1. Who we are

RMS Research & Marketing Services Limited (“RMS”, “we”, “us”). Registered in England (No. 01986772).
Registered office: 19–21 Swan Street, West Malling, Kent ME19 6JU.
Principal trading address (for correspondence): Unit 3, Select Business Centre, Lodge Road, Staplehurst, Kent TN12 0QW.
Data protection contact: DPO@rmslimited.co.uk | +44 (0)1580 895795.

We provide marketing and distribution services to the healthcare and veterinary sectors and hold MHRA Wholesale Dealer Authorisation (WDA) for the distribution of POM, GSL and P medicines.

​

2. How this notice applies

This notice explains how we handle personal data under the UK GDPR and the Data Protection Act 2018, and how the Privacy and Electronic Communications Regulations (PECR) apply to our marketing by email, phone and cookies. It covers our website, our B2B databases and services we provide to clients.

​

3. Are we a controller or a processor?

Controller: RMS is a controller for our own B2B contact database and for our direct marketing about RMS.

Processor: when a client instructs us to process their data (e.g., a targeted campaign or fulfilment), we act as their processor, following their written instructions and contract.

​

4. What personal data we collect

Business contact data about professionals in health, care, local government and related sectors: name, role/title, organisation, work email, work phone, work address, specialty or responsibility area, and interaction history (e.g., mailings sent, opt‑outs).

Client data needed to sell, ship and invoice: names, job titles, work contact details, order and delivery details.

Website/technical data: IP address, device/browser details, pages viewed and referral source (via cookies/consent banner - see section 13).

​

5. Where we get personal data

• Public sources: organisational websites, professional registries, event materials, official publications.

• Direct interactions: our own telephone verification and routine updates; enquiries, forms and orders.

• Clients and partners: when they lawfully share data with us to perform contracted services.

• Vendors: where they provide tooling (e.g., address verification, email delivery) under contract.

Providing accurate business contact information is not mandatory, but if you do not provide details we may be unable to deliver services or respond to enquiries.

​

6. What we use personal data for (purposes & lawful bases)

B2B direct marketing about RMS: Postal mailings, emails to corporate subscribers, telephone calls screened against TPS/CTPS. Lawful basis: legitimate interests (relevant B2B marketing with opt‑out). Under PECR, consent is not required for emails to corporate subscribers; an opt‑out is always provided.

Client services & fulfilment: Processing orders, distributing products under WDA, customer service. Lawful basis: contract; legitimate interests (e.g., service communications); legal obligation where applicable (e.g., medicines distribution records).

Operating and improving our website: Security and troubleshooting. Lawful basis: legitimate interests for essential cookies and similar technologies required for the site to work. For any non‑essential cookies or similar technologies (for added features or measurement), our lawful basis is consent—and these operate only after you choose to allow them (see section 13).

Compliance & governance: Record‑keeping, audit, responding to rights requests, fraud prevention. Lawful basis: legal obligation; legitimate interests.

Legitimate interests test: for B2B marketing we consider the professional context, relevance and impact; we minimise personal data and always offer an easy opt‑out. We complete Legitimate Interests Assessments for higher‑risk projects.

​

7. Who we share data with

• Service providers/processors (e.g., IT hosting, CRM, mailing houses, delivery couriers, email platforms) under contract and confidentiality.

• Clients/licensees: when we license B2B data or run campaigns for a client, we share only what is necessary under licence/contract. Each licensee must identify its own lawful basis and provide its own privacy information where required.

• Authorities: where the law requires.

​

8. International transfers

Some suppliers may be outside the UK/EEA. Where transfers occur, we use appropriate safeguards (e.g., the UK International Data Transfer Agreement or Standard Contractual Clauses) plus risk assessments and technical measures.

​

9. Retention

We keep personal data only as long as necessary for the purposes above:

• B2B contact data: reviewed and refreshed regularly; we remove or suppress contacts that are out‑of‑date or who opt out. Indicatively, records used for direct marketing are held up to 24 months from the last meaningful interaction or verification, then reviewed for removal/suppression.

• Client and fulfilment records: kept for the life of the contract and six years thereafter for tax/audit compliance (or longer if required by medicines distribution rules).

Suppression records (your opt‑out) are kept so we can honour your objection.

​

10. Security

We use layered technical and organisational measures appropriate to the risks in our sector, including role‑based access controls, encryption in transit and at rest where appropriate, network segmentation, multi‑factor authentication on key systems, supplier due‑diligence and staff training. No method is 100% secure, but we continually improve safeguards.

​

11. Your rights

You have rights to access, rectification, erasure (in certain cases), restriction, objection (including to direct marketing), and data portability (in certain cases). We respond within one month and may extend by up to two further months if your request is complex or numerous; we’ll tell you if we do. You can exercise rights at DPO@rmslimited.co.uk.

You also have the right to complain to the Information Commissioner’s Office (ICO). For details, see ico.org.uk or call 0303 123 1113.

​

12. Marketing choices (PECR)

Email/SMS: We may send B2B marketing to corporate subscribers without consent under PECR, but every message will identify us and include a clear opt‑out. We maintain suppression lists.

Telephone: We screen numbers against TPS/CTPS and display our caller ID. If you tell us not to call, we will not call.

Post: Postal marketing does not require consent under PECR, but you can opt out at any time.

13. Cookies and similar technologies

Our website uses cookies and similar technologies. Essential cookies are required for the site to function and are set on the basis of our legitimate interests. With your permission, we may also use non‑essential cookies for additional features and measurement. Non‑essential cookies operate only after you give consent. You can change your choices at any time via the “Cookie settings” link in our footer. For more information, see our Cookie Policy.

​

14. Children

Our services are aimed at professionals. We do not knowingly collect children’s data.

​

15. How to contact us

Email: DPO@rmslimited.co.uk

Post: RMS Research & Marketing Services Limited, Unit 3, Select Business Centre, Lodge Road, Staplehurst, Kent TN12 0QW

Telephone: +44 (0)1580 895795

​

16. Changes to this notice

We may update this notice from time to time. The latest version will always appear on this page with the revision date.