Shield Therapeutics plc of Northern Design Centre, Studio 6, 3rd floor, Baltic Business Centre, Gateshead Quays, NE8 3DF (“we” “our” “us”) are committed to protecting and respecting your privacy.
By way of summary, this policy covers:
- what personal information we collect;
- why we use your personal information;
- the legal basis for processing;
- when you receive marketing;
- the right to object to marketing;
- how we use your personal information;
- sharing personal information overseas;
- how long we may keep your information;
- links to other websites;
- your rights under data protection legislation;
- how to exercise your rights;
- contact details for our Data Privacy Manager;
- the Supervisory Authority.
Personal information we collect
We may collect and process the following personal information about you:
- your name and job title;
- your contact information including address, email address and telephone number.
It may also include less obvious information such as location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. Personal information we collect when you report a possible side effect associated with one of our products may include information such as your gender, date of birth and information about your health. All personal information is treated confidentially.
When you call a number displayed on our website, your phone number is collected and stored. If you visit our website and complete forms on our website, we will record this personal information.
If you are interested in one of our vacancies and submit your CV, we will collect your data via the online portal, via email or by post.
We may receive special categories of personal data. This is defined by data protection legislation to include personal data such as data concerning health. We process this special category of personal data on the basis of one or more of the following:
- where you have given explicit consent to the processing of the personal data for one or more specified purposes;
- processing is necessary for statistical purposes in accordance with Article 89(1) of the GDPR and is proportionate to the aim pursued.
Where we do receive special categories of personal data, we will adopt suitable and specific meaures to safeguard the privacy of such data and your individual interests. Those safeguards may include pseudonymisation or further processing which does not permit or no longer permits identification of you.
Each time you visit our website we may automatically collect information including:
- technical information, comprising the internet protocol (IP) address used to connect your computer to the internet, your browser type and version, GPS location data, operating system and platform;
- information about your visit, comprising the full Uniform Resource Locators (URL), clickstream to, through and from our site, products you viewed or searched for, length of visits to certain pages, page interaction information, total number of visits to our site.
None of the information we collect about you is personally identifiable as the analytics platform and cookies we use to administer our site do not store personally identifiable data (please see “Cookies” below).
Why we use your personal information
We may use your personal information in the following circumstances:
- where we need it to operate our business, that is, where it is in our legitimate interests to use it and which does not have any adverse impact on you. For example, to fulfil orders for our products or to respond to a request from you for information or a quotation from us, and to generally manage our relationship with you;
- to respond to your application for a job vacancy;
- where we need it to perform a contract we are about to enter into or have entered into with you;
- where you have reported a possible side effect or adverse event regarding one of our products;
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- where we need to comply with a legal or regulatory obligations; or
- as part of our efforts to keep our site safe and secure.
The legal basis for processing
Under Data Protection Law, we must have a “legal basis for processing” personal information. The legal basis for processing should be determined by the data controller.
Our legal basis will vary dependent on your relationship with us. However, we always operate in full compliance with Data Protection Law and will only process personal information where we have a legal basis for doing so.
One legal basis for processing personal information is that it is:
“necessary for the purposes of legitimate interests pursued by the controller”
We consider it to be in our legitimate business interest to keep you informed of our products and services and administer the service requested.
The information processed on and from the website or other on-line platforms we have provided access to allow us to provide our services or engage with you in respect of job vacancies. If you submit a form, call us, request a call back or engage with us this will be taken as your agreement that we and our affiliate companies have a legitimate purpose to contact you or to respond to your enquiry.
We also use legitimate interest as a basis to process personal information to:
- allow you to participate in interactive features of the website or online platforms;
- undertake data analytics to learn more about how you and others interact within the website and any online platforms and advertisements;
- carry out your instructions;
- implement product and service improvements;
- undertake market research and seek your feedback on services offered;
- ensure security and business continuity; and
- detect and prevent misuse or abuse of the website or on-line platforms or our services.
In respect of personal information collected and used by us, where we rely on legitimate interest to process your information, you can object to its use. More information about how you can object to its use is detailed within the “Your rights under data protection legislation” section of this policy.
The other legal bases we rely on are (as relevant):
- where our use of your personal information is necessary for us to perform the contract we have with you, such as the contract between us consisting of the terms and conditions of service;
- where we believe it necessary to use your information to comply with our legal obligations;
- your consent may also be a lawful reason for processing your personal information in certain cases. This means your freely given, specific, informed and unambiguous consent which may be collected from you.
Where we are relying on your consent to process personal information, you are entitled under Data Protection Law to withdraw your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. More information about how you can withdraw consent is detailed within the “Your rights under data protection legislation” section of this policy.
