Table of Contents
Privacy Notice
Sosei Heptares Group
Last updated: October 2022
This Privacy Notice (“Privacy Notice”) sets out how Sosei Group Corporation and any firm, company, corporation or other organisation which is a subsidiary or affiliate for the time being of Sosei Group Corporation (“Sosei Heptares”) processes your personal data in connection with its business including the provision of the Sosei Heptares website (the “Site”), and provision of services (together “Services”). Sosei Heptares places great importance on the protection of your personal data and is committed to complying with all applicable data protection laws and regulations (including, but not limited to, the EU General Data Protection Regulation 2016 and the EU GDPR as it is saved and incorporated into UK law by section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018) (UK GDPR)).
1. Who does this privacy notice apply to?
This Privacy Notice specifically applies to the processing of personal data of clients, suppliers, shareholders, job applicants, trial participants and other third parties that we interact with during the day to day provision of our Services. If you are engaged as a staff for Sosei Heptares, please see our Workplace Privacy Notice which sets out further information about how we may process your personal data in connection with your employment and/or engagement.
This Privacy Notice applies to the processing of personal data carried out by any Group Company of Sosei Heptares.
2. Purpose of this privacy notice
This Privacy Notice explains our approach to any personal data that we might collect from you or which we have obtained about you from a third party, and the purposes for which we process your personal data. This Privacy Notice also sets out your rights in respect of our processing of your personal data. For more information click here.
When we talk about “personal data”, we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance.
This Privacy Notice informs you of the nature of the personal data about you that is processed by us and how you can request that we delete it, update it, transfer it and/or provide you with access to it.
This Privacy Notice is intended to assist you in making informed decisions when using the Site and our Services. Please take a moment to read and understand it. It should be read in conjunction with our Terms of Use and our Cookie Policy.
This Privacy Notice only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control, or you purchase goods or services from those third parties).
Our Services are made available by various companies in the Sosei Heptares group of companies (each a “Group Company”).
Where this Privacy Notice refers to “Sosei” “we”, “us, “our”, this means one or more of the particular Group Companies that provide the Service to you. For more information about our Group Companies, including their respective roles and responsibilities click here.
For the purpose of EU and/or UK data protection legislation, where each Group Company’s processing in connection with its role stated above is caught by the requirements of EU and/or UK data protection legislation, each Group Company will be considered a controller of your personal data, except that:
· Heptares Therapeutics Ireland Limited is considered a processor of your personal data acting on behalf of the other Group Companies; and
· Sosei Group Corporation and Heptares Therapeutics Limited will be considered joint controllers in respect of any personal data processed relating to recruitment and investor/shareholder relations. To the extent you have any questions or requests in connection with this processing, Heptares Therapeutics Limited shall be considered your primary point of contact and responsible for managing such questions or requests.
If you have any questions about this Privacy Notice or want to exercise your rights set out in this Privacy Notice, you can contact us by:
5. What personal data we collect
In the course of providing you with Site and Services, we may collect the following types of personal data about you:
6. How we collect and receive personal data
We collect and receive personal data using different methods:
7. Whom we collect personal data about
We collect and process personal data from the following people:
8. How we use your personal data
We use your personal data for the following purposes:
For example, if you are participating in a trial or research project, the personal data we process may include Contact Data, your Payment Data, Profile Data and Health Data. Additional information about how we and our third party partners process your personal data in connection with a particular trial may be provided to you prior to your participation in that trial by way of a trial specific privacy notice.
If you work for a client or partner or subcontractor, the personal data we process may include your Contact Data and Payment Data (where applicable). We process this information so that we can fulfil the supply of Services, maintain our user databases and to keep a record of how our Services are being used.
If you attend one of our offices or operations facilities, we will process personal data about you which you volunteer in connection with your visit and any enquiries you may have. This will usually include your Contact Data, and any other personal data you volunteer.
Some Services we offer are also subject to separate terms and conditions which will also apply.
Our legal basis for processing
It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or the legitimate interest of the organisation with whom you work to use personal data in such a way to ensure that we provide our services in an effective, safe and efficient way.
Where we process information about your health, we will do so with your explicit consent or, where relevant, process your health data for the purpose of scientific research.
For further information about any other lawful bases we may rely on in respect of the personal data we process in connection with a particular trial, please see the relevant trial specific privacy notice.
When you make an enquiry, we will collect and process your Contact Data and certain Profile Data, as well as any other personal data that is relevant to your enquiry. We use this information to manage and respond to your enquiry.
Our legal basis for processing
It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry and provide a good standard of service to you.
If you submit any other content to us, including via our Site, such as photographs, quotes or testimonials, we may process any personal data comprised within that content for the purposes of promoting our Site and Services.
Our legal basis for processing
Where we use your content in connection with Services that we provide via our Site, it is in our legitimate interest to use any personal data that you provide to us to ensure that we provide the relevant Service in an effective way.
Please see our Cookie Policy for further information, including details of the third party partners that are used.
We and our third party partners use this data, in combination with your Contact Data, to analyse how you use, and the effectiveness of, our Site and Services, including:
Our legal basis for processing
Where your data is collected through the use of non-essential cookies, we rely on consent to collect your data. Please see our Cookie Policy for further details.
