CliniLink — Privacy Policy

Last Updated: 4th April 2026

⚠ Important Notice to Delegates

By registering for a CliniLink event or webinar, you acknowledge that certain personal data (including your name, job title, organisation, and professional registration number) will be shared with event sponsors and/or presenters for regulatory compliance and reporting purposes.

Where you have given your separate, explicit consent, your email address may also be shared with sponsors for follow-up communications.

Please read Section 8 of this policy carefully before completing your registration.

Section 1

  1. About Us

CliniLink Ltd (“CliniLink”, “we”, “us”, “our”) is a company registered in England and Wales. We operate a clinical education platform at https://clinilink.co.uk, through which we deliver in person and online educational events, webinars, and continuing professional development (“CPD”) programmes for healthcare professionals.

Registered Office: CliniLink Ltd, Stockport Pyramid, Yew Street, Stockport Trading Estate, Stockport, SK4 2JZ, United Kingdom

Email: admin@clinilink.co.uk

Website: https://clinilink.co.uk

ICO Registration Number: ZB896601

CliniLink Ltd is registered with the Information Commissioner’s Office (“ICO”) as a data controller. We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”).

Section 2

  1. Purpose of This Privacy Policy

This Privacy Policy (“Policy”) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It explains what data we collect, why we collect it, how we use and protect it, who we share it with, how long we keep it, and what rights you have.

Please read this Policy carefully. If you have any questions, please contact us at admin@clinilink.co.uk.

Section 3

  1. Who This Policy Applies To

This Policy applies to you if:

  • You visit our website at https://clinilink.co.uk;
  • You register for or attend a CliniLink event, webinar, or training programme;
  • You create or use an account on our platform;
  • You contact us with an enquiry or feedback; or
  • You receive marketing communications from us.

This Policy does not apply where CliniLink processes personal data solely on behalf of another organisation (acting as a data processor). In that case, the privacy policy of that organisation will apply.

Section 4

  1. Personal Data We Collect

The categories of personal data we may collect about you include:

Identity & Registration Data: Full name; professional job title; GMC (General Medical Council), NMC (Nursing and Midwifery Council), GPhC (General Pharmaceutical Council), HCPC (Health and Care Professions Council), or other UK healthcare regulator professional registration number (PIN).

Contact Data: Email address; telephone number; workplace or billing address; organisation name and postcode.

Event & CPD Data: Records of events registered for and attended; participation in online polls; CPD progress, certificates, and learning activity.

Payment Data: Billing information processed securely via our third-party payment provider. We do not store card details.

Technical Data: IP address; browser type and version; device information; cookies and similar tracking technologies (see Section 10).

Marketing Preferences: Your consent preferences; communication opt-ins and opt-outs.

We do not knowingly collect personal data from individuals under the age of 18.

Section 5

  1. How We Collect Your Personal Data

We collect personal data:

  • Directly from you when you register for an account, register for or attend an event, make a payment, or contact us;
  • Via our website through online forms, cookies, and other tracking technologies; and
  • From third-party platforms used to facilitate delivery of our webinars and events (such as video conferencing and event management providers).

Section 6 (consider a table plugin in Divi for the processing table)

  1. Lawful Bases and Purposes of Processing

We only process your personal data where we have a lawful basis to do so under Article 6 of the UK GDPR. The table below sets out each purpose and the corresponding lawful basis.

 

Purpose: Registration for and delivery of events and webinars

Data used: Name, job title, organisation, registration number, contact and billing details

Lawful basis: Performance of a contract (Article 6(1)(b) UK GDPR)

 

Purpose: Provision of members’ area access

Data used: Login credentials, name, email

Lawful basis: Performance of a contract (Article 6(1)(b))

 

Purpose: Verification of professional registration status

Data used: GMC / NMC / GPhC / HCPC or other regulatory registration number

Lawful basis: Legitimate interests (Article 6(1)(f)) — ensuring events are attended by qualified healthcare professionals

 

Purpose: Maintenance of CPD and revalidation records

Data used: Attendance records, certificates, CPD data

Lawful basis: Legitimate interests (Article 6(1)(f)) / contractual necessity

 

Purpose: Mandatory sharing with event sponsors for compliance reporting (see Section 8)

Data used: Name, job title, organisation name and postcode, professional registration number

Lawful basis: Legitimate interests (Article 6(1)(f)) — ABPI/regulatory compliance

 

Purpose: Sharing email address with sponsors for marketing (see Section 8)

Data used: Email address

Lawful basis: Consent (Article 6(1)(a)) — separately obtained at registration

 

Purpose: Sending CliniLink marketing communications

Data used: Name, email address

Lawful basis: Consent (Article 6(1)(a)) or legitimate interests where permitted by PECR

 

Purpose: Compliance with legal and regulatory obligations

Data used: As required by law

Lawful basis: Legal obligation (Article 6(1)(c))

 

Where we rely on legitimate interests as our lawful basis, we have carried out a legitimate interests assessment to ensure our interests are not overridden by your rights and freedoms. You have the right to object to processing based on legitimate interests at any time (see Section 12).

