Wilmington Healthcare Database Privacy Notice
Why are you sending me an Information Notice?
GDPR (General Data Protection Regulation) is a European data protection regulation that came into effect on 25 May 2018. The UK is expected to continue with the key principles of GDPR now that it has left the European Union.
We have consulted with Data Protection Lawyers regarding our Information Notice to ensure that we have used appropriate wording, terminology, and processes to remain compliant with data protection legislation. We also provided copies of our Information Notice and our Privacy Notice to the NHS Counter Fraud team as well as taking full account of ICO guidance in providing the reassurances required in relation to the validity of our request. We are more than happy to work with individuals and organisations where appropriate to provide further reassurances and answer any questions relating to this and future communications. Particularly where an individual or an organisation has expressed a reliance and/or interest in the services and communications we facilitate using our database.
What is Wilmington Healthcare’s ‘legal’ basis for processing health and social care contact data?
We hold and process data under the legal basis of ‘legitimate interest’ based on the nature of the services and communications that we provide to healthcare professionals either ourselves or via carefully selected healthcare partners. We are also gaining individual consent where appropriate so that healthcare professionals can receive all communications and services relevant to their professional role now and in the future.
Why am I on your database?
Our database covers the most influential individuals in health or social care who have either been self-declared, peer-nominated or identified as one whose role is as a key decision-maker or opinion leader or play an influential role in the provision and support of patient care and/or health and social care outcomes . This includes patient organisations and other healthcare interest groups. As a result, there could be many reasons why your professional information is currently held on our database. A few key ones are listed below:
- Your role has been identified as one which is required to receive regulatory notifications and communications
- Your organisation has provided your details for you to receive your copies of BNF, NPF and/or BNFc
- You are on a subscription or circulation list to receive a publication(s) (such as HSJ or MIMS)
- You may have signed up to one of our HSJ platforms
- You are a member of, or a subscriber of, a Wilmington Healthcare service
- Your organisation has disclosed your details in their publication scheme
- Your department/location was contacted (by telephone, email, or mail) to explain why we hold, and to validate your details
- You have taken part in a healthcare study or a healthcare event
- Your data was provided to us by a pharmaceutical or medical devices company following engagement for validation
Should you require specific details of how and when your information was collected, please contact our data validation team on 01268 495681, or alternatively email us at firstname.lastname@example.org
But I’ve never heard of Wilmington Healthcare
Some of the communications and services you will have received may be from Wilmington Healthcare or HSJ, or previously from one of its legacy brands such as Binley’s. However, some of the communications or services that you receive from time to time may have come from another organisation or brand, who either provide a service to you or have sent you information or an invite that they believe to be relevant to your professional role or field of work, using our database as a circulation or distribution list. This could include regulators, professional bodies, academic institutions, NHS organisations and suppliers to the NHS including pharmaceutical and medical devices companies.
What will my professional details be used for?Wilmington Healthcare is a provider of healthcare information and intelligence in the UK and Republic of Ireland. Wilmington Healthcare works closely with the NHS, pharmaceutical industry as well as other healthcare providers and suppliers to deliver services, facilitate communications including managed email services, postal mailing campaigns, and other HCP engagement, provide online reference and intelligence services, and initiate conversations that aim to ultimately improve health and social care outcomes or local government services. We will never knowingly allow for your professional contact information to be used for anything other than healthcare (or local government where applicable) related services or communications. The services that your professional details may be used for, include:
- Membership and subscription services such as Health Service Journal (HSJ)
- Invitations to take part in healthcare and other studies, paid-for research or to request your views with regards to your work
- Invitations to attend, speak or take part in healthcare events, advisory boards or training
- Invitations to write, contribute or review clinical articles, courses and case studies
- Educational, training, CPD, jobs and news services
- Promotional information from selected healthcare companies, private organisations including pharmaceutical companies, other suppliers to the NHS and Local Authorities and the NHS or Local Authorities themselves
- Regulatory notices (where relevant to your role) such as MHRA updates relating to drug and product safety
- Contracted services such as BNF/ NPF distribution etc.
