Avvinity Therapeutics Limited Privacy Notice

Why are we providing this notice?

The General Data Protection Regulation (“GDPR”) (implemented across all EU member states from 25th May 2018) applies to the collection, processing and storage of personal data (including special category data – please see below) undertaken by organisations within the EU, as well as to firms outside the EU that handle personal data relating to the offering of goods or services to individuals in the EU.

The GDPR has two key purposes: (i) to set guidelines for the collection, processing and protection of personal data and (ii) to give individuals certain rights in relation to their personal data (such as to access and correct it and object to further processing).

This Privacy Notice is intended to ensure that individuals outside our organisation with whom we interact, including visitors to our website, personnel of service providers or other suppliers and others who interact with us whether via our website or by corresponding with us by other means (e.g. by emailing or telephoning us) (“you”, or “your”) are aware of the categories of your personal data which Avvinity Therapeutics Limited and its affiliates (“we”, “us” or “our”) may collect, how we collect it, what we use it for and with whom we share it in accordance with the GDPR.

By “personal data” we mean any information relating to you such as your name and contact details. Personal data does not include data where you can no longer be identified from it such as anonymised aggregated data.

We will generally be a data controller in respect of your relationship with us. A data controller is responsible for deciding how to hold and use personal data about you. We may process your personal data ourselves or through others acting as data processors on our behalf.

We may provide supplemental privacy notices on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. These supplemental notices should be read together with this Privacy Notice.

If you have any questions about this Privacy Notice please contact info@avvinity.com

What information do we collect about you and what do we use it for?

Personal data held by us may include, but is not necessarily limited to, your name, address, place of business, email address, other contact details, corporate contact information, job title, signature, correspondence records, information about how you use our website, other technical data (such as your IP address, login data for our web portal, browser type and version, referral source, length of visit, page views, time zone setting and location).

The purposes for which we may collect, store and use personal data about you and our ‘lawful basis’ for processing such data are set out in the table below. The law specifies certain ‘lawful bases’ for which we are allowed to use your personal data.

Purpose Lawful basis for processing
To correspond with you. Our legitimate interests in responding to your enquiry, contacting you in relation to the services you provide or otherwise communicating with you in the course of our business.
Corresponding with third parties such as service providers, legal advisors, auditors and technology providers and regulatory authorities to comply with any legal obligation imposed on us or in order to pursue our legitimate business interests Compliance with applicable legal obligations. Our legitimate interests in conducting our business in a proper manner.
To maintain our records. Our legitimate interests in conducting our business in a proper manner.
Where you have submitted your CV or other details with the intention that you be considered for a position or other role with us, to consider that application or request. Our legitimate interests in considering your application or request.
To administer and maintain our website, identify returning users and record, monitor and analyse use of our website. Our legitimate interests in keeping our website updated and relevant, to develop our business and inform our marketing strategy.

In addition to the uses above, please note that we may also process your information where we are required by law to do so or if we reasonably believe that it is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.

Special categories of personal data

There are more limited bases for processing special category personal data. This is personal data which reveals or contains racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life and sexual orientation.

We do not intend to actively collect special category data about you. Whilst we will use reasonable efforts to limit our holding of such data, please be aware that we may hold such data incidentally. For example, where you volunteer special category data to us, such as if you send us an email containing special category data.

What if you do not provide the personal data we request?

In some circumstances, if you do not provide us with certain information when requested, we may be limited or restricted in our ability to deal with you and may in some cases be prevented from complying with our legal obligations. Where we require your personal information to comply with, for example, anti-money laundering or other legal requirements, failure to provide this information means that we may not be able to engage with you.

Change of purpose

We will only use your personal data for the purposes for which we collected it (as identified in the above table), unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

How do we collect this information?

We typically collect personal data about you when you provide information to us when communicating or contracting with us in writing or by corresponding with us by phone, email or otherwise.
In addition, we may receive personal data about you from third parties, such as public sources or introducers.

With whom will we share your information?

We may share your personal data with a third party where this is required by law or where we have another legitimate interest in doing so.

We may need to share your personal data with:

  • other entities within our group as part of our reporting activities in company performance, or for assistance in relation to marketing and business development;
  • professional advisers including lawyers, auditors and insurers to the extent such information is relevant to their performance of their services;
  • cloud service providers;
  • any of our service providers where such information is relevant to their performance
    of such services.

We may share your personal data with third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with applicable law or judicial process or if we reasonably believe that disclosure is necessary to protection our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.

How long will we retain your information?

We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements and our legitimate interests in maintaining such personal information in our records. This will normally include any period during which we are dealing or expect to deal with you and what we consider to be a suitable period thereafter for our internal record- keeping purposes. In doing this we will have regard to the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Once we no longer require your personal data for the purposes for which it was collected, we will securely destroy your personal data in accordance with applicable laws and regulations.

We may transfer the personal data we collect about you to non-EEA countries where the parties listed above are based for the purposes outlined in the table above. Those countries may not have the same standard of data protection laws as the EEA.

Where this is the case, unless an exemption applied, we will seek to put in place appropriate safeguards where possible, such as the EU-approved standard contractual clauses to ensure that your personal data is treated in a manner that is consistent with and respects the EU and UK laws on data protection.

Accuracy of information

It is important that the personal data we hold about you is accurate and current. Please let us know if your personal data which you have provided changes during your relationship with us.

Your rights in relation to your information

You have rights as an individual which you can exercise in relation to the information we hold about you under certain circumstances. These rights are to:

  • request access to your personal data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
  • request rectification of your personal data;
  • request the erasure of your personal data;
  • request the restriction of processing of your personal data;
  • object to the processing of your personal data;
  • request the transfer of your personal data to another party.

If you want to exercise one of these rights please contact info@avvinity.com. You also have the right to make a complaint at any time to a supervisory authority for data protection issues.

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact info@avvinity.com. Once we have received and processed the notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless we now have an alternative legal basis for doing so.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will make an updated copy of such Privacy Notice available to you and notify you when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal data.

Further information

This privacy notice was written with brevity and clarity in mind and is not an exhaustive account of all aspects of our collection and use of personal data. If you require any further information, please do not hesitate to contact info@avvinity.com.