Privacy Policy

Ashfield Commercial & Medical Services Privacy Policy

This website is owned and provided by Ashfield Healthcare on behalf of the congress. Your privacy is important to Ashfield Healthcare Communications Ltd, a division of UDG Healthcare plc (“Ashfield”, “we”, “us”, “our”). We have developed this Privacy Policy (the “Policy”) to protect your privacy while you use our website ( [email protected]), or any of our other products and services.

Please note that this Privacy Policy only applies to Ashfield companies and affiliated entities (see Company Information); our website may contain hyperlinks to the websites of other organisations which are not maintained by Ashfield and to which different terms and conditions will apply. You are reminded that such websites may not apply the same privacy standards as Ashfield.

This Privacy Policy explains how Ashfield collects personal information from you via our website, manually, electronically, or in any manner expressly described in this Policy, the types of information we gather, how this information is used, and how to contact us to correct, change or access your personal information, or to raise an enquiry or complaint. When we collect or when you provide us with your personal information in the manner described, you consent to the processing of all such personal information as set out in this Privacy Policy. This Policy describes the procedures that we have in place to safeguard your privacy. Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements.

Ashfield only collects personal information that is necessary for its business functions or services (described below). Unless required by law, we do not use or disclose your personal information for any new purpose without your consent. All patient/consumer data is securely guarded and treated as confidential information according to local regulations, including HIPAA regulations in the U.S.


Ashfield Healthcare Communications is a leading healthcare services organisation operating predominantly in Europe and the United States and forms part of UDG Healthcare plc.

This Privacy Policy sets out the basis on which Ashfield collects and uses personal data in relation to the provision of our services and in accordance with applicable data protection and privacy laws.

Personal Data may be collected, processed and used by Ashfield in the course of providing our services to you and in line with the other purposes mentioned below. Personal Data may also be processed by third-party agents on our behalf for the purpose of delivering our business functions and services. Any shared information will remain under the control of Ashfield and will only be processed in a way that is deemed relevant to the purposes for which it was originally collected and authorised.

Your Consent

When you provide us with your personal information you consent to the use of that information as set out in this Privacy Policy. The latest version of our Privacy Policy, incorporating all subsequent changes, is available via hyperlink on the home page of our company website ([email protected]), which enables us to keep you aware of the information we are collecting and how it is being used at all times.

Only if you have given us prior permission will we contact you via email and/or text message to inform you about new services which we consider may be of interest to you. For opt-out details, please see the Choice/Opt-out section of this Policy.

Collection and Transfer of Information

Ashfield may, from time to time, appoint third party organisations, such as database hosting, technical support, logistics companies, or external consultants, to assist us in developing and delivering our products and services. In these circumstances we will take all reasonable steps to ensure your personal information is held in strict accordance with our Privacy Policy and is only used for purposes specified by us. We will not share your details with any persons outside of Ashfield or its direct affiliates without your prior permission except as set out above.

Ashfield complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

We may transfer the personal information we collect about you to countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Privacy Policy.

Ashfield complies with the data protection and privacy laws in all countries in which it operates. If you are located in the European Economic Area (EEA), we comply with applicable legal requirements providing adequate protection for the transfer of personal information to countries outside of the EEA.

Ashfield’s US operations that receive personal information from the EU (Ashfield Healthcare, LLC, Ashfield Meetings & Events, Inc, Ashfield Healthcare Communications, LLC, Informed Direct, Inc, Ashfield Pharmacovigilance, and GET Destinations, LLC) commit to comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the U.S. The above listed Ashfield companies have self-certified to the U.S. Department of Commerce that they adhere to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement, and liability for onward transfer to third parties, the Privacy Shield Supplemental Principles and the Swiss-U.S. Privacy Shield Principles. If there is any conflict between the terms of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program visit and to view Ashfield’s certifications, please visit

We do not knowingly collect personal information from children under the age of 13. If a child under 13 has provided us with personal information without parental or guardian consent, the parent or guardian may email us and we will remove such information from our database and cease promotional contacts with the child.

Please see “Enquiries and Complaints about Handling of Personal Information” below for information on how to contact us.


Should you no longer wish to receive information or future communications about our relevant services, please contact us using one of the following options. You may send your request via email stating your desire to opt out of further communications to [email protected] or alternatively you may write to us at the following addresses:

HIV Glasgow Secretariat
Ashfield Healthcare Communications
Victoria Mill
SK11 7HQ
United Kingdom

We also provide an opt-out option with all marketing email communications by either clicking the unsubscribe link at the bottom of the email or replying to the email stating your request to opt-out of further communications. If we intend to use personally identifiable information in a manner different from that stated within this Privacy Policy or as otherwise previously notified, we will notify all affected users; users will be able to opt out of any new use of their personal information.

