Business Contacts Privacy Notice

Last updated: 10 January 2020

  1. Background

Tillotts Pharma (“Tillotts”) respects your right to privacy. This privacy notice (“Notice”) explains how we collect, share and use personal data about you, and how you can exercise your privacy rights. We are therefore providing you with this Notice as part of our commitment to processing personal data in line with applicable data protection laws, in particular the EU General Data Protection Regulation (EU Regulation 2016/679) (“GDPR”) and the Data Protection Act 2018. If you have any questions or concerns about our use of your personal data, you may contact us using the contact details provided at the bottom of this Notice.

  1. What types of personal data are collected and why?

The personal data that we may collect about you broadly falls into the following categories:

  • Information that you provide voluntarily

We ask you to provide certain information voluntarily. The types of information we ask you to provide, and the reasons why we ask you to provide it, include:

Types of personal data Why we collect it
Identification and contact details (name, address, telephone number and email address) To establish and manage our relationship with you 
Financial information (bank account details, payment card)
Employment details  (employer, job title)

In addition, you may provide certain personal data when you correspond with us in the ordinary course of business, such as to schedule meetings and calls. 

If we ask you to provide any other personal data not described above, we will clarify the reasons why we ask you to provide such personal data at the point we collect it.

  • Information that we obtain from third party sources

From time to time, we may collect personal data about you from publicly available sources, or we receive your personal data from third party sources (including other suppliers, partners and our distributors); these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data to us under applicable data protection laws.  

The types of information we collect from third parties include contact details of you, and we use the information we receive from these third parties to manage our relationship and to make relevant arrangements.

  1. Who do we share your personal data with?

We may disclose your personal data to the following categories of recipients:

  • within the Tillotts Group, and to third party services providers and partners that assist us in providing our services and process personal data in this context, or who otherwise process personal data for purposes that are described in this Notice or notified to you when we collect your personal data;
  • to any competent law enforcement authorities, regulatory authorities, governmental bodies courts and other third parties whenever disclosure is required (i) pursuant to applicable laws, regulations,  or industry codes; (ii) to exercise, establish or defend our legal rights; or (iii) to protect your vital interests or those of any other individual;
  • to an actual or potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Notice;
  • to any other person with your consent to the disclosure.
  1. What is the legal basis for the processing of your personal data?

Our legal basis for collecting and using the personal data described above will depend on the type of personal data and the specific context in which we collect it.  

However, we will normally collect personal data from you only (i) where we need the personal data to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.

If we collect and use your personal data in reliance on our legitimate interests, this interest will normally be (i) to receive services/products from you, (ii) to collaborate with you, or (iii) to manage our interactions with you. 

If you have any concerns about the processing of your personal data based on our legitimate business interests, you have the right to object to such processing. For more information on your corresponding rights, please see the “What are your data protection rights” heading below.

If we collect and use your personal data in reliance on anything other than our legitimate business interests, we will make this clear to you at the relevant time. For example, if we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).  

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, you may contact us using the contact details provided under the “How to contact us” heading below.

  1. How do we ensure the security of your personal data?

We use appropriate technical and organisational measures to protect your personal data. The measures we use are designed to provide a level of security commensurate with the risks related to the processing your personal data.   

  1. Do we transfer your personal data abroad?

Your personal data may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country of residence.

Our servers are located in Switzerland, a country that that the European Commission has decided provides an adequate level of data protection, and our parent company and some of our third party service providers and partners operate in countries like Japan and the USA. This means that when we collect your personal data, we may process it in any of these countries.


In cases where your personal data is transferred to a country outside the EU/European Economic Area (“EEA”) which is not covered by a decision of the European Commission that the country concerned ensures an adequate level of protection, we will take such measures as are necessary to ensure the transfer is in compliance with the applicable data protection laws, including the GDPR. Such measures may include (without limitation) transferring your personal data to a recipient that has achieved binding corporate rules authorisation in accordance with applicable data protection laws, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission. In addition, data transfers to recipients in the USA may be protected by an EU-U.S. / Swiss-U.S. Privacy Shield certification. 

  1. Which data retention periods apply?

We retain your personal data for as long as we have an ongoing legitimate business interest to do so (for example, to receive services from you or to comply with applicable legal, tax or accounting requirements).  

When we no longer have a legitimate business interest to process or retain your personal data, we will either delete or anonymise it. 

  1. What are your data protection rights?

You have the following data protection rights:

  • You may access, correct, update or request deletion of your personal data.  
  • You may object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. 
  • You can withdraw your consent at any time if we have collected and processed your personal data with your consent. Withdrawing your consent has no impact on the legality of the processing we performed prior to your withdrawal nor does it impact the processing of your personal data if a legal basis other than your consent exists.
  • You have the right to complain to a data protection authority about our collection and use of your personal data.  For more information, please contact your local data protection authority. 

You may contact Tillotts at any time with a request to exercise your data protection rights, at no cost to you, by E-mail ».

You will receive a response to your request in accordance with applicable data protection laws.

  1. Updates to this Notice

We may update this Notice from time to time in response to changing legal, technical or business developments. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. 

You can see when this Notice was last updated by checking the “last updated” date displayed at the top of this Notice.  

  1. How to contact us

If you have any questions or concerns about our use of your personal data, please contact us using the following details: