Privacy Policy

Neon Healthcare Limited Privacy and Cookies Policy

Privacy Policy

Neon Healthcare Ltd (“Neon Healthcare“) knows that you care about your personal data and how it is used. We respect your privacy and are committed to protecting your personal data. We want you to trust that we use your personal data carefully. This Privacy Notice will:

  • Understanding Our Processes: help you understand how and why we collect and look after your personal data;
  • Your Rights: tell you about your privacy rights and how the law protects you; and
  • Cookies: Explain how and why cookies (and other similar technologies) are used on our website and how we protect and control any personal data provided to or collected by us via cookies and other tracking technologies.

Neon Healthcare acts as the data controller for personal data.

1. Introduction:

Personal Data: We are committed to safeguarding the privacy of your personal data in accordance with all applicable laws and regulations. We will, in the United Kingdom, protect your rights in accordance with the provisions of the UK GDPR which encompasses the following laws and regulations:

“The retained EU law version of the General Data Protection Regulation ((EU) 2016/679), the Data Protection Act 2018 and all laws and regulations made thereunder or in respect thereof, other relevant data protection laws and any successor laws and regulations to the same, as shall be in force from time to time.”

Personal data means any information that can be used to identify directly or indirectly a specific individual and can include:

  • Name;
  • Email address;
  • Country of residence;
  • Address;
  • Telephone number;
  • Occupation (for example, if you are a Healthcare Professional seeking information about our products);
  • Technical information about your device, such as your IP address, device type, device and advertising identifiers, browser type and version, and other standard server log information; and
  • Other personal data you choose to provide to us.

Collection of Data: We may, as described in Section 2 below, collect personal data through this website, the completion of an online form, through the receipt of an email or other electronic communication, including telephone calls,  or in any other way in which we collect personal data, whether or not by automated means.  It also applies to our marketing content, including offers and advertisements for our products and services, which we (or a service provider acting on our behalf) may send to you on third-party websites, platforms and applications based on your site usage information.

Other Personal Data Collected: This Privacy Notice does not cover how we process the personal data from our employees, consultants or other members of staff or which may be shared with us by healthcare professionals in accordance with the requirements of relevant pharmacology laws and regulations. Such personal data, as described in more detail in Section 2 below, is subject to other more specified privacy notices issued or provided by us to the relevant persons.

Telephone Calls and Emails: Incoming telephone calls to us will always begin with a message directing the caller to this Privacy Notice on our website and all outgoing emails from us will also provide the recipient with a link to this Privacy Note ensuring that they are aware of the terms on which we process personal data.

Role of Data Controller: This policy applies where we are acting as a data controller with respect to the personal data we collect; in other words, where we determine the purposes and means of the processing of that personal data.

Use of Cookies: We use cookies on our website. Insofar as those cookies are not strictly necessary for the provision of our website, we will ask you to consent to our use of cookies when you first visit our website.

Definitions: In this Privacy Notice, “we,” “us” and “our” refer to Neon Healthcare Ltd. For more information about us, please see Section 16.

2. How we use your Personal Data:

Introduction:  In this Section 2, we have set out:

  • General Categories of Personal Data: the general categories of personal data that we may process;
  • Specific Categories of Personal Data: in the case of personal data that we did not obtain directly from you, the source and specific categories of that personal data;
  • Purposes for Processing: the purposes for which we may process personal data; and
  • Legal Bases of Processing: the legal bases of the processing of personal data.

Overarching Principles and Consent:

  • Limited Purposes: We collect, process and disclose your personal data only for specific and limited purposes. For example, to process payments, to assess and manage any complaints, to develop and improve our products, services, communication methods and the functionality of our website.
  • Consent:  We process almost all of the personal data we receive on the basis that consent has been given by the individual providing such personal data. You give consent either by a statement or positive action. Accessing, for example, our website, is a form of consent as it demonstrates that by using our website you have accepted the terms on which we process any personal data, which you may provide to us.

Other Legal Bases for Processing:

The other legal bases under which we may, in the future, process personal data are described below.

  • Profiling: We may, in the future, also create profiles by analysing the information about your online surfing, searching and interests and your interactions with our communications.
  • Automated Processing: We may, also in the future process, your personal data using automated means. An automated decision is a decision which is made solely by automatic means, where no humans participate in the decision-making process related to your personal data.

