Click on the question you want the answer to, and the answer will appear.

GDPR (General Data Protection Regulation) is a new European data protection directive that replaces current data protection legislation and comes into effect on 25 May 2018. The UK is expected to continue with the key principles of GDPR once it leaves the European Union (expected by Summer 2019).

We have consulted with the Information Commissioner's Office regarding this Information Notice to ensure that we have used appropriate wording, terminology and processes to ensure we are compliant with current and new data protection legislation. We have also given copies of the Information Notice and our FAQs to the NHS Counter Fraud team as well as consulting with individual Information Governance Officers to provide the reassurances required in relation to the validity of our request.

We are more than happy to work with individuals and organisations where appropriate to provide further reassurances and answer any questions relating to this and future communications. Particularly where an individual or an organisation has expressed a reliance and/or interest in the services and communications we facilitate using our database.

We have always worked within the highest standards of data protection and so the changes are minimal. We will continue to hold and process data under the legal basis of 'legitimate interest' based on the nature of the services and communications that we provide to healthcare professionals either ourselves or via our healthcare partners. We are also gaining expressed consent where appropriate so that healthcare professionals can receive all communications and services relevant to their professional role now and in the future.

The Binley's database covers the most influential individuals' in healthcare and local government who have either been self-declared, peer-nominated or identified as one whose role is as a key decision-maker or opinion leader. As a result there could be many reasons why your professional information is currently held on our database. A few key ones are listed below:

• Your role has been identified as one which is required to receive regulatory notifications and communications OR your organisation has provided your details for you to receive your copies of BNF, NPF and/or BNFc
• You are on a subscription or circulation list to receive a publication(s) (such as HSJ or MIMS)
• You are a member of, or a subscriber of, a Wilmington Healthcare service (such as OnMedica or Wellards training)
• Your organisation has disclosed your details in their publication scheme or your department/location was contacted by telephone or in writing with an explanation of why we hold your details and to validate your information

Should you require specific details of how and when your information was collected please contact our GDPR data team on 01268 495681, or alternatively email us at validate@binleys.com

Some of the communications and services you will have received may be from either Binley's or possibly one of the other Wilmington Healthcare brands such as OnMedica or HSJ. However, some of the communications or services that you receive from time to time may have come from another organisation or brand, who either provide a service to you or have sent you information or an invite that they believe to be relevant to your professional role or field of work, using the Binley's database as a circulation or distribution list. This could include regulators, professional bodies, academic institutions, NHS organisations and suppliers to the NHS.

Binley's (part of Wilmington Healthcare Ltd) is a provider of healthcare information and intelligence in the UK. Wilmington Healthcare works closely with the NHS, pharmaceutical industry as well as other healthcare providers and suppliers to deliver services, facilitate communications and initiate conversations that aim to ultimately improve health and social care outcomes or local government services.

We will never knowingly allow for your professional contact information to be used for anything other than healthcare (or local government where applicable) related services or communications. The services that your details may be used for include, but are not limited to:

• Regulatory obligations and contracted services such as MHRA notifications and updates relating to drug and product safety, as well as BNF and NPF distribution
• Membership and subscription services such as OnMedica, HSJ and MIMS
• Invitations to take part in healthcare and other studies, paid-for research or to request your views with regards to your work (from the NHS, pharmaceutical industry, local authorities or private sector)
• Invitations to attend, speak or take part in healthcare events, advisory boards or training
• Invitations to write, contribute or review clinical articles, courses and case studies
• Educational, training, CPD and news services
• Promotional information from selected healthcare companies, private organisations including pharmaceutical companies, other suppliers to the NHS and Local Authorities and the NHS or Local Authorities themselves
• To report your statutory obligation with payment disclosures (transfer of value) if appropriate
• To validate pharmaceutical representative visits/calls for regulatory purposes

You can opt-out of receiving promotional-type communications at any time but may be required, for either statutory or regulatory purposes, to continue receiving regulatory notifications and communications if the regulators have identified your role as someone who is required to receive that notification. This could be related to a drug recall, safety notification or product update. If you opt-out you will be retained on our database for this purpose only, and if required only.

Please note: apart from regulatory obligations, all other types of communication listed above, are considered 'promotional' for the purposes of data protection. Therefore, if you opt-out you will not receive some of these services and communications that you may rely on or find useful in your role. Also note that the Binley's database is used for services and communications from other organisations, including the NHS themselves so you may stop receiving information that is relevant to your role if you opt-out.

Please note that it may take time for all services that you receive to stop. If you have a paid-for membership for subscription then communications relating to this may continue until you end your membership or subscription. You can change your preferences at any time via our website, http://dpwh.uk. Alternatively, you can call 01268 495681 or email us at validate@binleys.com

If you have any questions then please contact our Data Protection Officer - Bethan Cater E: bethan.cater@wilmingtonplc.com. The Information Commissioner's Office is the regulatory authority in the UK – contact details can be found via http://ico.org.uk. Under the General Data Protection Regulations (GDPR) you have the right to access/port/rectify/erase/restrict data, object to processing or withdraw consent at any time.

Organisations and other individuals are not permitted to opt-out or give consent on behalf of an individual (unless they are doing so with the full knowledge and express permission of the individual - in this instance we will ask for confirmation).

Whilst we need to keep some basic information about you and your role (name, title/role, organisation, address etc. professional code, prescribing grade where relevant) to allow us to communicate with you, provide services to you and/or validate that you are a genuine healthcare professional, the rest is down to your preferences on how you prefer to receive information, whether by mail, email, phone or online.

Some communications lend themselves better to different channels, for example: email may be the quickest way to receive a drug safety notice, or a mailing may be the best way to receive a product sample or patient information packs. The more information we have about you, your role and your preferences, the more targeted we can be with the services and communications we offer to you.

Your data is held in a secure database with restricted access. Wilmington Healthcare will ensure the protection of the confidentiality, integrity and security of all data provided to us. No information will be disclosed if it is the view of the company that to do so would be a breach of GDPR. Data is kept for a minimum of 7 years for regulatory and auditing purposes. Our research partner, Merit, based in Mumbai, India also has access to the data but has an agreement with Wilmington Healthcare to work within GDPR regulations.

No. We are an independent limited company. However, we have managed a database of NHS and related healthcare personnel for over 25 years, with the NHS being one of the predominant users of our database for their communications and services. Over that time we have built trusted relationships with those individuals and organisations whose professional information we hold on our database. Testament to this is the length of time that individuals have been on our database, with over 50% for 5 or more years.

Time on Database	%
Less than 1 year	13%
1 - 5 years	34%
5 - 10 years	29%
10 - 20 years	22%
20+ years	2%
Total	100%

No. But we do work with regulators such as the MHRA either directly on their behalf to disseminate regulatory information or MHRA communications to healthcare professionals, or indirectly where they are working with a pharmaceutical company to distribute a regulatory communication relating to drug recall, drug safety, prescribing information updates or pharmaceutical product updates. In this instance, the MHRA would work with the pharmaceutical company to scope which healthcare professionals needed to receive the regulatory communication and we would work on behalf of the pharmaceutical company to ensure they meet their regulatory obligations. In this instance we may disclose your professional details to the regulator so they have a record of which healthcare professionals have and haven't received a regulatory communication.