Privacy Notice

Effective from May 2023

Who are we?

We are Beacon Medical Systems Ltd, (trading as Pando and Pando Insights), a company incorporated in England and Wales with registered number 14638585 at Companies House and whose registered office is at 5 New Street Square, LONDON, EC4A 3TW.

The following laws apply to this privacy notice:

If you are a resident of the United Kingdom, the UK GDPR as defined in the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. If you reside in any other country, the applicable data protection laws, and regulations in your country of residence.

This document (the “notice”) is our Data Promise to you. Please read it carefully.

This notice describes how we collect, store, disclose, transfer, protect and otherwise process your personal data and for what purposes. It also contains other important information, such as the lawful bases by which we process your personal data, how long we might retain your personal data, and the rights you have in relation to personal data we hold about you. It applies to the full range of services offered by Beacon Medical Systems Ltd trading as Pando, Pando Insights and Pando Network (Pando) and the use of this website and the Pando Messaging Service (The Service). Further details about the way that we process personal data in the context of our individual relationship with you are detailed in the relevant hyperlinks below.

Our Data Protection Officer can be contacted by emailing: dpo@hellopando.com or by writing to the address above.

Pando processes personal data in the capacity of both a data controller and a data processor. When we are a processor of personal data, we are doing so purely on the instructions of another organisation or company (because they are the controller).

For the purposes of Pando Messenger, we are the developers of the Pando App and operate the Pando Messaging Service. This stores personal data that helps clinicians and health care professionals to communicate securely about the people that they are looking after. In this context, the medical establishment – e.g., a Trust or a GP is the controller of all the data (typically for direct care) that is entered into the Pando App. To find out more about how your data is protected by them, or to exercise your rights under data protection law, you should contact them directly.

When Pando is acting as a controller of personal data it will usually be for the following categories of data subjects:

potential and existing employees
potential and existing suppliers, investors
users of the Pando service
people that choose to participate and host/sponsor our Pando Insights research and surveys
our website users.

It will also involve technical data when you use our site. Our responsibilities as a controller means that we are trusted to look after and deal with your personal information in accordance with this notice.

Technical and operational security

All data is password protected, access controlled, backed up securely and encrypted when appropriate. Pando’s employees are trained in data protection and information security and are aware of their obligations to ensure the privacy of all data subjects. Data Privacy by Design and Default is an integral part of our development processes. Beacon Health Systems Ltd, trading as Pando submits DSP Toolkit annually to the level of Standards Exceeded.

An explanation of how we use your personal data:

To see more about how we use your personal data, please read the notice or notices which are most relevant to your relationship with us. These will explain the data that we will hold about you and how we will use it lawfully.

I am a potential corporate client (Pando Messenger/Pando Insights):

‍ As a potential client, we hold your name, job title and corporate contact details so we can build a relationship with you. This data will have been sourced directly from you at an event, or from your company website or a similar publicly available source. We only hold your data if we legitimately think you will have an interest in using our product.

‍ Lawful basis for processing

‍Our lawful basis for processing your data is a Legitimate Interest for marketing purposes. As you are a corporate entity, we also abide by the Privacy and Electronic Communications Regulations (PECR). We give you the chance to opt out of all marketing on anything that we send you. We only share details of our own goods and services in our marketing. If your data was not sourced directly from you, then we contact you once we have the data to let you know that we have your data and give you the chance to opt-out. Our legitimate interest balancing test indicates that this is a legitimate purpose: you would not be surprised to hear from us based on the nature of your job role, and our processing does not cause any harm or risk to you as a data subject.

‍ Data Sharing and Transfers

‍ Retention Periods

‍We hold data on Potential Corporate Clients for as long as we think you are likely to be interested in our goods and services, or until the point at which you opt out of communications. At this point you are added to a suppression list so we do not contact you again. When you become a Corporate Client, then the privacy Notice for Corporate Clients will apply.

I am a corporate client (Pando Messenger/Pando Insights):

‍ As a corporate client, we hold the contact and payment details required to carry out our contract with you, manage our relationship and keep you up to date with changes and improvements to our services. This data would have been sourced from you directly.

