Last updated: October 2022
This policy addresses the use of personal data by Aspen Medical Media Limited of 50 High Street, Haddenham, Bucks, HP17 8ET (“Aspen”).
Where we enter into a contract with you in relation to goods or services further clauses in relation to privacy specific to that arrangement may be included. If those terms conflict with any of the provisions of this Privacy Notice the contractual terms will take precedence.
The terms of this notice may be amended from time to time so it is recommended that you return to this page regularly to ensure you remain informed as to how your personal data is processed.
Any questions you have in relation to this policy should be addressed to the company at that address or by email to email@example.com
This privacy notice (“notice”) applies to the processing of personal data by Aspen in connection with any:
References in this notice to “you” or “your” are references to individuals whose personal data Aspen processes in connection with the items listed above. For the avoidance of doubt any reference in this policy to our “clients” or “suppliers” includes their employees or other staff whose personal details we process.
References in this notice to “Aspen”, “we”, “us” or “our” are references to Aspen Medical Media Limited.
A “controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This notice is issued on behalf of Aspen Medical Media Limited as controller. Unless we notify you otherwise Aspen Medical Media Limited is the controller for your personal data.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you do not provide us with the data we request or do not keep it up to date we may be unable to provide services to you. We will destroy personal data that we hold once it is no longer relevant to the purpose for which it was collected and in any case no later than 3 years after we last provided or received goods or services to or from you.
Personal data includes any information relating to an identified or identifiable natural person. It does not include data that cannot be linked in an individual (anonymous data).
We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. Not all categories of data are collected for each individual. These terms are used throughout this notice:
“Identity data”: including your first name, middle names, maiden name, last name, marital status, title, date of birth, passport number, photographic identification and gender;
“Contact data”: including your billing address, delivery address, email address and telephone number;
“Financial data”: including your bank account and payment card details;
“Services data”: including details about payments to and from you and other details of services you have purchased from us or we have purchased from you;
“Technical data”: includes technical information collected when you access our Website, including your internet protocol (IP) address or domain names of the devices utilised, your browser type and version, uniform resource identifier (URI) address, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using;
“Professional information”: including your job title, email address, phone number and addresses;
“Professional history”: including your previous positions and professional experience;
We use different methods to collect personal data from and about you, including through the channels set out below:
Direct interactions: You give us your personal data in your direct interactions with us. This may be (i) by filling in forms on our Website; (ii) by corresponding with us by email or post, or (iii) by speaking to us in person or over the telephone.
Website, electronic portals and platforms, and marketing: You give us your personal data when you use our Website. We also collect your personal data by using server logs and other similar technologies.
Third-party sources: We receive Identity Data, Contact Data, Financial Data, and Professional Information about you from third parties, when:
In relation to the use our Website, we may also receive Technical Data from analytics providers such as Google based outside the EU.
We will only process (i.e. use) your personal data as legally permitted and as set out below.
We use your personal data in the following circumstances:
Where we rely on consent to process your data you may withdraw such consent at any time.
The following sets out the ways in which we use your personal data and the legal bases we rely on to do so. Where appropriate, we have also identified our legitimate interests in processing your personal data.
We may process your personal data for more than one legal basis depending on the specific purpose for which we are using your personal data. Please contact us if you would like to know more about the specific legal basis we are relying on to process your personal data where more than one ground has been set out below.
Purpose and/or activity: to deliver client services.
Type of data: identity data; contact data; financial data; services data; technical data; professional information.
Legal basis for processing: performance of a contract; legal or regulatory obligation; legitimate interests: ensuring that you are provided with the best client services we can offer, and securing a prompt payment of any fees, costs and debts in respect of our services.
Purpose and/or activity: to manage payments, fees and charges and to collect and recover money owed to us.
Type of data: identity data; contact data; financial data; professional information.
Legal basis for processing: performance of a contract; legitimate interests: ensuring we can manage payments, fees and charges and to collect and recover money owed to us.
Purpose and/or activity: to manage our relationship with you which will include notifying you about changes to our terms of business.
Type of data: identity data; contact data; profile data; marketing and communications data; professional information.
Legal basis for processing: performance of a contract; legal or regulatory obligation; legitimate interests: ensuring we can notify you about changes to our terms of business.
Purpose and/or activity: to interact with governmental or regulatory bodies or other authorities in relation to you.
Type of data: identity data; contact data; financial data; services data; professional information.
Legal basis for processing: performance of a contract; legal or regulatory obligation; public interest.
Purpose and/or activity: to check whether we would have a conflict of interest in appointing you as a supplier.
Type of data: identity data; contact data.
Legal basis for processing: legal or regulatory obligation; legitimate interests: ensuring we (and all other parties concerned) understand any conflict of interest which may arise for us in a matter.
Purpose and/or activity: manage payments, fees and charges and to collect and recover money owed to us.
Type of data: identity data; contact data; financial data; professional information.
Legal basis for processing: legal or regulatory obligation; performance of a contract; legitimate interests: ensuring we can manage payments, fees and charges and to collect and recover money owed to us.
Purpose and/or activity: to manage and protect our business and our website, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting and reporting.
Type of data: identity data; contact data; technical data.
Legal basis for processing: legitimate interests: ensuring the efficient and secure running of the website, including through maintaining information technology services, network and data security.
Purpose and/or activity: to use data analytics to improve our website, our services, marketing, customer relationships and experiences.
Type of data: technical data.
Legal basis for processing: legitimate interests: reviewing how clients use and what they think of our website, improving our Website and identifying ways to grow our business.
We will only use your personal data for the purposes for which we collected it unless we have your consent or are acting in compliance with an overriding law such as for the prevention of fraud.
We do not share your personal data with any organisations outside of Aspen for marketing purposes.
We will not generally share your personal data with third parties without your express consent however there are occasions when we may have to share your personal data with other organisations for the purposes for which we collected the personal data such as a client, professional advisors or other service providers or for the smooth running of our own organisation such as IT or financial professionals or as required by law such as for the prevention of crime.
Other than where the disclosure has been required by law we require any person or entity to whom we disclose personal data to respect the confidentiality and security of your personal data and to treat it in accordance with applicable laws and regulations. We do not allow such recipients of your personal data to use it for their own purposes, and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
Our servers are in the United Kingdom and all processing of your personal data by us is undertaken in the United Kingdom. In some cases, however other service providers with whom we are cooperating to provide services to you or the client for whom we have recruited you, may be based in other countries or use servers based abroad. Where this is the case we will only share the minimal amount of personal data necessary for the purpose of processing and, where possible, we will share the personal data in an anonymised form.
Whenever we transfer your personal data out of the EEA and/or the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you would like further information about the specific mechanism used by us when transferring your personal data out of the UK.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing.
We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, are trained and informed of their rights and responsibilities in when processing personal data.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. It is Aspen policy to respect your rights and Aspen will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights are set out below:
You may exercise any of your rights at any time by contacting us on firstname.lastname@example.org. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.