Privacy Policy

Privacy Notice

Envision Pharma Group (“Envision Pharma Group”/”we”/”us”/”our”) respects an individual’s right to privacy. This Privacy notice explains our approach to any Personal Information that we collect through an individual’s use of this website and/or any of our social media accounts (“Websites”).

In particular, this notice describes:

Personal Information” means any information or a set of information that identifies or is used by or on behalf of Envision Pharma Group to identify an individual.

Who we are

Envision Pharma Group is a full-service global medical strategy and communications agency, and our services include the provision of market-leading hosted software applications.

Envision Pharma Group” refers to Envision Pharma Group Limited (registered in England and Wales under company no. 10117262), its parent companies and its and their respective subsidiaries. For the purposes of applicable data protection law, Personal Information will be controlled by the Envision Pharma Group entity that an individual is dealing or communicating with and each such entity is regarded as an independent data controller of the relevant Personal Information. This Privacy notice applies to all such entities.

This website ( is operated by Envision Pharma Limited (registered in England and Wales under company no. 04486293).

How we collect Personal Information

The Personal Information that we process includes:

What Personal Information we collect

The Personal Information that we may collect includes:

How we use and disclose Personal Information, and the legal basis for use

We only use Personal Information when the law allows us to do so. Most commonly, we will use Personal Information in the following circumstances:

The types of Personal Information that we use depends on the relevant circumstances; however, some of the key types of Personal Information that we may use together with the relevant basis for such use and details of any third parties with whom such information is shared, are set out below. Please also see our Cookies notice.

Purpose for which we use Personal Information Legal basis for use Third party organisations with whom Personal Information may be shared

To send requested information about us and/or our services.

Legitimate interests.


To provide content requested or downloaded from our Websites and to obtain feedback regarding such content.

Legitimate interests.


To market our services including communicating about updates, news, newsletters and event invitations which are relevant to the individual’s activities and in line with stated preferences.

Legitimate interests.



For the purposes of recruitment.

Legitimate interest.


Third party technology service providers such as applicant tracking systems.

Professional advisers.

To manage our relationship with our clients and potential clients.

Legitimate interests.

Performance of a contract.

Third party vendors that we engage (where required).

To manage our relationship with our vendors and potential vendors.

Legitimate interests.

Performance of a contract.


To provide and improve our website.

Legitimate interests.

Web service providers and cookie providers.

To compile anonymous statistics including for managing our business performance and assessing client satisfaction to improve our services.

Legitimate interests.


To enable us to provide webinars, meetings and events.

Legitimate interests.

Third party travel and hospitality service providers that we engage.

“Third-party organisations” does not include any companies within Envision Pharma Group. However, we are an international business and any Personal Information provided to us may be shared with and used by an entity within Envision Pharma Group (including those outside of the United Kingdom and European Economic Area (“EEA”).

Where necessary, or for the reasons set out in this notice, Personal Information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose Personal Information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify the individual before we do this, unless we are legally restricted from doing so.

Our services include the provision of hosted software applications to our clients. If an individual provides Personal Information via a website portal of one of our hosted software applications licensed to a client of ours, that individual is providing Personal Information to that client and should ensure he/she understands how their Personal Information may be used. Reference should be made to the relevant client company’s privacy policy which may be published on such website portal, or available on such client company’s corporate website. In such circumstances, the relevant client company is the data controller. We do not access or use such Personal Information save as permitted or required under our contractual arrangements with our clients. Neither do we distribute such Personal Information to any third parties.

How long we keep Personal Information

Personal Information will be retained in accordance with our global data retention policy which categorises all of the information held by us and specifies the appropriate retention period for each category of Personal Information. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our general business purposes.

How we protect Personal Information

A key principle of data protection legislation is that Personal Information must be dealt with securely by means of ‘appropriate technical and organisational measures’. This involves considering matters such as risk analysis, organisational policies, and physical and technical measures, all of which contribute to ensuring the confidentiality, integrity and availability of systems and processes. Envision Pharma Group is certified under ISO/IEC 27001:2013, which is an auditable international best practice standard that formally outlines requirements for an Information Security Management System.

International Transfers

We may need to transfer Personal Information to locations outside of the EEA.

The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures (such as the EU standard clauses) to ensure that Personal Information remains adequately protected and secure in accordance with applicable data protection laws.

An individual’s rights regarding their Personal Information

Under certain circumstances, an individual has rights under certain data protection legislation with respect to their Personal Information which may include some or all of the following:

Such individual may also have the right to lodge a complaint in relation to our use of Personal Information with a local supervisory authority.

If an individual objects to our use of their Personal Information, or withdraws their consent to our use after having initially provided it, we will respect that choice in accordance with our legal obligations but it is likely this will make it impractical for us to deal with the relevant individual.

The California Consumer Protection Act

The California Consumer Protection Act ("CCPA") also provides certain rights to California consumers.

A California consumer is entitled to request details of the information we hold about him or her and how we use it and, under certain circumstances, has the right to request that his or her Personal Information be deleted. Such requests may be submitted through the following methods:

We will acknowledge receipt of any request within ten (10) days and begin the process of verifying such request. Depending upon the sensitivity of the data collected and the nature of the request, we are required to verify an individual’s identity to a reasonable degree of certainty or a reasonably high degree of certainty. A reasonable degree of certainty requires matching at least two pieces of personal information provided via the toll free number or Request Form with information already maintained by us. Whereas, a reasonably high degree of certainty requires matching at least three pieces of personal information. The verification process also requires us to consider whether it is likely the submitted request is fraudulent.

A California consumer may also designate an authorized agent to make a request under the CCPA on the California consumer’s behalf. When a request is submitted by an authorized agent, we will require written evidence of the authorization and, except when the authorized agent has a power of attorney pursuant to California Probate Code sections 4000 to 4465, we will also need to verify the agent’s identity as well as the consumer’s identity.

Please be aware, that the CCPA prohibits discriminatory treatment of a California consumer that exercises his or her right conferred by the CCPA.

Further questions

Our Data Protection Officer can assist with any questions and can be contacted at either of the following:

By Email:

By Post:

Envision Pharma Group
FAO: The Data Protection Officer
Envision House
5 North Street
RH12 1XQ
United Kingdom

Changes to this notice

Envision Pharma Group may revise or update this notice from time to time.

Last updated: 12 April 2022

California Consumer Protection Act Contact Form

Please complete the form below and one of our team will be in contact with you shortly.
Fields marked with an * are mandatory.

Relationship to Envision

Your enquiry has been submitted