Skip to content

Please read the following carefully.

This Privacy Notice describes how NAPP Pharmaceuticals Limited and its network of independent associated companies including Mundipharma companies (“NAPP” also referred to as “we” or “us” or “our”) will process your information when you use our website www.napp.co.uk (“Site”), or otherwise when you provide personal data to us through the means described in this Privacy Notice. This Privacy Notice supplements other privacy notices that we may provide on our Site or through other means from time to time when we process your information.

Please note this Privacy Notice does not cover any third-party sites referred to or accessed using links or buttons on this Site. These third-party sites may have their own terms and conditions and privacy policies. We are not responsible for the terms and conditions, privacy policies or content of any website referred to or accessed through this Site.

This Site is not intended for use by children (under 16 years old). However, the legal representative of a child may exercise the rights set out in this Privacy Notice on behalf of the child.

NAPP takes the privacy of your personal data very seriously. In the event that you send us any of your personal data, we are committed to collecting, maintaining, and securing personal data about you in accordance with our internal data protection policies and local laws.

To read more about how we use your personal data, please click on the topic of interest below.

To access the Privacy Notice for Healthcare Professionals please click here.

CONTENTS:

1) PERSONAL DATA COLLECTED USING THIS SITE

  • Adverse Event Reporting
  • Careers
  • Website and Cookies
  • Mobile Applications (Apps)

2) PERSONAL DATA COLLECTED THROUGH OUR BUSINESS OPERATIONS

3) PERSONAL DATA COLLECTED THROUGH SOCIAL MEDIA PAGES

4) PERSONAL DATA COLLECTED FROM OTHER SOURCES

5) THE BASIS FOR USING YOUR INFORMATION

6) SHARING YOUR PERSONAL DATA

7) LOCATION OF PERSONAL DATA WE COLLECT

8) TRANSMISSIONS USING THE INTERNET

9) DATA RETENTION

10) AUTOMATED DECISION MAKING

11) YOUR RIGHTS

12) DEFINITIONS

13) CONTACT US

This Privacy Notice is reviewed and updated from time to time. If we update the terms, we will provide notice through our home page, or by other means, so you can review the changes. Please check back if you continue to use this Site or interact with NAPP.

1) PERSONAL DATA COLLECTED USING THIS SITE

NAPP may collect personal data when you provide it to us, including:

  • Contact details such as your name, professional title, email address, user names, phone numbers
  • Professional details such as data included in your CV, information about your qualifications, expertise, jobs, employers, professional affiliations, medical practitioner number or government issued ID, service and performance metrics, and scientific publications.
  • Communication records if you contact us, such as emails and call notes with our staff and representatives
  • Information about your visits to this Site, including the type of browser and operating system that you use, access times, pages viewed, URLs clicked on, your IP address and the page you visited before navigating to our Sites, and login credentials
  • Device information such as your IP address, device ID, device attributes and local information (see our Cookies Policy)
  • Certain information from your social media account where you have chosen to connect your social media account with your account with us
  • Communications data, such as your preferences in receiving communications from us

Adverse Event Reporting

An adverse event can be any untoward medical occurrence in a patient or clinical trial subject administered a medicinal product. It includes an unfavourable and unintended sign, symptom, or disease, associated with the use of a medicinal product, whether or not considered related to the medicinal product.

If you experience an adverse event when using one of our products, click here to find out how you should report it.

Please note that healthcare professionals are required to report actual and suspected adverse events of their patients to the relevant Marketing Authorisation holder for the medicinal product. We may also be provided with information about an adverse event that affected you by other third parties, such as nurses, pharmacists, lawyers, relatives or other members of the public.

Please see our Pharmacovigilance Privacy Notice here for details on our use of personal data in Adverse Event Reporting.

Any personal data received by health authorities and/or other third parties will be processed in accordance with their own privacy policy.

Careers

The Careers section of this Site provides you with an opportunity to express an interest in a role being advertised. If you do express an interest, NAPP may use the details you provide to consider your application for the role. We may also keep hold of your details for future roles if you expressly consent to this. Please read our Candidate Privacy Noticefor more information.

Website and cookies

When you visit this Site, NAPP automatically collects certain information using trackers such as cookies.

For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy

Mobile Applications (Apps)

From time to time we may use third party apps for business purposes. Please read the privacy policy linked to the app in order to understand how your personal data will be used.

2) PERSONAL DATA COLLECTED THROUGH OUR BUSINESS OPERATIONS

As well as information collected from you through this Site, we may obtain personal data in other ways, such as by phone, email or in paper form during the course of our business operations. In most instances, NAPP is the data controller for such activities. This information could include:

  • your name and other contact details
  • records of your correspondence with us
  • your billing and payment information if you are providing services to us

The personal data you provide to us will be used for the purposes of:

  • administering a contract we have entered into with you
  • providing you with information, including in response to queries regarding our products, therapy areas and/or services.
  • understanding our business needs and improving our products and/or services
  • holding discussion forums, such as scientific advisory boards

as well as the use(s) set out in the other Sections of this Privacy Notice.

We may also use your personal data to comply with applicable laws, or to perform a contract we have entered into with you, or other uses for which you have given your consent. If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you), or we may be prevented from complying with our legal obligations. In this case, we may have to cancel the provision of a product or service or other arrangement you have with us, but we will notify you if this is the case at the time.

In addition to the personal data we receive directly from you, we may also receive personal information from our business contacts or from others (about themselves or about other individuals) during the course of our business operations. We will handle that information in accordance with this Privacy Notice.

3) PERSONAL DATA COLLECTED THROUGH SOCIAL MEDIA PAGES

NAPP has a LinkedIn social media page. LinkedIn is the data controller for the purposes of using their website and services. Please ensure you check their privacy statement when using their services.

NAPP uses LinkedIn and may collect personal data from LinkedIn to facilitate recruitment to its business or an Associate’s business. As such, you may receive a communication from us via LinkedIn if you hold a LinkedIn account.

For further information regarding our use of candidate personal data for recruitment, please refer to the Candidate Privacy Notice.

By participating in social sharing on our social media pages, you may disclose personal information about yourself. Any information you post or disclose in this way will become public information and may be available to visitors to these pages and to the general public. You should be very careful when deciding to disclose your or any third party’s personal information, or any other information, on social medial pages or in any communications with us. You may also disclose personal information if you include third parties in your electronic communications with us.

4) PERSONAL DATA COLLECTED FROM OTHER SOURCES

We may collect personal data from other third parties who act as data controllers. Where we are a data processor of that personal data, we will only use the personal data in accordance with the instructions of the data controller. Our contracts with such third parties require that they are legally able to provide the personal data to us. We may also collect personal data from public sources, for example, when we attend conferences or training events in order to stay in contact with you or to enquire about consultancy services we may wish to seek from you in relation to one or more of our therapy areas.

5) THE BASIS FOR USING YOUR PERSONAL DATA

We use your personal data to operate our business and manage our relationship with you. We only process data where we have a legal basis for doing so. The table below outlines the different purposes for which we process your personal data, and the legal bases we rely on:

Use Legal Basis
Keeping you updated about NAPP products, services and events, including providing the latest company news, industry insights, disease awareness information, safety updates, training, important notices and other information that may be of interest Our legitimate interests, except where we need your consent
Sending personalised communications tailored to your expertise and interests, including monitoring and analysing the use of our Sites and emails to understand which content is of the most interest and avoid sending you redundant information.
Improving our products, services and digital communications, including the use of data analytics to improve the way we do things
Responding to your queries or requests, accommodating certain personal requirements or preferences and handling complaints
Checking your eligibility to access or provide certain services, for example when accessing content or platforms intended only for healthcare professionals, or when entering a contract with you Our legitimate interests, unless required to perform and manage our contract with you.
Evaluating your suitability to participate in our clinical trials, observational studies, market research, advisory boards and the provision of other research and/or services To perform and manage our contract with you or for our legitimate interests. In some circumstances, this is also needed to comply with our legal obligations or is in the public interest.
Setting up and assessing fair market value criteria, including remuneration for services, donations, sponsorship or grants
Administering a contract we have entered into with you
Complying with our legal and ethical obligations, internal company policies and industry standards, for example, disclosing information about payments or other transfers of value to you to meet our transparency obligations To comply with our legal obligations, where the processing is in the public interest, or for our legitimate interests. We may seek your consent to disclose payments made to you on an individual basis.
Detecting and investigating harmful behaviour, including any abuse or attacks on our networks, allegations of misconduct or other behaviour that is harmful to our business, and taking proactive measures to prevent such behaviours
Due diligence, conflict checks, and information disclosure exercises in conjunction with legal proceedings, the purchase or disposal of business assets or operations, or to respond to requests for information from government or regulatory authorities
6) SHARING YOUR PERSONAL DATA

NAPP limits access to your personal data to those employees, agents, contractors, professional advisers (such as lawyers, bankers, auditors, accountants and insurers), service providers (such as the design and host contractor for this Site), Associates and other third parties who have a business need to know (such as suppliers managing adverse event reports or product complaints). If they are a data processor, they must only process your personal data on our instructions and they are subject to a duty of confidentiality.

We may need to share your personal information with a government authority, regulator, other public body or to otherwise comply with the law.

We may also disclose your personal data to third parties:

  • if NAPP is under a duty to disclose or share your personal information in order to comply with any legal obligation
  • in the event that NAPP sells, merges or reorganises any business or assets, in which case NAPP may disclose your personal information to the prospective acquirer of such business or assets;
  • if NAPP or substantially all of its assets is acquired by or merged with a third party, in which case personal data held by NAPP may form part of the transferred or merged assets.

Where we transfer your personal data from the United Kingdom, we will use suitable measures, such as standard contractual clauses and (where appropriate) supplementary measures, to protect your personal data being shared outside of your country to countries that do not offer a suitable level of protection.

