Dendrite Clinical Systems

Privacy Notice                                                                   2nd November 2023

Dendrite take data privacy seriously and we are committed to protecting and respecting the rights of all individuals.    We are dedicated to ensuring the confidentiality and privacy of information entrusted to us and aim to be transparent when we collect and use personal data.

This privacy notice covers the following:

  • Our contact details
  • How Dendrite collects personal information
  • Dendrite’s purposes and lawful bases of personal data processing
  • How we store your information
  • Sharing information
  • International transfers
  • Your rights
  • Rights related requests
  • How to complain
  • Changes to this Privacy Notice

Dendrite’s Head office details

Dendrite Clinical Systems Ltd
The Hub, Station Road
Henley-on-Thames
Oxfordshire
RG9 1AY           Tel: 01491 411288

Data Protection Officer: Neal McCann

Dendrite is registered with the Information Commissioner’s Office. 

Our ICO registration number is Z8855307.

If you have questions or comments about this Privacy Notice or how we handle personal data please direct your correspondence either to the Data Protection Officer at the main office address, or by
e-mail to InformationGovernance@e-dendrite.com.

How Dendrite collects personal information

At Dendrite we may obtain personal data directly from individuals in a number or ways including:

  • When you fill in a form on our website
  • When you give us your business card
  • When you become a client
  • When you submit a job application
  • When you use our support and service portals
  • When you email or call us
  • When you visit our offices or attend events, conferences and meetings

 

Dendrite may also obtain personal information indirectly from a variety of sources including:

  • Third parties, such as joint marketing partners and data brokers that share business contact information with us
  • Recruitment services will provide us with CV’s
  • Existing clients may share their employees contact details with us
  • Publicly available sources such as LinkedIn, Social media platforms, Companies House or freely available news articles
  • Companies providing security background checks
  • CCTV located at Dendrite offices
  • Reports that are raised through our whistleblowing process.

We will always ensure you know we are processing your personal information except where it is disproportionately difficult to do so.

Dendrite’s purposes and lawful bases of personal data processing

Dendrite processes personal data for the following reasons:

For Website Users

When you visit our website, we use your IP address and location data to determine which regional site and region-specific content should be displayed.

Our legal basis for this processing is our legitimate interest in providing you with the information specific to your region to promote our services and improve our business.

We also enable cookies. Further details about what cookies we use, how we use them, and how you can manage them can be found in our website.

For Mobile App Users

Some Dendrite products have associated mobile apps. Depending on the functionality of specific apps the data collected may include location data. Privacy information related to these apps is available on either the Google Play Store or Apple App Store.

To fill job vacancies

If you submit a job application either directly or through a recruiter, we will use your information in connection with the specific job that you have applied for and will store your information for twelve months in case any legal claim for discrimination is made.

To consider you for other vacancies for which you may be suitable, which may arise during this twelve-month period, we will add your information to our talent pool. If you’d rather not be added to the talent pool, or wish to be removed at any time, please let us know.

Sometimes we use publicly available sources of data such as LinkedIn to source candidate information. However, you will always be contacted before we add your information to our recruitment system and provide you with the opportunity to opt-out.

For certain roles there may be a request to share your CV with a specific customer to confirm your suitability. You will be notified during the recruitment process by our Recruitment Team if this applies to the role you have applied for.

The legal basis for processing your data for recruitment purposes is our legitimate interest in operating our business and fulfilling vacancies.

To provide customer support and access to self-service portals and for service delivery

When you become a partner / customer of ours, we collect your data from our portal login pages. We do this in order to provide online and telephone support services to help deliver contracted services to you via web portals, email or over the telephone. We use this information to process online requests, solve problems, answer questions and respond to communications from individuals and organisations.

If you have access to parts of our websites or use our on-line services, you remain responsible for keeping your user ID and password confidential.

Our legal basis for processing these data is our legitimate interest in providing our services.

For purposes of product development

There may be occasions where we use personal data for the purposes of training and developing machine-learning algorithms. We only use pseudonymised data for this processing and have appropriate controls in place to ensure it is processed securely.

The legal basis for processing your data for purposes of product development is our legitimate interest in developing our software and services.

For purposes of financial management

We gather and retain business contact details for financial management purposes. Personal information such as names and contact information will be needed to ensure purchase orders, requisitions, invoices and debts are handled appropriately. 

Our legal basis for processing financial information is the performance of a contract. Retention period for this type of information is up to seven years in line with legal and tax regulations.

For some services, and in order to process transactions, Dendrite collects payment card data on behalf of customers as part of the service provision.

To send you marketing materials by email

We use your contact to send you marketing and product information. You can opt out of marketing messages at any time. We will remove your details from our marketing list if there is no activity (such as opening an email) for a three-year period.

We only send marketing information to corporate subscribers (business e-mails). From time to time, we may supply some of our marketing lists to our trusted third-party brokers (prior to purchasing a list). This is to allow them to cross-reference both lists, ensuring that we receive accurate and up to date information.

