Last updated July 27, 2023
This Privacy Notice (the “Notice”) addresses how Norstella (meaning the group of companies known as Norstella being Caerus PikCo Sarl and its subsidiaries) collects, uses, and protects personal information across each of its brands. References to “we”, “us” or “our” are to the Norstella legal entity who process your personal information. This notice applies to personal information collected, used and shared (collectively “process or processed”) by Norstella as a data controller or a business through our websites, apps, and products (collectively “services”).
Norstella consists of prominent pharmaceutical solutions providers: Citeline, Evaluate, Managed Markets Insights & Technology (MMIT), Panalgo and The Dedham Group. Usually when we interact with you it will be through one of these brands. Norstella operates in several countries, which have varying data protection and privacy laws. This notice applies globally to all Norstella brands and products. To the extent a specific Norstella service has a supplemental Privacy Notice that describes how we process personal information, such specific notice or supplemental privacy statement will control.
The Norstella legal entity that is responsible for the processing of your personal information (referred to as the data controller in the European Union (EU), European Economic Area (EEA) and United Kingdom (UK), the business in California and referred to as “Norstella” in this notice) will be the entity displayed in services we provide to you, on communications you receive from us, in contracts, and on booking, web and contact forms or invoices.
This notice is addressed primarily to our customer representatives, product and service users (including visitors to our websites), supplier representatives, clinical study referrals, marketing contacts and sales prospects.
This notice does not apply to personal information collected by us when you apply for a job with Norstella or in the course of your employment or engagement with Norstella, whether as an employee or independent contractor. Our Applicant Privacy Notice explains how we process personal information of anyone applying for a position or being considered for employment by Norstella.
Our Expert Privacy Notice, which supplements this notice, provides information on our personal information collection and processing practices related to individuals whose information is included in our products.
This notice details how Norstella processes “personal information”, which means any information that relates to an identified or identifiable living individual or that directly or indirectly can be used to identify the individual. This includes information that could identify an individual on its own as well as information that can only identify someone when combined with other data we have (regardless of whether we already have the other data or are just likely to have it in the future).
We collect personal information directly from you:
We also collect personal information about you from third parties such as:
How you interact with us and the different services that we offer determine what personal information we collect about you.
The personal information we collect may consist of the following:
Sensitive personal information. We only process personal information concerning race or ethnicity; political opinions, or religious or philosophical beliefs; trade union membership; or genetic, biometric, health, or sex-life information in very limited circumstances. For instance, if you actively provide or indicate such information in a user-controlled area of our services, for example a professional profile or whilst taking part in clinical study recruitment opportunities. We may occasionally collect personal information that is subject to enhanced security requirements, such as requiring a credit card or government-issued ID to complete a transaction you have requested.
This section sets out the purposes for which we may process your information. Your relationship with Norstella will determine which of the purposes listed in this section apply to you.
If you have purchased or registered for one of our services, including on a trial basis, we will process your personal information for the following purposes;
In relation to the use of our products, we may process your personal information to;
If you have signed up for this service, we may process your personal information to maintain and support clinical study recruitment activities, which includes the identification, the verification and qualification of you as a clinical study participant.
We may also process your personal information to contact you to seek your participation in future additional study recruitment activities and to facilitate your participation in our Online Communities.
Our products use information obtained from publicly available sources. To this extent, we may process your personal information as part of organizing and including information in our products that we collect from publicly available sources.
We may also process personal information which you choose to make available in our products (for instance, you may wish to provide information to enable peer connection and related collaboration).
We may process your personal information to send you marketing emails, newsletters, offers or other promotional emails that keep you up to date with our services, news, events and products that may be of interest. Depending on the nature of your interaction with us and applicable data protection and privacy laws, you may have actively given us your consent, or we may be entitled to rely on your implied consent or legitimate interests to market to you. You can opt out of our marketing communications or change your communication preferences at any time – all Norstella marketing e-mails contain an unsubscribe or preference center link. If you have questions regarding our use of your information for marketing purposes, please contact privacy@norstella.com.
We may provide you with advertising based on your activity on our websites and services and on third-party websites. The personal information held about you, combined with other personal information legitimately obtained and shared with us by third parties or publicly available information, may be used to better understand our customers and their preferences and to improve the services delivered. This may include automated profiling and campaign management techniques. We do not disclose your contact information to third parties for their own marketing purposes unless we have obtained your consent to do so in accordance with applicable laws.
We may use your personal information in advertising campaigns on social media platforms such as LinkedIn, in order to provide you with information about upcoming events or new products and to ensure you only receive relevant advertising about our services as described above.
We may process your personal information to administer events that we host or attend (e.g., conferences, webinars, etc.).
If you participate in one of our events as a speaker, sponsor, exhibitor or attendee, your personal information will be used in connection with the running of the event, to manage payments and recover debts.
In addition, photos and videos are taken at our events (or events in which we participate) which may feature attendees, speakers, sponsors or exhibitors. Where we have taken photos and videos at our events that feature you as a speaker, attendee, sponsor or exhibitor, to the extent permitted by applicable data protection laws, those photos and videos may be used for promotional purposes. You may inform us prior to, or at the event in question, should you wish to not be included in any such photos or videos.
We may process your personal information to exercise our rights, and to the extent reasonably required to assist third parties (such as customers or business partners) in exercising their rights, to defend ourselves from claims, to comply with applicable laws and regulations or third parties with whom we work or for the purposes of fraud screening and prevention.
We may process your personal information to protect the security of our IT systems, architecture and networks and to prevent misuses of our services.
We maintain presences on social media platforms, through our company and brand pages. We collect personal information when you interact with us on social media. Please note that these social media platforms may set cookies and other tracking technologies on your device when you visit their pages and when you navigate from their pages. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social media platforms). The social media platforms are responsible for how they handle your personal information and information about how these social media platforms collect and use your personal information (and how they use cookies and other technologies, including instructions on how you can disable these) can usually be found in their respective privacy and cookies policies on their respective websites.
If you are located or reside in a jurisdiction that requires a lawful basis for processing personal information (such as the EU, EEA or UK), the basis on which we process your personal information will depend on the personal information concerned and the context in which we collect it. We normally collect or use personal information as necessary for the performance of our services (“Performance of Contract”); to comply with our legal and contractual obligations (“Legal Obligations”); and to support our legitimate interests in maintaining and improving our services, e.g. in understanding how our services are used and how our campaigns are performing, and gaining insights which help us dedicate our resources and efforts more efficiently; in marketing, advertising and selling our services to you and others; providing customer services and technical support; and protecting and securing our users, customers, prospects, ourselves and our services (“Legitimate Interests”). We may also obtain your consent (“Consent”) in certain circumstances, for example for marketing in certain regions or for processing sensitive personal information (see below).
For example, when we:
Where we process your sensitive personal information, it is based on one or more of the following legal bases:
If you have questions about or need further information concerning the lawful basis on which we collect and use your personal information, please contact us using the contact details provided in the “Contact US” section of this notice.
Your personal information will, depending on the purposes of processing, be disclosed to different individuals and organizations, including:
Norstella is a global business, and your personal information will be transferred to countries with different privacy and data protection laws than your own. If you are located or reside in a jurisdiction that places certain restrictions on the transfer of personal information (such as the EU, EEA or UK), your personal information will be transferred in accordance with appropriate legal safeguards to other countries including the United States.
We protect transfers of personal information outside of the EU, EEA and the UK with legal safeguards that include:
We only retain personal information for as long as is necessary and as permitted by applicable laws. We shall retain personal information throughout the period of your relationship with us, including for the purposes of satisfying legal, accounting, or reporting obligations or to resolve disputes. We may continue to retain it after we have ceased such uses for certain legitimate business purposes. For example, if you have opted out of marketing communications from us, we will retain limited details about you to ensure we can honor your opt-out request. We may also continue to retain your personal information to meet our legal requirements or to defend or exercise our legal rights.
The length of time for which we will retain your personal information will depend on the purposes for which we need to retain it. After we no longer need to retain your personal information, it will be deleted or securely destroyed.
For more information on how long we retain your information, please contact us at privacy@norstella.com.
Depending on where you are located or where you reside, you may have certain rights granted to you over your personal information under local data protection and privacy laws. We will honor the requests you make related to your rights as the law requires. This means in some cases, there may be legal or other official reasons that we may not be able to fulfil the specific request you make.
One or more of the following rights may be available to you, however applicable rights may differ based upon local data protection and privacy laws:
Rights specific to US residents can be found in the US Addendum of this notice.
