Privacy Policy

1. Information We Collect

1.1 Personal Information

We collect the following types of personal information:

• Account Information: Name, email address, role, and authentication credentials
• Business Information: Customer details, supplier information, and business contact data
• Transaction Data: Invoice details, purchase orders, and financial records
• System Usage: Login timestamps, IP addresses, and user activity logs
• Audit Trails: Comprehensive logs of all system actions for compliance purposes

1.2 Technical Information

We automatically collect:

• IP addresses and geolocation data for security and audit purposes
• Browser type and version information
• Device information and operating system details
• System performance and error logs

2. How We Use Your Information

2.1 Primary Purposes

• Providing and maintaining our pharmaceutical ERP services
• Processing transactions and managing business operations
• Ensuring system security and preventing fraud
• Complying with pharmaceutical industry regulations
• Maintaining comprehensive audit trails for regulatory compliance

2.2 Legal Basis for Processing

We process your personal information based on:

• Contract Performance: To provide our ERP services as agreed
• Legal Obligations: To comply with pharmaceutical regulations and UK law
• Legitimate Interests: To ensure system security and business operations
• Consent: Where explicitly provided for specific purposes

3. Information Sharing and Disclosure

3.1 We Do Not Sell Your Data

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

3.2 Limited Sharing

We may share your information only in the following circumstances:

• Regulatory Authorities: When required by pharmaceutical regulators or law enforcement
• Service Providers: With trusted third-party vendors who assist in system operations
• Legal Requirements: When compelled by law or court order
• Business Transfers: In connection with a merger, acquisition, or sale of assets

4. Data Security

4.1 Security Measures

We implement comprehensive security measures to protect your data:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security audits and vulnerability assessments
• Comprehensive audit trails for all system activities
• IP address tracking and geolocation monitoring
• Secure backup and disaster recovery procedures

4.2 Data Retention

We retain your information for as long as necessary to:

• Provide our services and maintain business operations
• Comply with pharmaceutical industry regulations
• Meet legal and regulatory requirements
• Resolve disputes and enforce agreements

5. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR), you have the following rights:

5.1 Right to Access

You have the right to request access to your personal information and receive a copy of the data we hold about you.

5.2 Right to Rectification

You can request correction of inaccurate or incomplete personal information.

5.3 Right to Erasure

You may request deletion of your personal information, subject to legal and regulatory requirements.

5.4 Right to Restrict Processing

You can request that we limit how we use your personal information in certain circumstances.

5.5 Right to Data Portability

You have the right to receive your personal information in a structured, machine-readable format.

5.6 Right to Object

You can object to the processing of your personal information in certain situations.

5.7 Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling.

6. Pharmaceutical Industry Compliance

6.1 Regulatory Requirements

As a pharmaceutical ERP system, we must comply with:

• UK Medicines and Healthcare products Regulatory Agency (MHRA) requirements
• Good Distribution Practice (GDP) guidelines
• Pharmaceutical industry audit and traceability standards
• Data integrity requirements for pharmaceutical operations

6.2 Audit Trails

We maintain comprehensive audit trails that include:

• User identification and authentication records
• Timestamp and IP address tracking for all actions
• Geolocation data for security monitoring
• Complete transaction history and modification logs
• System access and activity monitoring

7. International Data Transfers

Your personal information is primarily processed within the United Kingdom. If we need to transfer data outside the UK, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the UK government
• Standard contractual clauses approved by UK authorities
• Binding corporate rules where applicable
• Other appropriate safeguards as required by UK GDPR

8. Cookies and Tracking Technologies

We use essential cookies and tracking technologies to:

• Maintain user sessions and authentication
• Ensure system security and prevent fraud
• Monitor system performance and reliability
• Generate audit logs for compliance purposes

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices within the system

11. Contact Information

12. Supervisory Authority

If you have concerns about our data processing practices, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority:

• Website: https://ico.org.uk
• Phone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF