Privacy Policy
Millpledge Group specialises in the design, development and manufacture of medical devices and pharmaceuticals and supplies its products to animal health and medical practitioners, pharmacies, distributors or wholesalers. Millpledge also supplies laboratories, government, educational and institutional health care facilities and research centers, charities and other alternate care sites. Millpledge’s headquarters are located in Clarborough, Nottinghamshire, UK. Millpledge Group and its subsidiaries supplies its healthcare products to over 25 countries.
Millpledge Group makes its products available through its own subsidiary network or via distribution partners, providing a large selection of own branded or privately labelled products. Millpledge also offers its customers technical product support and recommendations. We also publish reference materials for use in a professional healthcare setting.
Millpledge is accredited to ISO 9001:2012 & ISO:13485 2016 Quality Management Systems.
Millpledge holds accreditations to GMP & GDP, International business standards that provide high standards of business processes and practices.
Your Continued Trust in Us
At Millpledge your privacy is important to us. We process personal and market data in different contexts and we do so by fully respecting your rights to privacy as part of our commitment to ethical, lawful and responsible practices.
Millpledge Group is committed to protecting the information that our employees, customers, prospects and suppliers have entrusted to us. We collect and use personal and market data in order to perform our business functions and meet our objectives in providing and developing higher class, quality health care products and services.
We treat any personal or market data that we obtain in accordance with extensive data privacy principles including; purpose limitation, data quality, data and storage minimisation, integrity and confidentiality, accountability and privacy.
This Policy applies to all personal and market data in any format or medium, relating to all employees, customers, suppliers and contractors who do business with the Millpledge Group.
It is understood that by providing personal data in any format to Millpledge, you consent that all personal data may be processed by us and for the purposes outlined herewith.
The Matrix of Personal Data We Collect and Use
We consider personal data as any information related to an identified or identifiable individual. Depending on the context of your relationship with Millpledge Group, we are provided with or collect and use different types of personal data from employees, contractors, candidates, customers, prospective customers and suppliers.
Personal data refers to personally identifiable information about you, examples include your name, contact telephone number, mailing address and email address.
Relationships and data include;
Contractors, Applicants and Employees: personal contact information, finger print and or login information, employment details and prior employment history including insurance details, reference contact details and particulars and any data provided by a referee. Benefits, compensation, performance, CCTV images, use of company resources including vehicles for employees, contractors, and applicants all in connection with their role or potential role within the Millpledge Group.
Customers: name, tax and financial information, incorporation and business identification numbers, license numbers, contact information for key personnel, language preferences, signature, login information and communication preferences including frequency, customer profiles including personal qualifications, preferred supplier and marketing attributes.
Prospective customers: including name and contact information, other information provided at exhibitions, congress or during visits, seminars and meetings.
Indirect Customers: we are provided personal data from customers of our customers, which may include personal information, provided only when necessary in providing an indirect Millpledge service, product or to satisfy a program requirement. In this context, we act on behalf of our customer and the data is treated in accordance with this privacy policy.
Suppliers: including name, tax, license and financial information, contact information for key personnel, language, business number, communication preferences and contractual supply agreements.
Visitors to a Millpledge premises: includes name, finger print and contact information and CCTV images from security cameras.
Website email and social media users: In addition to the information visitors submit through web, email forms or ecommerce channels, we may collect the domain name, Internet Protocol (IP) address, browser type and version, operating system and platform, average time spent on the website, pages viewed, information searched for and visit times. Our website uses cookies.
Sources & Collection of Personal Data
Millpledge Group receives and uses various types of personal data in order to conduct our day to day business activities. We collect only the data necessary and by fair means and providing notice and requiring consent when necessary. We do not outsource or purchase prospective customer data.
Data is collected directly from you in the following situations, when:
You provide us with any type of service, as a provider or supplier. When we provide you with any type of service, product, reward or loyalty benefits or technical support or product information, reference or product recall notice. When you browse, or use our website, ecommerce services, Apps or social media sites. When visiting our exhibition stand or during national or local sales presentations. When applying for a position within Millpledge. Alternatively, when we negotiate and/or establish a contract. We may also record and store telephone conversations.
We also share data within the Millpledge Group, in order to, carry out analytics to determine and develop products and services which may be of commercial and ethical benefit in alternate territories.
We may share data within Millpledge in order to improve our product portfolio and customer service support objectives. We also use personal data to ensure we are meeting the working time directive.·
Uses and Purposes of Personal Data
The purposes for which we collect and use your personal data may vary depending on the type of relationship you have with us, such as if you are an employee, prospective customer, customer, or a website or App user. Millpledge Group always collect and use personal data according to the relationship between us. The use of personal data for new purposes should always guarantee consistency and your privacy expectations, otherwise we will request your authorisation
Employees and candidates: if you apply for a position at Millpledge, we use your personal data to consider you for employment and to administer your application and/or file. If you have an employment or commercial relationship with Millpledge Group, we use your personal data to conduct performance evaluations and to comply with legal obligations, including tax and labour regulations.
