Privacy Policy

This notice tells you how we look after your personal data if you provide it to us while interacting with any of the companies within Qualasept Pharmaxo Holdings Limited (“QPHL”), which operates as “Pharmaxo”.

You can view our cookie policy here.

Pharmaxo is the parent company to each of the following subsidiaries:

Qualasept Limited (trading as “Bath ASU”)
Pharmaxo Pharmacy Services Limited (trading as “Pharmaxo Healthcare”)
Corsham Science Limited (trading as “Pharmaxo Scientific”)

Pharmaxo employees carry out a number of functions to support the subsidiaries, such as Marketing, IT, Finance, Information Governance, HR, and Legal.

Purpose of this Privacy Notice

This notice sets out what information we collect about you, what we use it for, and who we share it with. It also explains your rights and what to do if you have any concerns.

We may sometimes need to update this notice to reflect any changes to the way companies within the Pharmaxo group manage their operations, or to comply with new legal requirements.

We will notify you of any important changes before they take effect, and the latest version is always available on our company websites:

Pharmaxo – pharmaxo.com/privacy-policy
Bath ASU – bathasu.com/privacy
Pharmaxo Healthcare – pharmaxohealthcare.com/privacy
Pharmaxo Scientific – pharmaxoscientific.com/privacy-policy

Who We Are and Other Important Information

Data privacy is governed at Pharmaxo group level, and all companies within the Pharmaxo group have a shared Data Protection Officer.

Qualasept Pharmaxo Holdings Group (operating as Pharmaxo), a company registered in England under company number 06981369 whose registered office is at 3 Corsham Science Park, Park Lane, Corsham, Wiltshire, SN13 9FU. QPHL is also registered with the Information Commissioners Office (“ICO”), registration number ZB051861.

Qualasept Limited (trading as Bath ASU), a company registered in England under company number 05548345, whose registered office is at 3 Corsham Science Park Lane, Corsham, Wiltshire, SN13 9FU. ICO registration number: Z123853X

Pharmaxo Pharmacy Services Limited (trading as Pharmaxo Healthcare), a company registered in England under company number 06982573 whose registered office is at 1 Corsham Science Park Lane, Corsham, Wiltshire, SN13 9FU. ICO registration number: Z3088075

Corsham Science Limited (trading as Pharmaxo Scientific), a company registered in England under company number 11317798 whose registered office is at 3 Corsham Science Park Lane, Corsham, Wiltshire, SN13 9FU. ICO registration number: ZA723440

Contact Details

If you have any questions about this privacy notice or the way that we use information, please get in touch using the following details:

FAO: Data Protection Officer
Email address: DPO@pharmaxo.com
Postal address: 3 Corsham Science Park, Park Lane, Corsham, Wiltshire, SN13 9FU

Website Visitors

What personal data do we collect?

Your name, email address and other details if you fill one of our online forms.

If you have accepted cookies, then we may also hold the following personal data for you:

Technical data about the device used by you to access our website which we obtain through server logs and the use of cookies and similar technologies (see below), including the internet protocol (IP) address of the device and characteristics of such device.
Usage data about your visit, which we obtain through server logs and the use of cookies and similar technologies (see below), including the pages viewed by you, how you moved about our website and how you interacted with particular pages.
We also collect and use aggregated data such as statistical or demographic data for any purpose. This aggregated data could be derived from your personal data but isn’t considered personal data as this data won’t directly or indirectly reveal your identity. We don’t combine aggregated data with other data in order to identify you.

What do we use your personal data for?

Responding to your enquiry or sending you regular information you have requested.
Administering our website through reporting, and testing.
Protecting our website through security monitoring
Improving and optimising our website and marketing.

What is our lawful basis for using your personal data?

There are six available legal grounds for using personal data. The grounds relied upon by us for the above purposes are:

We’ll rely on the consent you give when accepting non-essential cookies on our website to use your personal data for analytical and advertising purposes.
We’ll access our server logs based on our legitimate interests in protecting the security and stability of our website and understanding how our website is used by visitors.

Who will we share your personal data with?

Staff within our company group, which may include self-employed consultants
Those providing technical services to us, such as cloud service providers that host our business systems.

How long will we keep your personal data for?

We will retain your personal data for as long as is necessary to fulfil our obligations to you or 12 months, whichever is longer
Where we’ve configured the analytics and advertising tools that we use to anonymise the IP address of your device so that we can’t identify you, we may retain this data indefinitely.

The Information We Collect About You

Personal data means any information which does (or could be used to) identify a living person either directly or indirectly.

We have grouped together the types of personal data that we collect and where we receive it from below:

Type of Personal Data	Received From
Identity Data – name, title	You Referring health provider Commercial databases Freely available information on internet
Contact Data –address, telephone, email address	You Referring health provider Commercial databases Freely available information on internet
Location Data – your place of work, device location if you log into our systems remotely	You (including via cookies and similar technologies)
Media – images, videos, audio recorded in meetings, recorded at events or sent to us for publication.	You Virtual meetings software Event photography / videography
Feedback – information and responses you provide when completing surveys and questionnaires	You
Profile Data – Username, password, chat logs, audit trail of systems used and documents accessed and downloaded	You External company systems
Sensitive Data – Information you choose to provide as part of our diversity or other questionnaires / surveys or are collected in order to provide the healthcare services we provide to you	You
Technical Data – Internet protocol (IP) address, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating systems, and platform on the devices you use to access Pharmaxo websites	You (via cookies and similar technologies) See Cookies Policy

How we use your information

We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:

do something that you have given your consent for or requested
pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g., your right to privacy)
comply with a legal obligation that we have
(in very rare circumstances) to protect yours or another person’s vital interests (e.g., disclose medical information to an attending paramedic, inform your nominated emergency contact)

The table below sets out the lawful basis we rely on when we use your personal data.

