41,762 Registered Users Privacy Statement
   College Campus > Privacy Statement
Log In  

CoAcS Privacy Statement


'Cookie' Means a small text file placed on your computer or device by Our software when you visit certain websites and/or when you use certain features therein.
'Personal data' Means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. This includes such things as name, gender, age, address, email, DoB, profession, job title, financial, demographic, preferences and opinions.
'We/Us/Our' Means CoAcS Ltd - A limited company registered in England under company number 2705402 whose registered address is Kimbolton House, 2 Mount Beacon, Lansdown, Bath UK, BA1 5QP


CoAcS hosts a number of accessible and public facing websites that can be broadly categorised as:
  1. Websites providing general product and marketing information
  2. Subscription services - websites providing access to information and data that is paid for under an annual / renewable subscription.
All websites described below are hosted by, and data stored at, MDS Technologies in Corsham, UK. All servers and back up devices are stored within the EU. We can provided information about their services if required.

Our Data Protection Officer is Richard Backhouse, and he can be contacted by email at coacs@coacs.com or by telephone on 01225 312992.

We also have internal administrative records - in the form of spreadsheets and databases, containing customer names and contact details -
for the express purpose of doing business with our customers.

1. General Information

The websites that provide general information do not require or capture any form of information or identification from the user. These include:
  • www.coacs.com
  • www.pharmindex.com
  • www.epmrx.com
  • www.midatabank.com
Since We do not store any log in information or any other data about users in these websites, We can be unequivocal in Our assertion that We:
  • will not record any Personal Data
  • will not share any personal data with any third parties
2. Subscription services

Websites that provide username and password access to subscribed (paid for) data collections include:
  • www.collegeofpharmacy.com
  • www.midatabank.com/mical/ (a.k.a. MiCAL)
  • www.medicinesreconciliation.com
  • www.midatabank.org/MiViewer/ (a.k.a the 'Sharer')
  • www.ctdatabank.com
In the above cases, it should noted that the actual content / records stored in the MiDatabank application (not the website), the Sharer and CtDatabank is provided by the users themselves - and not Us.

Furthermore, there is no direct individual ‘opt-in’ or ‘opt-out’ facility – usernames and passwords are set up and assigned to users by the customer.


The collegeofpharmacy.com website can be browsed anonymously but individual access to key areas does require additional information to be entered. The website registration form stores a User name and Password; Title, First name, Last name, email; Country of graduation, Year of graduation and Category.

None of this data will be collected without the user’s knowledge and implied permission.

CollegeOfPharmacy CAL packages:

Access to the CAL packages in the CollegeOfPharmacy website is usually provided via a School of Pharmacy. This only requires an email address to be provided to Us for a mass data upload - i.e. containing less information that described above.

Some of the subscribed CAL packages have an Assessment area (featuring multiple choice questions - MCQs) and the scores for individuals are recorded. These scores are not seen by any other people.


MiCAL is an online training package that accompanies the MiDatabank package. MiCAL is available via an annual subscription – each year the software is updated and the old data removed. We will only store an Organisation name, user email and Password.

Medicines Reconciliation

We store login information about three levels of users – the Organisational Lead, one or more Assessor and many Users. Apart from the Organisation Lead – whose access We set up - the other users, roles and access level are determined by and provided by the Organisational Lead (and/or the Assessors).

Each User is required to take Assessments (MCQs) at Level 1 and Level 2 to test their knowledge. These scores and the answers to each question are stored and may be viewed by Assessors. An Assessor may see a User’s scores.

MiDatabank Sharer

The Sharer uploads non Patient Identifiable Data (PID) from a customer’s local SQL server to a central website hosted by Us via MDS. This data may be shared, at an individual level, with other participating Organisations. It should not, by design, contain any PID and therefore should not be the subject of any GDPR attention.

A separate IG document is available for the Sharer.

Links from our website

Our websites may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies even if you access them using links from our website. Please check these policies before you submit any Personal Data to these websites.

Use of credit card details

We do not store any credit card details and do not currently provide any form of online e-commerce. Payments – usually relating to an invoice - are submitted to us directly via BACS but occasionally a credit card may be offered. Any information used to process such a payment is written down by Us and then destroyed. No payment or personal information is ever stored by CoAcS and is therefore not used for any other purpose than facilitating immediate payment.

Google Analytics

Many of our websites are monitored by Google Analytics. Google Analytics is a tool that helps website owners measure how users interact with website content. As a user navigates between web pages, Google Analytics records information about the page a user has seen, for example the URL of the page. The Google Analytics JavaScript libraries use HTTP Cookies to ‘remember’ what a user has done on previous pages / interactions with the website. For more details about cookies, please visit their website at:


We will never:
  • ask you to take part in surveys unless they are related specifically related to the use of our software for the benefit of users
  • share any data with a third party provider
We will:
  • send out occasional newsletters to licenced software users - as part of our contract with you - unless instructed not to
  • be happy to comply with any GDPR issues arising
Your rights

As a data subject, you have the following rights under the GDPR, which this statement has been designed to uphold:
  • The right to be informed about Our collection and use of Personal Data;
  • The right of access to the Personal Data we hold about you;
  • The right to rectification if any Personal Data we hold about you is inaccurate or incomplete;
  • The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you. NB: This may NOT apply to some information (e.g. stored in the MiDatabank application) that is recorded by users locally from/about other professional people i.e. NHS staff;
  • The right to restrict (i.e. prevent) the processing of your Personal Data;
  • The right to data portability (obtaining a copy of your Personal Data to re-use with another service or organisation);
  • The right to object to Us using your Personal Data for particular purposes;
In the unlikely event you have any cause for complaint about Our use of your Personal Data, please contact Us directly and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.

For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.

Access to your information

You may request access to information held about you. This is normally a free service, unless this process proves to be unduly difficult and takes more time when a fee may be payable to cover the administration costs.

Changes to Our Privacy Policy

This policy will be reviewed and updated in line with any changes in the relevant legislation and technology in use. Any notices of related changes may be placed on other related / prominent pages on our website(s). Your continued use of our website will signify that you agree to any such changes.

If you have any questions, comments or concerns about this Policy, then please email or write to Us.

What happens if Our business changes ownership?

Our business may be subject to a sale or takeover and/or the transfer of control of all or part of Our business. Any Personal Data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by Us.

In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will not, however, be given the choice to have your data deleted or withheld from the new owner or controller.

Copyright © 1993 - 2022 CoAcS. All rights reserved.