Privacy Policies

Tillotts Pharma respects your right to privacy and data protection. In order to fulfill our responsibilities to protect your personal data and to respect your privacy rights in compliance with applicable data protection and privacy laws and regulations, we have instituted a comprehensive, global data protection compliance framework which includes clear policies, procedures and staff training.

Tillotts Pharma may collect and process your personal data in a variety of contexts. Please read carefully our Privacy Notices which set out how we process your personal data in the specific context and explain your rights and our obligations.

If you have any questions about our Privacy Notices or approach to data protection, or wish to exercise your data protection rights, please contact us at dataprivacy@tillotts.com.

 

January 2020

Cookie Policy

Last updated on 24th July 2021

Website Privacy Policy

Last updated in July 2020

Privacy Notice to Business Contacts

Last updated: 27 February 2020

Privacy Notice in relation to Drug Safety and Drug Quality Surveillance

Last updated: 27 February 2020

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user’s experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Please state your consent ID and date when you contact us regarding your consent.

Your consent applies to the following domains: www.tillotts.co.uk

Your current state: Allow all cookies.

Your consent ID: hNO578IHEZaKvQIOS1J2SHT0DEYJHudZ4xuzXriw6B4FjDZzQyq4vQ==Consent date: Thursday, June 3, 2021, 09:38:57 AM GMT+1

 

Cookie declaration last updated on 24/06/2021 by Cookiebot:

Necessary (2)

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Name Provider Purpose Expiry Type
CONSENT YouTube Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website. 6034 days HTTP Cookie
CookieConsent Cookiebot Stores the user’s cookie consent state for the current domain 1 year HTTP Cookie

Statistics (7)

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Name Provider Purpose Expiry Type
_ga Google Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 years HTTP Cookie
_gat Google Used by Google Analytics to throttle request rate 1 day HTTP Cookie
_gid Google Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 1 day HTTP Cookie
loglevel Wistia Collects data on visitor interaction with the website’s video-content – This data is used to make the website’s video-content more relevant towards the visitor. Persistent HTML Local Storage
undefined Wistia Collects data on visitor interaction with the website’s video-content – This data is used to make the website’s video-content more relevant towards the visitor. Persistent HTML Local Storage
vuid Vimeo Collects data on the user’s visits to the website, such as which pages have been read. 2 years HTTP Cookie
wistia www.tillotts.co.uk Used by the website to track the visitor’s use of video-content – The cookie roots from Wistia, which provides video-software to websites. Persistent HTML Local Storage

Marketing (2)

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Name Provider Purpose Expiry Type
VISITOR_INFO1_LIVE YouTube Tries to estimate the users’ bandwidth on pages with integrated YouTube videos. 179 days HTTP Cookie
YSC YouTube Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Session HTTP Cookie

Unclassified (1)

Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

Name Provider Purpose Expiry Type
wistia-video-progress-# www.tillotts.co.uk Pending Persistent HTML Local Storage
  1. General

Tillotts Pharma (“Tillotts”) respects your right to privacy. This Privacy Policy (the “Policy”) explains how we collect, store, share and use personal data about you and how you can exercise your data privacy rights. This Policy applies only to personal data we collect via our website www.tillotts.co.uk (“Website”) as described in Section 3 below.

If you have questions or concerns about our use of your personal data, please contact us using the contact details provided in Section 2 of this Privacy Policy.

  1. Contacting Tillotts

If you have questions on how we collect, store and use your personal data or if you would like to exercise any of your data protection rights described under Section 11 below, please email us at dataprivacy@tillotts.com.

  1. What types of personal data does Tillotts collect and why?

The personal data we collect about you broadly falls into the following categories:

 

Types of personal data Why we collect them
Information you voluntarily provide to us:

·        Name

·        Contact details; e-mail address, other information you send us

When you contact us via e-mail, we collect these data (as well as other information you may send us via e-mail) to process your inquiry.
Information we automatically collect when you visit our Website (log file data):

·        Browser type and version

·        Operating system

·        Referrer URL (website from which you access our site)

·        Tillotts URLs that you access

·        Date and time of access

·        Internet Protocol (IP) address

The log file data are automatically provided by your web browser. In certain countries, including the countries in the European Economic Area, this information may be considered personal data under applicable data protection laws. We use this information to understand how our Website is used, where our website visitors come from and what content on our Website is of interest to our visitors. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website for our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained further under Section 6 below.