Customers: we use our customers’ information to maintain our commercial relationship, to ensure the proper operation and procedures are undertaken in order to maintain the high standards of day-to-day business and customer satisfaction, to comply with tax and other regulations and to administering sales, and marketing activities. We will contact you to inform you of your product choices, new products, services, expiring rewards and subjects or innovations we consider are of interest to you. We also provide address data to our carrier partners in order to facilitate satisfactory delivery and tracking of your purchase orders.
Indirect Customers: Millpledge provides technical product and sales support to its customers that use our products and services as and when required, despite Millpledge not having supplied the product or service directly. Indirect customer data is stored and processed in order to maintain customer service support, open dialogue and transparency between customer service staff, the supply channel and the brand.
Prospect customers: information from prospect customers is used to respond to their requests for information, products or services, and for marketing activities.
Suppliers: : if you have a business or professional relationship with a Millpledge Group company, we will use your information to develop our business relationship with you, and to comply with tax and other regulations and or liabilities.
Visitors & Internal IT Networks: our buildings and premises have some access controls and some have CCTV systems for security and liability purposes. Visitors using Millpledge data networks are subject to our IT Data & Data Security policy.
Website, App and social media users: we collect personal data from visitors and users of our website, App and social media pages. We use the information to manage your account registration, account maintenance, to store your preferences and settings in order to differentiate your account from others, to provide interest-based advertising, to analyse program successes and failures and understand how you use our website, App and online services.
We also may use personal data of our customers, prospects and suppliers for other purposes based on our legitimate business interests, such as to conduct analytics for product development, to create statistics about product usage and trends, to generate profiles for designing promotional offers.
Legal Basis for Data Collection, Processing and Use
Millpledge Group only collects and uses personal data when there is a fair and legal basis for its collection and use and that each basis is appropriate for the activity to relates to. For instance, when the collection of personal data is necessary to enter into a contract, to meet our legitimate interests, to comply with legal obligations or when we have your authorisation.
Typically, the information we collect when we enter into a contract or business relationship with you, except where optional, is mandatory to maintain our relationship and comply with our legal obligations. For example, some tax laws, labour, anti-fraud or regulatory compliance laws require Millpledge to collect certain information that inevitably varies in accordance with local regulations. Without the required mandatory information, we would be unable to supply or work with you.
Marketing activities are usually based on your consent, legitimate interest or based on an existing business relationship with us. However, you can opt-out of these communications at anytime.
When we have access to personal data on behalf of our customers or employees, in our role as data processors, there is always a written contract regulating this, including specific instructions for the data processing and safeguards.
Retention Periods, Erasure & Rights to Erasure
Millpledge Group stores personal data and records only for the length of time required to fulfill the purpose for which the data was collected and in maintaining our relationship. ‘Data minimisation’
We do not keep personal data for longer than is necessary and what is necessary depends on specific circumstances such as regulations requiring the retention of information for a certain period of time for example, legal claims, product and batch circulation information, licensing agreements or the maintaining of financial records for legal audit or inspection purposes.
The retention period is also determined based on the context in which we process data such as data from use of our website and App, data from prospective employees, or employee data after staff have left the Millpledge Group. The retention periods are established considering Millpledge Group’s legitimate business purposes and in accordance with local regulations and laws.
Millpledge has a dedicated erasure procedure in place to meet the new Right to Erasure obligation. We will remove personal data within 30 days of written notice to us. We will also provide written notice to any business partners with which we have shared personal data such as freight carriers, HR or payroll services to also comply.
Internal Data Transfer, Third Parties and Processing Activities
From time to time, Millpledge Group engages third party contractors, service providers, and other suppliers to assist us in accomplishing the business objectives. There are other circumstances where we are required by law to disclose personal data to third parties such as public bodies, regulators or judicial authorities.
Examples include; Payroll and financial processing and auditing, Warranty, HR, IT, MHRA, VMD, waste disposal services, freight and parcel carrier services etc. If the engagement involves the transmission of personal data, Millpledge Group requires the service provider to treat that data consistent with this Policy. A contract to protect the personal data will be executed before any data is disclosed. All telephone, computer, server, iPad and CCTV hardware has data deleted before secure destruction or removal from our premises.
In certain circumstances, Millpledge Group may be required to disclose personal information when required by law, when required to protect our legal rights, or in an emergency situation where the health, safety or security of an individual is endangered.