If we undertake any Profiling or Automated Processing of Personal Data in the future, then we will ensure that you will be notified through this, and any other, privacy notices which we are required to provide in accordance with the UK GDPR and any applicable laws and regulations in any other applicable jurisdiction.

Processing Particular Categories of Personal Data:

The remainder of this Section describes how we process particular categories of personal data.

  • Usage Data: We may process data about your use of our website and services (“usage data “). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our Google analytics or other tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is consent.
  • Enquiry Data: We may process information contained in any enquiry you submit to us regarding services (“enquiry data “). The enquiry data may be processed for the purposes of offering, marketing and selling relevant services to you. The legal basis for this processing is consent.
  • Customer Relationship Data: We may process information relating to our customer relationships, including customer contact information (“customer relationship data “). The customer relationship data may include your name, your contact details, and information contained in communications between us and you. The sources of our customer relationship data are our customers. The customer relationship data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications and promoting our products and services to customers. The legal basis for this processing is consent.
  • Supplier and Contractor Relationship Data: We may process information relating to our supplier and contractor relationships, including contact information (“Supplier and Contractor relationship data “). The Supplier and Contractor relationship data may include your name, your contact details, and information contained in communications between us and you. The sources of our Supplier and Contractor relationship data are our suppliers and contractors. The Supplier and Contractor relationship data may be processed for the purposes of managing our relationships with suppliers and contractors, communicating with suppliers and contractors for the purpose of our business and keeping records of those communications. The legal basis for this processing is consent.
  • Sensitive Personal Data: Certain categories of personal data, such as race, ethnicity, religion, health, sexuality or biometric data are classified as either “sensitive personal data” or “special categories of data” and benefit from additional protection by law. We limit the circumstances where we collect and process these special categories of data to essentially personal data from our employees, consultants or other members of staff and in respect of enquiries relating to our own medicinal products from patients or their representatives or healthcare professionals.

We use information provided for medical enquiries only to respond to those specific enquiries and, if applicable, to provide you with additional guidance (for example, to inform you of your right to submit an adverse event report).

By providing us with your sensitive personal data, you consent to us processing this data for the purposes set out in this Privacy Notice or any other specified privacy notice provided by us to you. The legal basis for this processing is consent.

  • Correspondence Data: We may process information contained in or relating to any communication that you send to us (“correspondence data “). The correspondence data may include the communication content and metadata associated with the communication. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users. The legal basis for this processing is consent.
  • Legitimate Interests Processing: We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
  • Reasons for Legitimate Interests Processing: We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
  • Legal Obligation and Vital Interests Processing: In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. The legal basis for this processing is legal compliance and vital interests.

Prohibition on the Supply of Other Persons’ Personal Data: Please do not supply any other person’s personal data to us unless we prompt or ask you to do so.

3. Providing your Personal Data to Third Parties:

Disclosure within Neon Healthcare: We may disclose your personal data to any staff member of Neon Healthcare as far as reasonably necessary for the performance of his/her role within Neon Healthcare and on the legal bases, which are described in this Privacy Notice.

Insurers and/or Professional Advisers: We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court or tribunal proceedings or in an administrative or out-of-court procedure.

Suppliers and Contractors: We may disclose your Personal Data to our suppliers or contractors as far as reasonably necessary for business purposes.

Legal Obligation and Vital Interests: In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which Neon Healthcare is subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Processing Personal Data outside the United Kingdom: Your personal data may also be shared with third parties engaged by us outside the United Kingdom, this will generally be done under:

  • Adequacy Approval: the personal data is processed in a third-party country; the data protection laws and regulations of which have been confirmed by the United Kingdom to have an adequate level of protection for your rights.
  • Contractual Protections: agreements based on the standard contractual clauses approved by the United Kingdom to ensure that the information is protected in the same way that it would be if it were processed within the United Kingdom, unless you have provided us with explicit consent for such processing.

4. Retaining and Deleting Personal Data:

Data Retention Policies and Procedure: This Section 4 sets out our data retention policies and procedure, which are designed to help ensure that Neon Healthcare complies with its legal obligations in relation to the retention and deletion of personal data.

Retention No Longer than Necessary: Personal data that we process for any purpose or purposes shall not be kept for any longer than is necessary for that purpose or those purposes.

Standard Retention Period: We will retain your personal data, for a maximum period of ten years, subject to the following provisions.

Derogation from the Standard Retention Period: In some cases, a shorter Retention Period may apply to your personal data which we will determine on the specific circumstances in which we receive and process the personal data.

