This policy applies on and from 25 May 2018
PharmaVentures is committed to protecting our customer privacy and takes its responsibility regarding the security of customer information very seriously. We will be clear and transparent about the information we are collecting and what we will do with that information.
This Policy sets out the following:
· What personal data we collect and process about you in connection with your relationship with us as a client and/or through your use of our website;
· Where we obtain the data from;
· What we do with that data;
· How we store the data;
· Who we transfer/disclose that data to;
· How we deal with your data protection rights;
· And how we comply with the data protection rules.
· All personal data is collected and processed in accordance with EU data protection laws.
Pharma Ventures Limited acts as a data controller. “Pharma Ventures Ltd.” (referred to as “we”, “us”, “our”, “Pharma Ventures” or most commonly referred to as “PharmaVentures” in this policy) in this policy primarily refers to Pharma Ventures Ltd, registered in England and Wales under Company Number 03419584 and whose registered office is 1300 Parkway Court, John Smith Drive, Oxford Business Park South, Oxford, OX4 2JY.
PharmaVentures Capital Limited is a wholly owned subsidiary of Pharma Ventures Ltd. All regulated activities are delivered through PharmaVentures Capital Limited, which is authorised and regulated by the Financial Conduct Authority (741356). Registered office 1300 Parkway Court, John Smith Drive, Oxford Business Park South, Oxford, OX4 2JY
The firm’s ICO registration number is: ZA351955
What rights do I have over my personal data?
Under the General Data Protection Regulation, you have the right to:
- Access your personal data by making a subject access request
- Rectification, erasure or restriction of your information where this is justified
- Object to the processing of your information where this is justified
- Data portability
To exercise your rights, please contact the PharmaVentures Data Protection Officer using the following contact details:
Data Protection Officer
Triumph House, 1300 Parkway Court
John Smith Drive
Business Park South
The personal Data we may collect about you:
Where we collect data that identifies an individual this is classed as “personal data”. Personal data may include (but is not limited to) a name, date of birth, contact address and telephone number.
The types of personal data we may request are:
- Full name and Title, Job Title, Department
- Contact information such as postal address, email address and telephone numbers
- Marketing preferences which include the type of information you wish to receive and how.
- Information we learn from you such as requests, transactions, services provided or offered, any advice or recommendations made, a log of meetings, telephone recordings (where permitted and required for regulatory purposes) complaints and dissatisfaction notes, as well as email exchanges.
The above list is not exhaustive, and we may from time to time require additional information in order to satisfy our legal and regulatory obligations. Where additional information is required we will provide you with a reasonable explanation of why it is required unless we are prevented from doing so by law.
The firm may use methods such as pseudonymisation which is a process whereby the firm can replace identifying fields of data with other non-identifying data fields in order to anonymise the data from the individual therefore meaning the data is no longer personal. The firm may use this method where we are required to retain certain types of information for clients, such as number of females and males employed, jobs created and average salaries paid. This type of statistical data is often required for ESG (Environmental, social and governance) investment purposes by clients to show value added investments made by the firm on behalf of its clients.
Use of this website:
The type of data we collect when you visit our Site may include internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this Site as well as the types of products and services and searches you conduct on our Site.
Special Category Data:
Special Category data refers to any data which is sensitive and is subject to additional rules and requirements under the General Data Protection Regulations. Special category data may include information regarding: Criminal convictions and offences, race, ethnicity, religious or philosophical beliefs, political opinions, sexual orientation, trade union membership and information about your health, genetic and biometric data.
As a general rule we do not collect any Special Category Data about you. However, we are required to request information relating to criminal convictions as part of our recruitment process for staff and contractors undertaking regulated activities and as such we require consent from the individual for this. If we are required by law to request any special category data from you, aside from the reasons mentioned above we will provide you with a reasonable explanation as to the nature and purpose for this request and obtain your consent. We would not be able to proceed without your consent unless there was a lawful reason for doing so.
How do we collect your personal data?
Typically, where we are required to obtain your personal data we will request it from you or where you have provided us with your business card. However, we may also from time to time receive your personal data through intermediaries where you have authorised the sharing of your personal data with us. Intermediaries may include Accountants, Solicitors, Independent financial advisors, Tax advisors and wealth managers who may be working on your behalf. Personal data may be provided to us via post, in person, email or via a specially created secure data room / platform. The data collection may be facilitated by way of completing an application form or questionnaire or by responding to information requests from us. We may also receive information from publicly available resources.
