Welcome to The Collaborative Soft Launch! Please submit feedback (issues, improvements, etc.) to support@healthsciencescollaborative.com

Let’s make sure The Collaborative is a good fit for you

The Collaborative, a Managed Services Provider (MSP), curates a network of professional services companies serving health sciences companies under ONE Diverse Supplier Master Service Agreement (MSA). Please answer a few questions to find out if The Collaborative is a good fit for you.

Privacy Policy

The aim of this Policy is to explain how The Collaborative collects and processes your personal data  when you visit our website or use our services as a customer or a member of the public.

It is important that you read this privacy notice carefully. It provides information about how we use  personal data and explains your legal rights. If you have any questions, you can contact us on the  details given at the end of this Policy.

We will make changes to this Policy from time to time for example, to keep it up to date or to comply  with legal requirements or changes in the way we operate our business. We will make sure that you  are aware of any significant changes by sending an email message to the email address you most  recently provided to us or by posting a notice on our website so that you are aware of the impact to  the data processing activities before you continue to engage.


The Collaborative is a Managed Services Provider LLC that curates a network of professional services  companies providing services to life sciences companies.

The Collaborative is the data controller and responsible for personal data collected when fulfilling the  main purposes of business as stated above.

The Collaborative is a company registered in Delaware.

The Collaborative’s Privacy Policy applies to our data practices generally and include region specific  requirements including:

  • The European Economic Area (EEA)
  • The UK
  • California
  • Nevada

If you have any questions about this privacy notice or our data protection practices, please contact us  via the contact details below.


Bernadette Goudy from Auriga Data Compliance

The Mews, Little Brunswick St, Huddersfield HD1 5JL, UK+



Personal data means any information about an individual from which that person can be identified,  or any information about an identifiable individual. It does not include data which cannot be  connected to an identifiable individual which is anonymous data.

There are different types of personal data about you which we might collect use, store or transfer. In  addition to these specific categories of data, we might in relation to any interaction collect a range of  other data about data subjects, for the purposes outlined below. We have grouped these together as  follows, and provided some illustrations of the type of personal data which might fall into each  grouping:

  1. a) Identity Data could include your first name, last name, username or similar Identifier plus career information and would be collected when individuals or organisations agree to become customers of The Collaborative’s services including participation in the  Talent Hub, becoming members of The Collaborative as well as users of The Collaborative  services including clients.
  2. b) Contact Data could include your home or work address, email address, telephone numbers  or another unique identifier for use with electronic communication and would be collected to provide services to customers or potential customers of The Collaborative services including the Talent Hub.
  3. c) Financial Data could include bank account and payment card details used by customers (members or clients) to pay for The Collaborative’s services.
  4. d) Transaction Data could include details about financial transactions to and from you and other  details necessary for the fulfilment of contracts including credit and debit card details. e) Technical Data could include your internet protocol (IP) address, browser type and version,  operating system and platform, and information about other technology on the devices you  use to access The Collaborative website, etc.
  5. f) Usage Data could include information about how you enter, move and exit from our website,  and how you use our products and services.
  6. g) Aggregated Data such as statistical, research, survey or demographic data for any purpose.  Aggregated Data could be derived from your personal data, but this data will not directly or  indirectly link to you as an identifiable individual. However, if we combine or connect  Aggregated Data with your personal data so that it can be linked directly or indirectly to you,  we treat the combined data as personal data which will only be used in accordance with this  privacy notice.
  7. h) Marketing and communications data would include any data you provide to us when  seeking information about our services including what services you are interested  in.
  8. i) Special category data and criminal conviction data is not routinely collected. If we needed such information, we will ensure that we have a lawful basis for our processing of it.

Where we need to collect personal data by law, or under the terms of a contract we have with you,  such as to provide access to talent as part of the Talent Hub or to access the market research services  of the agencies which are members of The Collaborative, and if you decide not to provide that data  when requested, we may not be able to perform the contract we have or are trying to enter into with  you, provide any services or proceed with some other activity. In this case, we will inform you at the  time.


