Privacy Policy & Data Protection

Association for Clinical Data Management Limited (ACDM) are committed to protecting and respecting your privacy.  We will always hold your information securely.  To prevent unauthorised disclosure or access to your information, we have implemented physical and electronic security safeguards.

With the new EU General Data Protection Regulation (GDPR) coming into force on 25th May 2018 we want to ensure you are aware of the information we currently hold about you and how we use this information.

The bases on which we process your personal information

The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.

If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.

If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.

The bases we will process your personal information under are:

  • Contractual obligation: We process your information in order to service our contract with you as a professional member. This includes notification of event and association membership details, for example: programme changes, venue information and also payment/invoicing
  • Legitimate interests: Some of your information will be processed in relation to marketing communications to make you aware of benefits and services available to you as part of your membership. We may also contact you about relevant events which have either been arranged by us or third parties we work with which may be of interest to you.


Your information is stored securely on our systems.  There are third parties who we share your information with in relation to the benefits and support you receive as part of your membership.  The third parties we share your details with are:

  • Mailchimp: We use Mailchimp for some Customers to allow us to update delegates/members with details of the event/membership
  • Xero: Xero is the accountancy software that is used to support some Customers. This is a compliant system. 
  • Printers: If we have to create name badges, delegate guides etc then your details (usually name and company/organisation) will be provided in pdf format to a printer for printing
  • Delegant Limited: Delegant provide the Association Management and Event Management to us and therefore we may provide them with information regarding event bookings and membership. 

If you don’t wish us to share your information with one or more of the third parties listed above please contact us:

  • Email:
  • Post: Association for Clinical Data Management Limited, Boston House, Grove Business Park, Wantage

How long do we keep your information on file?

We will keep your information on file for a period of no more than 6 years. This is for accounting record purposes and no other reason. 

Access to your information and correction

You have a right to request the personal information we hold about you.  If you would like a copy of some or all of your information please let us know via one of the following methods:

  • Email:
  • Post: Association for Clinical Data Management Limited, Boston House, Grove Business Park, Wantage


If your request is manifestly unfounded, excessive or repetitive then under GDPR we are able to make a charge for this service, taking into account the administrative costs of providing the information.  This will be dependent on the nature of the request. We also want to ensure the information we have on file for you is correct.  You can ask us to correct or remove information which you think is inaccurate.  Please contact us using the contact details provided above.

Data portability

You are able to request a copy of the information we hold about you or ask for us to send the information to another data controller with your permission.  We can send personal data in structured, commonly used and machine readable formats, using secure methods.  You can request information about what data we hold about you, how long your personal data is stored for, who we share your data with etc.

Restriction requests

You can request that restrictions are applied to the processing of your data if for instance you believe the data we hold is inaccurate or if the processing is unlawful or we no longer have any need to process it.  You can also request that restrictions are in place where the processing is being carried out for third party reasons or public interest.


  • Servers used to store your personal information are all located within the EU
  • We do not use your information for automated decision making