If we ask you to provide additional personal data not already described above, we will inform you about the intended purpose at the time of collection.

  1. Whom does Tillotts share my personal data with?

We may disclose your personal data to the following categories of recipients:

  • To our affiliates and third-party service providers that assist us in providing our services and process personal data in this context (e.g. to assist in providing our Website, performing functions on our Website or increasing the security of our Website) or who otherwise process personal data as described in this Privacy Policy or as communicated to you when your personal data is collected.
  • To any competent law enforcement authorities, regulatory authorities, governmental bodies, courts and other third parties whenever disclosure is required (i) pursuant to applicable laws or regulations, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other individual.
  • To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy.
  • To any other person with your consent to the disclosure.
  1. Legal basis for processing your personal data

Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.

However, we will normally collect personal data from you only (i) where we need the personal data to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person. If we ask you to provide personal data to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our Website and for our legitimate commercial interest, for instance, when responding to your queries or to improve our Website. We may have other legitimate interests and if appropriate, we will make clear to you at the relevant time what those legitimate interests are.

If you have any questions on the legal basis for the collection and use of your personal data or require further information, please get in touch using the contact details provided in Section 2 above.

  1. Cookies and similar tracking technology

We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Policy at https://www.tillotts.co.uk/cookie-policy/.

  1. Information to web analytics services

Our Website uses Google Analytics, a web analysis service by Google Ireland Limited, Gordon House, bArrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses text files which are stored on your computer and enable us to analyse how you use our website. The information generated by the Google Analytics Cookie about the use of the website is generally transferred to a Google server in the USA and stored there. On this website, Google Analytics has been supplemented by the code “gat._anonymizeIp();” in order to guarantee anonymised collection of IP addresses (called IP masking). This serves to shorten your IP address in advance by Google within the EU/ European Economic Area.

Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the Website, compile reports about website activities for the website operators and perform other services associated with the use of websites and the Internet.

The IP address transmitted by your browser as part of Google Analytics is not linked to any other data stored by Google.

For more information on the terms of service of Google Analytics, please see the Google Analytics Terms of Use located at http://www.google.com/analytics/terms/us.html and the Google Privacy Policy located at http://www.google.com/policies/privacy/.

Google LLC including its subsidiaries is EU-US Private Shield certified. For more information, please see the following US government link:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

  1. How does Tillotts keep my personal information secure?

We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.

  1. International data transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country of residence.

Our servers are located in Switzerland, a country that that the European Commission has decided provides an adequate level of data protection, and our parent company and some of our third party service providers and partners operate in countries like Japan and the USA. This means that when we collect your personal data, we may process it in any of these countries.

In cases where your personal data is transferred to a country outside the EU/European Economic Area (“EEA”) which is not covered by a decision of the European Commission that the country concerned ensures an adequate level of protection, we will take such measures as are necessary to ensure the transfer is in compliance with the applicable data protection laws, including the GDPR. Such measures may include (without limitation) transferring your personal data to a recipient that has achieved binding corporate rules authorisation in accordance with applicable data protection laws, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission. In addition, data transfers to recipients in the USA may be protected by an EU-U.S. / Swiss-U.S. Privacy Shield certification.

  1. Data retention

We retain personal data we collect from you for as long as necessary for the purpose for which your personal data was collected and processed (e.g. to answer a question you asked via e-mail or to comply with applicable legal, tax or accounting requirements).

If we have no longer any legitimate business interest to process your personal data, we will either delete your personal data or anonymise it. Statutory retention periods remain unaffected.