To exercise applicable rights in relation to your personal information, please submit a request here.
Upon receiving a request from you, we will verify your identity by matching the information you provide (such as your name, email address, or phone number) with the information we hold. We may ask you for additional information to verify your identity or to comply with your request. We will complete your request in the timeline prescribed by applicable law.
Our services are directed at business professionals. They are not intended for children under the age of thirteen. We do not knowingly collect personal information from users in this age group and reserve the right to delete such information if we become aware of having collected it. If children’s information is collected by us, for example for study recruitment activities involving pediatric trials, this is only via direct input from parents or guardians, and its usage is protected by additional privacy terms aligned to applicable laws.
We recognize the importance of protecting and managing personal information. Your personal information will be treated with the utmost care and security. We use industry-standard physical, procedural and technical security measures, including encryption as appropriate.
We use a variety of technical and organizational measures to keep personal information safe and prevent unauthorized access to or use or disclosure of it. Electronic data and databases are stored on secure systems with control over who has access to information using both physical and electronic means. Our employees receive data protection, privacy and information security training and we maintain a set of detailed information security and data protection policies to which employees are required to adhere when managing personal information. All third-party contractors, consultants and service providers are subject to the appropriate contractual undertakings and due diligence.
While we take all reasonable steps to ensure that personal information will be kept secure from unauthorized access, we cannot guarantee it will be secure during transmission by you to a website or other services, as we do not control that transmission. We make use of HTTPS (HTTP Secure) whereby the communication protocol is encrypted via Transport Layer Security (TLS) for secure communication over a computer network. Our websites are loaded via HTTPS, represented by the lock icon in your web browser ensuring the transmission is secured with a certificate issued by an official security certificate authority.
This addendum supplements the Global Privacy Notice and applies to residents in the United States whose states have passed state specific privacy laws, such as California. In case of any discrepancy between the Global Privacy Notice and this Addendum, the terms in this Addendum will govern and control. However, this Addendum does not otherwise modify the Global Privacy Notice. This US Addendum serves to provide you with certain notice when we collect categories of personal information about you.
This Addendum will inform you of our practices regarding the collection, use, disclosure and sale of your personal information. Personal information includes any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you as a particular individual.
How we collect personal information
The ways in which we collect personal information from you are set out in the Global Privacy Notice in the Section “How We Collect Personal Information.” This includes when you use our services, when you interact with us, and when you encounter cookies and similar technologies included in our services.
Categories of personal information that we collect and disclose
The following is a list of categories of personal information that we may collect and disclose for business purposes:
Category | Examples |
Identifiers | Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, authentication information or other similar identifiers. |
Categories of personal information listed in the California Customer Records statute (Cal. Civ. Code Section 1798.80(e)) | Name, signature, address, fax, telephone number, education, and employment. Some personal information included in this category may overlap with other categories. |
Protected characteristics under California or US Federal Law | Gender, family status, age range, and military and veteran status. |
Commercial information | Purchase history, subscription information, payment information and related bank details transaction. |
Biometric information | Behavioral characteristics that can be used alone or in combination with other personal information to establish individual identity, e.g. study ID, cookies, IP address, passwords, computer device information, and other physical patterns etc. |
Internet or other electronic network activity information | Correspondence and details of your use of our website and services obtained through cookies or other tracking technologies, date and time of visits, the pages viewed, time spent at one of our websites, etc. |
Geolocation data | Your city, state, country or your IP address. |
Sensory information | Photographs, audio, video or other similar electronic recordings, etc. |
Professional or employment-related information | Publications, employer, location, licensure, credentials, work history, education history, specialties, expertise, availability, etc. |
Inferences drawn from personal information | Personal characteristics such as language, life habits, thoughts, concerns, preferences, feedback, opinions and other information provided through surveys, interviews, etc. |
Sensitive personal information | We only process personal information concerning race or ethnicity; political opinions, or religious or philosophical beliefs; trade union membership; or genetic, biometric, health, or sex-life information in very limited circumstances. |
The purposes for which we process your information are set out in the Global Privacy Notice in the Section “Purposes of Processing Personal Information.” These include customer and product administration, product development and personalization, recruitment for clinical studies, product content, marketing, events, legal rights, security and social media.
