Advena Ltd and Advena Medical Ltd Privacy Notice
The purpose of this notice is to provide information on how the Advena group of medical device consultants, specifically known as Advena Ltd and Advena Medical Ltd, hold and process business data and records.
What is “Personal Data?”
According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, and posts on social networking websites, medical information, or a computer’s IP address.”
The new EU GRDR regulations (General Data Protection Regulation) introduces new rules on processing and storing such personal data and on obtaining consent. A company may only collect personal data if they have a legal reason to do so and demands greater accountability and transparency from organisations about how they collect, process and store such personal information.
Hence the new regulation applies only to storage of PERSONAL data used mainly for marketing purposes. The Advena companies never collect or store any “personal” information on individuals, only on medical devices manufacturers who are, have been, or may be contracted with us as clients for offering regulatory advice and associated assistance.
As an addition these regulations indicate that businesses of less than 250 employees (such as Advena companies) are not bound to comply with any specific record keeping on specific individuals although we, of course, still consider the rights and freedoms of the businesses we communicate with but have no facilities for processing actual personal data that could result in a risk to the rights and freedoms of any individual.
The Advena group of companies never send out mail shots to individuals.
How we handle business data.
This Policy describes the privacy practices for Advena Medical Ltd. a UK registered business and Advena Ltd as registered both in the UK and the Republic of Malta.
This statement concerns our client network, clients being medical device manufacturers, or related businesses, which does not include specific individuals except for the purposes of having a contact point within these client businesses. Such clients may be those currently being contracted with plus previous clients or potential new clients who require, or may require regulatory or quality management services.
We provide our business services as a professional resource intended to support healthcare companies in their efforts to provide high quality medical devices. Clients can choose whether or not to receive newsletters or specific news items and will always have the option to opt-out from the receipt of related technical, regulatory, and business information.
Information collected and stored within our secure server. Information about our client services is collected as follows, but this is a non-exhaustive list as different clients have varied and different business requirement.
- Business name, address, and primarily contact person. Larger organisations may have two or more contact points.
- Medical device products or services involved
- The regulatory status of such businesses and their products.
Purpose of such stored information. Business data, including a client list, is only used for purposes of us providing regulatory and quality management services to businesses and never for contacting specific individuals for personal reasons.
Our client list may be used for the purposes of sending out our newsletter or news e-shots. Clients will always be offered the ability to opt out from receiving these. If a recipient no longer wish to receive a particular type of email communication from us they may unsubscribe by clicking the “unsubscribe” link located at the bottom of the email or by an alternative method of communication.
In all cases we assure clients and potential business customers that we would always only use contact names at businesses as a business contact point and only use it for that purpose.
We may email out newsletters, blogs, and posts relating to changes in medical device regulation but there will always be a provision for a business to opt out from receiving such information. See the footer on our newsletters where we ask our business contacts, on our distribution list, if they want to continue to receive our newsletters.
Relationship and confidentiality for clients on our business client lists. Should clients wish to comment on the content of emails sent, our newsletters or other news items, they may do so freely and we will never forward on, or use, such comments without prior consent from the originator.
From time to time clients may be requested to participate in client feedback as this is part of the requirements of our own ISO 13485 certified quality management system. Such feedback will always be voluntary and confidential and never be disclosed to any third party except to accredited auditors of our own quality system.
Advena companies have no contracts with any third parties with whom we would share client data with.
Should we receive any information about you from third party sources, e.g. Competent Authorities or Notified Bodies in relation to the legal requirements these will always be held in confidence.
How your information may be used:
Information about your businesses may be used for the following purposes:
Provision of the Services. We may use the information collected about you to provide and improve our own services or to conduct confidential, non-business specific, research supporting the development of new services.
Email Communications. Unless you opt-out, as previously described, we will send you email newsletters and communications to support your business purposes, but never advertisements and other promotional materials from third party sponsors.
Privacy of client data. We never use client data or client profiles to communicate to third party businesses.
Account Management. We may use your information to administer your account, respond to your inquiries, fulfil your requests and or send you administrative communications about the services we are offering.
Adverse Event Reporting. If you provide us information about an adverse event regarding a medical product we may be required to report such information along with your contact information to a regulatory authority to fulfil specific reporting obligations
Legal Requirements: We may release business information when we believe release is required to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order and to meet national security or law enforcement requirements
Security of Information. We have implemented appropriate technical and organizational security measures to protect the client information that we have under our control from unauthorized access, use and disclosure and accidental loss.
Contacting Us. If you have general questions about your account or the Services, contact our Business Services team at firstname.lastname@example.org
Effective date: May 23, 2018
Managing Director Advena Ltd
Managing Director Advena Medical Ltd