1.2 We respect your privacy and are committed to treating any information that we obtain about you with as much care as possible and in a manner that is compliant with all applicable data protection legislation including the EU General Data Protection Regulation 2016/679 (“GDPR”) as it forms part of domestic law in the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom from time to time), the Data Protection Act 2018 (and regulations made thereunder); the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended; and the guidance and codes of practice issued by the Information Commissioner and which are applicable to a party (collectively, “Data Protection Legislation”).
1.3.1 what personal data we may collect about you in connection with your online interaction with us (including via psioxus.com, any other website we own/operate, via email or via social media);
1.3.2 how we collect, store, disclose, transfer, protect and otherwise process that personal data (and for what purposes); and
1.3.3 other important information, such as the lawful bases by which we process your personal data, how long we might retain your personal data, and the rights you have in relation to personal data we hold about you.
1.5 In this policy, terms defined in the GDPR, including “data subject”, “personal data”, and “processing”, have the same meaning when used in this policy. The words “include”, “including”, “such as” and similar words and phrases shall be construed to mean “including without limitation”.
1.6 This website and any of our online outlets are not intended for children and we do not knowingly collect data relation to children.
1.7 This policy is intended to be communicated to you in a concise, transparent, intelligible and easily accessible manner, but we appreciate that you may have queries or want to seek clarification as to its terms. If so, please email email@example.com and we will respond as soon as possible.
1.9 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2 The personal data we process and how we collect it
2.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We use different methods to collect data from and about you including through direct interactions, automated technologies or interactions, and publicly available sources including Linked-In, Twitter and other social media.
We collect personal data about you through our online channels when you:
2.1.1 access and use our websites.
2.1.2 contact us (whether by email, by telephone or otherwise), including via any contact or enquiry form on our website;
2.1.3 make any enquiry or application with respect to careers, vacancies or opportunities at the Company, including via any contact or enquiry form on our website;
2.1.4 otherwise interact with us through our website.
2.2 The type of personal data we process may include (if and as applicable):
2.2.2 technical and usage data including information collected from the Website may include network location and IP address, type of web browser, type of operating system, time of visit, pages visited, time spent on each page, referring site details (such as the URI a user came through to arrive at this site).
2.2.3 identity and contact data including your name, email address, telephone number and other information provided by you in any correspondence with us (e.g. when submitting an enquiry);
2.2.3 profile data, such as data you supply if you enquire or apply for any vacancies or opportunities at the Company, your CV, résumé, educational background, employment history and any other information you provide in connection therewith;
2.2.4 any personal data contained in content you post on our social media pages.
2.3 We do not process:
2.3.1 any special categories of personal data (including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data);
2.3.2 any information about criminal convictions and offences (excepting that we may undertake a DBS check as part of an offer of employment); or
2.3.3 any information about children under the age of 13,
and you should not provide us with any such information through our online channels. If you do, such information will be deleted.
3. The purposes for which we process your personal data
3.1 We will only use your personal data when the law allows us to. Most commonly, we will use the personal data referred to in paragraph 2 above for the purposes of (if and as applicable):
3.1.1 responding to any correspondence from you including enquiries, comments, complaints and technical problems;
3.1.2 keeping our records updated and to study how customers use our services, to grow our business and inform our marketing strategy, to provide administration and IT services, network security, to prevent fraud and in the context of a business reorganization
3.1.3 if your data was provided in connection with a career opportunity or vacancy, assessing your fitness and eligibility for any particular role;
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending marketing communications and company updates to you via email or text message. You have the right to withdraw consent to such communications at any time by contacting us.
4 The lawful bases by which we process your personal data
4.1 Your consent
By accepting the terms of this policy, you give the Company your express, freely given consent to process any of your personal data in accordance with the terms of this policy. You may withdraw your consent given under this paragraph (in whole or in part) at any time by contacting firstname.lastname@example.org. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before withdrawal or the lawfulness of processing based on other lawful grounds as set out below.
4.2 Other lawful grounds
Without prejudice to the consent given by you under paragraph 4.1 above, the Company may process your personal data in any circumstances where such processing is necessary:
4.2.1 in order to perform any agreement between us;
4.2.2 to comply with any applicable law or regulation; or
4.2.3 for the purposes of the legitimate interests pursued by us or third parties. These legitimate interests include the purposes identified above in paragraph 3 but may also include other legitimate business interests.
5 What if you refuse to provide us with any personal data?
5.1 Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide that data when requested (or fail to consent to the processing of that data, if necessary), we may not be able to continue with the agreement we have or are trying to enter into with you (for example a job application process). In this case, we may have to cancel the agreement you have with us but we will notify you if this is the case at the time.
5.2 Whilst we may be able to provide you with certain updates and information notwithstanding your refusal to submit personal data, this may limit your ability to participate in some activities or features or your use of certain online features or functionality.
5.3 We may lawfully obtain information from third parties or public sources and we may process that information where it is an essential component of our updates or, for example, a job application process.
