Privacy policy.
1) Who are we?
Maverex Limited is a market access consultancy. Our postal address is Maverex Ltd, 168 Brinkburn Street, The Old Public Library, Newcastle, NE6 2AR. Our registered address is: Third Floor, 86-90 Paul Street, London, EC2A 4NE. You can contact us at these addresses or by using the information in the “Contacting us” section of this policy. We are the controller of personal data for the purposes of this privacy policy.
2) Introduction
This privacy policy applies to our website and all services offered and undertaken by Maverex Limited. It sets out Maverex Limited’s obligations regarding the collection, processing, transfer, storage, and disposal of personal data relating to all data subjects.
3) Why does Maverex collect personal data?
In order to undertake our business offering and the requirements of work contracted to us by our clients, we process personal data only within the parameters of our business interests. This includes secondary research and primary market research for the purpose of advising our clients regarding the market access, pricing and reimbursement of pharmaceutical and healthcare products.
4) What type of personal data do Maverex collect and how do we collect it?
Maverex collects data through our website indirectly (through internet access logs and cookies), directly through our contact form, through correspondence, through secondary and primary market research and other research activity, and if you contact us through other means (e.g. Job Application via 3rd Party Site). We also collect data if you enquire about our services or sign up to use our services.
4.1 Contact forms
We only collect the personal information you provide us with through the contact form. This includes your name and email address. We use this personal data to respond to your emails or requests for information. In the case of a job application, we will also hold the personal information contained within your resume.
4.2 Embedded content from other websites
Articles the Maverex website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
4.3 Other types of personal data we collect
We may collect, use, store and transfer different kinds of personal data as follows:
Identity Data including your name, email address, username, title or similar identifier.
Contact Data including billing address, email address and telephone numbers.
Financial Data including bank account and payment card details.
Transaction Data including details about payments to and from you and other details of any payments made by you whilst using our services or purchasing services or goods from us.
Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting, location, browser plug-in types and versions, operating system and platform, screen resolution and other technical characteristics of your device, your use of our services and applications and connection to the website, (as applicable to the device you are using).
Profile Data including your username and preferences and feedback.
Usage Data including information about your visit, including the website that referred you to the Website (if applicable), the path that you take through and from the Website (including date and time); pages that you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Professional Data including previous positions, qualifications, details for referees, salary etc.
4.4 As part of our service offering
Maverex conducts Primary Market Research as part of our service offering. Should research subjects’ consent to take part in studies, data may be collected from the following sources as per our Primary Research Process:
The information provided upon consenting to partake in research (name, email address, telephone number, job title, your disclosed notes within the communication)
The information required to complete screening documents for eligibility (job title, professional qualifications, professional experience and career history, professional interests and activities, memberships or affiliations with professional bodies or groups)
A voice or video recording of in-person interviews – the use of data and confidentiality criteria will be reinforced as part of this process by the moderator. (Your voice, gender, appearance, job title, professional qualifications, professional experience and career history, interests and activities, membership or affiliations with professional bodies or groups)
Personal information provided should you sign up to partake in online/questionnaire-based research (your name, email address, IP address, job title, professional qualifications, professional experience and career history, interests and activities, membership or affiliations with professional bodies or groups)
Details contained within an invoice provided to process honoraria payments (your name, address, banking details and details of your banking institution)
5) How we use data we collect from you
We will only use data when the law allows us to. Most commonly, we use it in the following circumstances:
Where we need to fulfil the contract we are about to or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
We only rely on consent as a legal basis for processing your data where we need to obtain the consent to provide you with our services, to undertake primary research, or to send you third party direct marketing communications to via email or text message. You have the right to withdraw your consent at any time. We may process data for more than one lawful ground depending on the specific purpose for which we are using data. Please contact us if you want further details about the specific legal ground we are relying on to process your data.
Where we need to collect data by law, or under the terms of a contract and you do not provide that data when requested, we may not be able to fulfil the contract. In this case, we may have to cancel a service you have with us.