‍ Lawful basis for processing

‍ Our lawful basis for processing your data is a combination of Contract and Legitimate Interest. We use legitimate interest when we use your data to keep you up to date with changes and improvements to our goods and services. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, is necessary for the purpose of keeping you updated and growing our business, and unlikely to cause you risk or harm. Please note that we do not collect any payment card data or similar data relating to your method of payment. You provide this data directly to Stripe who processes payments on our behalf. We only receive and process information about the timing and amount of your payment.

‍ Data Sharing and Transfers

‍ Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the UK and/or EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

‍ Retention Periods

‍ We hold data on Corporate Clients for the length of time that you are a client of ours, then another 7 years in case of any dispute.

I am a potential employee of Beacon Medical Systems Ltd:

‍ As a potential employee we hold the following information on you: Name, CV/Resume, Industry qualifications/experience, Salary expectations, Contact details, Interview notes, References, Educational background/qualifications, Pre-employment check results.

‍ Lawful basis for processing

‍ Our lawful basis for processing your data is a combination of contract, legitimate interest, legal obligation and consent, depending on the process. Overall, we are processing the data to create and maintain a relationship with you and test your suitability for the role. As the journey towards onboarding progresses, we are obliged by law to do certain checks, such as your eligibility to work in the UK.

The data we hold about you would have come directly from you or from an agency where you have applied for the role. If we did not source the data directly from you then we will contact you within one month to let you know the details of processing.

We do not carry out automated decision making on your personal data.

‍ Retention Periods

‍ We hold data on potential employees for various periods, depending on the situation. If you were unsuccessful and we want to stay in touch then we will ask your consent to hold that data for a further 12 months in case another role becomes suitable for you within this timeframe.

If you were not a good fit for the role and not short listed then your data is deleted as soon as it is no longer needed. If you were shortlisted but did not get the role then we keep your data until the successful candidate passes their probation period (4 months). After that we will ask your consent to hold the data for a further 12 months. If consent is not given then the data will be deleted.

If you did get the role you applied for then you become an employee and the employee privacy notice will apply.

‍I am an employee of Beacon Medical Systems Ltd:

If you are an employee of Beacon Medical Systems Ltd, please refer to the Fair Processing Notice that is stored in the Employee Information Governance and Ethics Handbook.

‍I am just browsing/using your website:

Read more about the cookies we use on our website in our Cookie Policy.

Any personal data that we collect as a result of you having consent to cookies will usually only contain your IP address and device data, which doesn’t directly identify you, but is still considered to be personal data. We aggregate this data to look at common trends in website usage and also to help us identify and fix any issues.

We ask for your work email address and process this to communicate with you and to keep you up to date with all things from Pando. If you don’t wish to hear from us, just click the unsubscribe link in any communication that we send you.

When you visit our website our servers record data about your internet browser, I.P. computer address (which is the unique numerical address given to every computer connected to the internet), the time and duration of your visit and which pages you looked at. When you visit our site, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

The Pando website may include links to other sites, not owned or managed by us. We cannot be held responsible for the privacy of information collected by websites not owned and managed by Beacon Medical Systems Ltd.

‍I am a user of the Pando Messaging App

Providing Pando with your personal data is an obligation of using the Service. This is because your personal data is required to confirm your identity as a user, and to identify you to other users who may need to contact you.

As a Pando user, you provide some data to enter into a contract with us and use the App. These will be your contact details. We also process data about the way you use our site, including your IP address and browsing time. This helps us to optimise the performance of our site, monitor it for security purposes and drive improvements for our users. We also use essential cookies for certain service capabilities to work.

We also process your data so we can drive improvements to the site and to allow bug reporting and analysis. We ask your consent to drop any unnecessary cookies needed for this.

We use your contact details to send you service updates.

Personally identifiable data may include, but is not limited to:

Full name
Email address
Mobile number
Place of work
Specialty

Users may choose to use Fingerprint/Facial recognition/Touch ID as part of the Service. This data is not collected, stored or processed in any manner by Pando. We advise that users should review the privacy notice relating to their device and its operating system before setting up any fingerprint or facial recognition systems.