Section 7

  1. Special Category Personal Data

We do not routinely collect or process “special category” personal data as defined in Article 9 of the UK GDPR (such as data revealing racial or ethnic origin, health data, or biometric data).

Your professional registration number (GMC, NMC, GPhC, HCPC, or other regulator) is processed solely to verify your professional standing, and does not constitute health data for the purposes of UK GDPR.

In the event that we need to process special category data, we will identify the applicable condition under Article 9(2) UK GDPR, provide you with further information, and where required, obtain your explicit consent.

Section 8 — starts with a warning callout box (red background), then subsections

  1. Sharing Your Personal Data With Third Parties

⚠ Important — Please Read Before Registering

By completing your registration for a CliniLink event or webinar, you acknowledge that certain personal data will be shared with third-party event sponsors and/or presenters as described in Sections 8.1 and 8.2 below. This sharing is a condition of participation for reporting and regulatory compliance purposes. Where sharing of your email address for marketing purposes is proposed, your separate and explicit consent will be sought before any such sharing takes place.

 

8.1  Mandatory Sharing with Event Sponsors and Presenters

When you register for and attend a CliniLink event or webinar, the following personal data will be disclosed to the relevant event sponsor(s) and/or presenter(s):

  • Full name;
  • Professional job title;
  • Organisation name and postcode

This disclosure is necessary for the following purposes:

  • To enable sponsors to comply with their obligations under the ABPI Code of Practice for the Pharmaceutical Industry (or equivalent applicable codes) regarding the recording and reporting of transfers of value to healthcare professionals;
  • To verify that event attendees are registered healthcare professionals; and
  • For legitimate regulatory reporting and audit purposes.

 

The legal basis for this disclosure is our legitimate interests and the legitimate interests of event sponsors in complying with applicable regulatory requirements (Article 6(1)(f) UK GDPR).

 

Independent Controller Notice: Once your data has been disclosed to an event sponsor, that sponsor will act as an independent data controller in respect of their subsequent processing. CliniLink is not responsible for the data processing activities of sponsors following disclosure. We encourage you to review the relevant sponsor’s privacy policy. You will need to contact the sponsor directly to exercise your data subject rights in relation to data they hold.

 

8.2  Consent-Based Sharing of Email Address with Sponsors

Your email address will only be shared with event sponsors for direct marketing or follow-up communications where you have given your explicit, freely given, specific, informed, and unambiguous consent at the point of registration.

This consent is entirely optional. You will not be excluded from attending an event for declining to give this consent.

You may withdraw your consent at any time by:

  • Contacting us at admin@clinilink.co.uk; or
  • Clicking the ‘unsubscribe’ link in any marketing email you receive from a sponsor.

Withdrawal of consent will not affect the lawfulness of any processing carried out prior to withdrawal.

8.3  Service Providers (Data Processors)

We share personal data with carefully selected third-party service providers who process data on our behalf. These include providers of website hosting, email delivery, event management platforms, video conferencing, payment processing, and analytics services.

All such processors are engaged under written data processing agreements compliant with Article 28 UK GDPR. They may only process your data on our documented instructions.

 

8.4  Other Permitted Disclosures

We may also disclose your personal data:

  • To law enforcement or regulatory authorities where required by law;
  • In response to a court order or legal process;
  • To a successor organisation in connection with a sale, merger, or transfer of our business or assets; and
  • To protect the vital interests of any person.

 

We do not sell, rent, or trade your personal data to any third party for commercial purposes.

Section 9

All personal data collected and processed by CliniLink is stored and processed exclusively within the United Kingdom. We do not transfer, export, or otherwise move your personal data to any country outside the United Kingdom.

All third-party service providers and data processors engaged by CliniLink are contractually required to store and process your data within the United Kingdom only. We do not engage any processor that would require your data to leave the UK.

In the event that any third-party sponsor, to whom your data is disclosed as an independent controller under Section 8.1, proposes to transfer your data outside the UK, that sponsor will be solely responsible for ensuring compliance with the applicable international transfer provisions of the UK GDPR and DPA 2018. We encourage you to review the relevant sponsor’s privacy policy for details of their data storage practices. 

If you have any questions about where your data is stored, please contact us at admin@clinilink.co.uk.

