Privacy Notice

1. Who We Are

We are Beacon Medical Systems Limited, a company incorporated in England and Wales, with registered number 14638585 and with a registered office at 5 New Street Square, London EC4A 3TW. We facilitate professional engagement between clinicians and pharmaceutical organisations. As the data controller, we are responsible for how your personal data is used and protected.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice.  If you have any questions about this privacy notice, including any requests to exercise your legal rights please contact the DPO using the information set out in the contact details and complaints section (Section 13).

This notice describes how we collect, store, disclose, transfer, protect and otherwise process your personal data and for what purposes. This privacy notice explains how we collect and use personal data relating to:

• Healthcare professionals (HCPs)
• Individuals in roles that influence healthcare-related decisions (we call these “Influential Stakeholders” or “ORDMs”)
• Applicants for employment/paid research work at Beacon

This notice applies specifically to our Pharmaceutical Relationship Management Business activities including our Primary Market Research division and associated recruitment processes and does not cover the Pando clinical messaging platform. Pando Privacy Notice can be found here.

2. Who Are “ORDMs”?

Alongside healthcare professionals, we may also interact with Other Relevant Decision Makers (ORDMs) — individuals who are not registered clinicians but still play a role in shaping decisions around the selection, use, or funding of medical products or services.

Examples include:

• Procurement leads
• Clinical commissioning managers
• Non-clinical advisors involved in formulary decisions
• Managers or executives responsible for resource allocation in healthcare settings

We refer to these individuals collectively as “Influential Stakeholders” or ORDMs.

3. What We Collect

We may collect the following categories of data, depending on our interactions with you:

For HCPs and ORDMs:

Type of Data

Examples

Identification

Name, job title, qualifications, professional registration ID

Contact Details

Work address, email, telephone

Professional Information

Areas of expertise, clinical interests, affiliations, public activity (e.g. speaking at conferences)

Communication History

Event attendance, meeting notes, feedback you provide, survey participation responses

Financial Data

Where applicable, details of contracted services and related payments made in respect of those services

Technical Information

IP address, device/browser type, usage data for digital tools we may use (including interview tools that use Artificial Intelligence (AI).

For Job Applicants:

Type of Data

Examples

Application Materials

CVs, covering letters, professional profiles (e.g. LinkedIn)

Interview Notes

Internal assessments, reference checks, screening outcomes

Eligibility Information

Right-to-work documentation, optional diversity data (collected separately and anonymised)

On this website

As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions, website usage and patterns. We collect this personal data by using cookies, and other similar technologies.

Please see our Cookie Policy for further details

‍

4. How We Use Your Information

We use personal data for purposes such as:

• Managing professional relationships with HCPs and ORDMs
• Planning and coordinating events, meetings or consultancy work
• Sending relevant scientific or medical updates
• Recording interactions for transparency purposes (e.g. financial reporting)
• Analysing preferences to help tailor communications
• Managing recruitment processes
• Ensuring compliance with legal and regulatory obligations

5. Our Legal Basis

We process data under UK GDPR on the following grounds:

• Contract – When we have an agreement with you as an individual (not a company or organisation).
• Legal obligation – To meet regulatory or transparency requirements
• Legitimate interests – To manage professional engagement effectively
• Consent – For activities like direct marketing, where required

Where we rely on consent to process your data, you may withdraw consent at any time.

6. Who We Share Your Data With

We may share your information with selected third parties when it is necessary to carry out the purposes outlined in this notice. These may include:

• Technology providers who support our systems (e.g. CRM platforms, analytics tools, event registration software)
• Pharmaceutical partners we work with on joint initiatives or collaborative projects. In this case you will be provided with a separate privacy notice to explain the specific project or study to explain the way in which study data will be collected, stored and shared.
• Professional advisors such as lawyers, auditors, or compliance consultants
• Public authorities or regulators, where required by law or official request
• Payment facilitators or contracted service providers delivering services on our behalf
• Successors to our business — in the event of a merger, sale of the company or its assets, or similar corporate transaction, your data may be disclosed to the prospective buyer or merged entity, provided appropriate confidentiality and data protection safeguards are in place

Any organisation we share your data with is required to handle it securely and only for the specific purpose agreed with us.

7. International Data Transfers

Where it is necessary to process your data outside the UK (e.g. by one of our suppliers or partners), we ensure appropriate legal safeguards are in place. This includes data transfer agreements approved under UK data protection law (such as the ICO’s IDTA or the UK’s approved Standard Contractual Clauses).

8. Keeping Your Data Secure

We take appropriate steps to protect your personal information. This includes using secure servers, encryption where necessary, and limiting access to your data to individuals who need it for their job. We also regularly review our data security practices.

9. How Long We Keep Your Data

We keep your personal information only for as long as is necessary to fulfil the relevant purposes, including to comply with legal, financial, or reporting requirements. When your information is no longer needed, we will securely delete or anonymise it.

10. Your Rights Under Data Protection Law

You have a number of rights in relation to your personal data. These include the right to:

• Request access to the data we hold about you
• Correct inaccuracies in your personal data
• Ask us to delete your data in certain situations
• Object to or request limits on how we use your data
• Withdraw your consent, where our use of your data is based on consent
• Request a copy of your data in a portable format in certain situations
• Lodge a complaint with the UK Information Commissioner’s Office (ICO): https://ico.org.uk. If you have questions or concerns you should contact us first so that we can help to resolve them.

To make a request or ask a question, please contact us using the details below (Section 13)..

11. Profiling and Automated Processes

In certain cases, we may use your personal and professional information to build a profile of your interests or level of engagement (e.g. area of expertise, attendance at events). This helps us tailor communications. However, we do not make decisions that have a legal or similarly significant impact using automated methods alone.

12. Changes to This Notice

We may revise this Privacy Notice from time to time to reflect changes in our activities, legal obligations, or your rights. When we do, we will update the date at the top of the notice and publish the revised version on our website.

13. Contacting Us

If you have any questions about how we use your data, or if you wish to exercise any of your rights, you can contact us by writing to us or by emailing to dpo@headtobeacon.com 

‍