Skip to the content

Privacy policy

Our commitment to privacy

This website is provided by MMRG Limited, the provider of the Thecosystems service.

We take privacy very seriously and are committed to protecting your personal data. We have developed this privacy policy to provide you with information on how we collect, use and protect the personal data that you provide to us when you visit our website or use our services. 

We gather and process personal information in accordance with this privacy policy, and in compliance with Data Protection Laws and Regulations around the world.  This privacy policy provides you with information regarding your rights and our obligations and explains how we process personal data.

MMRG’s commitment to privacy is demonstrated and documented by our adherence to applicable laws, codes and industry standards.  MMRG is registered with the Office of the Information Commissioner in the UK and the EU-U.S. Privacy Shield Framework. MMRG fully complies with Data Protection Laws and Regulations around the world.

Who we are

MMRG is an established research agency that makes sense of complex and disparate data to create new perspectives and discover unknown connections for everyone working in life sciences.

MMRG is registered in England and Wales, with a company number 08070754.  Our registered office address is 16 Trinity Churchyard, Guildford, England, GU1 3RR, United Kingdom. 

Information we collect about you

When you access the site, or when you subscribe for our services, or when you interact with us, we may collect and process personal data about you:

  • Basic Personal identity details – such as name and title.
  • Contact details – such as billing address, email address and telephone number.
  • Work details – such as job title, company name, company address, email address and telephone number.
  • Financial and Payment details – such as bank account and payment card details.
  • Profile details – such as your username and password, your interests and preferences, communication and marketing preferences, feedback and survey responses.

We may also obtain information about you through our use of cookies or similar tools.  This information helps us to identity usability issues which can improve the performance of our website enhancing your user experience.

We work closely with partners (including, for example, those providing technical, payment or delivery services and analytics providers) and we may receive information about you from them, examples include:

  • Technical Data – such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data – such as information about how you use our website, products and services.

We do not collect any special categories of personal data about you.

Please be aware that if you do not provide data when requested by us, we may not be able to provide our services or perform our contract with you.

Non-Personal information and use

In common with many commercial organisations we monitor the use of this website by collecting aggregate information. We may automatically collect non-personal information; you cannot be identified from this information and it is used only to assist us in providing an effective service on this website.

We monitor the use of this website through the use of cookies.

Cookies

A cookie is a small file of letters and numbers that we put on your computer if you agree. These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a positive experience when you view or use our website and also allows us to improve our site.

We provide detailed information about cookies and how to manage them within our cookie policy.

If you disable or refuse cookies, please note that some parts of the website may become inaccessible or not function properly.

Lawful basis for processing data

We will only use your personal data when the law allows us to, in the following circumstances:

  • User consent - where you have given us consent by express permission to process personal data for a specified purpose.
  • Contractual necessity - where we need to use it to perform the contract we are about to enter into or have entered into with you.
  • Legitimate business purpose - where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Legal obligation - where we need to comply with a legal obligation.

Purposes for which we will use your personal data

The reasons for which we collect, and process personal data are set out below. We may process your personal data under more than one lawful basis depending on the specific purpose.  We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.

Purpose/Activity

Type of data

Lawful basis for processing

To register you as a new subscriber customer

(a) Identity

(b) Contact

Performance of a contract with you

To:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e)Marketing and   communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(a) Identity

(b) Contact

(c) Profile

(d)Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To enable you to complete a survey

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) 

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

(f) Marketing and Communications

Necessary for our legitimate interests (to develop our products/services and grow our business)

Marketing

We may use your personal data (for example your identity, contact, technical, usage and profile data) to form a view on what we think may be of interest to you and to decide on products, services and offers that may be relevant for you.

You will receive marketing communications from us if you have requested information from us.   

We will get your express consent before we share your personal data with any third party for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time by following the relevant links on any marketing message sent to you.  This will not apply to personal data provided to us as a result of a product/service purchase, or other transaction with us.

Disclosures of your personal data

We may share your personal data with the parties set out below.

  • Internal third parties who are associated companies within our group who help support our business and improve our services.  
  • External third parties as follows:
  • Service providers who provide IT and system administration services.
  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities who may require reporting of processing activities in certain circumstances to comply with applicable laws or valid legal processes and to enforce or apply our terms of use.
  • Third parties (other businesses) to whom we may choose to sell, transfer or merge parts of our business or our assets, or where we acquire or merge with them.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.

How long will we retain your personal data?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for any legal, regulatory, tax, accounting or reporting requirements, and for our customers this may be for up to six years for financial and tax purposes or in the event of a complaint or dispute.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request by contacting us.

International transfers

We may transfer data outside the European Economic Area (EEA). Where this is the case, we take steps to ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield. MMRG complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.

MMRG has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Data security

We have implemented commercially reasonable measures, technologies and policies with the objective of protecting your personal information from unauthorised access and improper use and will update these measures as appropriate as new technologies become available.  In addition, we limit access to your personal data to those of our employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

MMRG is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). 

Your rights

Under data protection laws, you have rights as an individual in relation to the personal data we hold about you.  These rights include the right to:

  • Request access to, correction of, or deletion of, your personal data.
  • Object to, or request restriction of, processing of your personal data.
  • Request transfer of your personal data.
  • Withdraw consent, including where consent has been sought from you for purposes such as direct marketing.

You can exercise these rights by contacting us.  You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO) They can be contacted via their website https://ico.org.uk/concerns or by phone: +44 303 123 1113.

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive or excessive.

If we receive a request from you to exercise any of the above rights, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Third-party links

For your convenience, this website may contain links to a number of other websites both inside and outside of MMRG over which we have no direct control. The privacy policies and procedures described here do not apply to those websites; we suggest contacting those sites directly for their data collection and distribution policies. Clicking on those links or enabling those connections may allow third parties to collect or share data about you and we do not accept any responsibility or liability for the privacy of any information you provide whilst visiting such sites.  We encourage you to read the privacy policy of every website you visit.

Complaints and dispute resolution

In compliance with the Privacy Shield Principles, MMRG commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union (EU) with inquiries or complaints regarding our Private Shield policy should first contact MMRG using the contact details below, under “Contact us”.

MMRG has further committed to refer unresolved Privacy Shield complaints to the EU data protection authorities (DPAs). If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.

Contact us

The person responsible for ensuring we are compliant with data privacy matters is Sharon Ewer.  

If you have a query regarding this privacy policy or the processing of your personal information, please contact our Compliance Officer, Sharon Ewer, via e-mail  or by mail at MMRG Ltd, 16 Trinity Churchyard, Guildford, Surrey GU1 3RR, UK or MMRG, 1199 Route 22 East, Mountainside, NJ 07092.

Changes to this privacy policy

This policy is effective from February 2019.

We keep our privacy policy under regular review, and we will update it from time to time.  Any changes we may make to this privacy policy will be posted on this page.  If changes are significant, we may choose to inform you by email or via the website that the policy has been updated.