Extended Periods of Retention: We may have to retain your personal data for longer than the Standard Retention Period where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. However, we will still only retain such personal data for no longer than is necessary for the relevant purpose or purposes.

5. Security of Personal Data:

Technical and Organisational Precautions: Neon Healthcare takes the security of your personal data very seriously. We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.

Security Measures:  Our measures, taking into account, for example, the technological and regulatory protections and guidelines, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for your rights, include implementing appropriate access controls and information security capabilities to protect our IT environment and ensuring we encrypt, pseudonymise and anonymise personal data, wherever possible.

Data Transmission: You acknowledge that the transmission of data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet, including by email.

6. Amendments:

Changing our Policy: We may update this Privacy Policy from time to time to reflect feedback and changes in our products and services by publishing a new version on our website. When we post changes to this Privacy Notice, we will revise the “last updated” date at the bottom of this Privacy Notice.

Verification of Any Changes to the Privacy Policy: You should check this page occasionally to ensure you are happy with any changes to this Privacy Policy.

Notification of Changes by Neon Healthcare: If the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of the Privacy Notice changes).

Changes in Rights under this Privacy Notice: We will not reduce your rights under this Privacy Notice without your consent.

Prior Versions of this Privacy Notice: We will also keep prior versions of this Privacy Notice in an archive for your review.

7. Your Rights:

Introduction:

Overview of the Rights of a Data Subject: In this Section 7, we have summarised the data protection rights that you have under the UK GDPR. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read:

  • UK GDPR: the relevant laws and regulations comprising the UK GDPR; and
  • Regulatory Guidance: the guidance from the relevant regulatory authorities for a fuller explanation of these rights. For the United Kingdom, the regulator is the Information Commissioners Office (ICO), whose website can be found at: https://ico.org.uk/.

Principal Rights: Your principal rights under UK GDPR are:

  • the right to access;
  • the right to withdraw consent;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to object to processing;
  • the right to data transferability/portability; and
  • the right to complain to the ICO.

The Principal Rights described in more detail:

  • Right of Access: You have the right to confirmation as to whether or not we process your personal data and, where we do, to access the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.
  • Withdrawal of Consent: To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal. We will promptly honour any withdrawal of consent.
  • Right to Rectification: You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
  • Right to Erasure: In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include:
  • Processing No Longer Necessary: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • Withdraw Consent: you withdraw consent to consent-based processing;
  • Objection to Processing: you object to the processing under certain rules of applicable data protection law;
  • Direct Marketing Processing: the processing is for direct marketing purposes; and
  • Unlawful Processing: the personal data have been unlawfully processed.

However, there are exclusions to the right to erasure. The general exclusions include:

  • Necessity to Process: where processing is necessary;
  • Exercise of Rights: for exercising the right of freedom of expression and information;
  • Legal Obligation Compliance: for compliance with a legal obligation; or
  • Legal Claims: for the establishment, exercise or defence of legal claims.
  • Right to Restrict the Processing of Personal Data: In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are:
  • Contesting Accuracy: you contest the accuracy of the personal data;
  • Opposition of Erasure of Personal Data: processing is unlawful, but you oppose erasure;
  • Personal Data No Longer Needed: we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and
  • Objection to Processing: you have objected to processing, pending the verification of that objection.

Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

  • Right to Object to our Processing of your Personal Data: You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that we are processing the personal data for:
  • Public Interest: the performance of a task carried out in the public interest;
  • Official Authority: in the exercise of any official authority vested in us;
  • Legitimate Interests: the purposes of the legitimate interests pursued by us or by a third party;
  • Research: for scientific or historical research, or statistical purposes; or
  • Direct Marketing: for direct marketing purposes.

If you make such an objection, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims. In particular:

  • Direct Marketing: If, in the future, we are processing your personal data for direct marketing purposes (including profiling for direct marketing purposes). You may make an objection you such processing for direct marketing purposes and we will cease to process your personal data for this purpose; and
  • Processing by Automated Means: To the extent that, in the future, we are processing your personal data by automated means and the legal basis for such processing is either:
  • consent; or
  • that the processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
  • Complaint to the ICO: If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with the ICO, which is responsible for data protection in the United Kingdom.

For more information, please follow this link:  https://ico.org.uk/make-a-complaint.

