demo-corporate-bg

Privacy Policy

Introduction

Medflow Clinical Limited ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you interact with us, primarily through our website: www.medflowclinical.com (the "Site"), and in the course of providing ancillary supplies, medical devices, and equipment rental services to the clinical trial industry.

Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

Who We Are

Medflow Clinical Limited is the data controller responsible for your personal data collected through this Site and in the course of our business operations in the UK.

We are part of the Medflow group, which includes:
  • • Medflow Clinical (Ireland) Limited
  • • Medflow Clinical B.V. (Netherlands)
  • • Medflow LifeScience LLC (North America)
  • • Medflow Health Pty Ltd (Asia Pacific)

Our registered office is:
Unit 7 The Mill, Stane Street, Chichester, West Sussex, PO18 0FF.
Company Number: 12227559

For any questions about this policy or our data practices, please contact us at: info@medflowclinical.com

The Information We Collect About You

We may collect, use, store, and transfer different kinds of personal data, which we have grouped as follows:

Personal Data You Provide Voluntarily: This includes information you provide when making an enquiry, requesting a quote, using our contact forms, or engaging our services.
  • • Identity & Contact Data: Name, title, employer, professional email address, business telephone number, and delivery address.
  • • Professional Data: Your job role, qualifications, and professional interests.
  • • Financial & Transaction Data: Bank account and payment card details (processed securely by our payment providers), and details about services you have purchased from us.
  • • Correspondence: Any other personal data you share when you communicate with us.
 Automatically Collected Technical Data: As you interact with our Site, we may automatically collect:
  • • Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform.
  • • Usage Data: Information about how you use our Site, including the pages you visit, the products you view, and page interaction information.
We collect this data using cookies and similar technologies. Sensitive (Special Category) Data: In the context of clinical trials, we may handle sensitive personal data. It is important to note that:
  • • We typically act as a data processor for this data, acting on the instructions of our clients (e.g., Clinical Research Organisations or Sponsors) who are the data controllers.
  • • We may process sensitive data, such as health information, only where necessary to provide our contracted services (e.g., calibrating a device linked to a patient, managing device logistics for a trial). This processing is conducted under the strict legal basis of the clinical trial framework and with appropriate confidentiality safeguards in place.
  • • Where we directly collect sensitive data (e.g., from a healthcare professional reporting an adverse event), we will rely on the legal basis that it is necessary for reasons of public interest in the area of public health or to establish, exercise, or defend legal claims.

How We Use Your Personal Data

We will only use your personal data when the law allows us to. Our primary legal bases for processing are:
  • • Performance of a Contract To fulfil a contract with you or your organisation (e.g., supplying equipment, managing a rental agreement).
  • • Legitimate Interests: For our legitimate business interests, provided your interests and fundamental rights do not override those interests (e.g., business development, website administration, network security, and fraud prevention).
  • • Consent: Where you have given clear consent for us to process your data for a specific purpose (e.g., sending you non-essential marketing communications).
  • • Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., maintaining records for tax purposes).

The table below describes how we use your data and our lawful bases for doing so.

Purpose/Activity Type of Data Lawful Basis for Processing
To provide quotes, manage orders, and deliver our products and services. Identity, Contact, Financial, Transaction Performance of a Contract
To manage payments, fees, and charges. Identity, Contact, Financial Performance of a Contract / Legal Obligation
To manage our relationship with you (e.g., notifying you of changes to our terms or this policy). Identity, Contact, Profile Performance of a Contract / Legal Obligation / Legitimate Interests
To administer and protect our business and this Site (including troubleshooting, data analysis, testing, and system maintenance). Identity, Contact, Technical Legitimate Interests (for running our business, IT services, network security)
To use data analytics to improve our Site, products/services, marketing, and customer relationships. Technical, Usage Legitimate Interests (to define customer needs, keep our Site updated and relevant)
To send you marketing communications about our services, industry news, and educational materials relevant to clinical trial ancillaries. Identity, Contact, Profile, Usage Legitimate Interests (for existing clients) or Consent (for new contacts)

Marketing

We may use your business contact details to send you marketing communications we believe are of legitimate interest to you in your professional capacity.

You can ask us to stop sending you marketing messages at any time by:
  • • Clicking the "unsubscribe" link in any marketing email.
  • • Contacting us at info@medflowclinical.com with "UNSUBSCRIBE" in the subject line.
Opting out of marketing will not affect our use of your personal data for providing services under a contract.

Disclosing Your Personal Data

We may share your personal data with the following parties:
  • • Medflow Group Companies: To ensure a globally consistent service, facilitate international deliveries, and for internal administrative purposes.
  • • Service Providers: Trusted third parties who provide services on our behalf, such as payment processing, IT hosting, logistics and delivery, and marketing automation. They are only permitted to use your data to provide the services we have requested.
  • • Professional Advisers: Lawyers, bankers, auditors, and insurers.
  • • Regulatory Authorities: HM Revenue & Customs, regulators, and other authorities who require reporting of processing activities in certain circumstances.
  • • Clinical Trial Partners: Where necessary to perform our services, we may share data with the relevant Clinical Research Organisation, Trial Sponsor, or site personnel, under strict contractual obligations.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

International Transfers

As part of a global group, we routinely transfer personal data within the Medflow group and to our international service providers.

Whenever we transfer your personal data outside the UK, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • • Transferring to a country deemed to provide an adequate level of protection by the UK.
  • • Using specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used when transferring your personal data.

Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. These include secure servers, encryption, and strict access controls. Our processes for handling clinical trial data are designed to meet the high standards of confidentiality and security required by the industry.

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. Retention periods for data related to clinical trials will be in accordance with the contractual requirements of our clients and applicable regulations.

Your Legal Rights

Under data protection law, you have rights including:
  • • Your right of access – The right to request copies of your personal data.
  • • Your right to rectification – The right to request correction of inaccurate or incomplete data.
  • • Your right to erasure – The right to request deletion of your personal data in certain circumstances.
  • • Your right to restriction of processing – The right to request we suspend the processing of your personal data.
  • • Your right to data portability – The right to request the transfer of your data to another organisation.
  • • Your right to object to processing – The right to object to our processing of your personal data in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at info@medflowclinical.com to make a data subject rights request.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns first.

Changes to This Privacy Policy

We may update this policy from time to time. The date of the last revision will be shown at the top of this page. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

Scroll