Privacy Policy

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

Special categories of data are types of personal data that is sensitive and requires additional protection under the law. These include data revealing: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health, sexual orientation or sex life, genetic or biometric data (such as fingerprint or retinal scan data).

When you register your interest with us in order to join clinical trials, we collect your name, gender, date of birth, phone number, email address and county and a brief medical history. If we believe your profile meets the criteria for a Clinical Trial, we may set up a telephone interview, with your consent to gain more information. During this telephone interview we shall obtain further information including additional health data. We may also send a specific questionnaire tailored to a Clinical Trial for you to complete.

The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interest. We also collect special categories of data such relevant medical diagnoses or conditions including mental health conditions and the condition we rely on for processing special categories of data is Article 9(2)(a) - Explicit Consent.

Where do we store it?

We use some data application providers and suppliers to manage our services. It is our general practice to use applications where we can store data in the UK, EEA or countries deemed ‘adequate’ under GDPR.

When we use an application that stores data outside of these zones such as Typeform, we will ensure appropriate measures are in place to secure the transfer, including the US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken.

How long do we keep it for?

We will retain your personal data while you are prospective participant and for up to 5 years after you leave, in line with our business needs and to compliance with legal and regulatory requirements.

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

In its capacity as a data controller, we will, on a need-to-know basis, request, collect and process suitable personal data including sensitive information based on the person’s explicit consent, which may be collected via telephone calls or questionnaires. We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this.

Most commonly, we will use your personal data in the following circumstances: where we need to perform the contract, we are about to enter into or have entered into with you, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests and where we need to comply with a legal obligation such as confirm your identity when you sign up to the trial, keep records of information we hold about you in line with legal requirements, adhere to applicable laws in relation to conducting clinical trials. The condition we rely on for processing special categories of data is Article 9(2)(a) - Explicit Consent.

Where do we store it?

We use some data application providers and suppliers to manage our services, data will be also stored by the Clinical Research Facility and in sponsor defined software. It is our general practice to use applications where we can store data in the UK, EEA or countries deemed ‘adequate’ under GDPR.

If we use an application that stores data outside of these zones, we will use appropriate measures to secure the transfer, including the US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken.

How long do we keep it for?

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

In its capacity as a data controller, we will, on a need-to-know basis, request, collect and process suitable personal data including sensitive information based on the person’s explicit consent, which may be collected via telephone calls or questionnaires. We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this.

Most commonly, we will use your personal data in the following circumstances: where we need to perform the contract, we are about to enter into or have entered into with you, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests and where we need to comply with a legal obligation such as confirm your identity when you sign up to the trial, keep records of information we hold about you in line with legal requirements, adhere to applicable laws in relation to conducting clinical trials. The condition we rely on for processing special categories of data is Article 9(2)(a) - Explicit Consent.

Where do we store it?

As well as using data application providers and suppliers to manage our services, data will be also stored by Clinical Research Facility and in sponsor defined software. It is our general practice to use applications where we can store data in the UK, EEA or countries deemed ‘adequate’ under GDPR.

When we use an application that stores data outside of these zones such as Typeform and Mailchimp, we will use appropriate measures to secure the transfer, including the US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken. If this applies, we will indicate the importer country, otherwise the data resides in the GDPR zone.

How long do we keep it for?

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

In its capacity as a data controller, we will, on a need-to-know basis, request, collect and process suitable personal data including sensitive information based on the person’s explicit consent, which may be collected via telephone calls. We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this.

Most commonly, we will use your personal data in the following circumstances: where we need to perform the contract, we are about to enter into or have entered into with you, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests and where we need to comply with a legal obligation such as confirm your identity when you sign up to the trial, keep records of information we hold about you in line with legal requirements, adhere to applicable laws in relation to conducting clinical trials. The condition we rely on for processing special categories of data is Article 9(2)(a) - Explicit Consent.

Where do we store it?

As well as using data application providers and suppliers to manage our services, data will be also stored by Clinical Research Facility and in sponsor defined software. It is our general practice to use applications where we can store data in the UK, EEA or countries deemed ‘adequate’ under GDPR.

We use an application that stores data outside of these zones such Typeform, we will use appropriate measures to secure the transfer, including the US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken. If this applies, we will indicate the importer country, otherwise the data resides in the GDPR zone.

How long do we keep it for?

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

In its capacity as a data controller, we will, on a need-to-know basis, request, collect and process suitable personal data including sensitive information based on the person’s explicit consent, which may be collected via telephone calls and questionnaires. We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this.

Most commonly, we will use your personal data in the following circumstances: where we need to perform the contract, we are about to enter into or have entered into with you, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests and where we need to comply with a legal obligation such as confirm your identity when you sign up to the trial, keep records of information we hold about you in line with legal requirements, adhere to applicable laws in relation to conducting clinical trials. The condition we rely on for processing special categories of data is Article 9(2)(a) - Explicit Consent.

Where do we store it?

As well as using data application providers and suppliers to manage our services, data will be also stored by Clinical Research Facility and in sponsor defined software. It is our general practice to use applications where we can store data in the UK, EEA or countries deemed ‘adequate’ under GDPR.

When we use an application that stores data outside of these zones such as Typeform, we will use appropriate measures to secure the transfer, including the US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken. If this applies, we will indicate the importer country, otherwise the data resides in the GDPR zone.

How long do we keep it for?

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you send us an enquiry via our website, we ask for your name, email address and the reason for contacting us so we could past this on to the right team. We use this information to get in touch with you and provide you with further information about our services. We record calls using 'Advanced Communications' to do this for training and reference purposes.