‍ Lawful basis for processing

‍ Our lawful basis for processing your data is a combination of Contract, Legitimate Interest and Consent. We use your contact details to provide you with the site and the appropriate technical support as needed, as well as service messages; this is our contract with you. We use legitimate interest when we use your data to improve the performance of the site, process your data for marketing purposes, and protect it from illegal use. Results of a legitimate interest balancing test indicate that this use is pursuing a legitimate interest, and unlikely to cause you risk or harm. When we send marketing messages to you, we rely on consent under Privacy and Electronic Communications Regulations (PECR). This consent is collected via the app. We are aware that as an employee of a corporate subscriber, we could send marketing messages without consent. However, we feel that consent is a better option for you in this instance. You can withdraw this consent at any time.

‍ Data Sharing and Transfers

Pando as a Data Processor – Information and FAQ

Pando acts as a data processor when processing patient data (which means that we act under the instructions of the data controllers). In this case, these are the organisations providing care, such as a GP practice, hospital, hospice, pharmacy, or care home (providers). They maintain overall responsibility for creating and storing information about patients and their health, such as in a patient record.

For the purposes of processing patient data Pando is acting under the instructions of the user’s organisation and it is the organisation (data controller) that determines the lawful basis for processing. in most cases the organisation is using Article 6 (1) (e) (processing in the exercise of official authority vested in the controller).

The national data opt-out is a service that allows patients to opt out of their confidential patient information being used for research and planning. As a processor it is not Pando’s responsibility to process the opt out as that is the job of the data controller. However, you can find out more about opting out here.

‍ Retention Periods

We hold data used to fulfill the contract for 12 months after the termination of the contract. We remove you from our marketing database, onto a suppression list, when you opt-out of receiving communications from us.

I am an investor:

‍ As an investor or private shareholder in Beacon Medical Systems Ltd, we hold your contact details. This data would have been sourced from you directly.

‍ Lawful basis for processing

‍ Our lawful basis for processing your data is a legal obligation; we are legally obliged to document who the owners of our business are.

‍ Data Sharing and Transfers

Like most companies, we use a number of other companies as part of our data processing, for example, cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the UK and/or EEA, we ensure that appropriate protection and mechanisms are in place, for example, Standard Contractual Clauses. We do not sell your data to anybody and we do not share it with anyone other than our contracted processors.

We share your contact details in line with our regulatory requirements, so will be listed in official documents such as filing returns at Companies House.

‍ Retention Periods

As a shareholder/investor we hold your information for as long as we are legally required to do so.

I am a participant or a client host/sponsor in a Pando Insights Research Study:

We use information from participants in order to undertake Research Studies as part of our Pando Insights programme and act as EITHER the data controller OR the data processor OR a data subprocessor depending upon the research study. This means that we are responsible for looking after participant information and using it properly in either context. Insights is a separate service to the Pando messenger clinical service and no NHS patient data whatsoever is processed by Pando Insights. Insights exists to recruit the appropriate specialist candidates to invite them to take part in appropriate research studies and to promote products and services that are of interest to our clinical community. When you agree to take part in a Pando Insights Research study it will be clearly communicated to you whether we are a) the controller b) the processor or c) acting as a subprocessor. Where Pando is acting as a processor or subprocessor you will be provided with a separate privacy notice from the controller that is sponsoring the study.

Research for healthcare should serve the public interest, which means that we must demonstrate that our research serves the interests of society as a whole. We do this by following the UK-policy-framework-health-social-care-research.

We use personally identifiable data (names, email addresses, phone numbers and specialty) to conduct research to improve health and care. As a research company we have a legitimate interest in using information provided to us by clinicians and health and social care workers when they agree to take part in a research study.

Participant data, collected in the course of a research study, will be used to a) deliver the study and b) analyse the results.

In some situations, we may also process participant personal data where:

• the processing is necessary to perform our contractual obligations towards participants or to take pre-contractual steps at participant’s request; or

• we have obtained participant prior consent;

• processing is necessary to comply with our legal or regulatory obligations.

We may also have a legitimate interest in using information relating to participant health and care in order to enable the investment in, acquisition or sale of, all or part of our business or assets by a third party.

To safeguard the rights of the research participants and adhere to data miminisation principles, we will use the minimum personally identifiable data possible.

If we have a research project which is perfectly matched to your medical areas of interest, we will contact you to invite you to participate in the study. We will communicate with you via email, Pando message or SMS, and to a much lesser extent via phone.

From time to we may send you marketing messages or important information about our services. We may do this in various ways, including email, SMS, or via social media platforms. If at any time you no longer wish to be contacted by us or participate in our research studies, you can unsubscribe from our panels or amend your marketing preferences by emailing our Data Protection Officer or by following the unsubscribe link in the message.

