Privacy Policy

INTRODUCTION

WEP Clinical (“WEP”, “We”) is committed to protecting your personal data and handling it with transparency, securely, and with the utmost care. This Privacy Policy explains how we collect, use, and safeguard the personal information of our patients, healthcare professionals, employees, suppliers, business partners, and all individuals we work with.

This Privacy Notice (“Privacy Notice” or “Notice”) explains and describes our policy regarding the personal data WEP Clinical collects, uses, and discloses about individuals. This includes patients, healthcare professionals, customers, suppliers, vendors, business partners, job applicants, and all other persons whose personal data is processed.

WEP values and respects your privacy regarding personal data and is committed to protecting your personal data. We process individual personal data in accordance with all relevant legal requirements. This Notice aims to provide you with transparent information about how WEP collects and processes your personal data. WEP is a provider of clinical trials, supply, distribution, and management services globally and may share information across international borders. WEP performs international sharing and hosting of data in accordance with appropriate regulatory processes where legally mandated and in accordance with the relevant legislation.

This Notice sets out:

  • What personal data we collect and how we collect it;
  • How we use and disclose personal data;
  • Individual Rights;
  • The legal grounds which allow us to process your personal data;
  • Where the data comes from, who gets to see it and how long we retain it for;
  • Data Security;
  • Retention Period;
  • Cross border transfer
  • Cookies and tracking technologies;
  • SMS messaging practices;
  • How to contact us and lodge complaints Policy updates and changes.
PERSONAL DATA

Personal data means any information that relates to you, which can be used to identify you directly or indirectly. We collect Personal Data in various ways, on our website, as well as other sources such as for WEP to provide the requested services.

WEP adheres to data protection and privacy legislation and regulations, including but not limited to:

  • EU GDPR, UK GDPR and Data Protection Act 2018;
  • The US Federal Privacy Act of 1974;
  • The US Health Insurance Portability & Accountability Act of 1996;
  • International Conference on Harmonization (ICH) Good Clinical Practice (GDP);
  • The Canadian Personal Information Protection and Electronic Documents Act 2000;
  • The Singaporean Personal Data Protection Act 2012;
  • The Swiss Federal Act on Data Protection 2020; and
  • The Australian Privacy Act 1988 (Privacy Act) as amended 2014 and 2017.

WHAT PERSONAL DATA WE COLLECT  

We collect and process different categories of personal data depending on your relationship with us (for example, as a patient, healthcare professional, website user, employee, or business partner). We strive to only collect and share information when required for the purposes for which it has been sought.  However, any personal data collected and processed by WEP will have a lawful basis for processing, as provided and pursuant to all applicable data protection legislation.

 The types of personal data we collect may include the following:

  • Identity and Contact Data: Name, surname, title, email address, telephone number, postal and billing address, date of birth, gender, professional credentials, and unique identifiers.
  • Medical and Health Data: Basic medical or health information provided by healthcare professionals as required to deliver clinical supply services or support clinical programs.
  • Marketing and Communication Data: Title, name, institution, email address, telephone number, communication preferences, and engagement data related to newsletters or service updates.
  • Employee Data: Contact details, emergency contacts, employment history, qualifications, performance evaluations, payroll and benefits data, right-to-work documentations, and other employment-related information.
  • Job Applicant Data: CVs, cover letters, references, qualifications, interview assessments, right-to-work documentation, and other employment-related information.
  • Business Partner, Supplier, Vendor, and Customer Data: Company details, contact person names, titles, email addresses, telephone number, billing and delivery addresses, tax information, payment details, and contract documentation.
  • Website User Data: IP address, browser type, device information, operating system, pages visited, time spent on pages, and other technical data collected via cookies or similar technologies.
  • Email Correspondence Data: Personal data included in email contact or signatures, such as name, title, contact details, and any other information provided through communications.
  • CCTV and Visitor Registration Data: Visitor names, company, occupation, reason for visit, date and time of visit, contact number, vehicle registration, photographic ID, and CCTV video recordings when visiting our premises.

 

HOW WE COLLECT YOUR PERSONAL DATA

We collect personal data through a combination of direct interactions, automated technologies, and third-party sources.

      a.  Direct Collection From You

We collect data directly when you:

  • Complete forms on our website or submit inquiries.
  • Communicate with us via email, phone, or post.
  • Visit our offices and register as a visitor.
  • Apply for employment or enter a business relationship with us.
  • Participate in our clinical programs or request services.
  • Subscribe to our newsletters or opt-in to communication

      b.  Automatic Collection

Some data is collected automatically when you use our website or online services. This includes data gathered through cookies, analytics tools, and CCTV systems at our facilities.

      c.  Third-Party Sources

We may also receive personal data from:

  • Healthcare professionals acting on behalf of patients.
  • Sponsors and investigators of clinical trials or expanded access programs.
  • Recruitment agencies and professional references.
  • Business partners, suppliers, and customers.
  • Publicly available sources such as professional networking sites (e.g., LinkedIn).
  • Service providers who support our operations.