  1. Your data protection rights

You have the following data protection rights:

  • If you wish to access your personal data, or have your personal data rectified, updated or erased, you can do so at any time by contacting us via the contact details stated in Section 2 above.
  • You can also object the processing of your personal data, request us to restrict the processing of your personal data or request portability of your personal data. You can exercise these rights by contacting us via the contact details listed above.
  • You can also withdraw your consent at any time if we have collected and processed your personal data with your consent. Withdrawing your consent has no impact on the lawfulness of any processing we performed prior to your withdrawal nor does it impact the processing of your personal data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority concerning the collection and use of your personal data by us. For more information, please contact your local data protection authority.
  1. Links to other websites

This Policy applies only to this Website, and not to websites owned by third parties. We may provide links to other websites which we believe may be of interest to you. We aim to ensure that such websites are of the highest standard. However, due to the nature of the Internet, we cannot guarantee the privacy standards of websites to which we link or be responsible for the contents of sites other than this one, and this Policy is not intended to be applicable to any linked, non-Zeria Group/Tillotts website.

  1. Background

Tillotts Pharma (“Tillotts”) respects your right to privacy. This privacy notice (“Notice”) explains how we collect, share and use personal data about you, and how you can exercise your privacy rights. We are therefore providing you with this Notice as part of our commitment to processing personal data in line with applicable data protection laws, in particular the EU General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”) until end of the transition period, and the Data Protection Act 2018. If you have any questions or concerns about our use of your personal data, you may contact us using the contact details provided at the bottom of this Notice.

  1. What types of personal data are collected and why?

The personal data that we may collect about you broadly falls into the following categories:

  • Information that you provide voluntarily

We ask you to provide certain information voluntarily. The types of information we ask you to provide, and the reasons why we ask you to provide it, include:

Types of personal data Why we collect it
Identification and contact details (name, address, telephone number and email address) To establish and manage our relationship with you 
Financial information (bank account details, payment card)
Employment details  (employer, job title)

In addition, you may provide certain personal data when you correspond with us in the ordinary course of business, such as to schedule meetings and calls. 

If we ask you to provide any other personal data not described above, we will clarify the reasons why we ask you to provide such personal data at the point we collect it.

  • Information that we obtain from third party sources

From time to time, we may collect personal data about you from publicly available sources, or we receive your personal data from third party sources (including other suppliers, partners and our distributors); these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data to us under applicable data protection laws.  

The types of information we collect from third parties include contact details of you, and we use the information we receive from these third parties to manage our relationship and to make relevant arrangements.

  1. Who do we share your personal data with?

We may disclose your personal data to the following categories of recipients:

  • within the Tillotts Group, and to third party services providers and partners that assist us in providing our services and process personal data in this context, or who otherwise process personal data for purposes that are described in this Notice or notified to you when we collect your personal data;
  • to any competent law enforcement authorities, regulatory authorities, governmental bodies courts and other third parties whenever disclosure is required (i) pursuant to applicable laws, regulations,  or industry codes; (ii) to exercise, establish or defend our legal rights; or (iii) to protect your vital interests or those of any other individual;
  • to an actual or potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Notice;
  • to any other person with your consent to the disclosure.
  1. What is the legal basis for the processing of your personal data?

Our legal basis for collecting and using the personal data described above will depend on the type of personal data and the specific context in which we collect it.  

However, we will normally collect personal data from you only (i) where we need the personal data to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.

If we collect and use your personal data in reliance on our legitimate interests, this interest will normally be (i) to receive services/products from you, (ii) to collaborate with you, or (iii) to manage our interactions with you. 

If you have any concerns about the processing of your personal data based on our legitimate business interests, you have the right to object to such processing. For more information on your corresponding rights, please see the “What are your data protection rights” heading below.

If we collect and use your personal data in reliance on anything other than our legitimate business interests, we will make this clear to you at the relevant time. For example, if we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).  

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, you may contact us using the contact details provided under the “How to contact us” heading below.

  1. How do we ensure the security of your personal data?

We use appropriate technical and organisational measures to protect your personal data. The measures we use are designed to provide a level of security commensurate with the risks related to the processing your personal data.   