We have set out below the ways we use data and the legal basis for doing so. We have also identified what our legitimate interest is, where appropriate.
|
**Purpose/Activity** |
**Type of Data** |
**Lawful basis for processing including basis of legitimate interest** |
|
To register you as a new customer |
(a) Identity |
(a) Performance of a contract with you |
|
To fulfil the contract and provide you with services. This includes:
(a) Manage payments, fees and charges |
(a) Identity |
(a) Performance of a contract with you |
|
Evaluating your suitability to participate in our primary market research, to participate in our primary market research, and the provision of other research and/or services |
(a) Identity |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation |
|
To process a job application and keep you informed of employment opportunities |
(a) Identity |
(a) Performance of a contract with you |
|
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy
policy |
(a) Identity |
(a) Performance of a contract with you |
|
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
(a) Identity |
(a) Necessary for our legitimate interests (for running our
business, provision of administration and IT services,
network security, to prevent fraud and in the context of a
business reorganisation or group restructuring exercise)
|
|
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you |
(a) Identity |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
|
To use data analytics to improve the Website, services, applications, marketing, customer relationships and experiences |
(a) Technical |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep the Website updated and relevant, to develop our business and to inform our marketing strategy) |
|
To make suggestions and recommendations to you about services that may be of interest to you |
(a) Identity |
Necessary for our legitimate interests (to develop our products/services and grow our business) |
|
Complying with our legal and ethical obligations, internal company policies and industry standards. Such as: |
(a) Identity |
To comply with our legal obligations, where the processing is in the public interest, or for our legitimate interests. We may seek your consent to disclose payments made to you on an individual basis. For adverse event/ safety reporting you will be specifically asked for consent. |
6) Who we share your data with
Maverex do not and will not sell personal information.
The information we collect may be shared internally within Maverex and its partners and direct suppliers only if necessary. We share data with our service providers who we engage to help us run our business or deliver services to you. We may share information as part of our research obligations to adverse event and safety reporting. In this instance you will be specifically asked for consent and Maverex will thereafter follow the reporting process of the relevant company involved.
7) Where your data is stored and processed
We will process and store your data on secure servers, email and other servers and equipment that are needed to provide the services as applicable. We understand that information stored and shared electronically can be at risk of compromise, so we take Anti-Virus protection and regular IT Security monitoring and patching seriously as reflected in our internal IT security policies. We do not ordinarily transfer your data outside of the European Economic Area except as follows:
Our service providers, such as Google Analytics (Google Inc. and its affiliates), may process your data in the course of providing analytical information to us about the use of the website. These service providers may collect and/or transfer your data outside of the European Economic Area. For more information on how Google Analytics processes your data you can visit here: https://support.google.com/analytics/answer/6004245?hl=en-GB We ensure appropriate safeguards are in place before transferring your data to anyone else.
8) How long we retain your data
Maverex will retain your personal data in accordance with our Confidential Data Handling Policy. We will hold your information for the duration of your engagement. After the end of your engagement, we will hold your data in accordance with the requirements set out in the UK GDPR and the Data Protection Act 2018.
9) Your rights over your data
Maverex respects the rights of the data subject. As such, you are entitled to:
Right to access - Have access to any information we hold
Right to correct – The right to have your Data rectified if it is inaccurate or incomplete.
Right to erase –Have it deleted if you no longer wish us to hold this information (this does not include any data we are obliged to keep for administrative, legal, or security purposes)
Right to restrict our use of your Data – The right to “block” us from using your Data or limit the way in which we can use it.
Right to data portability – The right to request that we move, copy or transfer your Data.
Right to object – Withdraw your consent at any time
Complain to the competent data protection supervisory authority which, in the UK, is the Information Commissioner’s Office.
If you would like to exercise any of these rights, please contact the data protection officer at: DPO@maverex.com
10) How we protect your data
Maverex takes the security of your data seriously. We have robust internal policies and controls in place to ensure your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except in the performance of work-related duties. If a data breach is suspected Maverex will notify the UK Information Commissioners Office within 72 hours.
11) Additional information
This Privacy Policy will remain live on our website and will be dated for reference alongside a cited version number. Any content changes/updates to this policy will be completed via the Maverex Document Change Process, with any changes to be immediately posted on the Website. You are deemed to have accepted the terms of the privacy policy on your first use of the Website following any alterations.
This Privacy Policy will be reviewed annually or as per changes to EU/UK GDPR legislation, the Data Protection Act, other relevant guidance or changes to internal data processing policies at Maverex. By agreeing to Maverex holding your personal data, you are accepting any ongoing changes made to this policy.
12) Contacting us
If you have any further questions, do not hesitate to contact us at enquiries@maverex.com.
If you have any questions or concerns regarding; data protection, the monitoring, tracking, targeting or storing of your personal data please email the Data Protection Officer at DPO@maverex.com.
Last updated: July 2025 (Version 2)