Privacy policy
This notice tells you how we look after your personal data if you provide it to us while interacting with any of the companies within Qualasept Pharmaxo Holdings Limited (“QPHL”), which operates as “Pharmaxo”.
You can view our cookie policy here.
Pharmaxo is the parent company to each of the following subsidiaries:
- Qualasept Limited (trading as “Bath ASU”)
- Pharmaxo Pharmacy Services Limited (trading as “Pharmaxo Healthcare”)
- Corsham Science Limited (trading as “Pharmaxo Scientific”)
Pharmaxo employees carry out a number of functions to support the subsidiaries, such as Marketing, IT, Finance, Information Governance, HR, and Legal.
Purpose of this Privacy Notice
This notice sets out what information we collect about you, what we use it for, and who we share it with. It also explains your rights and what to do if you have any concerns.
We may sometimes need to update this notice to reflect any changes to the way companies within the Pharmaxo group manage their operations, or to comply with new legal requirements.
We will notify you of any important changes before they take effect, and the latest version is always available on our company websites:
- Pharmaxo – pharmaxo.com/privacy-policy
- Bath ASU – bathasu.com/privacy
- Pharmaxo Healthcare – pharmaxohealthcare.com/privacy
- Pharmaxo Scientific - pharmaxoscientific.com/privacy-policy
Who We Are and Other Important Information
Data privacy is governed at Pharmaxo group level, and all companies within the Pharmaxo group have a shared Data Protection Officer.
Qualasept Pharmaxo Holdings Group (operating as Pharmaxo), a company registered in England under company number 06981369 whose registered office is at 3 Corsham Science Park, Park Lane, Corsham, Wiltshire, SN13 9FU. QPHL is also registered with the Information Commissioners Office (“ICO”), registration number ZB051861.
Qualasept Limited (trading as Bath ASU), a company registered in England under company number 05548345, whose registered office is at 3 Corsham Science Park Lane, Corsham, Wiltshire, SN13 9FU. ICO registration number: Z123853X
Pharmaxo Pharmacy Services Limited (trading as Pharmaxo Healthcare), a company registered in England under company number 06982573 whose registered office is at 1 Corsham Science Park Lane, Corsham, Wiltshire, SN13 9FU. ICO registration number: Z3088075
Corsham Science Limited (trading as Pharmaxo Scientific), a company registered in England under company number 11317798 whose registered office is at 3 Corsham Science Park Lane, Corsham, Wiltshire, SN13 9FU. ICO registration number: ZA723440
Contact Details
If you have any questions about this privacy notice or the way that we use information, please get in touch using the following details:
FAO: Data Protection Officer
Email address: DPO@pharmaxo.com
Postal address: 3 Corsham Science Park, Park Lane, Corsham, Wiltshire, SN13 9FU
Website Visitors
What personal data do we collect?
- Your name, email address and other details if you fill one of our online forms.
If you have accepted cookies, then we may also hold the following personal data for you:
- Technical data about the device used by you to access our website which we obtain through server logs and the use of cookies and similar technologies (see below), including the internet protocol (IP) address of the device and characteristics of such device.
- Usage data about your visit, which we obtain through server logs and the use of cookies and similar technologies (see below), including the pages viewed by you, how you moved about our website and how you interacted with particular pages.
- We also collect and use aggregated data such as statistical or demographic data for any purpose. This aggregated data could be derived from your personal data but isn’t considered personal data as this data won’t directly or indirectly reveal your identity. We don’t combine aggregated data with other data in order to identify you.
What do we use your personal data for?
- Responding to your enquiry or sending you regular information you have requested.
- Administering our website through reporting, and testing.
- Protecting our website through security monitoring
- Improving and optimising our website and marketing.
What is our lawful basis for using your personal data?
There are six available legal grounds for using personal data. The grounds relied upon by us for the above purposes are:
- We’ll rely on the consent you give when accepting non-essential cookies on our website to use your personal data for analytical and advertising purposes.
- We’ll access our server logs based on our legitimate interests in protecting the security and stability of our website and understanding how our website is used by visitors.
Who will we share your personal data with?
- Staff within our company group, which may include self-employed consultants
- Those providing technical services to us, such as cloud service providers that host our business systems.
How long will we keep your personal data for?
- We will retain your personal data for as long as is necessary to fulfil our obligations to you or 12 months, whichever is longer
- Where we’ve configured the analytics and advertising tools that we use to anonymise the IP address of your device so that we can’t identify you, we may retain this data indefinitely.
The Information We Collect About You
Personal data means any information which does (or could be used to) identify a living person either directly or indirectly.
We have grouped together the types of personal data that we collect and where we receive it from below:
| Type of Personal Data | Received From |
| Identity Data – name, title | You Referring health provider Commercial databases Freely available information on internet |
| Contact Data –address, telephone, email address | You Referring health provider Commercial databases Freely available information on internet |
| Location Data - your place of work, device location if you log into our systems remotely | You (including via cookies and similar technologies) |
| Media – images, videos, audio recorded in meetings, recorded at events or sent to us for publication. | You Virtual meetings software Event photography / videography |
| Feedback – information and responses you provide when completing surveys and questionnaires | You |
| Profile Data – Username, password, chat logs, audit trail of systems used and documents accessed and downloaded | You External company systems |
| Sensitive Data – Information you choose to provide as part of our diversity or other questionnaires / surveys or are collected in order to provide the healthcare services we provide to you | You |
| Technical Data – Internet protocol (IP) address, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating systems, and platform on the devices you use to access Pharmaxo websites | You (via cookies and similar technologies) See Cookies Policy |
How we use your information
We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:
- do something that you have given your consent for or requested
- pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g., your right to privacy)
- comply with a legal obligation that we have
- (in very rare circumstances) to protect yours or another person’s vital interests (e.g., disclose medical information to an attending paramedic, inform your nominated emergency contact)
The table below sets out the lawful basis we rely on when we use your personal data.