  1. Do we transfer your personal data abroad?

Your personal data may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country of residence.

Our servers are located in Switzerland, a country that that the European Commission has decided provides an adequate level of data protection, and our parent company and some of our third party service providers and partners operate in countries like Japan and the USA. This means that when we collect your personal data, we may process it in any of these countries.

  

In cases where your personal data is transferred to a country outside the EU/European Economic Area (“EEA”) which is not covered by a decision of the European Commission that the country concerned ensures an adequate level of protection, we will take such measures as are necessary to ensure the transfer is in compliance with the applicable data protection laws, including the GDPR. Such measures may include (without limitation) transferring your personal data to a recipient that has achieved binding corporate rules authorisation in accordance with applicable data protection laws, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission. In addition, data transfers to recipients in the USA may be protected by an EU-U.S. / Swiss-U.S. Privacy Shield certification. 

  1. Which data retention periods apply?

We retain your personal data for as long as we have an ongoing legitimate business interest to do so (for example, to receive services from you or to comply with applicable legal, tax or accounting requirements).  

When we no longer have a legitimate business interest to process or retain your personal data, we will either delete or anonymise it. 

  1. What are your data protection rights?

You have the following data protection rights:

  • You may access, correct, update or request deletion of your personal data.  
  • You may object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. 
  • You can withdraw your consent at any time if we have collected and processed your personal data with your consent. Withdrawing your consent has no impact on the legality of the processing we performed prior to your withdrawal nor does it impact the processing of your personal data if a legal basis other than your consent exists.
  • You have the right to complain to a data protection authority about our collection and use of your personal data.  For more information, please contact your local data protection authority. 

You may contact Tillotts at any time with a request to exercise your data protection rights, at no cost to you, by e-mail to dataprivacy@tillotts.com.

You will receive a response to your request in accordance with applicable data protection laws.

  1. Updates to this Notice

We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. 

You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.  

  1. How to contact us

If you have any questions or concerns about our use of your personal data, please contact us using the following details: dataprivacy@tillotts.com.

  1. Background

Tillotts Pharma (“Tillotts”) develops and markets prescription and over-the-counter medicines for human use (“Tillotts Products” or “Products”). 

This Privacy Notice (the “Notice”) explains how we process (e.g. collect, use, store, and share) your personal data for the purposes of drug safety and drug quality surveillance, as further outlined below (the “Purpose”). The scope of this Notice is limited to the collection and processing of your personal data in connection with the Purpose. We will process your personal data only in accordance with this Notice and in line with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) until the end of the transition period, the Data Protection Act 2018, and other applicable local laws in your jurisdiction that regulate the processing of personal data (the “Data Protection Laws”).

  1. What categories of personal data do we collect?

We may process the following categories of personal data from you in connection with the Purpose:

Adverse Event Reports 

About a patient:

  • Initials;
  • Age and/or date of birth;
  • Gender;
  • Details of the Product causing the adverse event; 
  • The reason you have been taking or were prescribed the Product;
  • Details of other medicines or remedies you are taking or were taking at the time of the reaction;
  • The reason you have been taking the other medicines and any subsequent changes in your medicines;
  • Details of the reaction you suffered, the treatment you received for that reaction, and any long-term effects the reaction has caused to your health; and
  • Medical history considered relevant, including documents such as laboratory reports.

About a reporter:

  • Name;
  • Contact details (which may include your address, email address, phone number or fax number); and
  • Profession.

Medical Information Inquiries

About a patient:

  • Initials;
  • Age and/or date of birth;
  • Gender;
  • Details of the Product causing the adverse event; and
  • The reason you have been taking or were prescribed the Product;

About a reporter:

  • Name;
  • Contact details (which may include your address, email address, phone number or fax number); and
  • Profession.

Product Quality Complaints

About a reporter:

  • Name;
  • Contact details (which may include your address, email address, phone number or fax number);
  • Type of claimant (e.g., are you a patient or HCP); and
  • Details of the Product causing the quality complaint.
  1. Why do we process your personal data?

