Odelle Technology Limited an independent medical technology consultancy. We need to collect, use and disclose personal information in order to perform our business functions and activities, including making and managing commercial introductions and opportunities in the medical technology field on behalf of our clients. We are firmly committed to protecting the privacy and confidentiality of personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care.
For the purposes of the General Data Protection Regulation 2016/679 (“GDPR”) we will be either the “data processor” or “data controller” for any personal information you provide to us in connection with our relationship. The precise role we will be assuming is dependent on the context of our relationship with you and the purpose of the processing being undertaken.
By providing personal information to us, you agree that this Policy will apply to how we handle your personal information and you consent to us collecting, using and disclosing your personal information as detailed in this Policy. If you do not agree with any part of this Policy, you must not provide your personal information to us. If you do not provide us with your personal information, or if you withdraw a consent that you have given under this Policy, this may affect our ability to provide services to you.
2. What personal information do we collect?
Personal information has the meaning of personal data given under the GDPR. Personal information generally means information which relates to a living individual who can be identified from that information, or from that information and other information in a person’s possession, including any expression of opinion, whether true or not, and whether recorded in material form or not, about an identified or reasonably identifiable individual, and any indication of intention in respect of an individual.
Generally, the type of personal information we collect about you is the information that is needed to perform our business functions and activities, including making and managing commercial introductions and opportunities in the medical technology field on behalf of, and providing our consulting services to, our clients.
We therefore typically process the following types of personal information about you:
- contact information (such as name, telephone number, email address); and
- account information (such as the methods by which you pay for our services and account information relating to that payment).
In some circumstances, we may collect personal information from you, which may be regarded as sensitive information under your local data protection laws. We will only collect sensitive information in compliance with your local data protection laws, with your explicit consent and where it is reasonably necessary for, or directly related to, one or more of our functions or activities (e.g. to provide consulting services to you), unless we are otherwise required or authorised to do so by law. To the extent permitted or required under the GDPR, you consent to us using and disclosing your sensitive information for the purpose for which it was collected, unless we subsequently receive your consent to use it for another purpose. We will not use sensitive information for purposes other than those for which it was collected, unless we subsequently receive your consent to use it for another purpose.
3. How do we collect personal information?
We will only collect personal information in compliance with the GDPR. We usually collect your personal information from the information you submit during the course of your relationship with us. We will collect this information directly from you unless it is unreasonable or impracticable to do so.
Generally, this collection will occur:
- when you deal with us either in person, by telephone, letter, email;
- when you visit our website; or
- when you connect with us via social media.
In some circumstances, it may be necessary for us to collect personal information about you from a third party. This includes where a person makes an introduction to you and/or your organization. Where this occurs, we will rely on the authority of the person making the introduction.
Where you introduce us to another person and/or organization, you agree you have obtained the consent of the other person for us to collect, use and disclose the other person’s personal information in accordance with this Policy and that you have otherwise made the other person aware of this Policy.
You should let us know immediately if you become aware that your personal information has been provided to us by another person without your consent or if you did not obtain consent before providing another person’s personal information to us.
We make every effort to maintain the accuracy and completeness of your personal information which we store and to ensure all of your personal information is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal information or if you become aware that we have inaccurate personal information relating to you (see section 12 below). We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal information that you, or a person acting on your behalf, provide to us.
4. How do we use your personal information?
We will only process your information, where:
- you have given your consent to such processing (which you may withdraw at any time, as detailed at section 8 below);
- the processing is necessary to provide our services to you;
- the processing is necessary for compliance with our legal obligations; and/or
- the processing is necessary for our legitimate interests or those of any third party recipients that receive your personal information (as detailed in sections 5 and 6 below).
