GDPR Compliance: Privacy Notice
This notice was last updated on 24 May 2018. We may change this notice from time to time, so please check this page occasionally to make sure you are happy with any changes. We are committed to respecting your privacy and information that could identify you as an individual (‘personal data’). This notice describes the personal data we may collect about you, how we use and secure it, who we may share it with, and your rights in respect of such personal data.
Who are we?
We are Arc Bio Communications, experts in pharmaceutical and biotech strategic advisory. We are a company registered in England and Wales, company number 10348805, with our registered office at 303 The Pill Box 115 Coventry Road, London, England, E2 6GH. Unless stated otherwise, we are the controller of the personal data described in this notice.
How do we collect personal data?
We collect and combine personal data from the following sources:
Information you provide to us: You may provide us with personal data by filling in forms on our website, submitting information to one of our product or service portals, meeting with us, or contacting us via post, telephone, email, chat or other form of communication.
Information we collect ourselves: When you visit our websites or portals, we may automatically collect information about the device you are using and the way that you use such site or portal.
Information we receive from others: We may receive personal data from publicly available sources and other organisations such as advertisers, suppliers, service providers, trade agents and resellers. If you apply for a job with us, we may receive information from recruitment agencies, employment background screening agencies and your named referees.
What personal data do we collect?
General: Personal data collected might include items such as your name, date of birth, gender, job title, contact details, IP address or other unique device ID. If you make a purchase from us, we will collect your payment details.
Recruitment: If you apply for a job with us, we may also ask you to provide work and educational history, information about your skills and experience, and proof of your right to work in the relevant country. You are not required to provide all requested information, but failure to do so may result in us being unable to proceed with your candidacy for a role.
How do we use your personal data?
Our usage will be based on performance of our contract with you, compliance with our legal obligations, protection of your health (or the health of another person) in an emergency, pursuance of our legitimate interests (provided that these are not overridden by your rights, freedoms and interests), your consent, or another purpose permitted by law. Some examples are given below.
Marketing: We may send you information about our products and services. Where required by law, we will obtain your consent before contacting you. You can ask us to stop sending you marketing communications at any time by contacting us at email@example.com or clicking on any unsubscribe options in the communications that you receive. We do not sell or rent personal data to third parties.
Sales: We may use your personal data to provide the products and services you requested, manage your account, and send you notices and correspondence about your account. We may also use your personal data for the purposes of billing, forecasting, product roadmap and lifecycle planning, trend analysis and financial reporting.
Consultancy: If we come to your site or otherwise access your systems and data to perform installation and other consultancy services, we may have incidental access to your personal data. In this case, you will be the controller and we will act as your processor. We will comply with your reasonable instructions to maintain the authenticity, confidentiality, security and integrity of your personal data.
Security monitoring: We may log personal data while monitoring our company systems, data and equipment for the purposes of threat detection and prevention, investigating and remedying security incidents, and ensuring lawful use of such systems, data and equipment.
Compliance: We may use your personal data to enforce our terms and conditions and to carry out checks aimed at preventing illegal activities such as export and trade sanction violations, bribery, fraud, corruption and modern slavery. We may also maintain compliance records and report on the steps we have taken to auditors and authorities.
Recruitment: We may use the personal data that you provide during the recruitment process for evaluating your suitability for current and future employment opportunities, record keeping in relation to recruiting, and improving our recruitment processes. If you accept an offer of employment with us, any relevant personal data collected during the recruitment process will become part of your personnel records. In other cases, we will retain your information on file for a period of 6 months. At the end of this period, we may contact you to ask if you would like us to retain the information for a further period.
Who else may access your personal data?
Processors: We may share your personal data with service providers and suppliers who process personal data on our behalf in the course of providing their goods and services. For example, if you apply for a job with us, we use a cloud-based, third party recruiting platform and may also be assisted by third party service providers for processes such as employment background screening. We will also share your personal data with those persons involved in the interview and selection process. We include data protection provisions in our contracts and verify the security measures of these service providers and suppliers in order to safeguard your personal data during processing.
Other controllers: We may also share your personal data with courts and other organisations where necessary to comply with legal obligations (for example in response to a court order) or to exercise or defend our legal rights, tax and social security authorities, group companies, insurers, lawyers, accountants, auditors, professional advisors, and buyers investors or transferees of our business or parts of our business.
Where is your personal data located?
Your personal data may be processed outside of the European Economic Area (EEA), including in countries with less protective data protection laws. In such circumstances, we take appropriate steps to safeguard your data to EEA data protection standards. For more information or to request copies of the standard contractual clauses, please contact us at firstname.lastname@example.org.
How long do we keep your personal data?
We retain personal data for as long as necessary for the purpose for which the personal data was collected, or for such longer period required by law or otherwise necessary to defend or exercise our legal rights. At the end of this period (or expiry of our backup archive retention period if later), we will either delete or anonymise the personal data.
What rights do you have?
You have the following rights in respect of your personal data:
- Access: Request information about personal data we hold on you
- Rectification: Correct or update your personal data
- Objection: Object to processing of personal data based on our legitimate interests
- Restriction: Ask us to retain but otherwise stop actively processing personal data
- Erasure: Request deletion of your personal data
- Portability: Request your personal data in machine-readable format
- Withdrawal: Withdraw consent for future processing, if we process based on your consent
- Decisions: To not be subject to significant decisions based solely on automated processing
- Complaints: Contact the Information Commissioner’s Office with complaints about our processing
Depending on the circumstances, we may need to verify your identity before complying with your request and we may not always be able to comply with your request in full (for example when producing your information may reveal another person’s personal data or when there is an overriding interest or conflicting legal obligation).
We may provide links to sites that are owned by other individuals or organisations. This notice only applies to us and we cannot be responsible for the privacy practices of others. We encourage you to read the privacy policies and notices on other sites that you visit.
We have implemented generally accepted technical and organisational measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure and unauthorised access, taking into account the nature of the personal data and the associated risks. Despite these precautions, we cannot guarantee the security of your personal data. Where you have been given or you have chosen passwords or other access control mechanisms, you are responsible for keeping these items confidential.
If you have any questions or complaints about this notice or our handling of your personal data, or if you would like to exercise any of your rights, please contact us via email at email@example.com or via post to Arc Bio Communications Ltd, The Chandlery, 50 Westminster Bridge Road, London, SE1 7QY.