Why do we collect your personal data?
We only collect your personal data where we believe we have a legitimate business interest with you or we have a lawful purpose to do so. These reasons may include but may not be limited to circumstances where you:
• Are a legitimate interested party to a licensing or M&A related opportunity;
• Are a shareholder in one of the companies to whom we have an administration and / or management agreement with;
• Are a Limited Partner or an investor in one of the funds to which we are appointed manager / operator, or any other such investment schemes under our management?
• Are actively receiving investment services or products from us under a contractual arrangement or engagement.
• Consent to receiving communications from us
• Have a contractual agreement with us
• request resources or marketing be sent to you;
• give us feedback or some other form or legitimate business interest with you.
How and why do we use your personal data:
Typically, we only use your data to be able to perform our duties under contracts we may have with you or where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by emailing us at firstname.lastname@example.org
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please email us at email@example.com if you need details about the specific legal ground we are relying on to process your personal data.
You will receive marketing communications from us if you have:
(i) requested information from us or have a contractual agreement with us; or
(ii) if you provided us with your details and have positively consented to us sending you marketing communications; and
(iii) in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purpose, you should be advised that consent is not infinitive and you can opt-out from receiving marketing communication from us at any time by emailing; firstname.lastname@example.org .
Where you opt out of receiving our marketing communications, this will not apply to communication we make with you in relation to a legitimate business interest or lawful purposes, such as the performance of a contract we may have with you.
Change of purpose:
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal grounds for this.
We may process your personal data without your knowledge or consent only where this is required and permitted by law.
Sharing and Disclosure of your personal data:
We may share your personal data with the parties set out below for legitimate business interests and lawful purposes, these may include but are not limited to:
• Other companies in our group who provide IT and system administration services and undertake leadership reporting. Service providers who provide IT and system administration services.
• Professional advisers including lawyers, bankers, auditors, tax advisors and insurers who provide consultancy, banking, legal, insurance, tax and accounting services.
• HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances which may include but is not limited to The Financial Conduct Authority.
• Fraud prevention agencies,
• Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We do not share or transfer your data outside of the European Economic Area (EEA).
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Please email email@example.com if you like further information regarding international transfers or the ICO (information commissioner’s office) https://ico.org.uk/for-organisations/guide-to-data-protection/principle-8-international/
The Security of your Data:
We have put in place adequate, proportionate and appropriate security measures as is required of an authorised firm to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with data breaches in accordance with the GDPR (General Data protection regulation) and we will notify you and any applicable regulator of a breach where we are legally required to do so.
Data Retention periods:
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we must keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years for tax purposes and for at least five years after a client ceases to be a client under the UK money laundering regulations 2017.
In some circumstances we may pseudonymise your personal data for statistical purposes in which case we may use this information indefinitely without further notice to you.
GDPR personal rights:
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
• Request access to your personal data (Subject access request).
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Request restriction of processing your personal data.
• Request transfer of your personal data.
· Right to withdraw consent.
For further information visit or if you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org
You will not have to pay a fee to access your personal data (or to exercise any of your rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. In order to respond to a subject access request, we will need to confirm your identity as a security measure to safeguard you from your personal data from being disclosed to non-authorised third parties. Please provide us with as much information as possible to enable us to comply with your request within an acceptable time-frame. We are required to respond to subject access requests where practically possible within 30 days and if this is not possible we will provide you with a reasonable explanation as to why this cannot be achieved.
Complaints and queries:
If you are not happy with any aspect of how we collect and use your data, please contact email@example.com and we will do our best to resolve your issue. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We will make all reasonable efforts to ensure the data we hold on you is accurate and up to date and to correct any inaccuracies that we become aware of. Please help us to comply with our obligations by letting us know of any changes in relation to the data we hold about you as It is very important that the information we hold about you is accurate and up to date. Please email firstname.lastname@example.org with any required updates or amendments.
We may change this policy from time to time. You should check this policy occasionally to ensure that you are aware of the most recent version that will apply each time you access the website.