Last update: 10 January 2022
This Notice is issued by ORPHAN DRUG CONSULTING LIMITED.
We respect your privacy and are committed to protecting your personal data. This Privacy Notice describes the types of information we collect and use, how and why we use such information, who we share it with, and tells you about your data protection and legal rights.
When we say “we”, “us” or “our”, we mean ORPHAN DRUG CONSULTING LIMITED., a company incorporated in Ireland with company number 702172 and its registered office at Templemore, Tipperary, Ireland, the controller of your information.
Who this policy applies to
This Privacy Notice applies to all visitors and customers who access or use our website, and related services (together, the “Website”), anyone who purchases any products or services from us whether through our Website or by phone or otherwise, and our prospective, current and former customers, (each, “you” or “your”).
This Website is not intended for children and we do not knowingly collect data relating to children.
We are committed to ensuring that all personal data are:
- Processed lawfully, fairly and transparently
- Processed for specific purposes only, and not in any manner incompatible with those purposes
- Adequate, relevant and limited to what is necessary
- Not kept longer than necessary
- Processed consistent with your rights
- Kept confidential and secure
Types of personal data processed
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use and otherwise process the following types of personal data:
- Identity data: includes personal details and contact information such as first name, last name, home address, phone number, email address, fax number, unique ID code (which allows us to process your orders and payments).
- Contact data: includes billing address, delivery address, email address and telephone numbers.
- Financial data: includes bank details, VAT number.
- Transaction data: includes details about payments to and from you and other details of products and services you have purchased from us.
- Profile data: includes your username and password, purchases or orders made by you, your interests, preferences, and publicly available information (such as LinkedIn profiles), feedback and survey responses.
- Usage data: includes information about how you use our Website.
- Marketing and communications data: includes your preferences in receiving marketing from us, and your communications preferences. We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products and services may be relevant for you. You may receive marketing communications from us if you have requested information from us. We may also do this if you are a customer or a former customer and you will always have the right to unsubscribe from such communications.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data under data protection legislation as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
We do not collect any special categories of personal data about you (such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If we need to collect personal data under applicable law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you to provide products to you.
How we use your personal data
We use your personal data for the purposes outlined below, except where restricted by law. In doing so, we rely on a number of separate and overlapping legal bases to lawfully process your personal data. We set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We also identify what our legitimate interests are, where appropriate.
We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you would like more details about the specific legal ground we are relying on to process your personal data.
The table below sets out the purposes for which we use your personal data and the legal bases we are relying on in the table below:
|Lawful Purpose||Description||Legal Basis|
|Register you as a new customer||To set-up your customer account so that you can buy products from us.||Performance of a contract with you.|
|Manage customer accounts||To maintain and manage customer accounts and process payments made by you to us. To contact you in relation to your order.||Our legitimate interests to recover debts due to us.|
|To process and deliver your order||To fulfil any orders, process and manage payments, fees and charges and to collect and recover money owed to us, arranging for postage, and providing you with invoices and order confirmations.||Performance of a contract with you and necessary for our legitimate interests to recover debts due to us.|
|To manage our relationship with you||To notify you about changes to our terms or policies and asking you to leave a review or take a survey.||Performance of a contract with you. Necessary to comply with a legal obligation. Our legitimate interests to keep records updated and to study how customers use our products/services.|
|To administer and protect our business and the Website||To include troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data and screening customers and orders for potential risk or fraud.||Our legitimate interests of running our business, provision of administration and IT services, network security and to prevent fraud. To comply with a legal obligation.|
|To deliver relevant Website content and advertisements to you||To measure or understand the effectiveness of the advertising we serve to you.||Our legitimate interests to study how customers use our products, to develop them, to grow our business and to inform our marketing strategy.|
|To make suggestions and recommendations to you||To recommend products and services that may be of interest to you.||Our legitimate interest of developing products and growing our business.|
|Improve efficiencies and processes||To process information from feedback and reviews.||Our legitimate interest of improving efficiencies in the workplace, internal management and effective performance of Personnel.|
|To market our Website||Where permitted by digital marketing law we may contact you by email to let you know about future events, events, promotions, news and sales.||Our legitimate interests of marketing our Website and developing our business.|
|To enable you to take part in a prize draw, competition or complete a survey||To provide you with information and updates in relation to our business, products, promotions, competitions and events.||Performance of a contract with you. Our legitimate interests to study how customers use our product, to develop and grow our business.|
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How we share your personal data
We may share your personal data with the parties set out below for the lawful purposes referred to above:
- To service providers to help us provide our services and communicate with you. For example, categories of service providers include companies we sub-contract to produce work for you like printers and fitters, IT software and hosting providers, service providers of delivery and warehousing services, payment processing service providers, companies assisting with our marketing services, debt collection agencies (where applicable), companies providing auditing services and our other business partners.
- To third parties in the case of business re-organisation. For example to third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
We may also share your personal data for legal and safety reasons: We may retain, preserve, or share your information if we have a good-faith belief that it is reasonably necessary to (a) respond, based on applicable law, to a legal request (e.g., a subpoena, search warrant, court order, or other request from government or law enforcement); (b) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; (c) protect our rights, property, or safety; (d) enforce our terms and conditions or any other contracts we have with you; (e) prevent physical injury or other harm to any person or entity, including you and members of the public.
If we outsource the processing of personal data to third parties or provide personal data to third party service providers, we require those third parties to protect the personal data they are provided with appropriate security measures and only use it to provide their service to us prohibit and restrict them from using the personal data for their own purposes.
We have put in place appropriate technical and organisational measures to protect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data (including special categories of personal data). In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any regulatory authorities of a breach where we are legally required to do so.
We generally store any data within the European Economic Area (“EEA”). If for any purpose described in this Privacy Notice we need to transfer your information to recipients outside the EEA, we will only do so strictly in accordance with EU data protection law. If you are based in the EEA, when your data is moved from your home country to a third country outside the EEA some of these countries may not have the same data protection safeguards as your home country. If we transfer your personal data out of the EEA, we will ensure a similar degree of protection is afforded to it. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Third party links
We will only retain your personal data only for as long as is necessary for the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax and accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect of our relationship with you, or we are otherwise permitted to continue storing such data.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You have several rights in relation to your personal data. You have a right to:
- access a copy of your personal data held by us;
- request rectification of your personal data if it is inaccurate or incomplete;
- request erasure of your personal data in certain circumstances;
- restrict our use of your personal data in certain circumstances;
- move (or port) personal data which you have given us to process; and
- object to the processing of your data where our legal basis for processing your data is our legitimate interests.
However, these rights may not be exercised in certain circumstances, such as when the processing of your data is necessary to comply with a legal obligation or for the exercise or defence of legal claims.
If you have any questions about this Privacy Notice, or if you require further information about our use of your personal data or you wish to avail of any of your rights, you may contact us at firstname.lastname@example.org
If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, you have the right to lodge a complaint with the Data Protection Commission. The contact details of the Data Protection Commission are:
Data Protection Commission,
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Phone +353 87 103 0813
Changes to the Privacy Notice
We may update this Privacy Notice from time to time in order to reflect, for example, changes to our business, our practices, or for other operational, legal or regulatory reasons, so please review it frequently. We will notify you of any changes by posting the updated policy on this page with its effective date.