This website (“Website”) is operated by AFT Pharma UK Ltd (“we” “us”)AFT Pharma UK Ltd is a private limited company registered in England and Wales under company number 14521612 and we have our registered office atMilner House, 14 Manchester Square, London, United Kingdom, W1U 3PP.
We are registered with the Information Commissioner’s Office (the ICO) with registration number ZB585626. We have therefore developed this privacy policy to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal data.
AFT Pharma UK Ltd is part of the AFT Pharmaceutical Group of companies which is comprised of different companies, details of which can be found at aftpharm.com AFT Pharma UK Ltd is the data controller and responsible for this website,
Who is responsible for the Processing of Your Personal Data?
The AFT entity responsible for the processing of your personal data will depend on how you interact with AFT’s website and where you are located in the world. The relevant AFT entity referred to as “AFT”, “our”, “we” or “us” in this privacy policy.
Please review our List of Local Entities for the name of the AFT entity responsible and the appropriate contact information.
What Personal Data do we Collect and When?
The type of personal data that we will collect from you, and you voluntarily provide to us on this website may include some or all of the following depending on how you use our website:
Data we collect automatically
When you interact with our website we will automatically collect certain information about you as follows:
Website Usage Data: IP address, browser type and version, operating system, device information (e.g. device type, screen resolution), date and time of website visits, pages visited on the website, clickstream data (user’s navigational path).
| Cookies and Tracking Data | Cookies (e.g., session cookies, persistent cookies), User Tracking Information (for analytics and personalisation)] |
Data you provide us with directly:
When you use our website you may provide us with information about yourself, including when you use the “contact us” form. This includes name, email address and whatever personal data you choose to include in your message.
You may also provide us with information when you interact with us generally, such as when we contact you concerning orders or account management.
Using Your Personal Data: The Lawful Basis and Purposes
The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following lawful bases:
Performance of a contract with you: where we need to perform the contract we are about to enter into or have entered into with you.
Legitimate interests: where using your personal data is necessary to pursuant our legitimate interests or those of a third party and these interests are not outweighed by yours.
Legal obligation: where using your personal data is necessary for compliance with a legal obligation that we are subject to.
We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
| Purpose/Use | Type of data | Lawful basis |
| To register you or the business you represent as a customer and to carry out your requests when you purchase our goods. We use this information to serve you as a customer and for our internal accounting and audit purposes. | Name, email address, contact details, position at work. | Performance of a contract. To pursue our legitimate interests in running an effective business. To comply with a legal obligation. |
| When you exercise available rights under data protection law and make requests | Name, address, contact details, purchase history and any other relevant information depending on your request. | To comply with a legal obligation. |
| To ensure the security of our website | Website Usage Data. | (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
| For compliance with legal and regulatory requirements and related disclosures | Personal information, website usage data, cookies data, product-related data. | To comply with a legal obligation |
| For market research, analysis, and developing statistics | [Contact details, purchase and payment history, account details] | Necessary for our legitimate interests (to study how customers use our products/services and to help us improve and develop our products and services). Necessary also for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy). |
| When you use our website “Contact Us” submission form | Name, email address, free format text | Necessary for the performance of a contract |
| To operate, improve and maintain our business, products, and services | Name, email address, customer ID, account number, IP address, cookies and location data. | Necessary for our legitimate interests in running an effective and competitive business. |
| To protect our or others’ rights, property, or safety | Name, Email address, customer ID, account information, communication records, | To pursue our legitimate interests in protecting the website, user accounts and business operation from fraud, unauthorised access, and other security threats. comply with a legal obligation. |
Sharing of Your Personal Data
We do not sell your personal data.
We may share your personal data with other organisations in the following circumstances:
- We use third party service providers who process your personal data as part of their services to us including IT service providers.
- Where we are required to share personal data to comply with legal and regulatory obligations (such as tax authorities).
- AFT’s entities for the purposes and under the conditions outlined in this privacy policy. This includes its subsidiaries, and affiliated companies.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Or businesses we merge with or acquire. If we undergo such a change the new owners may use your personal data in the same way as set out in this privacy policy.
- We require all third parties to keep your personal data secure and treat it lawfully. Third party services providers are not permitted to make use of your personal data for their own purposes only on our instructions.
Our website contains links to websites owned and operated by third parties. If you use these links, you leave our Website. These links are provided for your information and convenience only and are not an endorsement by AFT of the content of such linked websites or third parties. AFT has no control over the contents of any linked website and is not responsible for these websites or their content or availability. You should review the privacy notice of linked websites carefully.
Rights under Data Protection Law
The Right to be Informed about our Collection and Use of Personal Data
You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website privacy notice. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.
Right to Access Your Personal Information
You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.
We may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
Right to Correction Your Personal Information
If any of the personal information we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct it.
Right to Stop or Limit Our Processing of Your Data
You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
You can ask us to restrict processing your data, for example where:
- you’re contesting the accuracy of your personal data.
- we no longer need to process your personal data, but you want us to keep it for use in legal claims.
- you’ve objected to the processing by asking us to stop using your data, but you’re waiting for us to tell you if we have overriding grounds which mean we’re allowed to keep on using it.
Right to Erasure
You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Where the right doesn’t apply, we’ll let you know why we can’t action your request.
This right may be applied where:
- personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- the processing was based on your consent which you withdraw (and there are no other legal grounds for processing that data).
- you exercise your right to object and there are no overriding legitimate grounds for the processing.
- there is no lawful reason to retain personal data or if the personal data must be erased to comply with a legal obligation.
Right to Portability
The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used, and machine-readable format. It also gives you the right to request that a controller transmits this data directly to another controller.
Rights in Relation to Automated Decision Making and Profiling
You have rights around automated decision-making and profiling. Automated decision-making means a decision made solely by automated means, without any human involvement. Profiling means the automated processing of your personal information to evaluate certain things about you. You have the right to information about these kinds of processing, and the right to ask for human intervention or to challenge an automated decision.
If you would like to exercise any of the above rights, please contact us as set out below.
For More Information About Your Data Protection Rights
The Information Commissioner’s Office (ICO) regulates data protection matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as AFT are available publicly.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
How Long We Keep Your Information
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Where the same record has to be kept for more than one purpose and there is a different retention period for each of those purposes, the record is kept for the longer period.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. Platforms, systems, and facilities in which personal data are processed are protected by secure network architectures that contain firewalls and intrusion detection devices.
In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
Transfers of your personal data out of the UK/ European Economic Area.
The personal data that we hold about you will be processed in the UK and New Zealand and other countries by our group. Your data may also be shared with third-party service providers and other recipients based outside the UK and EEA.
Where we transfer your data outside of the UK and EEA, we at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government and/ or European Commission.
- where we use certain service providers, we may use specific contracts (known as Standard Contractual Clauses or International Data Transfer Agreements) approved by the UK government or European Commission. which give personal data the same protection it has in the UK or EEA, as well as any additional security measures as required.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK and/ or European Economic Area.
Contact Us
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:
AFT Pharma UK Ltd, [FAO Data Protection Officer (DPO)]
Milner House, 14 Manchester Square, London, United Kingdom, W1U 3PP
infouk@aftpharm.com
Contact within UK: 0203 670 7602
From outside UK: +44 203 670 7602.