We also use web beacons and pixels on our websites and in emails. For example, we may place a pixel in a marketing email that notifies us when you click on a link in the email. We use these technologies to operate and improve our websites and marketing emails. All our communications include easy instructions about how to unsubscribe or you can email our Data Protection Officer and invoke your right to be forgotten.

We hold data on Corporate Clients for the length of time that you are a client of ours, then another 7 years in case of

How do we collect participant data?

Information will be collected from participants either from Insights directly or by a third party for the research study in accordance with our instructions. Participants will always be made aware of the identity of this third party.

What types of participant data do we collect?

We may collect the following categories of Personal Data in in the following situations:

(a) Personal data you voluntarily provide to us:

This includes personal data provided by the participant directly (whether face-to-face, by telephone, email, online forms, through social media or by communicating with us in any way), when you make an enquiry through our website or over the phone or when you communicate with us during an appointment you are voluntarily giving us the Personal Data that we collect.

Categories of Personal Data

The type of information collected will differ depending on whether you are a participant or a client:

Participant (healthcare worker wishing to enter a clinical trial) – The Personal Data we may collect includes:

• Contact and identity information (such as your contact details and other information you may provide).

• Please note that Insights does not recruit patients and does not process any personally identifiable data relating to patients.

• Feedback that you may have provided in relation to the Service.

Client (researcher, host of the research study) – The personal data we may collect includes:

• Contact and identity information (such as your contact details and other information you may provide).

• Business affairs and study parameters required for us to process your service order.

• Feedback that you may provide in relation to a Candidate or the Service.

• Payment information.

For either category above:

If you elect to sign up to our email marketing list, we will collect your name, email address, and email marketing preferences in order to send you promotional information that we think you will find interesting.

Lawful basis for processing

Consent is an important part of the research process and is frequently sought for participation in research studies. One reason is to ensure that any disclosure of confidential information meets the requirements of the common law duty of confidentiality. Where consent is sought from research participants, they are normally told how information about them will be used.

Consent to participation in research is not the same as consent as the legal basis for processing under data protection legislation. An example is that a person is asked to consent to participate in research but is told that, if they agree to participate, data about them will be processed for legitimate interests. The legal basis for data processing is not consent.

We may process your personal data in any circumstances where such processing is necessary:

• in order to perform any agreement between us (including pursuant to our Terms of Use -e.g., for us to fulfill an Insights research contract with you);

• to comply with any applicable law or regulation; or

• for the purposes of the legitimate interests pursued by us or third parties and include other general commercial interests and our internal administrative purposes.

Data Sharing and Transfers

Do we share this personal data?

In some circumstances, we may have to share participant personal data with third parties, for example where we are required by law or where we have another legitimate interest in doing so.

This could include, for example, sharing to third-party service providers (such as the Clinical Research Organisation(s) who might manage various elements of the study as well as cloud storage providers, provision of IT services, contractors and consultants).

Additionally, we may share data with parties to whom we provide research services to and in the context of the possible acquisition, fundraising or restructuring of the business.

We may also need to share participant personal information with regulatory authorities or to otherwise comply with the law.

We require third parties to respect the security and confidentiality of participant data and to treat it in accordance with the law. For example, third parties are required to take appropriate security measures to protect personal information in line with our policies. We will, where possible, only share anonymised data, and/or ensure that access to the data is password protected and restricted on a strict need-to-know basis.

We only permit third parties to process participant personal data for specified purposes and in accordance with our instructions.

The Websites, and/or any products and/or Services may be hosted on servers located outside of the UK and maintenance and support services for the Websites, and/or those products and/or Services may be provided from outside the UK. This means that your personal data may be transferred to, stored and processed in other countries apart from the UK.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data;
We may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

‍ Retention Periods

We retain Insights data for the length of time that you are either a paid participant or a host/sponsor client of ours, then another 7 years in case of any dispute.

What if you refuse to provide your personal data?

Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at that time.

Your rights

As a data subject, you have a number of rights over your personal data under the Data Protection Laws. If you wish to exercise any of your rights, please contact us on dpo@hellopando.com.

