It applies to all data about transfers of value – payment or benefits in kind - that the ABPI receives from pharmaceutical companies in connection with the Disclosure UK transparency initiative.
This privacy notice explains:
In this policy when you see the words, “we”, “us, “our” or “ABPI”, it refers to the Association of the British Pharmaceutical Industry (“ABPI”).
The ABPI represents innovative research-based pharmaceutical companies, large, medium and small in the UK. The ABPI manages Disclosure UK, the publicly accessible database that shows transfers of value from pharmaceutical companies that are signatories to The ABPI Code of Practice for the Pharmaceutical Industry (“ABPI Code”), made to healthcare professionals.
The ABPI is a company limited by guarantee with registration number 09826787 and its registered office at 7th Floor Southside, 105 Victoria Street, London SW1E 6QT. For the purposes of EU data protection law, the ABPI is a “data controller”.
In this policy the words, “personal data” means any information that identifies you, for example, your name and address. It also includes transfers of value made to you by a pharmaceutical company(s) for activities that you have been engaged in with them.
We have put appropriate organisational safeguards and security measures in place to protect your data from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal data to those employees, representatives and third parties who have a business need to know it. They are only permitted to access your data on our instructions and will always be subject to a duty of confidentiality.
Any third party who is contracted to process your personal data on our behalf must have security measures in place to protect your data. We have put in place procedures to deal with any suspected personal data breach. We do not allow third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
If you would like more information about the third parties that the ABPI works with in order to deliver the Disclosure UK database, please contact us using the contact details below.
The following groups of personal data are collected and processed by the ABPI:
We also collect, use and share aggregated data, such statistical data for any purpose. Aggregated data is derived from your personal data but it is not considered to be personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate transfers of value data from all healthcare professionals shown in the publicly accessible database, to provide an overall picture of how the pharmaceutical industry is working with healthcare professionals.
Your personal data is provided to us by the pharmaceutical company(s) that you have worked with.
The law requires us to inform you of the legal basis for collecting and processing your personal information where we are the data controller. We may process your personal data using more than one lawful basis. The grounds that are most likely to be applicable to the processing of your personal data are:
Consent: If you have given the pharmaceutical company that you worked with permission to disclose to the ABPI, the transfer of value made to you for that work, the ABPI relies on this consent to undertake the processing activities that the ABPI carries out for the purpose of the Disclosure UK initiative.
Legitimate Interest: The pharmaceutical company that you worked with may have a legitimate interest in processing your personal data, in particular in order to meet their obligations under the ABPI Code in publishing details of payments and benefits-in-kind made to healthcare professionals, and considers that processing of your personal data, including the transfer of your data to the ABPI to be reasonable and without undue risk to you and the ABPI also relies on this assessment as the basis for the collecting and processing of your personal data. The ABPI also has its own legitimate interest in processing the personal data that we receive from pharmaceutical company(s) in order to administer our business, which includes running the Disclosure UK platform. Furthermore, society as a whole has a legitimate interest in understanding the financial relationships that healthcare professionals may have with the pharmaceutical industry.
Transfers of value that you have received from different pharmaceutical companies are collated and published on Disclosure UK – a publicly accessible database managed by the ABPI.
In order to validate and collate your personal data for publication on the database, the ABPI uses your personal data to contact you, provide you with information and to respond to any queries that you may raise with us through the disclosure process.
As explained above, your personal data is also aggregated with the data of other healthcare professionals for statistical analysis purposes.
We will only use your personal data for the purposes for which we collect it.
The ABPI Code states that information about payments made to individuals must be published on Disclosure UK for a period of three years from the data of disclosure. After this time, the ABPI securely destroys the dataset that is older than three years and instructs its service providers to do the same.
We may share your personal data with the parties set out below for the purpose of collating and managing the Disclosure UK database:
When the process of validation is complete, your personal data is published on Disclosure UK – a publicly accessible database.
Under certain circumstances, you have the rights set out below under data protection laws in relation to your personal data:
If you have any questions on this policy or wish to exercise any of these rights please contact us here: firstname.lastname@example.org
We will try to respond to your request within one month, although occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests, in this case we will notify you and keep you updated.
We may need to request specific information from you in order to help us to confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
Last Updated: 27 June 2018.