We use different methods to collect data from and about you including through:

Direct. You may give us your identity, contact and financial data when you contact us directly wishing  to use our services or when completing an online contact form, when you buy services from us or  correspond with us about any other matters via The Collaborative website, by post, phone, email or  other means. This includes personal data you provide when you or:

  • ask for information about The Collaborative’s services;
  • agree to become a customer or member of The Collaborative;
  • agree to join the Talent Hub;
  • respond to a survey that we are running;
  • request communications to be sent to you; or
  • give us feedback or contact us.

Automated technologies or interactions. As you interact with The Collaborative website, our digital  systems may automatically collect technical data and usage data about your equipment, browsing actions, etc.

We collect this personal data by using cookies, server logs and other similar technologies. Please see  our cookie policy for further details.


User Generated Data. We may generate transaction, usage, marketing and communications data  about you, by way of records of the direct and automated interactions that you have with us or our  website.

Third parties. We will receive personal data about you from various third parties as set out below: • Google Analytics


We will only use your personal data for the purpose for which we collected it.  We will use your personal data to:

  • provide you with information or services that you request from us or which we feel may  interest you, where you have consented to be contacted for such purposes.
  • carry out our obligations arising from any contracts entered into between you and us. • notify you about changes to our service.

We may also send you marketing materials where we have appropriate permissions (e.g., your  consent). We may also need to use your personal data for purposes associated with our legal and  regulatory obligations.

We have to establish a legal ground to use your personal data, so we will make sure that we only use  your personal data for the purposes set out in Table 1 where we are satisfied that:

  • our use of your personal data is necessary to perform a contract or take steps to enter into a  contract with you; or
  • our use of your personal data based on your consent; or
  • our use of your personal data is necessary to comply with a relevant legal or regulatory  obligation that we are subject to; or
  • our use of your personal data is necessary to support ‘Legitimate Interests’ that we have as a  business (for example, to improve our services, or to carry out some research with customers),  provided it is always carried out in a way that is proportionate, and that respects your privacy  rights.
  • our use of your personal data is with consent including where required under separate laws,  we will also ensure that you have opted in before we send you marketing materials.

Before collecting and/or using any special categories of data we will establish an additional lawful  ground to those set out above which will allow us to use that information. This additional exemption  will typically be your explicit consent.

The list of purposes The Collaborative uses, the type of data used and the lawful basis, as defined in  legislation, is detailed in Table 1.


Table 1: How The Collaborative uses your personal data analysed by purpose, type of data and  lawful bases

Purpose for using the data Type of data used for purpose (see list of data types in section  2 of this policy)Lawful basis for processing 
To identify future customers of  the Collaborative’s services  including potential members  and clientsa) Identity data

b) Contact data

h) marketing and

communications data

including preferences

• Consent
To deliver The Collaborative’s  services:

• To provide access to

independent market

research agencies and

other innovation partners  under a single MSA from a  Diverse Supplier

a) Identity data

b) Contact data

c) Financial data

d) Transaction data

• Performance of a contract • Consent
To manage our relationship  with you which may include: • To notify you about

changes to The

Collaborative Privacy

Policy & Notice

• Ask you to participate in research, feedback or

evaluation of our services

a) Identity data

b) Contact data

f) Profile data

h) Marketing and

communications data

including preferences

• Necessary for legitimate  interests e.g., to research  members and customers  about The Collaborative’s performance and service  provision


Purpose for using the data Type of data used for purpose (see list of data types in section  2 of this policy)Lawful basis for processing 
To satisfy external audit and/or  legal requirements and  standardsa) Identity data

b) Contact data

c) Financial data

d) Transaction data

• Necessary to comply with a  legal obligation

• Necessary for legitimate  interests e.g., demonstrate  adherence to any legal  and/or regulatory  requirements