Where you contact us in relation to medical technology consulting services, the purpose for which we collect your personal information is generally to provide you with those services. However, the purpose for collection may differ depending on the particular circumstances as disclosed in this Policy, for example:
- providing you with services;
- identification of fraud or error;
- regulatory reporting and compliance;
- developing and improving our services;
- managing our relationship with you by, among other things, creating and maintaining a customer profile to enable us to improve our service you better or presenting options on our website we think may interest you based on your browsing and preferences;
- involving you in research activities, gauging customer satisfaction and seeking feedback regarding our relationship with you and/or the service we have provided;
- internal accounting and administration;
- to comply with our legal obligations; and
- other purposes as authorised or required by law (e.g. to prevent a threat to life, health or safety, or to enforce our legal rights).
We process your personal information as necessary so as to provide the services you requested from us. This usually includes collecting personal information about you, both for our internal purposes as described in this Policy and for the provision of our services.
If you have any concerns regarding the use of your personal information or you wish to contact us for further information, please refer to the “Feedback / Complaints / Contact” section below (section 12).
5. Is personal information disclosed to third parties?
We do not and will not sell, rent out or trade your personal information. We will only disclose your personal information to third parties in the ways set out in this Policy and, in particular, as set out below. Note that, in this Policy, where we say “disclose”, this includes to transfer, share (including verbally and in writing), send, or otherwise make available or accessible your personal information to another person or entity.
Your personal information may be disclosed to the following types of third parties:
- our contractors, agents, suppliers and service providers, including without limitation:
- in each of the circumstances set out in section 4 (“How do we use your personal information?”);
- suppliers of IT-based solutions that assist us in providing services to you (such as any external data hosting providers we may use);
- marketing, market research, research and analysis and communications agencies;
- courier services; and
- external business advisers (such as lawyers, accountants, auditors and recruitment consultants);
- our related entities;
- pharmaceutical and medical device and technology companies;
- national and privately owned and operated health care services providers;
- any third party to whom we assign or novate any of our rights or obligations;
- a person who can verify to us that they have a relationship with you (e.g. a family member) where you are not contactable, the person correctly answers our required security questions and the request is, in our opinion, in your interest;
- as required or authorised by applicable law, and to comply with our legal obligations;
- government agencies and public authorities to comply with a valid and authorised request, including a court order or other valid legal process;
- various regulatory bodies and law enforcement officials and agencies, including to protect against fraud and for related security purposes; and
- enforcement agencies where we suspect that unlawful activity has been or may be engaged in and the personal information is a necessary part of our investigation or reporting of the matter.
Other than the above, we will not disclose your personal information without your consent unless we reasonably believe that disclosure is necessary to lessen or prevent a threat to life, health or safety of an individual or to public health or safety or for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), or where such disclosure is authorised or required by law (including applicable privacy / data protection laws).
6. Is personal information transferred overseas?
We may disclose your personal information to certain overseas recipients, as set out below. We will ensure that any such international transfers are either necessary for the performance of a contract between you and the overseas recipient or are made subject to appropriate or suitable safeguards as required by GDPR your local data protection laws. We will provide you with copies of the relevant safeguard documents on request (see section 12 below).
It is possible that information will be transferred to an overseas recipient located in a jurisdiction where you will not be able to seek redress under your local data protection laws and that does not have an equivalent level of data protection as in the UK. To the extent permitted by UK law and your local data protection laws, we will not be liable for how these overseas recipients handle, store and process your personal information.
(a) Our overseas related entities
Odelle Technology Limited operates a global business. Your personal information may be disclosed to our overseas related entities in connection with facilitation of the consulting services we provide to you and/or to enable the performance of administrative, advisory and technical services, including the storage and processing of such information.
(b) Service providers located overseas
In providing our services to you, it may be necessary for us to disclose personal information to relevant overseas entities. We deal with companies, partnerships, entities, governments, and individuals all over the world, so their location will depend on the services being provided. The relevant party will in most cases receive your personal information in the country in which they are based.
