Website.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookie
Cookies are Trackers consisting of small sets of data stored in the User’s browser.
Tracker
Tracker indicates any technology – e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting – that enables the tracking of Users, for example by accessing or storing information on the User’s device.
This privacy policy relates solely to this Website, if not stated otherwise within this document.
Last updated: August 9, 2022