To administer and protect The  Collaborative as an  organisation including website  and digital infrastructure e.g., testing and checking systems,  maintenance of the website,  etc.a) Identity data

b) Contact data

e) Technical data

• Necessary for legitimate  interests e.g., to ensure  adequate and robust  administrative and IT  services
To use data analytics to  measure and improve The  Collaborative’s website  performance and customer  communicationse) Technical data

g) Usage data

• Necessary for legitimate  interests e.g., to measure  website traffic and  engagement with The  Collaborative
To make suggestions to further  engagement with you as a  member and/or customer of  The Collaborativea) Identity data

b) Contact data

f) Profile data

h) Marketing and

communications data

including preferences

• Necessary for legitimate  interests e.g., to  communicate with  customers

• Informed consent e.g., direct marketing activities  such as email and direct  marketing


We may share your personal data with the parties set out below for the purposes set out in Table 1. Third Parties, including:

  • members who may provide services to clients;
  • service providers, who help manage our IT and back office systems, and assist with our Customer  Relationship Management activities, in particular Visual Fuel Design;
  • our website development supplier Squarespace;
  • external professionals appointed to provide advice and recommendations on areas connected  with their expertise e.g., auditors, legal support.
  • our regulators and law enforcement agencies in the US, the UK EEA and around the world. • We will only share personal data with a third party to the minimum extent necessary for the lawful purposes. We require all third parties to respect the security of your personal data and to treat it  in accordance with the law. We do not allow our third-party service providers to use your personal  data for their own purposes and only permit them to process your personal data for specified  purposes, to the minimum extent necessary and in accordance with our instructions.

We may use your personal data to send you direct marketing communications about our related  services. This will be in the form of email.

When we require explicit opt-in consent for direct marketing in accordance with the Privacy and  Electronic Communications Regulations we will ask for your consent.

You have a right to stop receiving direct marketing at any time – you can do this by following the opt out links and boxes in our electronic and direct marketing communications or by writing to us at  bernadette@goudy.uk. You can also contact us at any time to instruct us to stop sending you  marketing materials by using the contact details in Section 1.

We also use your personal data for customising offers and content made available to you based on  your visits to and/or usage of our visitor attractions or our website as well as your interaction with  them.


The Collaborative is based in Punta Gorda, FL and its main service providers and members are based  either in the US, the UK or in countries in the European Economic Area (EEA). The EEA and the UK are  covered by “Adequacy Decisions”, which means that they both provide a level of legislative protection  deemed adequate.

The Collaborative will also transfer your personal data to countries which are not covered by an  Adequacy Decision, such as the US.

In those circumstances we ensure that adequate safeguards are in place which will be appropriately  documented in a formal agreement using appropriate safeguards which may include either the  European Commissioner’s Standard Contractual Clauses or the UK International Data Transfer  Agreement and/or Addendum.


We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit  access to your personal data to those The Collaborative staff, service suppliers, members, vendors and  other third parties who have a reason for needing your personal data e.g., to deliver a The  Collaborative service to you. They will only process your personal data on The Collaborative’s  instructions and they are subject to a duty of confidentiality.

The data security measures that we have in place include:

  • Password protected database which is hosted in the United States;
  • On-going support from a specialist IT company ensuring The Collaborative’s security is up-to-date; • Encrypting documents and servers;
  • Having robust back-up procedures.

The above procedures are supported by appropriate policies setting out the procedures we undertake. Despite all of our precautions however, no data can be guaranteed to be 100% secure. So, whilst we  strive to protect your personal information, we cannot guarantee the security of any information  which you send to us and you must understand that you do so at your own risk.

We have put in place procedures to deal with any suspected personal data breach and will notify you  and any applicable regulator of a breach, in a timely manner, where we are legally required to do so.  We will endeavour to work with you and them to minimise the impact of the breach.


We will only keep your personal data for as long as reasonably necessary to fulfil the purposes we  collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or  reporting requirements. We may retain your personal data for a longer period if we reasonably believe  there is a specific need, e.g., prospect of litigation, in respect to our relationship with you.

We maintain a data retention policy which we apply to records in our care. Where your personal data  is no longer required and we do not have a legal requirement to retain it, we will ensure it is either  securely deleted or stored in a way such that it is anonymised and the personal data is no longer used  by The Collaborative.

