Global privacy notice

Chinese (中文) | Japanese (日本語)





Last updated July 27, 2023

This Privacy Notice (the “Notice”) addresses how Norstella (meaning the group of companies known as Norstella being Caerus PikCo Sarl and its subsidiaries) collects, uses, and protects personal information across each of its brands. References to “we”, “us” or “our” are to the Norstella legal entity who process your personal information. This notice applies to personal information collected, used and shared (collectively “process or processed”) by Norstella as a data controller or a business through our websites, apps, and products (collectively “services”).

Norstella consists of prominent pharmaceutical solutions providers: Citeline, Evaluate, Managed Markets Insights & Technology (MMIT), Panalgo and The Dedham Group. Usually when we interact with you it will be through one of these brands. Norstella operates in several countries, which have varying data protection and privacy laws. This notice applies globally to all Norstella brands and products. To the extent a specific Norstella service has a supplemental Privacy Notice that describes how we process personal information, such specific notice or supplemental privacy statement will control.

The Norstella legal entity that is responsible for the processing of your personal information (referred to as the data controller in the European Union (EU), European Economic Area (EEA) and United Kingdom (UK), the business in California and referred to as “Norstella” in this notice) will be the entity displayed in services we provide to you, on communications you receive from us, in contracts, and on booking, web and contact forms or invoices.

This notice is addressed primarily to our customer representatives, product and service users (including visitors to our websites), supplier representatives, clinical study referrals, marketing contacts and sales prospects.

This notice does not apply to personal information collected by us when you apply for a job with Norstella or in the course of your employment or engagement with Norstella, whether as an employee or independent contractor. Our Applicant Privacy Notice explains how we process personal information of anyone applying for a position or being considered for employment by Norstella.

Our Expert Privacy Notice, which supplements this notice, provides information on our personal information collection and processing practices related to individuals whose information is included in our products.

This notice details how Norstella processes “personal information”, which means any information that relates to an identified or identifiable living individual or that directly or indirectly can be used to identify the individual. This includes information that could identify an individual on its own as well as information that can only identify someone when combined with other data we have (regardless of whether we already have the other data or are just likely to have it in the future).

We collect personal information directly from you:

  • When you use our services, e.g., when you purchase or have access to our products and services, you are usually required to provide us with your name and email address. You may also be required to provide other information necessary for your use of our services or additional information that you choose to disclose to us, such as your professional details or your user preferences.
  • When you interact with us, e.g., when you fill in a form online, contact us or request information from us, interact with us at events or meetings, seek technical support or when you participate in our study recruitment activities.
  • Through cookies and similar technologies included in our services, e.g., when you access our services, we collect device information and information relating to your usage of our services. For more information on how we use standard technologies, like web server logs, cookies and web beacons, please see the Cookie Notice on the respective brand website for more details.

We also collect personal information about you from third parties such as:

  • Our partners and service providers, e.g., technology providers in connection with your use of our services, market research agencies, content providers, etc.
  • From the organization(s) to which you belong or person(s) who have arranged your access to our services, e.g., your employer or the institution you are affiliated with may provide us with contact information so that we can set up your account or provide us with personal information for research recruiting purposes or to integrate with our services.
  • Publicly available sources, e.g., academic or scientific publications, patent & trademark offices, and regulatory agencies, court files, etc.
  • Other public or paid-for sources, e.g., we may acquire information from public websites, social media or from data suppliers.

How you interact with us and the different services that we offer determine what personal information we collect about you.

The personal information we collect may consist of the following:

  • Personal identifiers, e.g., name, username, e-mail address, phone number, signatures, etc.
  • Contact information, e.g., e-mail address, phone number, fax, address, etc.
  • Demographic information, e.g., gender, location, language
  • Authentication data, e.g., usernames and passwords
  • Professional information, e.g., publications, employer, location, licensure, credentials, work history, education history, specialties, expertise, availability, etc.
  • Indirect identifiers, e.g., study ID, cookies, IP address, computer device information, etc.
  • Knowledge, belief & preference data, e.g., thoughts, concerns, preferences, feedback, opinions and other information provided through surveys, interviews, etc.
  • Usage data, e.g., information about your use of our services, such as date and time of visits, the pages viewed, time spent at one of our websites, etc.
  • Financial information, e.g., payment information and related bank details, etc.
  • Commercial information, e.g., purchase history, subscription information, transaction details, information about sanctions and restrictions, etc.
  • Communication data, e.g., information communicated from or to you through telephone recordings, voicemail, email, etc.
  • Sensory data, e.g., photographs, audio, video or other similar electronic recordings, etc.
  • Website and communication usage information such as correspondence and details of your use of our website and services obtained through cookies or other tracking technologies