 

Section 10

  1. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. The following types of cookies may be set:

 

Strictly Necessary Cookies: Essential for site operation. Includes temporary session cookies set on the login page to verify browser cookie support. These are discarded when you close your browser. No consent is required for these cookies.

Functional / Login Cookies: Saves your login information and display preferences. Login cookies last 2 days (or 2 weeks if you select ‘Remember Me’). Screen options cookies last 1 year.

Comment Cookies: Optionally saves your name, email, and website when leaving a comment. Duration: 1 year (opt-in only).

Analytics Cookies: Helps us understand how visitors use our site (e.g. Google Analytics). Duration varies by provider.

 

For all cookies other than strictly necessary cookies, we will seek your consent via our cookie banner in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR). You may manage or withdraw cookie consent through your browser settings at any time.

Section 11

  1. How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purposes for which it was collected, and to satisfy our contractual, legal, regulatory, and legitimate business obligations.

 

Event registration and attendance records: Up to 6 years from the date of the event, to comply with ABPI reporting obligations and applicable limitation periods under the Limitation Act 1980.

CPD records, certificates, and learning activity: For the duration of your account and for such further period as may be required to support professional revalidation (typically up to 5 years).

Financial and payment records: 7 years from the date of the transaction, in accordance with HMRC requirements.

Marketing consent and preference records: Until withdrawal of consent or opt-out, plus 1 year thereafter to evidence compliance.

Technical / log data: Up to 12 months from collection.

 

At the end of the applicable retention period, personal data will be securely deleted or irreversibly anonymised. Where data has been shared with event sponsors acting as independent controllers, those organisations are responsible for their own retention practices.

Section 12

  1. Your Rights Under UK Data Protection Law

You have the following rights in relation to the personal data we process about you. These rights are not absolute and may be subject to exemptions under the UK GDPR and DPA 2018.

 

Right to be Informed (Article 13/14): To receive clear information about how your data is processed. This Policy fulfils that obligation.

Right of Access (Article 15): To obtain confirmation of whether we process your data and to receive a copy (a ‘Subject Access Request’).

Right to Rectification (Article 16): To have inaccurate or incomplete personal data corrected without undue delay.

Right to Erasure (Article 17): To request deletion of your personal data where there is no compelling reason for its continued processing. This right may be limited where we have a legal obligation or legitimate reason to retain data.

Right to Restriction of Processing (Article 18): To request that we limit how we use your data in certain circumstances.

Right to Data Portability (Article 20): To receive your data in a structured, machine-readable format and to transmit it to another controller, where processing is based on consent or contract and carried out by automated means.

Right to Object (Article 21): To object at any time to processing based on legitimate interests. You have an absolute right to object to processing for direct marketing purposes.

Right to Withdraw Consent (Article 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing which produces legal or similarly significant effects. We do not carry out such processing.

 

Right to Lodge a Complaint (Article 77): You have the right to complain to the Information Commissioner’s Office (ICO):

  • Website: https://ico.org.uk/make-a-complaint/
  • Telephone: 0303 123 1113
  • Post: ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

 

We would appreciate the opportunity to address any concern before you approach the ICO, and encourage you to contact us in the first instance at admin@clinilink.co.uk.

 

Important Note on Third-Party Controllers: Where your data has been shared with event sponsors acting as independent data controllers, you must contact those organisations directly to exercise your rights in relation to the data they hold.

 

To exercise any of your rights with CliniLink, please contact us using the details in Section 13. We may require proof of your identity before processing your request. We will respond without undue delay and within one calendar month of receipt. In complex cases we may extend this by a further two months, and will notify you if so. You will not usually be charged a fee unless a request is manifestly unfounded, repetitive, or excessive.

Section 13

  1. How to Contact Us

If you have any questions about this Policy, wish to exercise your data subject rights, or have a concern about our data processing practices, please contact us:

 

CliniLink Ltd — Data Privacy Enquiries

Registered Office: CliniLink Ltd, Stockport Pyramid, Yew Street, Stockport Trading Estate, Stockport, SK4 2JZ, United Kingdom

Email: admin@clinilink.co.uk

Website: https://clinilink.co.uk

ICO Registration Number: ZB896601

 

Section 14

  1. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, technology, or legal requirements. The “Last Updated” date at the top of this document will be revised accordingly.

Where changes are material, we will provide notice by email to registered users or via our website prior to the changes taking effect. Where required by law, we will seek your consent.

Previous versions of this Policy are available upon written request to admin@clinilink.co.uk.

 

This Policy is governed by and construed in accordance with the laws of England and Wales. It is compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

 

© CliniLink Ltd. All rights reserved.