To determine the appropriate retention period for personal data, we consider the data minimisation  principle and balance the need for retention and the need for minimisation.

The actual retention periods for the different types of personal information that we hold is detailed: Table 2: The Collaborative’s current data retention periods

The Collaborative’s  

Administrative &  

Customer Data – 

Record Type

Retention period Reason
General correspondence3 yearsFor reference purposes
Emails5 yearsFor reference purposes
Application and checklist  from members of the  Collaborative1 yearTo check adherence to The Collaborative’s  Master Services Agreement. Each year the  documentation is updated by members of the  Collaborative.
Research and surveys
Identifiable research


1 year after the research  results have been


For statistical analysis and historic purposes
Non-Identifiable research  responses3 yearsReference purposes
Legal adviceIndefinitelyHistorical archive purposes


The Collaborative’s  

Administrative &  

Customer Data – 

Record Type

Retention period Reason
Governance records e.g.  establishment recordsIndefinitelyHistorical reference
Contracts e.g., licence  agreementsRetain for the period of  the contract plus an  additional 24 monthsTo respond to any queries
Customer recordsIndefinitelyFor marketing requirements
Financial Records
Accounting & Financial  records6 years


In some circumstances we will anonymise your personal data (so that it can no longer be associated  with you) for research, survey or statistical purposes, in which case we may retain this aggregate data  for an indefinite period as the data will no longer be identifiable.


European Economic Area and the UK 

Under certain circumstances, you have rights under data protection laws in relation to your personal  data including the right to receive a copy of the personal data we hold about you. Rights of individuals  in the European Economic Area (EEA) and the UK are detailed in Table 3. Links describing the rights  are from the UK although the rights are the same in the EEA.

Table 3: Your legal rights

Your legal rightWhat this means
Subject accessYou have the right to ask us for copies of your personal information. This  right always applies. There are some exemptions, which means you may  not always receive all the information we process. You can read more  about this right here.
RectificationYou have the right to ask us to rectify information you think is inaccurate.  You also have the right to ask us to complete information you think is  incomplete. This right always applies. You can read more about this right  here.
Erasure /right to be  forgottenYou have the right to ask us to erase your personal information in certain  circumstances. You can read more about this right here.
RestrictionYou have the right to ask us to restrict the processing of your information  in certain circumstances. You can read more about this right here.
ObjectionYou have the right to object to processing if we are able to process your  information because the process forms part of our public tasks, or is in our  legitimate interests. You can read more about this right here.
PortabilityThis only applies to information you have given us. You have the right to  ask that we transfer the information you gave us from one organisation  to another, or give it to you. The right only applies if we are processing  information based on your consent or under, or in talks about entering  into a contract and the processing is automated. You can read more about  this right here.


We will need to request specific information from you to confirm your identity and ensure your right  to access your personal data (or to exercise any of your other rights). This is a security measure to  ensure that personal data is not disclosed to any person who has no right to receive it. We may also  contact you to ask you for further information in relation to your request to speed up our response.

We aim to respond to all legitimate requests within one month of the confirmation of the identity of  the request. There may be occasions when request take The Collaborative longer to fulfil e.g., if a  request is complex or involves a significant amount of data. If this applies, we will notify you and keep  you updated.


Contact to exercise rights and to make a complaint 

The primary point of contact for all issues arising from this Policy, including requests to exercise your  rights is via:

Bernadette Goudy from Auriga Data Compliance

The Mews, Little Brunswick St, Huddersfield HD1 5JL, UK


You also have the right to make a complaint at any time with your national data protection authority.  In the EEA the national data protection authorities are listed here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm 

The UK’s supervisory authority for data protection issues is the Information Commissioner’s Office  which is available here: https://ico.org.uk/ for more details.



This privacy notice was last updated on 14 February 2022. The Privacy Notice & Policy may be updated  from time to time and an updated version will be published on The Collaborative website at: https://healthsciencescollaborative.com/privacy-policy.



Yes, I’d like more information on how to harness the power of The Collaborative

This field is for validation purposes and should be left unchanged.