• What is “Personal Data?” >
  • How we handle business data>
  • How your information may be used:>
What is “Personal Data?”
  • The UK GDPR applies to the processing of personal data that is:
    • wholly or partly by automated means; or
    • the processing other than by automated means of personal data which forms part of, or is intended to form part of, a filing system.
  • Personal data only includes information relating to natural persons who:
    • can be identified or who are identifiable, directly from the information in question; or
    • who can be indirectly identified from that information in combination with other information.
  • Personal data may also include special categories of personal data or criminal conviction and offences data. These are considered to be more sensitive and you may only process them in more limited circumstances.
  • Pseudonymised data can help reduce privacy risks by making it more difficult to identify individuals, but it is still personal data.
  • Pseudonymised data can help reduce privacy risks by making it more difficult to identify individuals, but it is still personal data.
  • If personal data can be truly anonymised then the anonymised data is not subject to the UK GDPR. It is important to understand what personal data is in order to understand if the data has been anonymised.
  • Information about a deceased person does not constitute personal data and therefore is not subject to the UK GDPR.
  • Information about companies or public authorities is not personal data.
  • However, information about individuals acting as sole traders, employees, partners and company directors where they are individually identifiable and the information relates to them as an individual may constitute personal data.

The GDPR regulations (General Data Protection Regulation) state rules on processing and storing such personal data and on obtaining consent. A company may only collect personal data if they have a legal reason to do so and demands accountability and transparency from organisations about how they collect, process and store such personal information.

The regulation applies only to storage of PERSONAL data used mainly for marketing purposes. Advena never collect or store any “personal” information on individuals, only on medical devices manufacturers who are, have been, or may be contracted with us as clients for offering regulatory advice and associated assistance.

As an addition these regulations indicate that businesses of less than 250 employees (such as Advena) are not bound to comply with any specific record keeping on specific individuals although we, of course, still consider the rights and freedoms of the businesses we communicate with but have no facilities for processing actual personal data that could result in a risk to the rights and freedoms of any individual.
Advena never send out mail shots to individuals.

How we handle business data

This Policy describes the privacy practices for Advena Medical Ltd. a UK registered business. 

This statement concerns our client network, clients being medical device manufacturers, or related businesses, which does not include specific individuals except for the purposes of having a contact point within these client businesses. Such clients may be those currently being contracted with plus previous clients or potential new clients who require, or may require regulatory or quality management services. 

We provide our business services as a professional resource intended to support healthcare companies in their efforts to provide high quality medical devices. Clients can choose whether or not to receive newsletters or specific news items and will always have the option to opt-out from the receipt of related technical, regulatory, and business information. 

Information collected and stored within our secure server
Information about our client services is collected as follows, but this is a non-exhaustive list as different clients have varied and different business requirement.
  • Business name, address, and primarily contact person. Larger organisations may have two or more contact points.
  • Medical device products or services involved
  • The regulatory status of such businesses and their products.
Purpose of such stored information

Business data, including a client list, is only used for purposes of us providing regulatory and quality management services to businesses and never for contacting specific individuals for personal reasons.

Our client list may be used for the purposes of sending out our newsletter or news e-shots. Clients will always be offered the ability to opt out from receiving these. If a recipient no longer wish to receive a particular type of email communication from us they may unsubscribe by clicking the “unsubscribe” link located at the bottom of the email or by an alternative method of communication.

In all cases we assure clients and potential business customers that we would always only use contact names at businesses as a business contact point and only use it for that purpose.

We may email out newsletters, blogs, and posts relating to changes in medical device regulation but there will always be a provision for a business to opt out from receiving such information. See the footer on our newsletters where we ask our business contacts, on our distribution list, if they want to continue to receive our newsletters.

Relationship and confidentiality for clients on our business client lists

Should clients wish to comment on the content of emails sent, our newsletters or other news items, they may do so freely and we will never forward on, or use, such comments without prior consent from the originator.

From time to time clients may be requested to participate in client feedback as this is part of the requirements of our own ISO 13485 certified quality management system. Such feedback will always be voluntary and confidential and never be disclosed to any third party except to accredited auditors of our own quality system.

Advena have no contracts with any third parties with whom we would share client data with.

Should we receive any information about you from third party sources, e.g. Competent Authorities or Notified Bodies in relation to the legal requirements these will always be held in confidence.

How your information may be used:

Information about your businesses may be used for the following purposes: 

Provision of the Services

 We may use the information collected about you to provide and improve our own services or to conduct confidential, non-business specific, research supporting the development of new services. 

Email Communications

 Unless you opt-out, as previously described, we will send you email newsletters and communications to support your business purposes, but never advertisements and other promotional materials from third party sponsors. 

Privacy of client data

We never use client data or client profiles to communicate to third party businesses.

Account Management

 We may use your information to administer your account, respond to your inquiries, fulfil your requests and or send you administrative communications about the services we are offering. 

Adverse Event Reporting

 If you provide us information about an adverse event regarding a medical product we may be required to report such information along with your contact information to a regulatory authority to fulfil specific reporting obligations 

Legal Requirements

We may release business information when we believe release is required to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order and to meet national security or law enforcement requirements 

Security of Information

We have implemented appropriate technical and organizational security measures to protect the client information that we have under our control from unauthorized access, use and disclosure and accidental loss.

Privacy Policy Changes

We reserve the right to modify this Privacy Policy at any time and any changes will be effective upon posting of the modified Privacy Policy unless we advise otherwise. If we make any material changes to this Privacy Policy we will notify you by email (sent to the email address included in your account profile) 

Contacting Us

If you have general questions about your account or the Services, contact our Business Services team at info@advenamedical.com 

Effective date: August 3, 2022 Kirsty Ostle

Managing Director Advena Medical Ltd

Join our Regulatory Newsletter to keep up to date