Sensitive personal information. We only process personal information concerning race or ethnicity; political opinions, or religious or philosophical beliefs; trade union membership; or genetic, biometric, health, or sex-life information in very limited circumstances. For instance, if you actively provide or indicate such information in a user-controlled area of our services, for example a professional profile or whilst taking part in clinical study recruitment opportunities. We may occasionally collect personal information that is subject to enhanced security requirements, such as requiring a credit card or government-issued ID to complete a transaction you have requested.

This section sets out the purposes for which we may process your information. Your relationship with Norstella will determine which of the purposes listed in this section apply to you.

  • Customer and product administration

If you have purchased or registered for one of our services, including on a trial basis, we will process your personal information for the following purposes;

    • To create product accounts, provide you with the service, communicate with you about it and handle payments
    • To develop new services features or functionalities
    • To respond to comments, questions and to otherwise provide customer service, user and technical support
    • To send you communications related to the services
    • To personalize the services, such as using cookies to remember information relating to users or provide customized content and information, subject to applicable laws
    • To understand and analyze performance usage trends and preferences of services
    • To enforce any applicable agreements
    • To report product usage information to our customers, business partners, content and technology providers
    • To contact you about renewal of your subscriptions and purchases
    • To perform other related administrative tasks
  • Product development and personalization

In relation to the use of our products, we may process your personal information to;

    • Deliver personalized functionality and content in our services, for instance we may retain your browsing and usage information to make your searches within our services more relevant
    • Analyze product usage information to understand which content and tools are most useful for our users and to allow us to deliver and suggest tailored content, features and other Norstella services that we believe may interest you
    • Use information collected on our services, usually in aggregated form, to analyze the functionalities we offer and to improve the design and content of our services
  • Recruitment for Clinical Studies

If you have signed up for this service, we may process your personal information to maintain and support clinical study recruitment activities, which includes the identification, the verification and qualification of you as a clinical study participant.

We may also process your personal information to contact you to seek your participation in future additional study recruitment activities and to facilitate your participation in our Online Communities.

  • Product content

Our products use information obtained from publicly available sources. To this extent, we may process your personal information as part of organizing and including information in our products that we collect from publicly available sources.

We may also process personal information which you choose to make available in our products (for instance, you may wish to provide information to enable peer connection and related collaboration).

  • Marketing

We may process your personal information to send you marketing emails, newsletters, offers or other promotional emails that keep you up to date with our services, news, events and products that may be of interest. Depending on the nature of your interaction with us and applicable data protection and privacy laws, you may have actively given us your consent, or we may be entitled to rely on your implied consent or legitimate interests to market to you. You can opt out of our marketing communications or change your communication preferences at any time – all Norstella marketing e-mails contain an unsubscribe or preference center link. If you have questions regarding our use of your information for marketing purposes, please contact

We may provide you with advertising based on your activity on our websites and services and on third-party websites. The personal information held about you, combined with other personal information legitimately obtained and shared with us by third parties or publicly available information, may be used to better understand our customers and their preferences and to improve the services delivered. This may include automated profiling and campaign management techniques. We do not disclose your contact information to third parties for their own marketing purposes unless we have obtained your consent to do so in accordance with applicable laws.

We may use your personal information in advertising campaigns on social media platforms such as LinkedIn, in order to provide you with information about upcoming events or new products and to ensure you only receive relevant advertising about our services as described above.

  • Events

We may process your personal information to administer events that we host or attend (e.g., conferences, webinars, etc.).

If you participate in one of our events as a speaker, sponsor, exhibitor or attendee, your personal information will be used in connection with the running of the event, to manage payments and recover debts.

In addition, photos and videos are taken at our events (or events in which we participate) which may feature attendees, speakers, sponsors or exhibitors. Where we have taken photos and videos at our events that feature you as a speaker, attendee, sponsor or exhibitor, to the extent permitted by applicable data protection laws, those photos and videos may be used for promotional purposes. You may inform us prior to, or at the event in question, should you wish to not be included in any such photos or videos.