6 Sharing information with affiliates and third parties
6.1 We will not share any of your personal data with unaffiliated third parties except as set out in this paragraph 6 or otherwise notified to you or agreed between you and us from time to time.
6.2 We may share your personal data with the parties set out below for the purposes set out in section 3. Purposes for which we will use your personal data, above.
Internal Third Parties such as our affiliates.
External Third Parties such as if we make an offer of employment to you (e.g. for purpose of carrying out a DBS check, making a visa application or to obtain references)
6.4 We may share your personal data with affiliates of PsiOxus Therapeutics Limited as part of the lawful basis by which we process your personal data.
6.5 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7 International transfers of personal data
7.1 From time to time it may be necessary for us to transfer your information internationally.
7.2 However, we will not transfer your personal data outside of the UK or EEA unless:
7.2.1 such transfer is to a country or jurisdiction which the UK or EU Commission has approved as having an adequate level of protection; or ;
7.2.2 appropriate safeguards are in place as set out in Article 46 GDPR or equivalent provisions of subsequent Data Protection Legislation; or
7.2.3 the transfer is otherwise allowed by applicable Data Protection Legislation (such as in the form of a derogation under Article 49 GDPR).
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
8 Your rights as a data subject
Subject to any conditions or requirements set out in the relevant Data Protection Legislation, you may have some or all of the following rights in relation to the personal data we hold about you:
8.1 the right to request a copy of your personal data held by us;
8.2 the right to correct any inaccurate or incomplete personal data held by us;
8.3 the right to request that we erase the personal data we hold about you;
8.4 the right to request that we restrict the processing of your data;
8.5 the right to have your personal data transferred to another organisation;
8.6 the right to object to certain types of processing of your personal data by us; and
8.7 the right to complain (please see paragraph 12 of this policy).
Please note however that these rights are not absolute in all situations and may be subject to conditions and provisos set out in relevant Data Protection Legislation. The Company cannot therefore guarantee that any request from you in connection with the rights set out above will be agreed to. For further information, or to see if you can exercise any particular right, please contact us at email@example.com.
9 Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10 Storage and retention of your personal data
10.1 As a minimum, we need to store your data for as long as is reasonably necessary to fulfil the purposes we collected it for, including to enable us to provide you with the information and services that you have requested from us, or to support your other uses of our website(s). However, we will retain certain personal data for longer if we think it is reasonably necessary to do so in the circumstances, taking into consideration factors such as:
10.1.1 our need to answer any queries or resolve any problems you may have;
10.1.2 our need to comply with legal, regulatory, tax, accounting or reporting requirements (e.g. relating to record keeping).
10.2 If you tell us that you would like to delete your data, we will take steps to delete all the personal data we hold about you once it is no longer necessary for us to hold it (e.g. to resolve disputes, or as is permitted by applicable law or regulation).
10.3 To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
10.4 For as long as we do store your data, the Company follows generally accepted industry standards and maintains reasonable safeguards to attempt to ensure the security, integrity, and privacy of the information you have provided. The Company has security measures in place designed to protect against the loss, misuse, and alteration of the information under our control. Personal data collected by the Company is stored in secure operating environments that are not available to the public.
10.5 Notwithstanding our efforts to keep your personal data secure, no system can be 100% reliable. To the fullest extent permitted by law, we cannot be held liable for any loss you may suffer if a third party procures unauthorised access to any data you provide us.
10.6 In some circumstances you can ask us to delete your data: see section 8 Your rights as a data subject above for further information.
10.7 In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
10.8 We will notify you as soon as reasonably practicable if we have reason to believe that there has been a personal data breach by us which could adversely affect your rights and freedoms.
11 Links to third parties
11.1 Our website may link or redirect to other websites, plug-ins and applications that are beyond our control. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Such links or redirections are not endorsements of such websites or representation of our affiliation with them in any way and such third-party websites are outside the scope of this policy.
11.2 If you access such third party websites, we encourage you to read and ensure that you are satisfied with their respective privacy policies before you provide them with any personal data. We cannot be held responsible for the activities, privacy policies or levels of privacy compliance of any website operated by any third party.
12.1 A cookie is a small file of letters and numbers stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.
12.3 All of the data collected by cookies on our website is collected on an anonymous and aggregated basis.
12.4 Our websites use some or all of the following cookies:
12.4.1 Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log an enquiry.
12.4.2 Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
12.4.3 Functionality cookies. These are used to recognise you when you return to our website. This enables us to remember your preferences (for example, your choice of language or region).
12.6 Your browser may give you the ability to block all or some cookies by activating a setting in your browser’s options. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
12.7 Except for essential cookies, all cookies will remain unless the cookie cache is cleared (unless otherwise indicated in the table above).
13 Change of Purpose
13.1 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
13. 2 If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
13.3 Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
14 Questions and complaints
14.1 For all questions or complaints about this policy, we would appreciate the chance to deal with your concerns before you approach the relevant data protection authority. Please contact us in the first instance via email at firstname.lastname@example.org.
14.2 You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues, which in the UK is the Information Commissioner’s Office (ICO).