NAPP does not sell, rent, or trade personal data it collects with third parties. Any third parties with whom NAPP shares personal data are not permitted to sell, rent, or trade such personal data.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

7) LOCATION OF PERSONAL DATA WE COLLECT

Some of the personal data collected using this Site and third-party sources may be stored or processed by our Associates and carefully selected third parties using computers and servers located in other countries, including by means of cloud computing.

Such computers and servers may be located both inside and outside of the United Kingdom, where data protection laws may differ from the country you live in. We will only transfer personal data outside of the United Kingdom where there is a legal basis for the transfer – for example, (A) the country of the recipient(s) ensures an adequate level of protection, (B) an international arrangement means the transfer can take place (C) suitable contractual protections are in place (including approved Standard Contractual Clauses), (D) we have obtained your express consent to such transfer, or (E) the transfer is necessary for important reasons of public interest. In any event, NAPP will ensure suitable security measures are in place to protect your personal data.

8) TRANSMISSIONS USING THE INTERNET

Unfortunately, the transmission of information via the Internet is not completely secure. Although NAPP will use reasonable commercial efforts to protect your personal data, we cannot guarantee the security of your data transmitted using the Internet.

Anything you send by email or using the Internet is at your own risk. Once NAPP has received your personal data, we will secure your information in accordance with our security procedures and controls to try to prevent unauthorised access, alteration or loss.

9) DATA RETENTION

We will retain your personal data in accordance with our Global Privacy Policy. Generally, we will only retain personal data for the period necessary to fulfil the purposes for which the personal data was collected, unless a longer retention period is required or permitted by law or we have justifiable reasons for doing so.

10) AUTOMATED DECISION MAKING

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

11) YOUR RIGHTS

NAPP Pharmaceuticals Limited is the data controller for the purposes of using this Site.

You have the following rights:

  • To ask about the processing of your personal data;
  • To request a copy of your personal data, its correction and/or deletion;
  • If you have provided consent for us to process your personal data, you may withdraw it with limited exceptions. The withdrawal of consent shall not affect any processing based on consent before its withdrawal;
  • If you provided your personal data for a contract or with your consent, or it is processed by automated means, you can also request receipt or transmission of your personal data to another organisation in a machine-readable form;
  • You can object to the processing where the processing is for direct marketing purposes, a task in the public interest, or for our legitimate interests. This right is not absolute;
  • In certain cases you can request a restriction on the processing of your personal data, for example where you wish to verify the accuracy of your personal data or where you object to the processing.

If you would like to exercise any of these rights, you can get in touch with using the contact information in the “Contact us” section of this Privacy Notice.

If you are unhappy with how we process your personal data, you can complain to your local supervisory authority. In the UK, this is the Information Commissioner (https://ico.org.uk/). We would, however, appreciate the chance to deal with your concerns, so please contact us in the first instance.

Where you successfully request deletion or restriction rights, or object to or withdraw consent for our processing of your personal data for certain purposes, we may not be able to continue offering certain services to you or have a contractual relationship with you. We may be able to continue to process your personal information to the extent required or where otherwise permitted by law, for example to register your request to opt out of communications or in connection with our regulatory obligations, such as adverse effect reporting.

12) DEFINITIONS

“Associates” means any organisation within the Mundipharma network of independent associated companies including NAPP Pharmaceuticals Limited.

“data controller” means the company or entity that, alone or jointly with others, determines the purpose and means of processing personal data. It is responsible for the protection of personal data that it collects and processes.

“data processor”, means the company or entity that processes personal data on behalf of the data controller and follows the data controller’s instructions.

“personal data” means any information relating to an identified or identifiable natural person.

13) CONTACT US

You may contact us at data.privacy@mundipharma.com or NAPP Pharmaceuticals Limited, Unit 196 Cambridge Science Park, Milton Road, Cambridge, England, CB4 0AB in case of any questions or concerns regarding the processing of your personal data, including where you would like to exercise any of your rights. To help us efficiently deal with your request, it would be helpful if you could state in your communication your relationship and/or interactions with us, as well as the specifics of your query when contacting us.

EU Data Privacy Representative (Art. 27 GDPR)

Mundipharma GmbH is designated as the representative in the European Union in accordance with Art. 27 GDPR. You may contact the representative at the following address:

EU Data Privacy Representative

Mundipharma GmbH

De-Saint-Exupéry-Str. 10

60549 Frankfurt/Main

Germany

Email: datenschutz@mundipharma.de

DOP: August 2024 | UK-CORP-2100002

Opioid Charter

For Mundipharma’s Charter on the responsible medical use of opioid analgesics in pain management click here.

Opioid Safety Statement

“Attention should be given as the use of opioids has a risk of addiction, misuse and abuse. Therefore, appropriate assessment and monitoring is a requirement at initiation, maintenance and tapering down of opioid therapy.”