We will not collect additional categories of personal information or use the personal information that we have collected for materially different or unrelated purposes without providing you with notice.
We do not generally provide a financial incentive in return for the collection or use of personal information. If we engage in any limited-time marketing event, promotional offer or discount that includes a registration or other collection of personal information, we will disclose the benefits and terms of that promotion at the time of collection.
Disclosure of personal information
The different individuals and organizations with whom we share your personal information are set out in the Global Privacy Notice in the Section titled “Sharing of Personal Information.”
Sharing or sale of personal information
Where allowed by applicable law, we may sell or share your personal information, as those terms are defined under US state privacy laws, by disclosing it to a third party for business purposes. We sell or share personal information relating to the following categories of individuals:
Third parties to whom we sell or share personal information are subject to security and confidentiality obligations and are prohibited from using the information for any purpose other than to perform their contractual obligations and for professional/business-related purposes.
Norstella may sell or share the following categories of Personal Information:
Personal information category | Purpose of third-party disclosures |
Identifiers | For use in our products and services and therefore shared with our commercial customers. |
Professional or employment-related information | For use in our products and services and therefore shared with our commercial customers. |
We do not sell or share personal information of individuals under the age of 16.
Your privacy rights
Depending on the state where you reside and your relationship with us (e.g., customer, employee, or business partner), the following rights may apply:
Some privacy laws may provide you with other opt-out rights which are inapplicable to us. In particular, we do not engage in impactful profiling activities with respect to users, and we do not collect, use or disclose sensitive personal information (such as government identification number, precise geolocation, financial account information, etc.) except for the specific purpose(s) that you provide it.
To exercise any applicable rights as described above, please submit a request here.
You may authorize another person (your “agent”) to submit a request on your behalf. Upon receiving a request from you (or your agent), we will verify your identity by matching the information you provide (such as your name, email address, or phone number) with the information we hold. We may ask you for additional information to verify your identity or to comply with your request (potentially with validation through a link we send to you by email). We will honor your requests as the law requires and complete your request in the timeline prescribed by applicable law.
If we deny a privacy request, you may appeal the decision to us at the contact information provided above. To the extent possible, please describe the basis for your appeal and if there is any specific personal information that concerns you. We will endeavor to provide a prompt response.
Our websites and services may contain links to other websites. We are not responsible for the privacy practices of these websites and do not accept any liability in connection with their content. We recommend reviewing the privacy notice of each third-party site linked from this website to determine its use of your personal information.
Where we provide links to websites of other organizations, this notice does not cover how that organization processes personal information. We encourage you to read the privacy policies on the other websites you visit.
Norstella uses cookies and other similar technologies, such as web beacons, HTML5 Local Storage, local shared objects, tags, and scripts on our websites and in email communications. We use these technologies to authenticate your access to various areas of our services, understand your interests, analyze web traffic, combat fraud, provide interest-based advertising, improve our services, personalize content and track the effectiveness of our emails. We may combine data collected through these technologies with other personal information provided to Norstella.
Please read the Cookie Notice on the respective brand website for information about cookies and other tracking technologies used on our websites and services. Our Cookie Policies include information on how you may disable these technologies.
For any questions about this notice or our use of your information, you can contact our Privacy team here, or at the addresses listed below. We hope we will be able to resolve any privacy concerns you may have. However, you always have the right to complain to any supervisory authority or other public body with responsibility for enforcing privacy laws in your country.
Norstella Privacy Team,
Attn: Norstella Privacy Team
3 More London Pl
London
SE1 2RE
Attn: Norstella Privacy Team
1040 Stony Hill Road
Yardley
PA 19067
This notice was last updated as of the effective date listed above.
To keep up with changing legislation, best practice and changes in how we process personal information, we may revise this notice at any time. If the notice changes in a way that significantly affects how we manage personal information, we will not use the personal information we previously gathered in the manner described in the new notice without providing notice and/or obtaining your consent as appropriate.
Minor changes to the notice may occur that will not significantly affect our use of personal information without notice or consent. We encourage you to periodically review this page for the latest information on our privacy practices.
We’re looking for agile, growth-oriented team players who are passionate about client success and helping patients get access to the care they need.
Work with usHave questions about Norstella or its brands? Or do you want to know more about how to solve your market access challenges?
We want to hear from you