  • Legal rights

We may process your personal information to exercise our rights, and to the extent reasonably required to assist third parties (such as customers or business partners) in exercising their rights, to defend ourselves from claims, to comply with applicable laws and regulations or third parties with whom we work or for the purposes of fraud screening and prevention.

  • Security

We may process your personal information to protect the security of our IT systems, architecture and networks and to prevent misuses of our services.

  • Social Media

We maintain presences on social media platforms, through our company and brand pages. We collect personal information when you interact with us on social media. Please note that these social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social media platforms). The social media platforms are responsible for how they handle your personal information and information about how these social media platforms collect and use your personal information (and how they use cookies and other technologies, including instructions on how you can disable these) can usually be found in their respective privacy and cookies policies on their respective websites.

If you are located or reside in a jurisdiction that requires a lawful basis for processing personal information (such as the EU, EEA or UK), the basis on which we process your personal information will depend on the personal information concerned and the context in which we collect it. We normally collect or use personal information as necessary for the performance of our services (“Performance of Contract”); to comply with our legal and contractual obligations (“Legal Obligations”); and to support our legitimate interests in maintaining and improving our services, e.g. in understanding how our services are used and how our campaigns are performing, and gaining insights which help us dedicate our resources and efforts more efficiently; in marketing, advertising and selling our services to you and others; providing customer services and technical support; and protecting and securing our users, customers, prospects, ourselves and our services (“Legitimate Interests”). We may also obtain your consent (“Consent”) in certain circumstances, for example for marketing in certain regions or for processing sensitive personal information (see below).

For example, when we:

  • Use personal information to create and manage an account, we do so in order to provide you with relevant services and perform our contract with you
  • Use names and email addresses for email marketing purposes, we do so on the basis of our legitimate interests or where required by applicable law, your consent
  • Gather usage data and analyze it to improve our services or ensure the security of our websites, we do so based on our legitimate interest in safeguarding and improving our services

Where we process your sensitive personal information, it is based on one or more of the following legal bases:

  • You have given explicit consent to the collection for one or more specified purposes
  • Where the sensitive personal information is manifestly made public by you
  • Where the collection is necessary for exercise or defense of legal claims

If you have questions about or need further information concerning the lawful basis on which we collect and use your personal information, please contact us using the contact details provided in the “Contact US” section of this notice.

Your personal information will, depending on the purposes of processing, be disclosed to different individuals and organizations, including:

  • Sharing across Norstella We may share your personal information across Norstella.
  • Account administrator(s) of the organization providing you access to our services, in the case of corporate subscriptions.
  • Service providers We may share your personal information with third parties who assist in providing our products and services and administering our business. These include IT and marketing technology host suppliers, web and data hosting providers, mailing houses, ad servers, logistics and general services contractors, onsite health and safety partners, event registration partners, sales platform providers, communication tool providers, stand designers/builders/fitters, suppliers of sponsorship/marketing/PR collateral and other event collaboration partners. Personal information will only be shared with third parties if and to the extent it is necessary for them to provide our products and services to us. Such service providers are contractually bound to protect your information to the same standard as set out in this notice and in accordance with applicable law. In the case of credit card payment processors, service providers are also contractually bound to meet the Payment Card Industry Data Security Standard (PCI DSS).
  • Employees and contractors of Norstella whose roles require access to your information. All of our employees, contractors and service providers (i.e., those who process your personal information on our behalf, for the purposes stated above), who have access to, and are associated with, the processing of personal information, are obliged to respect the confidentiality of the personal information in our possession.
  • Web Chat Services We use web chat services such as Drift that allow us to connect with you and answer sales and customer services questions quickly and directly. We ensure these service providers protect your information, but these chats are intended to provide quick answers to basic service questions only, and you should not provide any sensitive information, such as bank or credit card details in these chats.
  • Business partners with whom we deliver co-branded services or host events; or whose content or technology we make available through our services.
  • Professional advisors such as legal counsel and information security professionals where reasonably required to protect our rights, users, systems and our services.
  • Prospective and actual buyers, sellers, advisers or partners If we are subject to negotiations for the sale of all or a part of our business to a third party, are sold to a third party or undergo a re-organisation, we may need to transfer some or all of your personal information to the relevant third party or its advisors as part of any due diligence process. Any information that is transferred to that re-organized entity or third party will be used for the same purposes as set out in this notice, or for the purpose of analyzing any proposed sale or re-organisation.
  • Government agencies, law enforcement, courts and other public authorities We may process your personal information to comply with our legal and regulatory requirements or to respond to regulators where applicable. This may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. In some circumstances, we may be legally required to disclose your personal information because a court, the police, another judicial or law enforcement body or government entity has asked us for it.
  • Product Subscribers If your personal information is collected from public sources for inclusion in our product databases and any information you choose to provide to us for display in our services (for example, in profiles and when using online forums), your personal information may be accessed by users of our services. Additionally, if you or your organization register for one of our membership-based communities or products, we may make information about you (including contact and institutional information) available to other members through online and offline services.
  • Events When you register for events, enter virtual spaces, zones or rooms such as an exhibition booth, your personal information may be shared with the sponsor and exhibitor to allow them to engage with you subject to the attendee privacy notice you may have been provided during the registration and login process. For certain events, Personal information may also be shared with other attendees or third-party event partners, of which we will inform you prior and from which you will be given the opportunity to opt out.
  • Other third parties you have asked us to share information with or where you have provided us your consent, e.g., if you upload information into a public platform or forum that is publicly accessible, certain research related disclosures to sponsors of the research project.