- Publication of your professional role (where relevant) in an online healthcare reference or intelligence service (such as HSJi, Investigator)
- Report your statutory obligation with payment disclosures (transfer of value) where appropriate
- Validate pharmaceutical representative visits/calls for regulatory purposes
Can I opt out?
You can opt-out or object to the processing of your data at any time. If you opt-out, we retain your data for suppression or regulatory purposes only and as required so that i) you are not added back to our database, and ii) if regulators (i.e. MHRA) identify your role as someone who is required to receive that notification (typically related to a drug recall, safety notification or product update). We may not send you the information, but we may be obliged to tell the regulator that you did not receive the information if this is deemed essential for your role. If we have shared information related to your professional role with other organisations, you can opt out when they contact you, rather than have a blanket ‘opt-out’ from all.
This allows you to choose and only receive services and communications relevant to your professional role, specialty, therapy and interests.
Please note apart from regulatory obligations, all other types of communication listed above, are considered ‘promotional’ for the purposes of data protection. Therefore, if you opt-out you will not receive some of these services and communications that you may rely on or find useful in your role. Also note that the database is used for services and communications from other healthcare organisations, including the NHS themselves, so you may stop receiving information that is relevant to your role if you opt-out. Also, it may take time for all services that you receive to stop. If you have a paid-for membership or subscription, then communications relating to this may continue until you end your membership or subscription. You can change your preferences at any time by calling 01268 495681 or email us at email@example.com
If you have any questions, then please contact our Data Protection Officer - E: firstname.lastname@example.org.
The Information Commissioner’s Office is the regulatory authority in the UK – contact details can be found via https://ico.org.uk. Under the data protection laws you have the right to access/port/rectify/erase/restrict data or object to the processing of your data at any time.
Can I opt in or out on behalf of another person?
Organisations and other individuals are not permitted to opt-out or object to processing on behalf of an individual (unless they are doing so with the full knowledge and express permission of the individual – in this instance we will ask for confirmation). If this opt-out affects their current subscriptions, services or regular communications in any way then we may contact them to confirm this request.
What information does Wilmington Healthcare hold about me?
We only collect data relating to your professional role in healthcare, (Local Government where applicable) such as:
- Name, gender, roles, professional code (such as GMC number) and some information relating to interests and specialities that you may hold
- Your organisation address and phone number
- Your professional email and telephone number (that you have provided us with in relation to your professional role)
- Links and affiliations you may have to other healthcare organisations
- Any preferences regarding how you wish to be engaged with
This allows us to communicate with you, provide services to you and/or validate that you are a genuine healthcare professional. Data will be validated regularly to ensure it is compliant, correct and up to date. Some communications lend themselves better to different channels, for example: email may be the quickest way to receive a drug safety notice, or a mailing may be the best way to receive a product sample or patient information packs. The more information we have about you and your role, the more targeted and relevant we can be with the services and communications we offer to you.
How will my information be kept?
Your data is held in a secure database in the UK with restricted access. We ensure the protection of the confidentiality, integrity and security of all data provided to us. No information will be disclosed if it is the view of the company that to do so would be a breach of data protection laws. Data is kept for a minimum of 7 years for regulatory and auditing purposes. Our research partner, Merit, based in Mumbai, India also has access to the data but has an agreement with Wilmington Healthcare to work within UK data protection laws.
Is Wilmington Healthcare part of the NHS?
No. We are an independent limited company who has managed a database of health and social care personnel since 1992, with the NHS being a regular user of our database for their communications and services. We have built trusted relationships with those individuals whose professional information we hold on our database.
Is Wilmington Healthcare a regulator?
No. But we do work with regulators such as the MHRA, either directly on their behalf to disseminate regulatory information or MHRA communications to healthcare professionals, or indirectly where they are working with a pharmaceutical company to distribute a regulatory communication relating to drug recall, drug safety, prescribing information updates or pharmaceutical product updates. In this instance, the MHRA would work with the pharmaceutical company to scope which healthcare professionals needed to receive the regulatory communication and we would work on behalf of the pharmaceutical company to ensure they meet their regulatory obligations. In this instance we may disclose your professional details to the regulator, so they have a record of which healthcare professionals have and haven’t received a regulatory communication.