We may also disclose personal data in the context of any sale or transaction involving all or any portion of the business
Subject Access Request (SAR)
We have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge.
Our internal procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
Security & Data Breaches
Millpledge Group is committed to the security, confidentiality and integrity of the data it holds. We take commercially reasonable precautions to keep all information obtained secure against unauthorised access and use and periodically we review our security measures. We are committed to processing your data in a secure manner and have put in place specific technical and organisational measures to prevent the personal data we hold from being accidentally or deliberately compromised.
Millpledge Group uses Sophos security software on its servers.
We are unable to qualify the security of information provided to us by third parties via email.
We also conduct information risk assessments, our staff are trained and understand the importance of protecting personal data, we actively manage access rights within the company. We include both physical security and virtual security in our overall data security approach. We are diligent in selecting suppliers that process personal data on our behalf so that they also ensure appropriate technical and organisational measures to protect the data.
We have several layers of data security measures, including: -
SSL, access controls, password policy, encryptions, pseudonymisation practices, access and download and upload restriction, authentication and finger print identification.
Millpledge Group makes reasonable efforts to notify individuals and regulatory authorities, as required by law, if we reasonably believe that personal information has been stolen, disclosed, altered or infringed by an unauthorised person. We create and maintain a breach notification and reporting protocol.
We also adopt the concept of privacy throughout design which is an approach to projects that promotes privacy and data protection compliance from the outset. We therefore consider the privacy and security implications for any new project or process throughout its lifecycle
Subject Data Protection Rights and Choices
If you reside in the territory of Europe, Millpledge Group is committed to facilitate the exercise of your rights granted by the new European data protection law.
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information either via our website, office locations, during induction etc of an individual’s right to access any personal information that Millpledge processes about them and to request information about: -
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Specifically within the EU:
Transparency and the right to information: Notice is provided to our employees, customers, suppliers and others of how we use personal data in our daily operations at the time of collection, or as soon thereafter as possible. We also publish this privacy notice online for greater transparency.
Right to access, amendment, restriction of processing, and erasure: we provide access to personal data where required by law. In addition, we will amend personal data when it is incorrect or inaccurate, and we will ensure the right to erasure and to restriction of processing when these rights are not compatible with local regulations. Similarly, we will notify our supply partners of such amendments including your communication preferences.
Right to object and withdraw consent at any time: for all marketing materials and channels, you can opt-out anytime. The right to object for other processing activities will be considered to ensure that such a request is not incompatible with local or mandated regulations or the legitimate interests of Millpledge Group.
Right to data portability: based on your specific situation, we provide data subjects with the right to obtain and reuse your data across different services and includes transferring of your data to you, another controller or a trusted third party.
Right to lodge a complaint with a supervisory authority
These requests should be submitted as follows:
Opt-out of marketing communications: you can opt-out anytime by following the opt-out instructions in our e-mails, Product News Letters or calling our customer service line or via our web site, by writing to us at our free post address or by communicating your wishes to a Millpledge representative or team member.
To exercise the rest of your rights: you should send a communication in writing to your local Millpledge Group office using the contact information shown herewith and providing the following information in order to verify your identity your name address telephone number, email and account number if applicable. Millpledge Group will attend to your request in a timely manner within 30 days after receiving your request. If for any reason we need to extend this period of time, we will contact you.
Right to lodge a complaint with a supervisory authority: you can have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of the alleged infringement
International Transfers of Personal Data
Where Millpledge stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data.
Our procedures include a continual review of the countries with sufficient adequacy decisions, as well as provisions for binding corporate rules; standard data protection clauses or approved codes of conduct for those countries without. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
From any location, by visiting and using our web site or Apps and communicating electronically or manually with us, you consent to the processing and transfer of your data as set out in this Privacy Policy.
GDPR Roles and Employees
Millpledge have designated our IT Department as our Data Protection Department (DPD) and have appointed a data privacy team to ensure the compliance with and the implementation of the new data protection Regulation. The team are responsible for promoting awareness of the GDPR across the organisation, assessing our GDPR requirements, identifying any gap areas and implementing the new policies, procedures and measures.
Millpledge understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our data protection changes. We have included an employee training program specific for GDPR which has been provided to all employees prior to 25th May, 2018, and forms part of our induction and annual training program.
If you have any questions about our GDPR compliance, please contact our Data Protection Department (DPD).
Changes to the Notice
We reserve the right to modify this Policy and related business practices at any time. We will duly inform you of any changes. Changes in this Policy will be notified to you via an email communication. we will give you the opportunity to express your consent for processing your data for different and new purposes, or we will in any case inform you about the legal basis of such processing other than consent. The time stamp you see on the Policy will indicate the last date it was revised.