We collect only the personal data necessary for the specific purposes described in this policy and in accordance with applicable data protection laws.

HOW WE USE YOUR PERSONAL DATA

We process personal data only when we have a lawful basis and for specific, legitimate business purposes. Depending on the category of data, we use your personal data to:

  • Provide and manage services, including clinical trial supply, expanded access programs, named patient programs, and other clinical services.
  • Communicate with you, respond to inquiries, and maintain business relationships.
  • Process transactions, manage billing and payments, and fulfill contractual obligations.
  • Administer employment relationships, including payroll, benefits, and compliance with labor and health and safety laws.
  • Recruit and evaluate job applicants, verify qualifications, and maintain fair hiring practices.
  • Send marketing communications, newsletters, and industry updates (subject to your consent or out legitimate interests).
  • Operate and improve our website, using analytics to understand usage and enhance functionality.
  • Maintain security, including through CCTV monitoring, visitor registration, and IT systems security.
  • Comply with legal obligations, regulatory requirements, and requests from public authorities.

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that another purpose is compatible with the original one.

INDIVIDUAL RIGHTS

In accordance with the provisions provided by the GDPR specifically Articles 13 and 14, you can exercise the following rights:

  • Right to be informed – you have the right to inform about the collection and use of your personal data.
  • Right to access – you are entitled to receive a copy of all personal data WEP to hold about you and ask any questions in relation to how it is processed. Please send all requests to the details provided below.
  • Right to rectification – you are entitled to request any inaccurate, incomplete personal data WEP holds about you, to be corrected and completed. If any of the personal data WEP holds is inaccurate or incomplete, WEP will correct it and where practicable destroy the inaccurate information.
  • Right to erasure (“right to be forgotten”)  – you can make a request for erasure and require WEP to remove all personal data held about you, and consent can be withdrawn to processing at any time, as long as there is no overriding obligation on us to process personal data. This request can be made at the details provided below.
  • Right to restrict processing – you have the right to request restriction of your personal data in certain circumstances. You have the right to withdraw your consent if the processing is based on your consent.
  • Right to portability – you are entitled to receive the personal data you have provided to us, in a structured, commonly used, and machine-readable format.
  • Rights in relation to automated decision making – this includes any profiling, where you have the right to object to be part of any automated decisions.

 WEP Clinical does not make any decisions regarding personal information solely by automated means without human involvement.

  • Right to object – you have the right to object to your personal data being processed, specifically in certain circumstances.

In order to exercise any of your rights above, if you believe WEP Clinical are not handling your personal data in accordance with applicable data protection laws, you have the right to lodge a complaint. You can contact us at the details provided below. In the event that any information we hold in relation to you is accurate, we are obliged to correct and rectify it.

Additionally, you have the right to lodge a complaint with the regulator. If you are unhappy or have concerns around how we have handled your personal data, we have provided the details below.

DATA SECURITY

We take the security of your personal data seriously, and have implemented appropriate technical, administrative, and organizational safeguards to protect personal data from unauthorized use, disclosure, alteration, or destruction.

Our security measures include:

  • Limiting access to essential personnel and persons,
  • Using password protection, multi-factor authentication, and access controls,
  • Minimizing data sharing,
  • Encryption and pseudonymization techniques,
  • Training staff on data protection and security best practices,
  • Implementing secure data storage and transmission protocols,
  • Maintaining incident response and data breach notification procedures.

Data stored in third countries is held with reputable global data storage providers in accordance with internationally recognized privacy standards and appropriate safeguards.

Access to personal information is restricted to appropriate staff and persons, both internally and externally, on a need-to-know basis. WEP Clinical does not sell or trade personal information to third parties.

We will use and disclose your personal data only as necessary to comply with applicable law and regulatory monitoring and reporting obligations, and only when we have lawful grounds to do so.

Important Limitation: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. To the fullest extent permitted by law, WEP disclaims all liability for any damage you may suffer due to any loss, unauthorized access, misuse, or alteration of any information you submit through our website or systems.

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and will also inform the relevant supervisory authority with 72 hours of becoming aware of the breach, where required by law.