Making a Request to Exercise Your Rights:

  • Written or Verbal Notice: You may exercise any of your rights in relation to your personal data by written or verbal notice to us in addition to any of the other methods specified in this Section 7.
  • Contacting Us: In order to exercise your rights, including the right of access to your personal data described in this Section, you may contact by emailing us, including the Neon Healthcare a Data Protection Officer (DPO), at office@neonhealthcare.com or calling our office number on +44 (0) 1992 92 6330.
  • Security Check: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data and/or to exercise any of your other data protection rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
  • No Payment: Generally, there will be no charge for any application to exercise any right described above following a request from or, on behalf of, such Data Subject. If the request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with the request in these circumstances.

8. Third-Party Websites:

Hyperlinks: Our website includes hyperlinks to, and details of, third party websites.

No Responsibility etc. for Third Parties: We have no control over, and are not responsible for, the privacy policies and practices of third parties.

9. Personal Data of Children:

Target of Our Website: Our website and services are targeted at persons over the age of 18.

Deletion of Data: If we have reason to believe that we hold personal data of a person under the age of 18 in our databases, we will delete that personal data unless:

  • Adverse Event Reporting: it relates to an Adverse Event Reporting (which is the process of the documentation and evaluation of undesirable experience associated with the use of medical products or treatments) in which case we are legally obliged to retain the relevant personal data; or
  • Exercise of Rights: the personal data relates to the exercise of the rights described in this Privacy Notice by a person under the age of 18.

10. Updating Information:

Correction of Personal Data: Please let us know if the personal information that we hold about you needs to be corrected or updated by using contact details in either Section 7 or 16.

11. Acting as a Data Processor:

Data Processor: In respect of personal data provided to us, we act as a data controller and processor.

12. About Cookies:

Introduction: We use technology on our website to collect information that helps us enhance your experience and our products and services. The cookies that we use at Neon Healthcare allow our website to work and help us to understand what information is most useful to the visitors to our website. Please take a moment to familiarise yourself with our cookie practices and let us know if you have any questions by sending us an email.

What is a Cookie:  Cookies, pixel tags and similar technologies (collectively ‘cookies’) are files containing small amounts of information which are downloaded to any internet enabled device – such as your computer, smartphone or tablet – when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different and useful jobs, such as remembering your preferences, generally improving your online experience, and helping us to offer you the best product and services.

Storing Personal Information: Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

13. Cookies that we use:

Purposes for Using Cookies: We use cookies for the following purposes:

  • Authentication – we use cookies to identify you when you visit our website and as you navigate our website (cookies used for this purpose are: neonhealthcare.com);
  • Personalisation – we use cookies to store information about your preferences (cookies used for this purpose are: com);
  • Security – we use cookies as an element of the security measures to protect our website and services generally (cookies used for this purpose are: com);
  • Analysis – we use cookies to help us to analyse the use and performance of our website and services (cookies used for this purpose are: Google Analytics); and
  • Cookie Consent – we use cookies to store your preferences in relation to the use of cookies more generally (cookies used for this purpose are: com).

14. Cookies used by our Service Providers:

Cookies from Service Providers: Our service providers use cookies, and those cookies may be stored on your computer when you visit our website.

Analysis of the Neon Healthcare Website: We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://policies.google.com/privacy.

User-Interactions Measurements: We use Google Analytics to measure user-interactions on website. No personal data is collected, and users can not be identified. This service uses cookies for measure how users interact with website content.

You can view the privacy policy of this service provider at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

15. Managing cookies:

Refusing to Accept or Deleting Cookies: Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

Negative Impact: Blocking all cookies will have a negative impact upon the usability of many websites.

Consequences on Blocking Cookies:  If you block cookies, you will not be able to use all the features on our website.

16. Our details:

Operator of Website: This website is owned and operated by Neon Healthcare.

Corporate Details and Address: We are registered in England and Wales under registration number 6844351 and our registered office is at 8 The Chase, John Tate Road, Hertford, Hertfordshire, SG13 7NN.

Principal Place of Business: Our principal place of business is at 8 The Chase, John Tate Road, Hertfordshire, SG13 7NN.

Contact: Neon Healthcare has appointed a Data Protection Officer (DPO), who can be contacted by:

  • Post: by post, to the postal address given in this Section;
  • Telephone: by telephone to +44 (0) 1992 92 6330; and
  • Email: by email, using the following email address: office@neonhealthcare.com.

Privacy Notice Revised on: 11 October 2024

Close menu