Right of access: You can request access to a copy of the personal data which we hold about you, as well as details about why and how we use;

Right to rectification: You can ask us to change or complete any personal data we hold about you which is inaccurate or incomplete;

Right to be forgotten/erasure: You have a right, under certain circumstances, to ask us to delete any personal data we hold about Please note that there may be situations where we must retain your personal data after a request for erasure where we have a lawful basis for doing so;

Right of restriction: You can ask us to restrict (i.e., prevent) the processing of your personal data where you have objected to our use of it and we have no lawful basis to continue processing your personal data;

Right of data portability: In certain circumstances, you can ask us to transfer the data we hold about you to another entity. This would be sent in a structured, commonly used, electronic form;

Right to object: You can object to us using your personal data for particular purposes; and

Automated decision making: You have a right not to be subjected to automated decision making and profiling in certain circumstances. We do not use your personal data in any automated processes to make decisions about you.

If you want to exercise any of these rights, please just contact us on dpo@hellopando.com.

Disclosure of Data

Beacon Medical Systems trading as Pando may disclose your Personal Data in the good faith belief that such action is necessary to:

To comply with a legal obligation
To protect and defend its rights or property
To prevent or investigate possible wrongdoing in connection with the Pando Service.
To protect the personal safety of users of the Service or the public
To protect against legal liability.

Calling our helpline

When you call our main helpline (+44 (0) 3300 970 165), we collect Calling Line Identification (CLI) information. This is the phone number you are calling from (if it is not withheld). We hold a log of the phone number, date, time, and duration of the call, but do not audio record the call itself. We hold this information in our CRM system (HubSpot) in accordance with our data retention schedules.

We will use this information to understand the demand for our services and to improve how we operate. We may also use the number to call you back if you have asked us to do so, if your call drops, or if there is a problem with the line. We may also use it to check how many calls we have received from it.

We do not audio record any calls, but we might make notes to help us answer your query. Sometimes other staff from Pando may also listen in during your call for training or quality assurance purposes.

We sometimes conduct surveys on our helpline to help us identify trends in the enquiries we receive and improve how we operate If you require a follow up call we will also ask you to provide us with your contact details.

We also hold statistical information about the calls we receive for several years, but this does not contain any personal data.

Social media

We use a third-party provider, Slack, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored according to our retention schedules. It will not be shared with any other organisations by Beacon Medical Systems Ltd / Pando but will remain in the public domain on Twitter, Instagram, LinkedIn, Facebook etc.

We see all this information and decide how we manage it. For example, if you send a message via social media that needs a response from us, we may process it in our case management system (HubSpot) as an enquiry, a support request or a complaint. When contacting Beacon Medical Systems Ltd / Pando through a social media platform, we suggest you also familiarise yourself with the privacy information of that platform.

Live chat

We use a third-party provider, Intercom, to supply and support our live chat service.

If you use our live chat service, we’ll collect the contents of your live chat session and if you choose to provide it your name and email address. Beacon Medical Systems Ltd / Pando retains this data in Intercom CRM according to the relevant retention schedules.

Emailing us

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. You must ensure that any email you send is within the bounds of the law.

Cookies, web beacons and other tracking technologies:

We use cookies and similar technologies such as web beacons, tags and JavaScript, alone or in conjunction with cookies, to compile information about the usage of our websites and interaction with emails from us.

When you visit our websites, we or an authorised third party may place a cookie on your browser and/or device, which collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track usage, determine your browsing preferences and improve and customise your browsing experience.

We use both session-based and persistent cookies on our websites. Session-based cookies exist only during one session and disappear from your computer when you close your browser or turn off your computer. Persistent cookies remain on your computer or device after you close your browser or turn off your computer. To change your cookie settings and preferences for the site you are visiting, click the Cookie Preferences link. You can also control the use of cookies at the individual browser level, but choosing to disable cookies may limit your use of certain features or functions on our websites and services.

We also use web beacons on our websites and in email communications. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such technologies are used to operate and improve our websites and email communications. All our communications include easy instructions about how to unsubscribe or you can email our Data protection Officer and invoke your right to be forgotten.

What happens if Beacon Health Systems Ltd trading as Pando changes the way it does business?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.

In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

Your right to complain:

If you are unhappy about the way that we are processing your personal data please do get in touch with us first so that we can try to sort it out promptly for you. You can contact our DPO by emailing dpo@hellopando.com

You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/