Privacy Policy

1 Core Values

At Compliance & Validation Services Limited, hereinafter referred to as CVS, we are committed to safeguarding and preserving your privacy when visiting our site or communicating electronically with us. Our core values regarding data protection are:

  • User privacy and data protection are human rights
  • We have a duty of care to the people within our data
  • Data should only be collected and processed when absolutely necessary
  • We will never sell, rent or otherwise distribute or make public your business contact information unless required to do so by law
  • It is in our business interest and your interest that we protect the data we hold.

2 Information We Collect

In operating our website we may collect and process the following data about you:

  • Details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data
  • Information that you provide by filling in forms on our website, such as when you registered for training courses or information or make a purchase

3 Use of Cookies

  • We may on occasion gather information regarding your computer whilst you are on our website. This enables us to improve our services and to provide statistical information regarding the use of our website to our advertisers where appropriate
  • Such information will not identify you personally it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever
  • Similarly to the above, we may gather information about your general internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer's hard drive. They help us to improve our website and the service that we provide to you
  • All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our website

4 Data We Store

The data we store relates to pharmaceutical companies and pharmaceutical company employees. It is as follows:

  • People’s company/business email addresses
  • A very small number of private email addresses, where customers have provided them as a business contact address
  • Peoples names in association with their email address
  • Course booking contact and course delegate business telephone numbers
  • Company’s site addresses, financial addresses, bank details and VAT numbers (for all of our customers)
  • Records of performance parameters for email marketing campaigns, e.g. when and what was sent to each recipient, who opened the message and what links were clicked

5 Data We Do Not Store

  • Credit card information - All transactions from CVS web-site are directed to a Secure Trading
    • We do not create a record in our domain of any type when taking credit card details over the phone. All information is typed into a Secure Trading virtual terminal in real time
    • CVS is Payment Card Industry Data Security Standard (PCI DSS) compliant in terms of how it operates its interface with the virtual terminal and Secure Trading Secure Trading is a fully certified PCI DSS level 1 payment service provider
  • Personal email addresses, unless provided to us as a business contact (rare)

6 Where and How We Store the Information

6.1 Business Files and Security:

  • All business files are saved on Enterprise-grade cloud security (Drop Box for Business)
    • This includes a Master Company Email Address file and associated employee names (email marketing system back-ups that include unsubscribed and bounced email addresses)
    • Also includes course booking information copied across from the CVS Web Site
  • All PC’s linked to Drop Box are password protected and any device can be disconnected from access to Drop Box, e.g. in case of theft

6.2 Web-site Data and Security:

  • Records of online course bookings are stored on the CVS web-site
    • Booking contact details (business telephone numbers, business email addresses, site and company finance addresses, course delegate name and email address)
  • The CVS web site has been developed and is managed by Clarke Website Design Ltd. It is hosted within a UK data centre. Key security features of the Data Centre include:
  • 3m rota-spike security fence and perimeter anti ram barriers
  • Blast proof anti-intruder shielded external windows and doors
  • Proximity access locks on all external and internal doors
  • Interlocked man-trap doors with biometric iris scanners to gain access into data floors
  • Server cabinets have locked doors (no open racks)
  • Perimeter and internal IP CCTV system monitored 24x7
  • 24x7 on-site security guards with static and mobile patrols
  • All on-site personnel are security vetted to BS7858 standard
  • Only authorised security cleared staff are allowed into the facility
  • Access to the data stored on the web site is username and password protected

6.3 Email Marketing System (EMS) Data and Security

  • CVS holds business email addresses (no names) on this system and is completely responsible for the use of the system, e.g. sending marketing campaigns, and uploading/downloading of any information stored and used on this system
  • The EMS also holds records of performance parameters for email marketing campaigns, e.g. when and what was sent to each recipient, who opened the message and what links were clicked. Details of un-subscriptions are held within the EMS and it is this system that controls the status of the email addresses stored (active or unsubscribed)
  • There is a link to the EMS system from the CVS website that enables people to subscribe directly to our mailing list. Access is limited to email address entry only (name is optional) and there is a human recognition system in place to prevent automated access using interrogation software tools (spiders)
  • The EMS has controlled access by unique username and password combinations. The system keeps online backups of the data, but does not hold offline backups.
  • The system owners (Falcon Internet Marketing) have never had a data breach of their systems, but they recognise that all systems are potentially breachable, so they continually monitor

7 Sharing and Usage

We will never share, sell, or rent individual peoples’ company email addresses or any company contact information with anyone, unless ordered by a court of law. Information we hold is only available to CVS employees managing this information for purposes of sending you emails related to pharmaceutical compliance and validation training courses.

8 How Can You Stop Receiving Emails From Us?

Each email sent contains an easy, one-click automated unsubscribe link. If you wish to unsubscribe, simply click on the link at the bottom of our email messages.

9 Third Party Links

You may find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

10 Data Controller

The Data Controller is Angela Welbourn of Compliance and Validation Services Ltd

Telephone: +44(0)1625 500833; Email: info@candvs.com

Postal Address: 8 Sedgefield Close, Macclesfield, Cheshire, SK10 2WF, United Kingdom

11 Data Protection Legislation

  • UK Data Protection Act 1988 (DPA)
  • EU Data Protection Directive 1995 (DPD)
  • EU General Data Protection Regulation 2018 (GDPR)