If you are applying for one of our vacancies, we need to process your information to assess your suitability for the role you have applied for, and the legal basis we would be relying on is that the processing is necessary to perform a contract or take steps at your request, before entering into a contract.
Why you receive marketing from us
The collected details are used to undertake marketing. Details may include name, address, telephone number, contact name, job title, company name and email address.
We also communicate information about our products and services to you, those who have requested such information or downloaded information from our website and those who have opted in to receive such information.
Marketing will be in accordance with the marketing preference that you indicated when you provided your personal information to us and/or in line with the provisions on consent to electronic marketing in the current e-privacy rules, in particular, the Privacy and Electronic Communications Regulations 2003.
If at any point you would like to opt out of receiving marketing communications from us, or would like to change the channels (such as emails or post) that we use to contact you, please use the unsubscribe function on the communication, or contact us at email@example.com or the postal address set out below.
The right to object to marketing
At any time, you have a right to object to the use of your information for marketing purposes.
If we propose to disclose your information to any third party for marketing purposes, you will be presented with an opt-in option, whereby you can consent to us using your personal data in such a way. If you do not opt-in we will not use your personal data for these purposes.
You can also exercise the right to withdraw consent to such processing at any time by contacting us at firstname.lastname@example.org or use the unsubscribe function on the communication.
We will keep a record of your details, including your contact details and the request to ensure we no longer market products and services to you. This provides a safeguard against the mis-use of the information as we screen the ‘do not contact list’ against any marketing campaign.
The risk of deleting the record is that there could be a possibility that you are marketed again, so for due diligence purposes it is better if we update your record accordingly.
If it is just email marketing you wish not to receive, you have the option to click the ‘unsubscribe’ link at the bottom of marketing emails.
How we use your personal information
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect and store.
The access to information provided is given to those employees who require the information to carry out the required services. Some examples are provided below.
If we believe you are interested in our products and services, the marketing team will have access to your contact information, including email addresses to send marketing emails.
During the lifetime of your contract, marketing and specific sales support agents will have access to your information within the on-line platforms you have access to, as well as information held within one of our internal system(s).
Our IT providers have access to all internal systems where your data is held and, as such, will have access to the information only as and when IT work is required on these systems.
If you are interested in joining us, your information will be accessed by the HR team and those involved in the recruitment and selection process.
Sharing personal information with third parties
We may disclose your personal information to group companies of Shield Therapeutics plc such as Shield TX (UK) Limited or Phosphate Therapeutics Limited.
We will not sell your data to third parties.
If you consent to take part in a clinical trial, your information will be shared with our licensees and any other third parties who form part in the clinical trial(s) .
If you enter into a contract with one of our third parties, their own privacy policies apply to how they use your personal information.
We occasionally use third parties to help us operate our business, manage the website, our own IT systems provide you with the relevant products and services and inform our marketing strategy. Such service providers are only allowed to process your personal information to the extent necessary for them to provide the service we have requested from them. They are not allowed to use your personal information for the benefit of their own business. In order to protect your privacy, we require that our service providers keep the personal information they process on our behalf confidential and adequately secure. From time to time we may use other third parties to process personal data on our behalf. We will share your personal information only as necessary for the third party to provide us with that service.
We will ensure that our agreements with any such third parties contain appropriate data protection provisions so that personal information is processed only in accordance with our instructions and within the boundaries of the legal framework for data protection.
During the recruitment process, we will contact referees to provide a reference prior to an offer of employment, unless you object to this. We would advise you to inform your referees that you have given us their information. You will be informed if we are required to check your right to work in the United Kingdom or, for identified posts, undertake a DBS check. On these occasions, the appropriate government departments would be sent the required information to perform the checks, such as criminal checks via the Disclosure and Barring Service and relevant vetting agencies.
We may share your personal information to comply with any legal, audit or regulatory obligations, or in order to enforce or apply our terms and conditions and other agreements. This includes disclosing personal information in response to a request from law enforcement or other regulatory authorities, or sharing for fraud prevention purposes.
We may share your personal information with regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements, government requests and other lawful requests. We may also share your personal information with our legal and other professional advisors.
We may share your personal information in the event that we sell any or all of our business or assets, or sell any companies in our group, in which case we may disclose your personal information to the buyer or to the prospective buyer(s) or such business or assets or companies in our group.
Transferring your personal information overseas
To enable us to deliver the products and services, your information may be stored and transferred to locations outside the European Economic Area (EEA) including countries that may not have the same level of protection for personal information. When we do this, we will ensure it has an appropriate level of protection in accordance with Data Protection Law, and that the transfer is lawful.