Security of your Personal Information

Ashfield takes reasonable and appropriate technical and organisational measures to secure your personal data. We have implemented security policies, rules and technical measures to protect the personal data that we have under our control. The security measures are designed to prevent unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. Our internal procedures cover the storage, retention, access and disclosure of your information.

Our employees are trained in-line with and required to adhere to the principles of the applicable Data Protection laws and Privacy Shield Principles in their country of employment. Ashfield makes reasonable endeavours to ensure that all employees comply with the terms of this Privacy Policy. The personal data which Ashfield holds is never modified or disclosed to a third party other than as described in this policy. We continually monitor measures which seek to ensure the security and confidentiality of the information that we collect, and its proper use.

Links to Other Websites

Our websites may contain links to third party websites for your convenience and information. If you access those links you will leave Ashfield’s website and this Privacy Policy will not apply to those third party websites. Ashfield does not control those sites or their privacy practices, which may differ from our own. We do not endorse or make any representations about third party websites. We encourage you to review the Privacy Policy of every website you visit before submitting your information.

Contact Us, Update Your Details, or Request Access to your Personal Data

If you wish to enquire about changing or accessing your personal data in general or have any questions relating to the Ashfield’s Privacy Policy please either send an email to [email protected] or alternatively you can write to us at the following addresses:

HIV Glasgow Secretariat
Ashfield Healthcare Communications
Victoria Mill
SK11 7HQ
United Kingdom

We will require proof of your identity and upon receipt of such proof will provide you with a readable copy of the personal data that we hold within 40 days. Where appropriate you may request to have the data rectified, amended or removed. In accordance with data privacy laws and Privacy Shield Principles, we reserve the right to refuse to provide copies of personal data but will give reasons for our refusal. Dependent on local regulations, a fee to cover the cost of providing access may be required.

Enquiries and Complaints about Handling of Personal Information

You may contact us with any enquiries and complaints concerning our handling of personal information. Please note that any such communications must be in writing (which may include email).

In compliance with data privacy laws and the Privacy Shield Principles, Ashfield commits to resolve complaints about your privacy and our collection or use of your personal information. You should first submit any enquiries or complaints to one of the following addresses:

HIV Glasgow Secretariat
Ashfield Healthcare Communications
Victoria Mill
SK11 7HQ
United Kingdom
Or via email to [email protected].

Ashfield’s US businesses that collect, use, or retain personal information transferred from the EU and Switzerland (Ashfield Healthcare, LLC, Ashfield Meetings & Events, Inc, Ashfield Healthcare Communications, LLC, Informed Direct, Inc, Ashfield Pharmacovigilance, and GET Destinations, LLC) have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the ICDR/AAA, operated by the American Arbitration Association located in the U.S. If you do not receive timely acknowledgement of your privacy complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the ICDR/AAA web site at more information or to file a complaint. EU and Swiss complainants may invoke binding arbitration under the Privacy Shield Principles if a complaint has not been resolved by Ashfield or by other recourse and enforcement mechanisms. Ashfield’s US businesses are also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Ashfield commits to co-operate with the EU Data Protection Authorities and comply with the advice given by such authorities with regard to Human Resources data transferred from the EU to the US in the context of the employment relationship. If you have a complaint relating to Human Resources data transferred from Ashfield’s EU businesses that cannot be resolved by Ashfield’s internal dispute resolution process, you may refer your complaint to the Data Protection Panel secretariat established by the EU Data Protection Authorities (DPA) at the following address: European Commission, Directorate General Justice, Data Protection Panel, B-1049 Brussels, Belgium. Telephone: (32-2) 299.11.11; Fax (32-2) 298.80.94.

Notification of Changes

We may change or amend our Privacy Policy from time to time, without notice, to reflect the current legal and regulatory environment, any changes in practices surrounding the protection of personal data, and/or as we update our services and technologies and expand or change our offerings. The latest version will always be available via hyperlink at the foot of each page of our website ([email protected]),) and will replace all prior versions. Ashfield encourages you to visit our website periodically to look for updates to this Privacy Policy.

English Version to Govern

The original version of this Privacy Policy has been prepared in English. In the event of any discrepancy between the English and any version in any other language, the English version will govern.


Adherence by Ashfield to this Privacy Policy may be limited to the extent required to meet legal or ethical obligations or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements, and is subject to the provisions of any other applicable law or regulation in any of the jurisdictions in which we conduct our business.

To the maximum extent allowed by law, Ashfield disclaims any other obligation, liability, or warranty to you for any other action, inaction, omission, or other activity that is not in accordance with this Privacy Policy.

In addition to any remedies Individuals may have under applicable local law, on the basis of this Policy, Individuals shall only be entitled to remedies available to data subjects under the Data Protection Act 1998. However, Ashfield shall only be liable for direct damage suffered by an individual resulting from a violation of this Policy.

Effective date: 8 November 2017