We may also contact you to conduct customer satisfaction and market research surveys.

Our legal basis for this processing is our legitimate interest in promoting and improving our business.

To tell you about our products and services

If you complete an enquiry form on our website or give us your details in person, for example at a conference, we will contact you by email or phone so that we can discuss the products or services in which you have indicated an interest.

As a Dendrite customer you may wish to join our special interest and user group forums. These are groups of people that share a common interest in Dendrite products and services. In such cases Dendrite will store personal contact information such as name & email address to facilitate the organisation of group events and meetings. Dendrite may share this personal information amongst other group members to aid in discussions, knowledge sharing and distribute information relating to new products that the group may be interested in. Our lawful basis for processing is our legitimate interest in selling our products and services.

To invite you to conferences or exhibitions

We use your data to invite you to conferences and events.   Sometimes Dendrite uses this information to provide assistance with travel and/or hotel arrangements at the request of the individual.

Our lawful basis for processing data for these purposes our legitimate interest in promoting our business.

To host meetings with you at Dendrite Offices, conferences or exhibitions

We need to process your data in order to manage access and physical security at our offices. At some Dendrite sites visitors may be required to provide photo proof of id, but this information will not be stored.

Our lawful basis is our legitimate interest in ensuring the security of our business premises and authorised attendance at our events.

We may also ask for dietary restrictions or access requirements that reveal religious beliefs or physical health conditions. Our legal basis for processing these data is your consent which you can withdraw at any time.

Once your access has been arranged, we do not retain this information.

To manage the security of our facilities

Some of our offices have CCTV systems that monitor the perimeter of the buildings. These collect location and time-based images of you and, sometimes, of your vehicle in order to protect our buildings and assets from damage, vandalism or another crime.

Our lawful basis for the processing this data is legitimate interest to ensure the security of our business premises and help to prevent and detect crime.

Our policy is to automatically overwrite CCTV footage within sixty days.

To allow members of the public to participate in white paper research projects

If you agree to take part in either an Engagement Solutions research project or a research project on behalf of one of our customers, your data may be used to produce an industry white paper, thought leadership report, or set of research findings which may published either by us or our customer and as such in the public domain.

Our legal basis for this processing is our legitimate interest in promoting our business.

To comply with auditing requirements

In order to maintain our certifications and to comply with our legal obligations, Dendrite is required to assist and cooperate with external third-party auditors. We may need to share your information as part of these audits.

Our legal basis for this processing is our legitimate interest in maintaining our business certifications and standards.

To train and develop our staff

We record calls that are made to our customer service centre to assist in our review of call quality standards. We use this information to help train and develop our staff.

Call recordings are retained for a period of 90 days before they are automatically deleted.

Our lawful basis for processing data for these purposes is our legitimate interest in improving our call quality standards.

How long we keep personal data

We retain personal data for no longer than necessary for the purposes for which it is processed, unless we are required to do so by law.

Where appropriate, we may retain personal data for the establishment, exercise or defence of legal claims.

Sharing information

We will never sell your data to third parties. We may, however, share your data with companies with whom we have a direct business arrangement in order to jointly market Dendrite related products.

We also use third party data processors who provide marketing, marketing automation and lead-generation services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation and they will hold it securely and retain it for the period we instruct.

The legal basis for sharing these data is our legitimate interest in cost effectively marketing our business.

 

 

International transfers

Dendrite operates and provides services from its locations across the globe. As such we may transfer personal information to Dendrite group locations outside of the UK when we have a business reason to do so. We have Transfer Protocols in place based on Standard Contract Clauses which provide legal safeguards for such transfers, where applicable.

Additionally, in order to support the provision of our services, we may transfer personal data to our third-party service providers outside the UK. We only transfer this data where it is necessary to do so and where a legal safeguard is in place.

Your rights

Your right of access –You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing – You have the right to object to processing if we are using legitimate interests as our lawful basis for processing.

Your right to data portability – This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or as part of a contract, or in talks about entering into a contract and the processing is automated.

Your right to withdraw consent – You can withdraw your consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.

Rights related requests

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it.

No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.

There are circumstances, where we have an obligation, legal or otherwise, or the right to process your personal information, and therefore your request may be challenged or denied where we believe there is good cause to do so.

How to complain

If you disagree with how we are processing your data, please contact our DPO at Information Governance@e-dendrite.com or address your letter to the DPO at the Dendrite Headquarters address listed in the ‘Contact Details’ section.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113

Changes to this Privacy Notice

Dendrite will occasionally update this privacy notice to reflect changes in legislation, our practices and services. When we post changes to this privacy notice, we will revise the “last updated” date at the top of this privacy notice. If we make any material changes in the way we collect, use, and share personal data, we will notify you by prominently posting notice of the changes on the website. We recommend that you check this page from time to time to inform yourself of any changes in this privacy notice.

 

Summary of changes:

Update

Detail

11/07/2023

Annual review.    New privacy document re-written to reflect current legislation, and our working practices.