RETENTION PERIOD & DELETION

We will retain your personal data for as long as necessary for the purpose for which the personal data was collected and to the extent required by applicable law. We will remove any personal data we no longer require, safely and securely or alternatively take steps to anonymize it.

Automated Decision Making & Profiling.

WEP Clinical does not make any decisions in respect of personal information, solely by automated means without human involvement.

COOKIES AND TRACKING TECHNOLOGIES

       a.  What are cookies?

Cookies are small text files that are stored on your electronic device like a computer, tablet, or mobile phone when you visit a website. They are widely used to make website work more efficiently.

     b.  How we use cookies & how to control your cookies

We use cookies on the WEP website to ensure we are providing the best possible experience for visitors to our website. Please see below a brief explanation of the cookies that we use and why:

  • Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  • Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
  • Statistic cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.
  • Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and therefore more valuable for publishers and third-party advertisers.
  • Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

The WEP website may contain links to other websites that we do not own or operate. We do not control, recommend, or endorse and are not responsible for these websites or their content, products, services, or privacy policies. Downloading material from certain websites may risk infringing intellectual property rights or introducing viruses into your system. When you leave the WEP website, you should read about the privacy and cookie policies of these other websites.

      c.  Cookies we use on this website

Cookies used on WEP website are listed in the table below, including the cookie name, provider, purpose, category, and retention period. Session cookies are deleted when you close your browser. Persistent cookies remain on your device until they expire or until you delete them. You can manage your preferences at any time through your cookie settings in our cookie banner or through your browser settings.

SMS MESSAGING PRIVACY

   

WEP Clinical operates an SMS messaging service to provide essential notifications and facilitate two-way communication regarding your patient visits, scheduling, and operational updates.

When you opt-in to our SMS service, we collect and store your mobile phone number and any related information generated through your SMS interactions (e.g., timestamps of messages, keywords sent/received like ‘YES’, ‘STOP’, ‘HELP’). This information is collected and used solely for the purpose of:

  • Delivering the SMS notifications and communications you have consented to receive.
  • Facilitating two-way communication directly relevant to your patient care and operational needs.
  • Responding to your requests, such as ‘HELP’ queries or ‘STOP’ requests.

Crucially, WEP Clinical is committed to protecting your privacy in mobile messaging. Mobile opt-in information, including your phone number, will not be shared with third parties for their marketing or promotional purposes. We may share necessary data with trusted service providers (such as our SMS platform provider) who assist us in the technical delivery of these messages. This sharing is strictly for the purpose of operating the SMS service on our behalf, and these providers are contractually obligated to ensure the protection of your data and are prohibited from using it for their own marketing or any other independent purposes.

All personal data collected through our SMS service is handled in accordance with the broader principles and practices outlined in this Privacy Policy, including our commitments to data security, retention periods, and your rights as a data subject. For details on how to exercise your data rights, please refer to the “INDIVIDUAL RIGHTS” section above.

CROSS-BORDER TRANSFER

 

Some data we collect may be stored and processed in any country where we engage in services or service providers, including the U.S. and where our affiliates operate.

There are some non-EEA countries which are recognised by the European Commission and the Information Commissioner’s Office as having adequate levels of data protection according to EEA standards. For any transfers considered inadequate by the European Commission and the Information Commissioner’s Office, we have put in place measures which are adequate to ensure compliance and protect your Personal Data. These measures are pursuant to the European Commission and the Information Commissioner’s Office. We ensure that the recipient is bound by the required and compliant contractual documentation, including the EU Standard Contractual Clauses and the UK Addendum to protect your Personal Data.

 

LODGING A COMPLAINT WITH A REGULATOR

You may lodge a complaint with a data protection authority for your country. Click here for contact information of the relevant authority in your country in the EU and click here for the relevant authority in the UK.

CONTACT US

To request a copy of your information, or request to exercise any of your individual rights, please email: [email protected]

FAO Data Protection Officer

19 Shield Drive

West Cross Industrial Park

Brentford

TW8 9EX

United Kingdom

 

POLICY UPDATES AND CHANGES

 

WEP may update this Privacy Policy occasionally to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on our website, and the “Last Updated” date at the bottom of this policy will be revised.

Any significant changes that materially affect how we process your personal data, we will provide additional notice, such as by email or through a prominent notice on our website, before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our services after changes are posted constitutes your acceptance of the updated policy.

This Privacy Policy does not create any contractual rights or legal obligations beyond those required by applicable data protection laws.

 

Last Updated – January 2026