Privacy Policy

Haemnet Privacy Policy

Last updated: 30/05/2023

Haemnet is a specialist research and communications organisation working in the area of rare diseases. Haemnet and its related entities, apps, websites and brands (“Haemnet”, “We”, “Us”, “Our”) are committed to protecting the privacy and security of the data and information we collect and handle about our participants, customers and users of our services or products (“You/Your”) in a transparent manner.

This privacy policy is part of our commitment to transparency. It explains what personal information (data) we collect and/or process about you, how we use it as part of our services, and what your rights are. Please take the time to read the privacy policy in detail.

What we do

Haemnet provides services to individuals and organisations, including the pharmaceutical industry, research institutions and health bodies. We may conduct services on behalf of another organisation (for example, a sponsor of a research project). When this is the case, you will be notified in the information sheet or invitation to participate.

We also provide opportunities for people living with rare disorders and those who care for them to share their experiences. We provide a hub service (SEEK by Haemnet) that allows individuals to register to a secure environment where they can join activities that Haemnet is conducting (including but not limited to research studies and panel discussions). For more information, please see the SEEK Terms and conditions which can be found at

What information do we collect and what do we do with it?

Most of the information we process is provided to us directly by participants, customers and users of our services. We collect and process personal data about you each time you interact with us. We may collect and process this information for various reasons, including (but not limited to) research projects or communications projects, in which individuals provide information by participating in a survey or by attending an interview and/or focus group.

Although the data we collect from you will vary depending on the nature of the project, it may include (but is not limited to):

  • Contact information: first and last name, email address, location (country, region), phone number
  • Demographic information: date of birth, country of birth, ethnicity, sex, gender, family, education, employment status
  • Information about your health condition(s), including but not limited to related medications, treatments and symptoms
  • Technical information about where you are when you connect with us (such as your IP address). This information is only used for fraud and account duplication detection on our smartphone and web applications (including third-party data collection tools).

The specific information to be collected from you during any project will be explained prior to your participation in any project in the materials that are sent to you (such as but not limited to an information sheet or consent form).

Data collected as part of a research project or communications project will be either anonymised or pseudonymised. These data will then be analysed by Haemnet or a third party and used to provide insights to various stakeholders. The dissemination of such data may be via articles in medical journals, posters and presentations at medical congresses, videos and/or online dashboards. Unless it has been explicitly agreed with you and you have given consent, you will not be identifiable in any of the above dissemination methods.

We always aim to anonymise data collected as part of our projects, but where anonymisation is not possible we will pseudonymise all data. This is also referred to as de-identification. In most cases when you answer questions as part of a research project, we will use techniques to ensure that:

  • The data is either not directly or indirectly identifiable (anonymised); or
  • The data is only identifiable when combined with your contact information – as contact information is kept separately, the data is not directly identifiable (pseudonymised).

If you register with one of our apps , applications or websites, we may collect registration and contact information from you. This could include:

  • Name
  • Email
  • Date of birth or Age
  • Sex or Gender
  • Ethnicity
  • Health condition and year of diagnosis
  • Country of residence
  • Employment status

This information may be required when you wish to register with one of our apps or websites, post material, enter data or request further services from us. We will use your contact information to inform you about or invite you to relevant activities or services. This may include push notifications to your device if you enable them.

From time to time we may share such contact information with third-party mailing services (such as MailChimp and others). We may also share your anonymised data with third parties who may be providing supporting activities as part of our services.

If you report a problem or wish to make a complaint, we may request information from you to enable us to handle the issue correctly. We may keep a record of any correspondence exchanged with us.

Data we may receive from third parties

We may receive personal information about you indirectly from various sources (third parties). This may include information shared with us as part of a service we are contracted to provide. For example, we may organise events for which we require contact information to share invitations. The event sponsor, who may already have gathered consent from you, may choose to share this information with us.

Section on usage data here

We collect and store anonymous website, web application and smartphone application usage data. This helps us to better understand how users interact with our services and enables us to tailor content to your needs and interests. Please see our Cookies Policy for more information at

We may share such data with analytics services such as (but not limited to):

  • Google Analytics
  • Firebase by Google


What are the lawful bases on which we process your data?

To comply with UK GDPR, all organisations must have a valid lawful basis in order to process personal data. The lawful bases on which we process your personal information are:

  • Consent: You have given your consent for us to process your personal data for a specific purpose and you are able to remove your consent at any time. You can do this by contacting us as set out in the ‘How to complain or withdraw consent’ section of this Privacy Policy.
  • Contract: The processing is necessary under a contractual obligation we have entered into with you.
  • Legitimate interest: The processing is necessary for our legitimate interests or the legitimate interests of a third party.

As we may also process your data relating to health and ethnicity, we require an additional Special Category Article 9 condition. We may use the following conditions:

  • Explicit consent
  • Reasons of substantial public interest
  • Archiving, research and statistics

If you wish to know more about the lawful bases on which we process your data and your rights with each, please visit the following page from the UK Information Commissioner’s Office (ICO): Lawful basis for processing

For more information on special category data please visit the following page from the ICO: Special Category Data

How we store your data and for how long

Depending on how you interact with us, we may store your data using various methods and for various periods of time. We will always store your information in secure locations, whether that be on paper or by digital means. Most data will be stored using secure third-party cloud storage solutions.

What are your rights?

Your rights will depend on the lawful basis on which we process and store your information. However, any of the following may apply:

  • Right of access – The right to ask for copies of your personal information.
  • Right to rectification – The right to ask to rectify personal information you think is inaccurate or to ask to complete information you think is incomplete.
  • Your right to erasure – The right to ask to erase your personal information in certain circumstances.
  • Your right to restriction of processing – The right to ask to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing – The right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability – The right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us using one of the methods below (under ‘How to complain or withdraw consent’) if you wish to make a request.

How to complain or withdraw consent

If you wish to withdraw your consent or make a rights-based request related to our use of your personal data, you can contact us by email or by post using the details listed below.

By post:

Haemnet Limited

74 Glenwood Road,
London N15 3JR

By email: (please include FAO DPO in the subject title)

If you have any concerns about our use of your personal information, you can make a complaint to us by post or by email using the contact details listed above.

You can also complain directly to the UK Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data:

Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

Helpline number: 0303 123 1113

ICO website: