Cookie & Privacy Policy

Last Updated: 30th June 2020 

Welcome to Costello Medical’s privacy notice.

Costello Medical provides scientific support to the healthcare industry in the analysis, interpretation and communication of clinical and health economic data.

Costello Medical are committed to responsibly handling your personal data with respect for individual privacy. This notice is meant to help you to understand how Costello Medical will process any personal data we collect, which may be through our website, email or otherwise.

Please refer to the Glossary to understand the meanings of any terms used throughout this notice.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Information about us

Costello Medical Consulting Limited is the data controller responsible for protecting personal data which you provide to us. We are registered in England and Wales at 4th Floor, 50/60 Station Road, Cambridge, CB1 2JH, England, under company number 06746770.

Costello Medical Consulting Limited and its affiliated companies will be collectively referred to as “Costello Medical”, “we”, “our” and “us”, and this privacy notice will apply to any interactions with such affiliated companies.

If you have any queries about this policy, please contact our Data Protection Team by emailing dataprotection@costellomedical.com.

The personal data we collect

Personal data are information that can be used to personally identify you, including where such information can be combined with separate information to identify you.

We may collect, use, store or otherwise process different kinds of personal data about you as follows:

How we collect your personal data

Directly

We may collect certain personal data about you through direct interactions with you, including the following:

From third parties

We may receive personal data about you from third party sources including:

By automated means

Every computer connected to the internet is provided with a domain name and an IP Address. When a visitor requests a web page from within the Costello Medical website, our servers automatically identify and log the HTTP request that is made.

How your personal data is used by Costello Medical

Your personal data will be used by Costello Medical in the following circumstances:

We have set out below a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so.

We may process your personal data for more than one legal basis, depending upon the specific purpose for which we are using your personal data. If you would like specific details around the legal ground we are relying to process your personal data, please contact dataprotection@costellomedical.com.

Clients

This section concerns employees of existing clients and prospective clients.

Type of personal data collected
Purpose of collection

We collect this personal data for the purposes of business discussions and providing our services to you.

Lawful basis for processing
Data retention

Costello Medical will keep this personal data for the duration of our relationship with you or until your consent is withdrawn

Sharing your personal data

Healthcare professionals

This section concerns consultants, specialists, medical experts and key opinion leaders in the healthcare sector.

Type of personal data collected
Purpose of collection

We collect this personal data for the purposes of managing Costello Medical and our clients’ relationship with you.

Lawful basis for processing
Data retention

Costello Medical will keep this personal data for the duration of the project and for six years thereafter

Sharing your personal data

Service Providers

This section concerns employees of service providers, including subcontractors and freelancers.

Type of personal data collected
Purpose of collection

We collect this personal data for the purposes of providing our services to you.

Lawful basis for processing
Data retention

Costello Medical will keep this personal data for the duration of the project and for six years thereafter unless otherwise agreed within a services contract we hold with you

Sharing your personal data

Website users

Costello Medical has found it advantageous to examine visitor traffic so that we can ensure maximum compatibility for the various browsers and operating systems that visit our site. By analysing visitation patterns, referring URLs and search engine terms, we can strategically enhance our exposure across the internet.

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, your computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

You can refuse the use of cookies by amending your browser settings but please note that this may affect your browsing experience on this site. Learn how to remove cookies set on your device*.

Third Party Cookies

We may also use third-party analytic services on our site, such as Google Analytics. These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. Costello Medical does not control the dissemination of these cookies, please refer to the Google Privacy policy* for more information.

* By clicking this link, you will be redirected to a third-party website subject to that third party’s privacy practices over which Costello Medical does not have control.

Sharing your personal data

We do not sell or otherwise disclose your personal data except as described herein or otherwise disclosed to you.

We may share your personal data with any affiliated companies within the Costello Medical group. Costello Medical is a global company with offices located internationally in the UK, USA and Singapore. The nature of our business, operations and services require us to transfer your personal data to our associated offices and/or companies. We may transfer the information we collect about you to countries other than your home country or other than the country in which the information is originally collected as your personal data will be accessible by our other offices internationally. We will maintain the necessary security measures to prevent unlawful access, loss, destruction or damage to any of your personal data in accordance with the legal requirements and as described in this Privacy Notice.

We may also have to share your personal data with selected external third parties including:

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We have agreements in place with such providers to restrict what they are able to do with your information.

International transfers

We may share your personal data with any affiliated companies within the Costello Medical group which involves transferring your personal data outside of the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring we comply with certain legal frameworks relating to the transfer:

Information Security

Your personal data will be stored securely on servers located in the United Kingdom and in Singapore with identical encryption and security software. We will maintain all reasonable technical and organisational security measures to keep your personal data disclosed to us secure, including the use of firewalls and anti-virus malware. We will maintain the necessary security measures to prevent unlawful access, loss, misuse or alteration to your personal data.

We have established a procedural response to dealing with any suspected breach of personal data, including making any necessary notifications to individuals or applicable regulatory authorities.

Data Retention

We retain the personal data we collect for different periods of time depending on the type of personal data collected and how we use it. Some personal data we retain for longer periods of time when necessary for legitimate business or legal purposes, such as security, or financial record-keeping. Other personal data is deleted or anonymised after a set period of time so that is can no longer be associated with you in which case we may use this information indefinitely.

Subject to certain limitations, you are entitled to:

If you would like to make a data subject access request in exercise of the above rights, please submit a request here. You will be required to specify the type of personal data your request relates to and access to such personal data will be subject to identity verification and satisfaction on the part of Costello Medical that this would not impact on the rights and freedoms of others.

Your consent to Costello Medical processing your personal data may be withdrawn at any time by contacting dataprotection@costellomedical.com. If you withdraw consent, we will no longer process your personal data. You are not required to pay any charge for exercising your rights. We will respond to any request within one month following such request.

How to complain

You have the right to lodge a complaint to the Information Commissioner’s Office should you believe that our processing of your personal data fails to comply with the requirements of the GDPR, however, we ask that you approach Costello Medical in the first instance to provide us with the opportunity to address your concerns.

https://ico.org.uk/make-a-complaint/

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113

Changes to this privacy notice

We reserve the right to change or add to this Privacy Notice from time to time. The date at the top of this Privacy Notices indicates when it was most recently updated.

Glossary

Affiliate /affiliated company means any entity that is controlled by or under common control of Costello Medical Consulting Limited. In this context, “control” means the direct or indirect ownership of more than fifty percent (50%) of the equity interest in such entity.

Consent means the freely given, specific, informed and unambiguous indication of your wishes by a statement or by a clear affirmative action which signifies agreement to the processing of your personal data.

DPA means the UK Data Protection Act 2018.

GDPR means the EU General Data Protection Regulation 2016/679.

Lawful basis for processing means the legal grounds under the GDPR which Costello Medical is relying on to process your personal data.

Special categories of personal data means personal data revealing or concerning certain sensitive information relating to your racial or ethnic origin; political opinions; religion or philosophical beliefs; trade union membership; genetic data; biometric data; sexual life or data concerning your health.