If we intend to use your personal data for a new reason that is not listed in the table, we will update our personnel privacy notice and notify you.

Purposes	Justification
Providing and receiving goods and services	Contract
Asking you to participate in surveys and other types of feedback	Consent
Carrying out quality audits	Legitimate interests (necessary to improve and optimise our practices)
Monitoring physical presence at premises (e.g., sign in at reception, CCTV footage)	Legitimate interests (necessary to monitor physical building security, to investigate allegations of inappropriate behaviour)
To review the circumstances of specific incidents, complaints, or queries.	Legitimate interests (necessary to improve and optimise our practices)
Reporting specific incidents to regulatory authorities such as the Health and Safety Executive and Public Health England.	Legal obligation
Reporting specific incidents to our insurers	Reporting specific incidents to our insurers Legitimate interests (necessary to engage the cover arranged under our insurance policies and to maintain appropriate insurance cover in relation to our activities)
Dealing with legal disputes involving you or our staff	Legitimate interests (necessary to defend legal claims)
Trialling new applications and technology that would improve our ability to provide services	Legitimate interests (necessary to improve and optimise the provision of our services)
Patient Safeguarding Obligations	Regulations from Care Quality Commission and General Pharmaceutical Council

Who we share your information with

We share (or may share) your personal data with:

Pharmaxo personnel: Pharmaxo employees (or other types of workers) who have contracts containing confidentiality and data protection obligations. Some examples are the legal team and the IT team.
Joint controllers: where you are working with us through a partner organisation.
Regulatory authorities: such as Public Health England, and the Health and Safety Executive.
Pharmaxo professional advisers such as our legal advisors where we require specialist advice.
Our insurers: to the extent necessary to ensure that Pharmaxo and its subsidiaries can engage the cover arranged under its insurance policies and maintain appropriate cover in relation to our activities.
Certain suppliers: where necessary to fulfil our obligations to you as a customer or patient. E.g. customer / patient management systems and communication tools.

If Pharmaxo and its subsidiaries were asked to provide personal data in response to a court order or legal request (e.g., from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.

Where your information is located or transferred to

We will only transfer information outside of the UK where we have a valid legal mechanism in place (to make sure that your personal data is guaranteed a level of protection, regardless of where in the world it is located, e.g., by using contracts approved by the European Commission or UK Secretary of State).

Pharmaxo follow guidance from the ICO on international transfers to ensure as detailed at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-transfers-a-guide/

If you access applications whilst abroad then you are recommended to follow the OfCOM advice which can be found here https://ico.org.uk/media/your-data-matters/documents/2346/apps-consumer-guide.pdf which details tips on how to stay safe abroad whilst using your mobile or other devices.

How we keep your information safe

We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:

Access controls and user authentication
Internal IT and network security
Regular testing and review of our security measures
Staff policies and training
Incident and breach reporting processes
Business continuity and disaster recovery processes

If there is an incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law).

Where we act as a joint controller for the affected personal data, we notify the other joint controller to arrange between ourselves who will lead the investigation and submit any report to the regulator.

If you have any concerns about the security of your data shared with us, please notify our Data Protection Officer at this email address: DPO@pharmaxo.com.

How long we keep your information

Where we act as the controller, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.

To decide how long to keep personal data (also known as its retention period), Pharmaxo and its subsidiaries considers the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g., by using aggregated data instead), and any applicable legal requirements.

Pharmaxo also follow the Records Management Code of Practice (https://transform.england.nhs.uk/information-governance/guidance/records-management-code/) a guide for health and care services.

Your legal rights

You have specific legal rights in relation to your personal data. If you wish to exercise any of these rights, please email our Data Protection Officer: DPO@pharmaxo.com. Each case in relation to your legal rights is taken on a case-by-case basis and not all rights may be applicable, and you will be informed of any outcome directly where this is the case.

It is usually free for you to exercise your rights and we aim to respond within one month (although we may ask you if we can extend this deadline up to a maximum of two months if your request is particularly complex or we receive multiple requests at once).

We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. If this happens, we will always inform you in writing. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive.

Where we act as a joint controller, we inform the other organisation that acts with us that you have made a request. We will always let you know in writing what our approach will be.

Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.

Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.

Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (see below). If we think there is a good reason to keep the information you have asked us to delete (e.g., to comply with regulatory requirements), we will let you know and explain our decision.

Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it (e.g., whilst you check that the personal data we hold for you is correct).

Objection: You can object to us using your personal data if you want us to stop using it. We always comply with your request if you ask us to stop sending you marketing communications but in other cases, we decide whether we will continue. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.

Portability: You can ask us to send you or another organisation an electronic copy of your personal data.

Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the ICO or another relevant supervisory body, but we hope that we can respond to your concerns before it reaches that stage. You should speak to our Data Protection Officer (DPO@pharmaxo.com) in the first instance.

Additionally, you have the right to complain to the Information Commissioner if you should ever be dissatisfied with the way the Pharmaxo Group has handled or shared your personal information:

The Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 or visit https://ico.org.uk/

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.n
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.