Privacy
This website is operated by AFT Pharma UK LIMITED (“AFT”, “we” or “us”). AFT Pharma UK LIMITED is a private limited company registered in England and Wales under company number 14521612 and we have our registered office at Milner House, 14 Manchester Square, London, United Kingdom, W1U 3PP.
We are registered with the Information Commissioner’s Office (the ICO) with registration number ZB585626. We have therefore developed this privacy notice to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal data.
AFT Pharma LIMITED is part of the AFT Pharmaceutical Group of companies which is comprised of different companies, details of which can be found at aftpharm.com.
Throughout this policy we refer to Data Protection Legislation which means the Data Protection Act 2018 (DPA2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.
What Personal Data do we Collect and When?
The type of personal data that we will collect from you, and you voluntarily provide to us on this website may include some or all of the following depending on the type of user you are:
Website Users
Businesses and individuals that visit and interact with our website.
| Storage type | What we store |
|---|---|
| User-Generated Content/Data | Name, Email Address, Free Format Text (Subject and Message for “Contact us” submission) |
| Website Usage Data | IP Address, Browser Type and Version, Operating System, Device Information (e.g., device type, screen resolution), Date and Time of Website Visits, Pages Visited on the Website, Clickstream Data (User’s navigational path) |
| Cookies and Tracking Data | Cookies (e.g., session cookies, persistent cookies), User Tracking Information (for analytics and personalisation) |
Why and How We use Your Personal Data
When you our website “Contact Us” submission form
When you make an enquiry on our website using the “Contact Us” section, we will transfer the contact information you give us to our third party customer services provider so that they may communicate with you about your enquiry.
Our “Contact Us” submission forms may be handled on our behalf by Ceuta Healthcare Limited. Ceuta Healthcare will use your name, email address, phone number and any other information provided to contact you about, and manage your enquiry. If your enquiry relates to an adverse reaction to any product they will hold and manage your information in order to meet their legal requirements and may pass information to ourselves as the manufacturer and to any relevant Regulators. Wherever possible, and legally permitted, we will take steps to anonymise any information before it is transferred.
To Operate, Improve and Maintain our Business, Products and Services
We use the personal data you provide to us to operate our business. For example, when you make a purchase, we use that information for accounting, audits, and other internal functions. We may use personal data about how you use our website to enhance your user experience and to help us diagnose technical and service problems and administer our platform.
To Protect Our or Others’ Rights, Property or Safety
We may also use personal data about how you use our website and platform, to prevent, detect, or investigate fraud, abuse, illegal use, violations of our Terms of Use, and to comply with court orders, governmental requests, or applicable law.
Using your personal data: the lawful basis and purposes
To process your personal data, we rely on certain lawful basis, depending on how you interact with our website, platform, or services.
If we do process your personal data, we may use one or more of the following lawful basis for processing:
As necessary for our own legitimate interests or those of other persons and organisations, including:
- For market research, analysis and developing statistics
- To ensure the security of our website
As necessary to comply with a legal obligation, including:
- When you or any of your related persons exercise available rights under data protection law and make requests
- For compliance with legal and regulatory requirements and related disclosures
- For establishment and defence of legal rights
Sharing of Your Personal Data
We do not sell your personal data.
We may share your personal data with other organisations in the following circumstances:
- We use data processors who are third parties who provide elements of services for us. We have Data Processing Agreements in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processing Agreement. They will hold your personal data securely and retain it for the period we instruct.
- AFT entities for the purposes and under the conditions outlined above. This includes its subsidiaries, and affiliated companies.
Our website contains links to websites owned and operated by third parties. If you use these links, you leave our Website. These links are provided for your information and convenience only and are not an endorsement by AFT of the content of such linked websites or third parties. AFT has no control over the contents of any linked website and is not responsible for these websites or their content or availability.
Cookies
We use cookies, which are small text files stored on your device. Using cookies is a way for us to make sure that our website is continuously improved, meets your needs and can be used as a tool to optimise our marketing strategy. For us to do this, we place functional cookies to make the website function as well as marketing cookies which help us target the right people and show them advertisements. Some of these cookies track your use of our website and visits to other websites and allow us to show you advertisements when you browse other websites.
Please view our Cookie Policy for more information on our use of cookies.
Rights under Data Protection Law
The Right to be Informed about our collection and use of personal data
You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website privacy notice. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.
Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.
We may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If you would like to exercise this right, please contact us as set out below.
Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct it.
If you would like to exercise this right, please contact us as set out below.
Right to Stop or Limit Our Processing of Your Data
You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
You can ask us to restrict processing your data, for example where:
- you’re contesting the accuracy of your personal data.
- we no longer need to process your personal data, but you want us to keep it for use in legal claims.
- you’ve objected to the processing by asking us to stop using your data, but you’re waiting for us to tell you if we have overriding grounds which mean we’re allowed to keep on using it.
If you would like to exercise this right, please contact us as set out below.
Right to Erasure
You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Where the right doesn’t apply, we’ll let you know why we can’t action your request.
This right may be applied where:
- personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- the processing was based on your consent which you withdraw (and there are no other legal grounds for processing that data).
- you exercise your right to object and there are no overriding legitimate grounds for the processing.
- there is no lawful reason to retain personal data or if the personal data must be erased to comply with a legal obligation.
If you would like to exercise this right, please contact us as set out below.
Right to Portability
The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used, and machine-readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.
If you would like to exercise this right, please contact us as set out below.
Rights in relation to automated decision making and profiling
You have rights around automated decision making and profiling. Automated decision making means a decision made solely by automated means, without any human involvement. Profiling means the automated processing of your personal information to evaluate certain things about you. You have the right to information about these kinds of processing, and the right to ask for human intervention or to challenge an automated decision.
If you would like to exercise this right, please contact us as set out below.
For more information about your data protection rights
The Information Commissioner’s Office (ICO) regulates data protection matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as AFT are available publicly.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
Third Party Processors and Service Providers
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
| Service | Description |
| Security Vendors | These trusted experts employ advanced cybersecurity measures, such as intrusion detection, threat monitoring, and malware scanning, to protect your personal data from unauthorised access and cyber threats. |
| Customer Support Providers | We work with dedicated customer support providers. They assist in addressing your queries, resolving issues by securely managing and accessing relevant customer data. |
| Content Delivery Networks (CDNs) | To optimise the speed and reliability of our online services, we rely on Content Delivery Networks (CDNs). CDNs efficiently deliver web content to you by strategically distributing it across global servers. Your data is cached and served from the nearest server, reducing latency, and enhancing your overall experience. |
| Content Management Systems | To assist us in the creation, management and design of our website. |
| Analytics and Advertising | To improve our products and provide you with relevant content and advertisements, we collaborate with analytics and advertising partners. They analyse user behaviour, preferences, and demographics to personalise your experience and deliver targeted ads. |
| Hosting Services | Providing the facilities needed to create and maintain our website, as well as make it accessible through the internet. |
| Third Party | Service Provided | Description of Service |
| Fastly | Content Delivery Network and Web protection services | Fastly offers web efficiency and protection services for our platform. Fastly – Privacy Policy |
| P29 | Website Management and Administration | P29 offer website design and management services for our product. Platform29 – Privacy Policy |
| Podcom | IT infrastructure and development services | Podcom offers managed IT support and development services for AFT Group. |
| WordPress | Content Management | WordPress offers web content management systems. WordPress – Privacy Policy |
| SiteGround | Cloud Infrastructure and Hosting | SiteGround offers cloud hosting services for our platform. SiteGround – Privacy Policy |
| Ceuta Healthcare | Customer Service Provision | Ceuta Health care handle all customer service matters on our behalf. Ceuta Healthcare – Privacy Policy |
How long we keep Your Information
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Where the same record has to be kept for more than one purpose and there is a different retention period for each of those purposes, the record is kept for the longer period.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. Platforms, systems, and facilities in which personal data are processed are protected by secure network architectures that contain firewalls and intrusion detection devices.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
Where we store Your Personal Information and International Data Transfers
The personal data that we hold about you will be stored in the UK and New Zealand. Your data may also be shared with third party service providers based outside the UK.
Where we transfer your data outside the UK, we ensure a similar degree of protection is provided to the transfer by ensuring at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK.
- where we use certain service providers, we may use specific contracts (known as Standard Contractual Clauses or International Data Transfer Agreements) approved by the UK which give personal data the same protection it has in Europe, as well as any additional security measures as required.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
Contact US
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:
AFT Pharma Ltd, FAO Data Protection Officer (DPO)
Milner House, 14 Manchester Square, London, United Kingdom, W1U 3PP
customer.service@aftpharm.com
Contact: +44 203 670 7602