Norstella is a global business, and your personal information will be transferred to countries with different privacy and data protection laws than your own. If you are located or reside in a jurisdiction that places certain restrictions on the transfer of personal information (such as the EU, EEA or UK), your personal information will be transferred in accordance with appropriate legal safeguards to other countries including the United States.

We protect transfers of personal information outside of the EU, EEA and the UK with legal safeguards that include:

  • The existence of European Commission and Information Commissioner’s Office adequacy decisions (for example, transfers to Japan, Canada or Switzerland);
  • Norstella’s Intra-Group Data Sharing Agreement incorporating Standard Contractual Clauses and the UK Addendum approved by the European Commission and the Information Commissioner’s Office;
  • Transfer Impact Assessments to ensure to assess the potential risk of any international transfers in accordance with applicable law;
  • Standard Contractual Clauses and other contract terms executed between Norstella and third-party service providers who processes personal information on our behalf;
  • The existence of binding corporate rules or other certification mechanism approved by applicable law.

We only retain personal information for as long as is necessary and as permitted by applicable laws. We shall retain personal information throughout the period of your relationship with us, including for the purposes of satisfying legal, accounting, or reporting obligations or to resolve disputes. We may continue to retain it after we have ceased such uses for certain legitimate business purposes. For example, if you have opted out of marketing communications from us, we will retain limited details about you to ensure we can honor your opt-out request. We may also continue to retain your personal information to meet our legal requirements or to defend or exercise our legal rights.

The length of time for which we will retain your personal information will depend on the purposes for which we need to retain it. After we no longer need to retain your personal information, it will be deleted or securely destroyed.

For more information on how long we retain your information, please contact us at

Depending on where you are located or where you reside, you may have certain rights granted to you over your personal information under local data protection and privacy laws. We will honor the requests you make related to your rights as the law requires. This means in some cases, there may be legal or other official reasons that we may not be able to fulfil the specific request you make.

One or more of the following rights may be available to you, however applicable rights may differ based upon local data protection and privacy laws:

  • Information and access: You may have a right to know what personal information we hold about you and be given information about how we process or have processed it. You may also have the right to obtain confirmation from us that we process your personal information, and if so, to request access to or a copy of such personal information.
  • Correction: You may have the right to request that we correct inaccurate personal information we hold about you. You may also have the right to have incomplete personal information completed.
  • Erasure/Deletion: You may have the right to request that we erase some or all of your personal information, subject to certain exceptions permitted by law.
  • Restriction: You may have the right to ask us to restrict further processing your personal information.
  • Objection: You may have the right to object that we process some or all of the personal information we hold about you.
  • Data portability: You may have a right to request to receive your personal information in a structured, commonly used and machine-readable format, or, where feasible, to have us transfer your personal information directly to another organization.
  • The right to withdraw consent: You may have the right to withdraw your consent to the processing of your personal information where we rely solely on your consent for processing such data. Your withdrawal will not affect the lawfulness of our processing based on your consent before your withdrawal, and you can always give us your consent again in the future.
  • Automated individual decision-making: You may have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you. We will inform you if automated individual decision-making takes place.
  • Right to lodge a complaint: If you believe that we have infringed your rights, we encourage you to contact us first with our Privacy team so that we can try to resolve the issue. However, you may have the right to lodge a complaint with an applicable data protection authority.