Adverse Event Reports

Any personal data related to adverse events or other activities related to drug safety will be used solely for the detection, assessment, understanding, and prevention of adverse effects or any other Product-related problem. Your personal data will be maintained in our safety database which is regularly analysed for overall patterns. If you are a reporter, your personal data may be processed in connection with follow-up activities. 

Medical Information Inquiries

Any personal data related to a medical information inquiry may be used to answer the inquiry, follow up on such requests and maintain the information in our database for reference. Where required by law, we may also report the data to regulatory authorities. 

Quality Complaints

Any personal data related to a Product quality complaint will be used solely for the detection, assessment, understanding, and prevention of the Product quality problem. Your personal data may be processed in connection with follow-up activities. 

  1. What is the legal basis for the processing of your personal data?

We process your personal data for the Purposes in order to comply with our legal obligations (Article 6(1)(c) GDPR) and for reasons of public interest in the area of public health (Article 9 (2)(i) GDPR). 

  1. Who do we share your personal data with?

We may share your personal data with: 

  • Health authorities;
  • Within the Tillotts Group; and
  • Partner companies that assist us (e.g. distribution partners, service providers, consultants, IT service providers, etc.).

In any report that is shared, only the minimum data required is included, and the names, initials and contact details of patients are always removed to the extent permitted by applicable laws.

  1. Do we transfer your personal data outside the EU/EEA?

Our relevant safety databases are hosted in Switzerland and Germany. However, we may need to transfer your personal data to parties that are based outside of the European Economic Area (“EEA”) in a country for which the European Commission has not decided that it ensures an adequate level of data protection (“Third Country”). 

In cases where your personal data is transferred to a Third Country, we will take such measures as are required to ensure the transfer is in compliance with Data Protection Laws. Such measures may include (without limitation) transferring your personal data to a recipient that has achieved binding corporate rules authorisation in accordance with applicable Data Protection Laws, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission. In addition, data transfers to recipients in the USA may be protected by an EU-U.S. / Swiss-U.S. Privacy Shield certification.

  1. How do we ensure the security of your personal data?

We have implemented appropriate state of the art technical and organisational measures to safeguard personal data processed for the purposes of drug safety, including procedures designed to restrict access to personal data to those employees who need it to perform their job. 

We maintain physical, electronic and procedural measures to safeguard personal data from accidental loss, destruction or damage and unauthorised access, use and disclosure. 

Whenever reasonably possible, we process personal data in key coded pseudonymised form.

  1. Which data retention periods apply?

Your personal data will be stored in accordance with applicable laws and kept as long as needed to carry out the Purpose or as otherwise required by applicable laws. 

  1. What are your data protection rights?

Under Data Protection Laws, you have the right to:  

  • check whether we hold personal data about you, and if so for what purposes and what kind of personal data we hold about you and to request copies of that data;
  • request rectification or erasure of your personal data that is inaccurate or processed for purposes not stated above;
  • request us to restrict the processing of your personal data;
  • in certain circumstances, object to the processing of your personal data;
  • if data processing is based on consent, you may withdraw your consent at any time, however, without affecting the lawfulness of processing based on consent before its withdrawal;
  • request information on the identities or categories of third parties to which your personal data are transferred; and
  • lodge a complaint with the data protection authority in your country.

 

Please note, however, that under applicable laws, there may be limits on these rights depending on the specific circumstances of the processing activity. Please note that due to our legal obligations under pharmacovigilance legislation, Tillotts may not be able to erase or restrict processing of your personal data. Contact us as described in Section “How to contact us” with questions or requests relating to these rights.

  1. Updates to this Notice

We may update this Notice from time to time in response to changing legal, technical or business developments. We will take appropriate measures to inform when we update our Notice, consistent with the significance of the changes we make. 

It is possible to see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.  

  1. How to contact us

Any questions or concerns about our use of personal data can be directed to: dataprivacy@tillotts.com.

NU-01449 October 2021