“Obsidian Healthcare Group” / “we” / “us”/ “our” means Obsidian Healthcare Group Limited and its group companies (Elements Communications Ltd, Connect2 CME Limited) with an address: Wolfelands, High Street, Westerham, Kent, TN16 1RQ, UK and Obsidian Healthcare Group with an address: C/O Clanwilliam Headquarters Limited, Office Suite 17, The Coutyard, Carmanhall Road, Sandyford, Dublin 18 Ireland.
Obsidian Healthcare Group is part of Clanwilliam Group with an address: Suite 17, The Courtyard, Carmanhall Road, Dublin 18, Ireland. Further details on Clanwilliam Group’s Data Privacy can be found at https://www.clanwilliamgroup.com/privacy-statement/
Obsidian Healthcare Group recognises and respects the privacy rights of individuals with regards to their personal data. This Data Privacy Statement explains what type of personal data we may collect from you and how we use it.
Your privacy is important to us and we are committed to respecting and protecting your privacy, whether you are a Client, Faculty Member, Delegate, Supplier, Candidate, Employee or simply a visitor to our website, through our compliance with this Data Privacy Statement.
If you have any questions concerning our privacy practices or wish to access or correct personal data that we have collected from you, please contact us as described in the ’Contact information‘ section below.
Obsidian Healthcare Group is both a Controller of information and a Processor on behalf of others.
The use of personal information we collect through our services shall be limited to the purpose of providing services in medical communications and continuing medical education, in recruitment and employment of people, and informing users and clients of our services. We do not share information with third parties to enable them to contact you for marketing purposes.
Obsidian Healthcare Group applies the General Data Protection Regulation (GDPR) EU 2016/679, UK General Data Protection Regulation (UK GDPR) and UK Data Protection Act 2018 as relevant to all personal data we control or process on behalf of others.
For some information, we are the Controller – we decide the purpose and means of the data use and how it should be processed.
Such information includes but is not limited to: our own recruitment, employee information, our people’s arrangements for travel, pay roll, benefits, and health and performance monitoring of our employees.
Also see third party services section of this statement for information on where we have support and data are processed by others.
We may also be a Joint Controller for some information, for example, but not limited to, where we support and host a website for a client or sponsor this may be set up as a Joint Controller between us and the pharmaceutical company. For example, Obsidian Healthcare Group acting as a Controller through our service of managing the website operation and making arrangements to invite or register people on to the site, with the Pharmaceutical client company also being a Controller and using the information to select appropriate speakers or consultants from the website.
For other information, we are a Processor of the information – we process and use the information as instructed by the Controller, often a Pharmaceutical client or sponsor company. Such information includes, but is not limited to:
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law.
In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we require and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
Where we process under the conditions for consent, we consider this a lawful reason for processing in accordance with the GDPR. We retain consent for 2 years unless instructed to the contrary by the individual or data Controller.
You have the right to object to the processing of your data where the Obsidian Healthcare Group is the Controller of the information – please contact dataprivacy@obsidianhg.com
You have the right to object to the processing of your data where the Obsidian Healthcare Group is the Controller of the information – please contact dataprivacy@obsidianhg.com
We use other companies’ services for some situations where we are the Controller of the data and at the request of or on behalf of our clients or sponsors if we are the Processor.
Cookies help us to: Make our website work as you would expect, remember your settings during and between visits, improve the speed/security of the website, continuously improve our website for you.
We do not use cookies to: Collect any personally identifiable information (without your express permission), collect any sensitive information (without your express permission), pass data to marketing networks, or pass personally identifiable data to third parties. You can learn more about the cookies we use below.
For more information about cookies please visit www.allaboutcookies.org
Turning cookies off: You can usually switch cookies off by adjusting your browser settings to stop them accepting cookies. However, doing so will likely limit the functionality of a large proportion of the world's websites, including ours, as cookies are a standard part of most modern websites.
A session cookie lasts only for the amount of time you use our website, persistent cookies remain on your device until you reactive it when you revisit the site, or it expires, or it is deleted.
