Client & Research Associate / Respondent Privacy Notice

“Medex Research Ltd” is committed to ensuring that your personal data is processed fairly and lawfully, is accurate, is kept securely and is retained for no longer than is necessary.

This “Privacy Notice” sets out what data we collect, how we process it and who we may share it with and why.

It also explains your rights with respect to the Personal Data that we may collect from you; that is data that identifies you as an individual or from which you may be identified.

Why do we need this Privacy Notice & Data Protection Policy?

On the 25th May 2018 the General Data Protection Regulation (GDPR) came into force and the Data Protection Act (DPA) 1998 was updated by a new Act giving effect to its provisions.

This new regulation is intended to better protect individuals by ensuring that Companies, Public Authorities, Charities etc. look after your data properly and within clear guidelines. You may see the term “Data Subject”, this refers to someone whose information or data is held by an organisation.

Who are we?

Medex Research Ltd., 2 Chapel Street, Chichester, PO19 1BU, referred to as “Medex Research Ltd.” in the remainder of this document.

Medex Research Ltd. is a company dedicated to Medical Device & Diagnostic Market Research, running projects for Clients across the globe and is trusted by some of the world's leading healthcare companies.

Medex Research Ltd. works with an extensive Network of Healthcare Professionals worldwide to harvest their understanding and experience to deliver knowledge based research.

Who in the Company is responsible for ensuring that we meet our obligations for data protection?

The responsible person is called the “Data Controller” (DC) and is registered with the “Information Commissioner’s Office” (ICO) (Reg. No. ZA381259) – the ICO is the Regulator in the UK for Data Protection. You can check our details on the ICO’s website by entering the company name, address or postcode at the following link:

The Data Controller is Mrs. S Masson and she can be contacted as follows:

By Email:

Or in writing to:

The Data Controller, Medex Research Ltd., 2 Chapel Street, Chichester, West Sussex, PO19 1BU

Why do we need to hold and process your personal data?

Medex Research Ltd. processes personal data in order to fulfil its contractual obligations to both its Clients & Respondents, this is the “lawful basis”.

Where we carry out Direct Marketing at Trade Shows & Conferences we consider this to be a “legitimate interest” given the nature of these events and the expectations of delegates and exhibitors alike.

We may also process personal data if at least one of the following applies:

  • In order to protect the vital interests of an individual.
  • There is explicit consent.
  • For financial transactions relating to MRL’s Services or Procurement.
  • For the establishment, exercise or defence of legal claims or whenever Courts or Public Authorities such as HMRC or the Police are acting in their judicial or investigative capacity.
  • For reasons of public interest in the area of public health.
  • For reasons of substantial public interest, based on law, which is proportionate in the circumstances and which provides measures to safeguard the fundamental rights and the interests of the Data Subject.

What sort of personal information could we be collecting about you or your organisation and processing?

Respondents - The categories of information that we collect, hold and process include:

  • Personal information (such as name, address, phone number, email address, age profile).
  • Current employment information.
  • Professional Qualifications.
  • Employment experience.
  • Role / position within your Organisation.
  • Your personal and professional views and opinions on matters surveyed.
  • Detail of papers or research published where applicable

Client Companies & Contacts - The categories of information that we collect, hold and process include:

  • Personal information (such as name, address, phone number, email address, age profile).
  • Current employment information.
  • Role / position within your Organisation.
  • Product information.
  • Competitor information.

Do we pass on or share your personal information with anyone else?

Medex Research Ltd. will never sell your personal data to a Third Party.

We will not give your personal information or details to anyone outside Medex Research Ltd., except as indicated below or unless we are required by the law to do so. Reports that we produce for our Clients based on your understanding, experience and opinion are pseudo- anonymised before submission to protect the identity of Research Associates.

We use Third Party contractors to carry out certain functions, they are controlled by a Data Processing Agreement (DPA) which limits the extent to which they may use and process your data to the purposes that we require. These are:

  • R & D Analysis – Extrapolate, tabulate and perform statistical analysis on data, producing substantive output for reports.
  • MARCOM Computing – IT Contractor – Secure Back-up / Recovery Services – Advice on Data Security.

How long will we retain your data?

Some data such as records of financial transactions will be kept for seven years for audit and tax purposes.

Medex Research Ltd. principle is not to retain any data or personal information for longer than is necessary in relation to the purposes for which it was collected. We will always be driven by best practice to ensure that Information will be held in accordance with the latest guidelines.

What are my rights regarding the data you hold about me?

Under GDPR (the new regulation) you have significantly enhanced rights which include:

  1. Being informed of data processing (which is covered by this Privacy Notice).
  2. Accessing information (also known as a Subject Access Request (SAR)) that we hold on you. In some circumstances there can be a charge for this.
  3. Having inaccuracies corrected promptly.
  4. Having information that we hold about you erased except where there is a statutory or legal requirement for us to collect process or hold it.
  5. Restricting processing of your data except where there is a contractual, statutory or legal requirement to process it.
  6. Data portability where relevant.
  7. Intervention in respect of automated decision making (automated decision making is not operated by PRPT).
  8. Withdrawing consent (see below). (Right to be forgotten).
  9. Complaining to the Information Commissioner’s Office (ICO) (See below).

Can I stop you holding and processing my data?

Withdrawal of Consent

The lawful basis upon which Medex Research Ltd. processes personal data is that it is necessary in order to comply with our legal and contractual obligations and where we have legitimate interest.

Where Medex Research Ltd. processes personal data solely on the basis that you have consented to the processing, you will have the right to withdraw that consent.

To exercise any of these rights you must in the first instance contact the Data Controller (DC) in writing or by email at the addresses on Page 1.

If you are unhappy with the way your request has been handled, you may wish to ask for a review of the DCs decision by challenging it in writing within 28 days.

Complaints to the ICO

If you are not content with the outcome of the internal review, you may apply directly to the Information Commissioner for a decision. Generally the ICO cannot make a decision unless you have exhausted our internal review procedure. The Information Commissioner can be contacted at:

The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF