top of page

Privacy Policy

1. Who we are and what we do

Concept COA Ltd  is a research consultancy providing professional research services to the life sciences sector.

Our Head Office is 16 Bailey Gardens, Manningtree, Suffolk, CO111GH

Our UK Companies House Company Registration number is: 14686032

Our ICO Registration Number is: ZB598801

Our website is: https://www.conceptcoa.com

Our email address is: enquiries@conceptcoa.com

This privacy notice is set out to ensure that we meet our transparency obligations under General Data Protection Regulation (GDPR) across the EEA, the UK GDPR and US Privacy law in the states of California (Californian Privacy Rights Act), Colorado (The Colorado Privacy Act), Virginia (Consumer Data Protection Act), Connecticut (Act Concerning Personal Data Privacy and Online Marketing), Utah (Consumer Privacy Act) and Iowa (Act Relating to Consumer Data Protection).

Concept COA is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your working relationship with us, in accordance with Data Protection Legislation.

This privacy policy applies to our clients, our prospective clients and website visitors.

2. Types of personal information we collect and our Lawful Basis for processing

Our clients

When you are a client of Concept COA we will collect your name, job role, email address, business address and occasionally personal address, contact telephone number, we need this information so we can manage our contract with you. Lawful Basis Contract.

We may also send you marketing materials from time to time to inform you of new or improved services or share news about our industry or business. Lawful Basis Legitimate Interest.

 

Our Prospective Clients

We collect information from a variety of sources on the internet, these are known as open data sources. We use the following open data sources: LinkedIn, Life sciences trade and membership organisation and websites, Research Journals, National and State Regulatory Authority Websites.  We collect data such as your name, email address, job role and business address and telephone number from such sources. We do this so we can grow our business. Lawful Basis Legitimate Interest.

We also buy data from subscriptions like LinkedIn Sales Navigator. We buy data such as your name, email address, job role, business address and telephone number. We do this so we can grow our business. Lawful Basis Legitimate Interest.

If we interact with you at a conference or an event, we may collect your data from the event organiser or directly from you. At such events we collect your name, email address, job role, business address and telephone number and we do this to grow our business. Lawful Basis Legitimate Interest.

We may also send you marketing materials from time to time to inform you of new or improved services or share news about our industry or business. Lawful Basis Legitimate Interest.

 

Website visitors

When you visit our website, we use strictly necessary cookies for the security purposes and for the operation of our website. Lawful Basis Legitimate Interest.

We also use analytic cookies on our website to understand how visitors use our website and interact with it. Lawful Basis Consent.

For more information on the cookies we use please see section 8 of this privacy policy.

3. Your rights

EEA and UK Rights

You have the following rights over your data:

  • Request access to your personal information (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

  • Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.

  • Object to processing of your personal information where we are relying on a legitimate interest and there is something about your situation which makes you want to object to processing on this ground.

  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you.

  • You can withdraw your consent for processing your data at any time. Where the processing of your personal data relies on the consent lawful basis you can withdraw your consent.

If you would like to exercise any of these rights and are a UK or EEA based resident, please contact;


US Privacy Rights

If you live in California, Colorado, Connecticut, Iowa, Utah or Virginia you have the following rights over your consumer data (please note the definition of consumer data varies from state to state. If you are resident in California, your data could be considered consumer data (other states will be considered on a case-by-case basis).

  • Right to Know/ Access. You have the right to request information on, the personal information we collected about you in the last 12 months, including the categories of personal information, the categories of sources from which your personal information was collected from, the business or commercial purpose for collecting, selling, or sharing your personal information, the categories of third parties to whom we disclosed your personal information to, and the specific pieces of personal information we have collected about you

  • Right to Delete. (Excluding) Utah) You have the right to request that we delete Personal Data that we have collected from you, subject to certain exceptions

  • Right to Correct. (Excluding Iowa and Utah) You have a right to request that we correct inaccurate Personal Data that we maintain on you

  • Right to Opt Out. (Excluding Iowa) You have the right to opt out of the sale of your Personal Data. However please note that we do not sell your Personal Data

  • Right to No Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights. This includes employee, applicant, or independent contractor rights to not to be retaliated against for the exercise of your privacy rights. We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights

If you would like to exercise any of these rights, please contact our Data Protection Officer by email: fiona.brown@conceptcoa.com,

 
4. Who we share your personal information with

Concept COA relies on third-party service providers and vendors that provide products and services. These include accountants, law firms and legal service providers, financial professionals, IT and software providers, such as Microsoft Azure, Rocket Research and Hubspot, 

Our third-party service providers may have access to your personal information to perform certain functions or may host your personal information as part of a ‘cloud based’ solution used by employees. Concept COA only uses third-party service providers that ensure sufficient guarantees for the protection of your Personal Data. All suppliers are to undergo a supplier risk assessment. Concept COA requires third-party service providers by contract to implement appropriate data security and confidentiality obligations, in accordance with applicable law.

Our third-party providers may change over time, but we will notify you in the event of any change. If you would like further details, or to object to us sharing your data for these purposes, please notify us at fiona.brown@conceptcoa.com and we will provide you with detailed information and respond to your request.

Any organisation in the event of the sale, merger, reorganisation, dissolution, or disposal of our business. We will inform you of any such transfer or disclosure as required by law.

We do not sell our client’s, potential client or website visitor’s data.

5. Transferring Information outside the UK & EEA

Data Protection Laws in the EU and UK prohibits the transfer of Personal Data belonging to European Union (EU) and UK residents outside of the European Economic Area (EEA), unless there are appropriate safeguards in place to guarantee the security of that data.

Where we use third-party service providers outside of the EEA or Switzerland, we will ensure that these organisations provide sufficient guarantees to implement appropriate technical and organisational measures for the protection of Personal Data. Where necessary, we require that any such third-party service providers execute the relevant Standard Contractual Clauses or adhere to any certification procedures issued by the Commissioner for transfer of personal data to a third country and undertake a transfer impact assessment to identify any supplementary measures required to safeguard your personal data.

If you require further information about these protective measures, you can request it from our Data Protection Officer at fiona.brown@conceptcoa.com

6. Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Details of retention periods for different aspects of your personal information are available from our Data Protection Officer at fiona.brown@conceptcoa.com

7. Complaints or queries

Concept COA always tries to meet the highest standards when collecting and using personal information and we welcome feedback about this privacy policy or any other data protection issues or concerns. Please in the first instance contact our Data Protection Officer at fiona.brown@conceptcoa.com with any feedback, comments, concerns, or complaints.

UK Residents:

If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law in the UK– www.ico.org.uk/concerns.

EEA Residents:

If you want to make a complaint about the way we have processed your personal information, you can contact the Irish Data Protection Commission Homepage | Data Protection Commission.

8. Cookies

This website uses cookies. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Please state your consent ID and date when you contact us regarding your consent.

Your consent applies to the following domains: www.conceptcoa.com

bottom of page