If we intend to use your personal data for a new reason that is not listed in the table, we will update our personnel privacy notice and notify you.
| Purposes | Justification |
| Providing and receiving goods and services | Contract |
| Asking you to participate in surveys and other types of feedback | Consent |
| Carrying out quality audits | Legitimate interests (necessary to improve and optimise our practices) |
| Monitoring physical presence at premises (e.g., sign in at reception, CCTV footage) | Legitimate interests (necessary to monitor physical building security, to investigate allegations of inappropriate behaviour) |
| To review the circumstances of specific incidents, complaints, or queries. | Legitimate interests (necessary to improve and optimise our practices) |
| Reporting specific incidents to regulatory authorities such as the Health and Safety Executive and Public Health England. | Legal obligation |
| Reporting specific incidents to our insurers | Reporting specific incidents to our insurers Legitimate interests (necessary to engage the cover arranged under our insurance policies and to maintain appropriate insurance cover in relation to our activities) |
| Dealing with legal disputes involving you or our staff | Legitimate interests (necessary to defend legal claims) |
| Trialling new applications and technology that would improve our ability to provide services | Legitimate interests (necessary to improve and optimise the provision of our services) |
| Patient Safeguarding Obligations | Regulations from Care Quality Commission and General Pharmaceutical Council |
Who we share your information with
We share (or may share) your personal data with:
- Pharmaxo personnel: Pharmaxo employees (or other types of workers) who have contracts containing confidentiality and data protection obligations. Some examples are the legal team and the IT team.
- Joint controllers: where you are working with us through a partner organisation.
- Regulatory authorities: such as Public Health England, and the Health and Safety Executive.
- Pharmaxo professional advisers such as our legal advisors where we require specialist advice.
- Our insurers: to the extent necessary to ensure that Pharmaxo and its subsidiaries can engage the cover arranged under its insurance policies and maintain appropriate cover in relation to our activities.
- Certain suppliers: where necessary to fulfil our obligations to you as a customer or patient. E.g. customer / patient management systems and communication tools.
If Pharmaxo and its subsidiaries were asked to provide personal data in response to a court order or legal request (e.g., from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.
Where your information is located or transferred to
We will only transfer information outside of the UK where we have a valid legal mechanism in place (to make sure that your personal data is guaranteed a level of protection, regardless of where in the world it is located, e.g., by using contracts approved by the European Commission or UK Secretary of State).
Pharmaxo follow guidance from the ICO on international transfers to ensure as detailed at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-transfers-a-guide/
If you access applications whilst abroad then you are recommended to follow the OfCOM advice which can be found here https://ico.org.uk/media/your-data-matters/documents/2346/apps-consumer-guide.pdf which details tips on how to stay safe abroad whilst using your mobile or other devices.
How we keep your information safe
We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:
- Access controls and user authentication
- Internal IT and network security
- Regular testing and review of our security measures
- Staff policies and training
- Incident and breach reporting processes
- Business continuity and disaster recovery processes
If there is an incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law).
Where we act as a joint controller for the affected personal data, we notify the other joint controller to arrange between ourselves who will lead the investigation and submit any report to the regulator.
If you have any concerns about the security of your data shared with us, please notify our Data Protection Officer at this email address: DPO@pharmaxo.com.
How long we keep your information
Where we act as the controller, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
To decide how long to keep personal data (also known as its retention period), Pharmaxo and its subsidiaries considers the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g., by using aggregated data instead), and any applicable legal requirements.
Pharmaxo also follow the Records Management Code of Practice (https://transform.england.nhs.uk/information-governance/guidance/records-management-code/) a guide for health and care services.
Your legal rights
You have specific legal rights in relation to your personal data. If you wish to exercise any of these rights, please email our Data Protection Officer: DPO@pharmaxo.com. Each case in relation to your legal rights is taken on a case-by-case basis and not all rights may be applicable, and you will be informed of any outcome directly where this is the case.
It is usually free for you to exercise your rights and we aim to respond within one month (although we may ask you if we can extend this deadline up to a maximum of two months if your request is particularly complex or we receive multiple requests at once).
We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. If this happens, we will always inform you in writing. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive.
Where we act as a joint controller, we inform the other organisation that acts with us that you have made a request. We will always let you know in writing what our approach will be.
Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.
Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.
Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g., to comply with regulatory requirements), we will let you know and explain our decision.
Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it (e.g., whilst you check that the personal data we hold for you is correct).
Objection: You can object to us using your personal data if you want us to stop using it. We always comply with your request if you ask us to stop sending you marketing communications but in other cases, we decide whether we will continue. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.
Portability: You can ask us to send you or another organisation an electronic copy of your personal data.
Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the ICO or another relevant supervisory body, but we hope that we can respond to your concerns before it reaches that stage. You should speak to our Data Protection Officer (DPO@pharmaxo.com) in the first instance.
Additionally, you have the right to complain to the Information Commissioner if you should ever be dissatisfied with the way the Pharmaxo Group has handled or shared your personal information:
The Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 or visit https://ico.org.uk/