To exercise applicable rights in relation to your personal information, please submit a request here.

Upon receiving a request from you, we will verify your identity by matching the information you provide (such as your name, email address, or phone number) with the information we hold. We may ask you for additional information to verify your identity or to comply with your request. We will complete your request in the timeline prescribed by applicable law.

Our services are directed at business professionals. They are not intended for children under the age of thirteen. We do not knowingly collect personal information from users in this age group and reserve the right to delete such information if we become aware of having collected it. If children’s information is collected by us, for example for study recruitment activities involving pediatric trials, this is only via direct input from parents or guardians, and its usage is protected by additional privacy terms aligned to applicable laws.

We recognize the importance of protecting and managing personal information. Your personal information will be treated with the utmost care and security. We use industry-standard physical, procedural and technical security measures, including encryption as appropriate.

We use a variety of technical and organizational measures to keep personal information safe and prevent unauthorized access to or use or disclosure of it. Electronic data and databases are stored on secure systems with control over who has access to information using both physical and electronic means. Our employees receive data protection, privacy and information security training and we maintain a set of detailed information security and data protection policies to which employees are required to adhere when managing personal information. All third-party contractors, consultants and service providers are subject to the appropriate contractual undertakings and due diligence.

While we take all reasonable steps to ensure that personal information will be kept secure from unauthorized access, we cannot guarantee it will be secure during transmission by you to a website or other services, as we do not control that transmission. We make use of HTTPS (HTTP Secure) whereby the communication protocol is encrypted via Transport Layer Security (TLS) for secure communication over a computer network. Our websites are loaded via HTTPS, represented by the lock icon in your web browser ensuring the transmission is secured with a certificate issued by an official security certificate authority.

Our websites and services may contain links to other websites. We are not responsible for the privacy practices of these websites and do not accept any liability in connection with their content. We recommend reviewing the privacy notice of each third-party site linked from this website to determine its use of your personal information.

Where we provide links to websites of other organizations, this notice does not cover how that organization processes personal information. We encourage you to read the privacy policies on the other websites you visit.

Norstella uses cookies and other similar technologies, such as web beacons, HTML5 Local Storage, local shared objects, tags, and scripts on our websites and in email communications. We use these technologies to authenticate your access to various areas of our services, understand your interests, analyze web traffic, combat fraud, provide interest-based advertising, improve our services, personalize content and track the effectiveness of our emails. We may combine data collected through these technologies with other personal information provided to Norstella.

Please read the Cookie Notice on the respective brand website for information about cookies and other tracking technologies used on our websites and services. Our Cookie Policies include information on how you may disable these technologies.

For any questions about this notice or our use of your information, you can contact our Privacy team here, or at the addresses listed below. We hope we will be able to resolve any privacy concerns you may have. However, you always have the right to complain to any supervisory authority or other public body with responsibility for enforcing privacy laws in your country.

  • In the United Kingdom, the UK Information Commissioner’s Office regulates and enforces data protection law. Their procedures can be found at
  • In the EU, our Designated Data Protection Authority is in the Netherlands, and the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) regulates and enforces data protection law. Their procedures can be found at
  • In California, the Attorney General’s Office regulates and enforces privacy law. Their procedures can be found at

Norstella Privacy Team,

Attn: Norstella Privacy Team
3 More London Pl

Attn: Norstella Privacy Team
1040 Stony Hill Road
PA 19067

This notice was last updated as of the effective date listed above.

To keep up with changing legislation, best practice and changes in how we process personal information, we may revise this notice at any time. If the notice changes in a way that significantly affects how we manage personal information, we will not use the personal information we previously gathered in the manner described in the new notice without providing notice and/or obtaining your consent as appropriate.

Minor changes to the notice may occur that will not significantly affect our use of personal information without notice or consent. We encourage you to periodically review this page for the latest information on our privacy practices.


Work With Us

Join our mission

We’re looking for agile, growth-oriented team players who are passionate about client success and helping patients get access to the care they need.

Work with us

Get In Touch

Let's Connect

Have questions about Norstella or its brands? Or do you want to know more about how to solve your market access challenges?

We want to hear from you