In providing its Ethics Review Manager service (also referred to as Ethics RM and/or ERM) to its customers, Infonetica Ltd (“Infonetica”) holds the personal information of registered Ethics RM users.

As such, Infonetica is a data processor for the purposes of the UK GDPR and the Data Protection Act 1998 (“the Act”) and subject to certain obligations with respect to the processing of that personal information. This privacy policy sets out the basis on which Infonetica holds personal data in relation to the provision of the Ethics RM service. Our Customer is the data controller.

For any services which we might provide for which we act as a data controller, please see our General Privacy Policy (

Who we are and how you can contact us

We are Infonetica Ltd (company number 04503405, registered address – The Lower Ground Floor Office, The Civic Centre, High Street, Esher, Surrey, KT10 9SD).

You can contact us in writing at the above address, by emailing, or by phone on 0208 334 6900.

Ethics RM

Ethics Review Manager (also known as Ethics RM and/or ERM) is a software application that is owned and operated by Infonetica. Organisations wishing to use the Ethics RM service (“Customers”) are required to register with Infonetica. Once registered, Ethics RM accounts are created for individuals within or affiliated to the Customer.

Registered Users

When an Ethics RM account is created, the registered user is required to provide a small amount of personal data either:

  • directly via the Customer’s Ethics RM access webpage which is provided by Infonetica;
  • to the systems administrator of the Customer, who will create the Ethics RM account and transmit the relevant personal information to Infonetica.

This personal data is held by Infonetica in a database on servers located at Infonetica’s principal place of business and at least one other location within the United Kingdom. The personal data held includes name, organisational identifier, department, email address, username, role and other information which Infonetica requires to provide the Ethics RM service. No data that is not necessary to provide the Ethics RM service is stored in the database.

Personal information about an account is available to the relevant Ethics RM systems administrators via the Ethics RM Administration Interface. This information is used by the administrator to identify and contact the individual and to generate statistics about usage of Ethics RM accounts. Ethics RM system administrators are appointed by Infonetica and the Customer in a joint approval process, and are subject to terms and conditions which include a requirement to meet appropriate privacy legislation. These are ruled under a separate contract but are summarised as follows:

Administrators must take reasonable steps to:

  • Ensure that access to a resource is only given to individuals who are authorised to access that resource under the terms of the licence for the resource;
  • Terminate Ethics RM access promptly when appropriate;
  • Keep Ethics RM usernames, passwords, and other personal information confidential;
  • Ensure that information concerning Ethics RM account holders is accurate; and
  • Investigate cases of suspected abuse or inappropriate content.

Individual Users must:

  • Keep their account confidential and not permit any third party to use it;
  • Use their account only for the purpose for which it was issued by the Customer;
  • Accept the terms of this Ethics RM Privacy Policy.

The two lists above are not descriptions of the all the obligations of Administrators and Users but are the core of the obligations related to personal privacy.

Ethics RM Administrators

Each Ethics RM administrator is required to provide Infonetica with the following personal data:

  1. Name
  2. E-mail address
  3. Telephone numbers (working and non-working hours where the customer is seeking this level of service).

Infonetica will hold this personal information on the Ethics RM database and use it to contact system administrators in relation to the Ethics RM accounts for which they are responsible.

Customers must also input at least two of the following identifiers into the Ethics RM application:

  1. A contact name
  2. A telephone number
  3. An e-mail address or URL to enable registered users to contact their Ethics RM administrator with Ethics RM-related enquiries.

The above information supplied appears on the Ethics RM website for registered users to see.

Infonetica will retain the personal data of systems administrators whilst they remain the nominated Ethics RM administrator for the Customer, and will delete such personal data when the account is deleted.

Account Deletion

Infonetica will keep the personal data of registered users whilst they remain registered users. Such information is deleted when the account is deleted by the system administrator, or 6 years after the contract with our Customer has ended, whichever is the later.

Following account deletion, Ethics RM will still hold statistical information about the account. However, this information is linked only to the username and/or a persistent ID. Such a link does not allow access to any personal information about the individual.

Business Transfer

If Infonetica or the Ethics RM service is sold or integrated with another business, details within Ethics RM of all registered users would be passed on to the new owners of the business.


A “cookie” is a text-only string of information that a web site transfers to the cookie file of the browser on a computer’s hard disk so that the web site can record and read a small amount of information.

The Ethics RM application either uses or may in the future use the following two types of cookie:

  • Session Cookies which remain in the cookie file of a computer system for a maximum of eight hours after they were initially created or are automatically removed if the browser session is terminated before the eight-hour period has elapsed. These cookies contain the Ethics RM username and an Ethics RM token and are used to facilitate the Ethics RM single sign on service, enabling access to all of the Ethics RM registered resources which a user is entitled to access using an Ethics RM account.
  • Persistent Cookies which remain in the cookie file of the browser until they are deleted or if earlier, eighteen (18) months from their creation. At the time of writing this type of cookie is not used by Ethics RM but Infonetica foresee situations where it may be required in the future.

Users can set their browser to warn them before accepting cookies and refuse the cookie when the browser alerts the user to its presence.

Refusal/Deletion of Cookies

A user may refuse cookies by adjusting the appropriate setting in their browser, but they will not be able to use all the facilities of Ethics RM. The user can easily delete any cookies that have been installed in the cookie folder of their browser. Users should consult the documentation for their choice of browser on how to manage cookies.

Access to your personal information

Registered users can view the personal information held about them by logging in to Ethics RM with their username and password. Users are responsible for maintaining their own information, but this can also be updated and monitored by an administrator.

Scope of this privacy policy and updates

This privacy policy applies only to the use of your personal information by Infonetica in connection with the Ethics RM service. The use of personal information by the Customer or any resource provider is governed by their own privacy policies. Infonetica are unable to accept responsibility for the use of any of personal data or information by the Customer or any resource provider.

Infonetica may update this privacy policy from time to time. Any changes shall be notified by posting on the Infonetica website or a location as chosen by the Customer. Regularly reviewing this information ensures the user is always aware of the personal data Infonetica has access to and how it is used.

Security of your personal information

Infonetica is required to take appropriate technical and organisational measures to secure personal data. In order to comply with this requirement, the servers containing personal data are located in secure data centre locations with physical access limited to authorised staff. All data transmissions to and from the Ethics RM database are encrypted.

Furthermore, password information sent to Ethics RM is hashed (a form of one-way encryption that produces a result from which it is computationally infeasible to deduce the original text) before it is stored in the Ethics RM database. The data is processed automatically by Infonetica’s systems without any human intervention. Only in the event of a technical problem will any Infonetica staff become involved.

All Infonetica’s staff are instructed in the importance of and adherence to the principles and requirements of the Act and Infonetica itself endeavours to ensure they comply with the terms of this privacy policy. The personal data which Infonetica holds is never modified or disclosed to a third party other than as described in this policy. Infonetica continually monitors measures which seek to ensure the security and confidentiality of the information that Infonetica collects and its proper use.

Queries or complaints

Users should contact the Customer in the first instance with any enquiries (since the Customer is the data controller for the purposes of the Act).

Any questions or enquiries about this privacy policy or Infonetica’s compliance with the Act should be addressed in the first instance to: Infonetica, The Lower Ground Floor Office, The Civic Centre, High Street, Esher, Surrey KT10 9SD, or by emailing or by telephoning +44 (0) 208 334 6900.


This document is designed as a brief on the underlying principles privacy for the Ethics RM System. It is possible for our Customers to specify different criteria and therefore not everything within this document may be applicable.