Privacy Policy


Sealed Envelope Ltd ("we" or "us") is registered in England and Wales (number 4338315) at Solar House - Pf 915 High Road, North Finchley, London N12 8QJ, UK.

We take the privacy of your information very seriously. Our Privacy Policy is designed to tell you about our practices regarding the collection, use and disclosure of information that you may provide via the Sealed Envelope website (referred to below as "our Website" or the "Site").

By using this Site or any services we offer, you are consenting to the collection, use, and disclosure of that information about you in accordance with, and are agreeing to be bound by, this Privacy Policy.

Sealed Envelope Ltd is registered (reference Z9134630) with the UK Information Commissioner's Office (ICO) which enforces data protection law governing how organisations collect, use and keep personal information. For details see

Ways that we collect and use personal information

Direct collection

We collect your personal information directly from you when you register to use our services, when you contact us via our Website contact form, when you send us an email, or when you opt-in online to receive our marketing emails. We may collect the following personal information from you:

  • Contact data, such as name, email, phone numbers
  • Business data, such as company name, business type, department, title, business email, business phone number
  • Payment data, such as invoice information or credit card payment information

The personal information that we collect from you is used to:

  • Respond to your requests and questions
  • Carry out and administer any obligations arising from any agreements entered into between you and us
  • Log you into your account
  • Collect payments from you
  • Communicate upcoming events of interest or updates to our Website and services
  • Monitor satisfaction and improve our services
  • Detect, prevent, and resolve security and technical issues

Passive collection

We collect limited personal information from visitors to our Website and users of our services. This information may include:

  • IP Address
  • Web browser
  • Internet Service Provider
  • Referring pages
  • HTML pages, graphics, or other files viewed on our Site
  • Operating system
  • Date/time stamp

We may use cookies, web server logs and other means to do so.

Cookies are small text files that are placed on your computer by websites that you visit. We use cookies to track users' progress through our Website, allowing us to make improvements based on usage data. We also use cookies if you log in to one of our online services to enable you to remain logged in to that service. Most web browsers allow some control of cookies through browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit
Web server logs
We use log files generated by our web servers to analyse Site usage and troubleshoot technical issues. These logs files contain standard information collected by web servers, such as client IP address, web browser, internet service provider, operating system etc. This information is used internally help us to understand usage patterns on our Website and to make improvements to our service. They can also be useful when troubleshooting technical problems.

Passively collected information is used to:

  • Provide us with information about Website usability, user interaction and number of users
  • Track and analyze trends and patterns to improve our Website
  • Help us identify you as a repeat visitor
  • Maintain session information for logged-in users
  • Manage and track the effectiveness of our marketing efforts

On behalf of our customers

We act as a data processor for our customers, who make use of our services to collect data on subjects taking part in research studies such as clinical trials ("Customer Data").

If you are a patient in a clinical trial or a subject in a research study and one of our customers is using our services to operate that study, we may receive personal information (including sensitive personal information) about you from that third party. The terms of our agreement with that third party require them to have obtained your consent before supplying your personal information. If you would like your data to be erased, rectified, accessed or for any other queries about the information held on you as part of the research study, please contact the people running the research study directly.

If our customer is making use of our online survey service (ePRO) we may contact you by email or SMS to ask you to complete an online survey. We will record your responses to this survey along with your IP address. To opt out of these online surveys please contact the people running the research study directly.

We hold your data in strict confidence and in a highly secure environment. We share your data with trusted third parties only to the extent necessary to carry out the services that the customer has requested and as mentioned in this Privacy Policy.

If you want to access your data, rectify your data, erase your data, object to the processing of your data, or for any other enquiries regarding the handling of your data, please contact the customer directly. Our customers are able to amend, erase and access all the data for their study from their account.


We do not disclose any information you provide via the Website to any third parties except:

  • To trusted third party suppliers that we use to help provide our services (including sub-processors for Customer Data)
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime)
  • In order to enforce any terms of use that apply to our Website, or to enforce any other terms and conditions or agreements for our Services that may apply
  • To protect the rights, property, or safety of Sealed Envelope, our Website’s users, or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction
  • In the event there is a change in business ownership due to a merger, change in ownership, bankruptcy, consolidation, amalgamation or other corporate change
  • Other than as set out above, we shall not disclose any of your personal information unless you give us permission to do so

Where we share information with third party suppliers we provide only the information they need to perform their specific services. They have the appropriate technical and organisation measures to keep personal data secure, and they may only use your data for the purposes specified in our contract with them. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Access to and correction of personal information

You have the right to request:

  • Access to the personal data we hold about you, free of charge in most cases
  • The correction of your personal data when incorrect, out of date or incomplete
  • Deletion of your personal data. For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (such as the end of a trial)
  • That we stop using your personal data for direct marketing (either through specific channels, or all channels)
  • That we stop any consent-based processing of your personal data after you withdraw that consent
  • Review of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision)

You have the right to request a copy of any information about you that we hold at any time, and also to have that information corrected if it is inaccurate. To ask for a copy of your information or for it to be amended, please contact us.

If we choose not to action your request we will explain to you the reasons for our refusal.

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request. To opt out of marketing emails use the 'unsubscribe' link in the email or contact us directly.

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy.

Protection of personal data

We take all appropriate steps to protect your personally identifiable information as you transmit your information from your computer to our Site and to protect such information for loss, misuse, and unauthorised access, disclosure, alteration, or destruction. We use leading technologies and encryption software to safeguard your data, and operate strict security standards to prevent any unauthorised access to it.

All areas of our website are only accessible via HTTPS which ensures information is encrypted in transit. All access to personal information is restricted. Only employees who need the information to perform a specific job are granted access to personally identifiable information. Furthermore, all employees are kept up-to-date on our security and privacy practices through regular training. We conduct regular automated penetration testing to look for weaknesses in our Website. See our security and data protection page for more detailed information.

Where you use passwords, usernames, or other special access features on this site, you also have a responsibility to take reasonable steps to safeguard them.


Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.

At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

For example, documentation related to a randomisation system we have provided will be kept for five years after the system has been decommissioned so we can comply with our legal and contractual obligations.


To the extent prohibited by applicable law, Sealed Envelope does not allow use of our services that record data (such as randomisation or Red Pill) by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information.

Other websites

This Site contains links and references to other websites. Please be aware that this Privacy Policy does not apply to those websites.

We cannot be responsible for the privacy policies and practices of sites that are not operated by us, even if you access them via the Site that is operated by us. We recommend that you check the policy of each site you visit and contact its owner or operator if you have any concerns or questions.

In addition, if you came to this Website via a third party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.

Transferring your information outside of Europe

We and some of our suppliers are based outside the EEA (all EU Member countries as well as Iceland, Liechtenstein and Norway). This means personal data that we collect from you is stored outside the EEA. We comply with applicable legal requirements to safeguard EU personal data transferred outside of the EEA. For customers based in the EEA we offer an agreement Standard Contractual Clauses for controllers to processors to allow for the transfer of data as approved by the European Commission. Please contact us to arrange this.

If you are based in the EEA, you can initiate data requests with our EU representative by email to

Contacting the regulator

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113 or going to

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

Notification of changes to our Privacy Policy

We will post details of any changes to our Privacy Policy on the Website to help ensure you are always aware of the information we collect, how we use it, and in what circumstances, if any, we share it with other parties.

Contact us

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, you can do so by way of our contact page.

Last reviewed Feb 2024