PMCPA Privacy Policy


The privacy and security of your personal information is very important to the PMCPA. This policy explains how and why the PMCPA uses your personal data and explains your privacy rights under data protection law. For the purposes of data protection law, the PMCPA is the "data controller".

This privacy policy is effective as of 3 April 2024. We review our privacy practices on an ongoing basis, and as such we may change this privacy policy from time to time. If we make any significant, material changes, we will provide clear notice of the update on the homepage of our website. Please check this policy frequently to ensure that you are familiar with it. It is also important that the personal data that we hold about you is accurate and current. Please keep us informed if any of your personal data changes during your relationship with us.

Links to Other Websites, Plug-Ins and Applications

This website may include links to third party websites, plug-ins and applications. Clicking on those links, enabling those communications may allow third parties to collect or share data about you. We do not control those third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website that you visit. 

Other Policies that May Apply to You

This privacy policy does not apply to employees or other representatives of the PMCPA, or to those who are applying for engagements with the PMCPA.

This policy does not apply to personal data held by the PMCPA pursuant to investigation of a complaint received under the ABPI Code. For more information in this regard, please contact the PMCPA directly at the address set out below. 

This policy  covers all personal data held by the PMCPA that is not covered by the Privacy Policy for Complaints.

Who Are We?

In this policy when you see the words, "we", "us, "our" or "PMCPA", it refers to the Prescription Medicines Code of Practice Authority.

The PMCPA is a division of the Association of the British Pharmaceutical Industry ("ABPI"), which is a company limited by guarantee and registered in England and Wales, No. 09826787, with its registered office at 2nd Floor Goldings House, Hay’s Galleria, 2 Hay’s Lane, London, SE1 2HB.

The PMCPA operates the ABPI Code of Practice for the Pharmaceutical Industry (the "Code") independently from the ABPI.

If you have any questions in relation to this privacy policy or how we use your personal data please email

What is Personal Data & Purpose of this Notice

In this policy the words, "personal data" means any information that identifies you, for example, your name, address, telephone number, email address.

This privacy policy gives you information about how we collect and process your personal data, including through this website as well as any information that you provide when you sign up to receive a newsletter or work with PMCPA in relation to any activity, project or initiative.

What Personal Data does the PMCPA Collect?

The PMCPA will collect, use, store and transfer the following different kinds of personal data about you:

  • Your full name, including your title;
  • Your employment status and history;
  • Your contact information, including telephone number, email address and postal address;
  • Photographs and CCTV images;
  • Dietary and accessibility requirements (if you attend an event);
  • Attitudes, opinions, feedback, survey responses;
  • Communication preferences;
  • Technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, as well as browser plug-in type and versions, operating system and platform and if you access our website via your mobile;
  • Information about your visit, including but not limited to the clicks used to navigate to, through and from our website (including date and time), items that you viewed or searched for, page response times, download errors, length of visit to certain pages, page interaction information (such as but not limited to scrolling, clicks and mouse-overs), methods used to browse away from the page, any phone number used to contact us;
  • The terms that you use to search our website

How is Your Personal Data Collected?

Your personal data is collected in a number of different ways including when:

  • You give us your personal data by:
    • Completing the Get In Touch form on our website;
    • Participating in any of our expert networks, working groups or other groups convened by the ABPI;
    • Subscribing to receive newsletters and updates;
    • Corresponding with us (in any form);
    • Attending an ABPI event.

  • You interact with our website as we may collect technical information about your equipment and browsing. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for further details.

  • We can also receive personal data about you from third parties and public sources, including public websites, as well as paid for subscription services.

How We Use Your Personal Data

Your personal data will be saved by and may be viewed by employees, contractors and representatives.

We will only use your personal data on relevant lawful grounds as set out in the Data Protection Act 2018, We explain how we rely on these lawful grounds below.

Personal data provided to the PMCPA will only be used for the purpose or purposes outlined in this privacy policy or in any privacy notice sent to you and where applicable in accordance with any preferences that you express. If asked by any police, regulatory or government authority we may need to provide your personal data to these agencies.

The PMCPA does not sell your personal data and we only share it with the organisations that we work with when necessary.

ABPI Code of Practice Training

Should you decide to attend  one of our trainings available on the PMCPA website, please note that the PMCPA needs to retain your email, name, job title, company, company address, dietary requirements and any access requirements where required. Please note your personal data will be processed according to the ABPI Privacy Policy.

The PMCPA considers that retaining this information is necessary in the PMCPA's legitimate interest for the purpose of performing  the PMCPA's trainings.

To respond to a question raised through

When you contact the PMCPA using a form on the website your contact information will be retained by the PMCPA. We consider that this is necessary for our legitimate interests in order that we can communicate with you in relation to the matter raised by you and track our response to you.

Disclosures of Your Personal Data

If asked by any police, regulatory or government authority we may need to provide your personal data to these agencies in order to comply with our legal obligations and to pursue our legitimate interests in engaging with and responding to governmental, regulatory and public bodies.

The PMCPA does not sell personal data to third parties.

We do not transfer your personal data outside of the European Economic Area.

Data Security

The PMCPA has put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents and contractors and representatives who have a business need to know it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and the relevant regulatory authority of a breach where we are legally required to do so.

For How Long Will Your Personal Data be Retained?

The PMCPA will only retain your personal data for so long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

In case you need further details regarding retention periods you can email us at

Your Legal Rights

Under certain circumstances, you have the rights set out below under data protection laws in relation to your personal data:

  • Access to Personal Information– You have a right to obtain access to the personal information that we hold about you.
  • Change Inaccurate Information– You have a right to ask us to correct inaccurate personal information and to update incomplete personal information.
  • Request to Delete Your Information– You have a right to request that we delete your personal information insofar as our retention policy allows, if you believe that we no longer need your information for the purposes for which it was provided; or we are not using your information in a lawful manner; or we have requested your permission to process your personal information and you wish to withdraw your consent. Please note that if you request us to delete your information, we may have to stop engaging with you.
  • Request to Restrict the Processing of Your Information– You have a right to request that we restrict the processing of your personal data if you believe that any of the information that we hold about you is inaccurate; we no longer need your information for the purposes for which it was provided but you require the information to establish, exercise or defend legal claims; or we are not using your information in a lawful manner. Please note that if you request us to stop or restrict the processing of your information, we may have to stop engaging with you.
  • Request Your Personal Data in a Portable Format– You may have the right to ask us to provide your personal information in a portable format.
  • Object to the Processing of your Personal Information– You have a right to object to the processing of your personal information unless we can demonstrate compelling and legitimate grounds for the processing. Please note that if you object to the processing of your information, we may have to stop engaging with you.
  • Object to Direct Marketing– You have a right to object to use of your personal information for direct marketing purposes.
  • Withdraw Consent– Where we rely on your permission to process your personal information, you have a right to withdraw your consent at any time. Please note that if you withdraw your consent, we may have to stop engaging with you.
  • To Complain - You have the right to make a complaint at any time to the Information Commissioner's Office, the UK regulatory authority responsible for data protection issues. If you are based outside the UK, you can contact your national regulator. We would appreciate the opportunity to resolve any concerns before you approach the Information Commissioner (or your local regulator if outside the UK) and therefore, wherever possible, we request that you contact the PMCPA in the first instance. 

If you wish to exercise any of the rights set out above or have any questions in relation to this Privacy Policy, please contact the PMCPA at

We may need specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). We may also contact you to ask you for further information in relation to your request.

We will try to respond to your request within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will provide you with updates.

Last Update: 03 April 2024