Web beacons are invisible files imbedded in web pages and emails to track online users, for example, counting the number of visits to a web page or how long you spend on a page.
Analytics: We use the information from cookies, web beacons and Google analytics to customise the experience of your visit to our web pages or media site to meet your interests, preferences and to improve our knowledge and research of visitor’s interactions with our web and media sites. If we wish to collect any personal information we will be clear at the time and identify what we intend to do with these data.
Obsidian Healthcare Group does not use automated decision making or automated profiling technology.
Our own website and those we support on behalf of clients are developed, hosted and supported by various third parties and the information regarding cookies and data analytics applies. We use a third-party service to help maintain security and performance of the websites. In delivering this it processes IP addresses of visitors to the sites.
We may use third parties including their apps and tools to gain information for surveys following an event or service. We use this information to review the service and learn for future services. We may pass on the non-personal analytics of the feedback on performance to the sponsors of the services.
We may on occasion require the use of a translation service. The third party that provides this does not keep or retain any personal details.
All emails sent to us, including attachments, may be monitored by us for security and compliance with our policies. Email monitoring and blocking software are used.
We use third party software and support for functions including payroll, internal communication and HR functions, the information may be stored in locations in the UK and wider EU (European Economic Area EEA) area.
Link to PeopleHR data privacy statement https://www.peoplehr.com/privacy.html
We use Clockify for billing of correct hours of employees to clients
Upon request, Obsidian Healthcare Group will provide information on whether we hold any of your personal information. You may send us an email at dataprivacy@obsidianhg.com to request access to (Right of access), correction of (Right to rectification), or deletion of (Right to be forgotten) personal information that you have provided to us in accordance with and specified in the GDPR. Please ensure your request clearly identifies what personal data information you would like us to change. We may for your protection verify your identity before implementing your request. We will respond to your request within one (1) month and if we cannot do so we will inform you of why this cannot be achieved. We may not be able to accommodate your request if we believe the change or deletion would violate a law or legal requirement or cause the information to be incorrect. Under the GDPR some of the rights are relative and where we cannot comply with a request we will inform you within the specified timescales of the reason for not complying with a request. Other rights, such as a right to object or restrict processing, and the right to data portability also apply to personal data we hold.
We retain information if it is necessary and relevant for our operations. In addition, we retain personal information to comply with applicable laws, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, and other actions permitted by law. When your personal information is no longer needed for our business purposes, we dispose of it subject to applicable laws.
Specific examples Include:
As defined in the UK children are persons under 13 years old. Under the GDPR they are defined as under 16 years old. Our service is not intended for children. We do not collect, keep or process personal information obtained from children. If you believe we may have any information obtained from or about a child under the age of 16, please contact our Data Privacy Officer using the contact information at the end of this Data Privacy Statement.
Obsidian Healthcare Group is headquartered at Wolfelands, High Street, Westerham, Kent, TN16 1RQ, UK and may store and transfer data outside the country of your residence, which may have different data protection rules than those of your country.
Internet and data privacy best practice are constantly developing. We update this Data Privacy Statement to reflect changes to our practice and we reserve the right to revise this policy and publish the changes on the privacy page of our website. We encourage you to review this privacy page periodically to ensure you are aware of what information we collect and how we process it. This policy was updated on 8 June 2022.
Your privacy is important to us. If you have any concerns about the way Obsidian Healthcare Group is handling your information, you wish to ask any questions, or you have any comments about this Data Privacy Statement or our practices please contact our Data Privacy Office:
Our Data Protection Officer is:
Jason Chatten
Wolfelands
High Street
Westerham
Kent
TN16 1RQ
UK
You have a right to complain to the Information Commissioner’s Office (ICO) which is the lead Supervisory Body in the UK:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
UK
Tel: +44 (0) 303 123 1113
Or
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
DO2 RD28
Ireland
https://www.dataprotection.ie/en/contact/how-contact-us
Or you can bring a complaint to your EU member state of residencies Supervisory Authority.