We may also collect information about your usage of this website as you and others browse our website (see our Cookies Policy). You have the option of cancelling your registration and removing your information from the database each time you receive an automated e-mail alert by clicking on an unsubscribe link. The legal basis we rely on for this processing is Article 6(1)(f) of the GDPR - Legitimate Interest and the condition we rely on for processing special categories of data is Article 9(2)(a) - Explicit Consent.

Where do we store it?

We use some data application providers and suppliers to manage our services. It is our general practice to use applications where we can store data in the UK, EEA or countries deemed ‘adequate’ under GDPR.

If we use an application that stores data outside of these zones, we will use appropriate measures to secure the transfer, including the US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken. If this applies, we will indicate the importer country, otherwise the data resides in the GDPR zone.

How long do we keep it for?

We will retain your name and email address on a marketing list, for 5 years from the date you last contacted us in line with our retention schedule unless you unsubscribe sooner. Anyone who unsubscribes will be transferred to our ‘do not contact list’. We retain your name and email address so that we know not to contact you with marketing messages.

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you sign up to receive our newsletter, we collect email address so that we can keep in touch with you. The legal basis we rely on for this processing is Article 6(1)(a) of the GDPR – Consent.

Where do we store it?

We use some data application providers and suppliers to manage our services. It is our general practice to use applications where we can store data in the UK, EEA or countries deemed ‘adequate’ under GDPR.

If we use an application that stores data outside of these zones, we will use appropriate measures to secure the transfer, including the US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken. If this applies, we will indicate the importer country, otherwise the data resides in the GDPR zone.

We make use of a US based Customer Relationship Management (CRM) software, US based email provider, and a US based mail merge system, to share marketing messages with our newsletter subscribers.

How long do we keep it for?

We will retain email address on a marketing list, for 5 years in line with our retention schedule unless you unsubscribe sooner. Unsuscribers data will be deleted from our database, but we will keep a ‘do not contact list’ which contains name and email address.

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When we raise awareness of our company, you will be asked whenever you complete a form to provide your consent to confirm whether you are happy to be contacted for marketing purposes. You can contact us at any time to unsubscribe from marketing, either by following the link in our emails, or by emailing hello@clerkenwellhealth.com. The legal basis we rely on for this is Article 6(1)(a) of the GDPR – Consent.

We make use of marketing lists to raise awareness of our business. In order to target companies that we believe will benefit from our offering, we use marketing databases to find name, company name, phone numbers and company email addresses. We screen this data against the Telephone Preference Service and our own ‘do not contact’ list before using it. The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interest.

Occasionally we attend events and conference to raise awareness of our business and services. Event organisers may share event attendee names, company names, and company email addresses with us for marketing purposes. We may also take your business card or contact details from you directly during events. The legal basis we rely on for this is Article 6(1)(f) of the GDPR - Legitimate Interest.

Where do we store it?

We use some data application providers and suppliers to manage our services. It is our general practice to use applications where we can store data in the UK, EEA or countries deemed ‘adequate’ under GDPR.

If we use an application that stores data outside of these zones, we will use appropriate measures to secure the transfer, including the US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken. If this applies, we will indicate the importer country, otherwise the data resides in the GDPR zone.

How long do we keep it for?

We'll retain your name, company name, phone number, and email address on a marketing list, in line with our retentions schedule unless you unsubscribe. Anyone else who does not wish to be contacted will be transferred to our ‘do not contact list’. We retain name, company, email, phone number so that we know not to contact you, and all supplementary information will be deleted.

What personal data do we collect, why do we collect it, and what legal basis do we rely on?

Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.

When you sign up to one of our events, we will ask you to provide some information about yourself, such as your name and email, to send you an invitation and joining link, as well as your contact details, company name, job title, interests and expectations and payment details (if it is a paid event). We will rely on Article 6(1)(b) of the GDPR - Contractual Obligation and Article 6(1)(f) of the GDPR - Legitimate Interest for this processing.

When you join the event, your name and live image may appear on screen. We will rely on Article 6(1)(f) of the GDPR - Legitimate Interest for this processing.

If we record our events, your name and live image may be captured in the video recording. Any contributions you make will also be captured. We may share these recording with attendees, or may publish the recordings to our website, YouTube, social media. You will be informed in advance if an event is going to be recorded, and how it will be shared. We will rely on Article 6(1)(f) of the GDPR - Legitimate Interest for this processing.

Following an event, we may send feedback surveys and emails with information about new events that we think will interest you. We rely on Article 6(1)(a) of the GDPR - Consent for this processing.

Where do we store it?

We use some data application providers and suppliers to manage our services. It is our general practice to use applications where we can store data in the UK, EEA or countries deemed ‘adequate’ under GDPR.

If we use an application that stores data outside of these zones, we will use appropriate measures to secure the transfer, including the US-UK Privacy Framework, Standard Contractual Clauses (SCCs) and the UK Addendum where appropriate, or the UK International Data Transfer Agreement (IDTA). Any necessary Transfer Risk Assessments will be undertaken. If this applies, we will indicate the importer country, otherwise the data resides in the GDPR zone.

How long do we keep it for?

Clerkenwell Health will only retain the personal information provided by you for as long as is reasonably necessary and in compliance we applicable laws for the purposes listed in this policy. We will retain your event attendance data for 2 years in line with our business needs. We keep financial data for a minimum of 6 years, in line with UK law.