We use cloud as a service for storage for certain information and, although we have specified that the data is to be stored within the European region, technical support may be provided by countries outside of the EEA and therefore may be transferred accordingly. Such data transfers are protected by European Commission (EC) standard contractual clauses, meeting both the EC and Information Commissioner’s Office requirements for providing adequate safeguards for the protection of individual’s personal information.
How long we keep your personal information
We store personal information for as long as is necessary to deliver and manage the requested service and business relationship, to comply with legal, compliance and audit obligations, resolves disputes and enforce agreements. We then securely delete the information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research, pharmacovigilance requirements or statistical purposes in which case we may use this information indefinitely without further notice to you.
The security of your personal information is extremely important to us. All information you provide us is stored on our secure servers and we encrypt the transmission of personal information using secure socket layer technology (SSL).
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the internet, or method of electronic storage, is 100% secure; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. If you have any questions about data security, you can contact us at email@example.com.
In the event of a personal data breach, we will, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the breach to the relevant supervisory authority (Information Commissioner’s Office in the UK), unless the breach is unlikely to result in a risk to your rights and freedoms. When the data breach is likely to result in a high risk to your rights and freedoms, we shall communicate the breach to you without undue delay unless data protection legislation stipulates that we are not required to do so.
We store all personal data on secure servers within the European Ecomonic Area (EEA) and there is no transfer outside of the EEA, with the exception of the reporting and recording of adverse events which are currently processed outside of the EU. If you require more information about this, please contact us at: firstname.lastname@example.org.
We use Google Analytics to measure website performance. This is a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate use of those services and compile a report for us. We use performance cookies across our website for internal purposes to help us to provide you with a better user experience.
Information supplied by cookies helps us to understand how our visitors use our website so that we can improve how we present our content to you.
You can find out more about cookies and how to, manage or disable them at http://www.aboutcookies.org/default.aspx.
Links to other websites
Our website may contain links to other third party websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Your rights under data protection legislation
Data Protection Law gives you various rights in relation to your personal information. All the rights set out below can be exercised by contacting us using the contact details set out in ‘How you can exercise your rights’ section of this policy. Please note we can only deal with requests to exercise these rights where they relate to personal information that we process as data controller. If you send us a request which relates to personal information processed by a third party as data controller, we will direct you to that third party
In regards to the information collected and used by us as data controller, where we rely on legitimate interest to process your information you can object to its use. Where the processing is based on consent, you can withdraw your consent to the use of your personal information at any time.
You have the following rights in relation to your personal information:
Access: You have the right to request access to your personal information.
Rectification: You have the right to request that we update, complete or correct personal information, if you think any information we have about you is incorrect or incomplete.
Erasure*: In some circumstances, you have the right to the erasure of your personal information where there are no longer lawful grounds for us to hold such data.
Restriction*: In some circumstances, you have the right to obtain a restriction on our use of your personal information.
Objection*: In some circumstances, you may, on grounds relating to your particular situation, have grounds to object to our processing of your personal information. This includes the right to object to automated decision- making about you including profiling that has legal or significant effect on you as an individual. We will consider any objections to our processing on the particular circumstances relating to each case.
Objection to marketing: You have the right to object to marketing, and in these circumstances we will stop using your personal information for this purpose.
Portability*: Where you have provided us with your personal information, it is processed by automated means and the legal basis for processing is either consent or for the performance of a contract, you will be entitled to a copy of that personal information in a structured, commonly used and machine readable format.
Withdrawal of consent: If we have requested your consent to use your personal information, you may withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
*Please be aware that not all of these rights are absolute, and are only applicable in certain circumstances, so in accordance with the law there will be occasions where a refusal notice is issued or exemption applied.
To learn more about the rights and when they apply, please see the ICO website.
How to exercise your rights
We have appointed our General Counsel as our Data Privacy Manager. You can contact our Data Privacy Manager with regard to any issues related to the processing of your personal information, including exercising any of your rights or making a complaint. More information about how to contact our Data Privacy Officer is within ‘Contact details for our Data Privacy Manager’ section of this Policy.
We encourage people to bring to our attention any instances where they think our collection, or use, of information is unfair, misleading or inappropriate.
To object to marketing, email email@example.com. Include your name, contact details and that you object to your information being used for marketing purposes.
Contact details for our Data Privacy Manager’
You can contact the Data Privacy Manager by:
Shield Therapeutics plc
Northern Design Centre
Baltic Business Quarter
Please state clearly that your request concerns a data protection matter, and provide a clear description of your request.
Note: We may need to request additional information to verify your identity or clarify your request before we action your request.
The Supervisory Authority
The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights. You have a right to lodge complaints with them, including when you are dissatisfied with our response to you.
To find out more about them, visit https://ico.org.uk/about-the-ico/who-we-are/. To contact them, either visit their website, dial 0303 123 1113 or write to them at:
Information Commissioner’s Office