(c) Our third party service providers located overseas
We may also disclose your personal information to third parties located overseas for the purpose of those parties performing services for us and/or you, including the storage and processing of such information. Generally, we will only disclose your personal information to these overseas recipients in connection with facilitation of the services we provide to you and/or to enable the performance of administrative and technical services by them on our behalf.
We deal with third parties and service providers all over the world, so it is not possible for us to set out in this Policy all of the different countries to which we may send your personal information. However, if you have any specific questions about where or to whom your personal information will be sent, please refer to the “Feedback / Complaints / Contact” section below (section 12).
7. Security of information
We are committed to safeguarding and protecting your personal information and will implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect any personal information provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal information transmitted, stored or otherwise processed. We have implemented various physical, electronic and managerial security procedures in order to protect the personal information we hold from loss and misuse, and from unauthorised access, modification, disclosure and interference. We will strive to protect your personal information as fully as we protect our own confidential information. Odelle Technology Limited is not responsible for any third party’s actions or their security controls with respect to information that third parties may collect or process via their websites, services or otherwise.
We will destroy or de-identify personal information once we no longer require it for our business purposes, or as required by law.
8. Your rights in relation to the personal information we collect
If you wish to:
- update, modify, delete or obtain a copy of the personal information that we hold on you; or
- restrict or stop us from using any of the personal information which we hold on you, including by withdrawing any consent you have previously given to the processing of such information; or
- where any personal information has been processed on the basis of your consent or as necessary to perform a contract to which you are a party, request a copy of such personal information in a suitable format.
You can request this by emailing us at the address set out in section 12 below. You will receive acknowledgement of your request and we will advise you of the timeframe within which you will receive the information you have requested.
We endeavour to respond to such requests within a month or less, although we reserve the right to extend this period for complex requests.
We reserve the right to deny you access for any reason permitted under applicable laws. Such exemptions may include national security, corporate finance and confidential references. If we deny access or correction, we will provide you with written reasons for such denial unless it is unreasonable to do so and, where required by local data protection laws, will note your request and the denial of same in our records.
Further correspondence regarding your request should only be made in writing to the address set out in section 12 below.
Please note that, if you request that we restrict or stop using personal information we hold on you, or withdraw a consent you have previously given to the processing of such information, this may affect our ability to provide services to you.
You must always provide accurate information and you agree to update it whenever necessary. You also agree that, in the absence of any update, we can assume that the information submitted to us is correct, unless we subsequently become aware that it is not correct.
In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of personal information.
We reserve the right to charge you a reasonable administrative fee for any manifestly unfounded or excessive requests concerning your access to your personal information, and for any additional copies of the personal information you request from us.
9. IP addresses
When you access our website or open electronic correspondence or communications from us, our servers may record data regarding your device and the network you are using to connect with us, including your IP address. An IP address is a series of numbers which identify your computer, and which are generally assigned when you access the internet.
We may use IP addresses for system administration, investigation of security issues and compiling anonymised data regarding usage of our website and/or mobile applications. We may also link IP addresses to other personal information we hold about you and use it for the purposes described above.
10. Tracking Technologies / Cookies
We may use third-party web analytics services on our websites and mobile apps. The analytics providers that administer these services use technologies such as cookies and web beacons to help us analyse how visitors use our websites and apps.
11. Linked Sites
12. Feedback / Complaints / Contact
If you wish to make a request for or inform us of a change or correction to your personal information, request a copy of the information we collect on you, request deletion of your information, would like to restrict the further processing of your data or if you have any enquiries, comments or complaints about this Policy or our handling of your personal information, please use the details below:
13. Changes to our Policy
We may amend this Policy from time to time. If we make a change to the Policy, the revised version will be posted on our website. We will post a prominent Policy on our website to notify you of any significant changes to our Policy and indicate at the end of the Policy when it was most recently updated. It is your responsibility, and we encourage you, to check the website from time to time in order to determine whether there have been any changes. If we update our Policy, in certain circumstances, we may seek your consent.