However, we may rely on other legal basis when we use your personal data that has been collected via the use of Cookies for the purposes described in this section.
Where we use this personal data to analyse how you use our Site and Services, it is in our legitimate interest to use your personal data in such a way to improve our Site and our Services.
We may record (including voice recordings of telephone conversations) and use the information referred to above to train our personnel so that they can effectively deal with enquiries.
Our legal basis for processing
It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry and provide a good standard of service to you.
If you attend one of our events, we may use your Contact Data to record your attendance at the event and for related record-keeping purposes and, if relevant, we may collect and process any dietary requirements you may have. You may also feature in photographs taken at our events and such photographs may appear in publications that we make available.
Our legal basis for processing
It is necessary for us to use your personal data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that the event is operated in an effective way.
We may specifically ask your permission to use your photographs, quotes, testimonials, or other content that you make available or publish at the event. Where this is the case, our processing of such personal data will be based on consent.
We use this information to help us to monitor and improve our Site, our Services and to assist with the selection of future service lines, and to train our personnel.
You can also voluntarily provide feedback by contacting our Investor Relations team. Please see the ‘General enquiries ’ section above or details set out in the “How to Contact Us ” section above for more information.
Our legal basis for processing
It is in our legitimate interest to use the personal data provided by you so that we can improve our Services and provide them in an effective way.
Our legal basis for processing
It is in our legitimate interest to use your personal data for postal marketing purposes.
Our legal basis for processing
We will rely on our legitimate interests to send you email marketing communications. However, where required by law we will obtain your consent to receive such communications, including via Email Alerts on our Site. Where we obtain your consent, you have the right to opt-out of our use of your personal data to provide email marketing to you.
Our legal basis for processing
We will rely on our legitimate interest to use the personal data collected via our Site so that we can send you investor related or shareholder communications. However, where required by law we will obtain your consent to receive such communications, including via Email Alerts on our Site. Where we obtain your consent, you have the right to opt-out of our use of your personal data to provide such communications to you.
We also use your Contact Data to communicate with you about the recruitment process, to keep records about our recruitment process and to comply with our legal and regulatory obligations in relation to recruitment.
We will process any personal data about you that you volunteer, including during any interview or other forms of assessment, including online tests, when you apply for a position with us. These processes may be described in more detail in separate privacy notices.
We may also process your personal data obtained from any third parties we work with in relation to our recruitment activities, including without limitation, recruitment agencies, background check providers, credit reference agencies and your referees.
The personal data we process may include your Contact Data, Job Applicant Data, any other personal data which appears in your curriculum vitae or application, and any personal data that you volunteer during an interview or your interactions with us, or any personal data which is contained in any reference about you that we receive. Such information may also include special categories of personal data (such as information about your health, any medical conditions, disabilities which we need to make reasonable adjustments for during the recruitment process and your health and sickness records) and information relating to criminal convictions and offences if that information is relevant to the role you are applying for.
We also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit.
You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
Our legal basis for processing
Where we use your personal data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions.
We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.
The personal data we collect from you may include your Contact Data and certain Payment Data, and any other personal data you volunteer which is relevant to our relationship with you or the organisation you represent.
Our legal basis for processing
It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with you or the organisation you represent and are able to receive the services that you or your organisation provides, and provide our Services to others, in an effective way.We may require visitors to our premises to sign in on arrival and where that is the case we will keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to look into an incident).
Our legal basis for processing
It is in our legitimate interests to process your personal data so that we can keep our offices and operations facilities secure and provide a safe environment for our personnel and visitors to our offices and operations facilities.
Our legal basis for processing
Where we use your personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we have a legal obligation to use your personal data to comply with any legal obligations imposed upon us such as a court order.
We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.
9. If you fail to provide your personal data
Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application for employment with us. In this case, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.
10. How we obtain your consent
Where our use of your personal data requires consent, you can provide such consent:
Where we obtain your consent, you have the right to opt-out of our use of your personal data at any time using the contact details set out in the “How to Contact Us” section above or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email. If you withdraw your consent, our use of your personal data before you withdraw is still lawful.
11. Third party links and services
Our Site may contain links to third party websites and services.
When you use a link to go from our Site to another website (even if you don’t leave our Site) or you request a service from a third party, this Privacy Notice shall not apply to the processing of your personal data carried out by the relevant third party provider. For more information click here.
We do not monitor, control or endorse the privacy practices of any third parties.
We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you use in connection with your interaction with us and to contact them if you have any questions about their respective privacy notices and practices.
This Privacy Notice applies solely to personal data processed by us through your use of our Site, your receipt of our Services and/or in connection with our business operations. It does not apply to the processing of your personal data by these third party websites and third party service providers.
We will only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared, including to ensure where applicable that the third parties do not use the personal data for their own purposes, and to comply with our data protection, confidentiality and security standards and obligations. For more information click here.
13. Transfers of your personal data
When you submit personal data to us, whether through your interactions with our Site, office, branch offices and operations facilities you acknowledge that your personal data may be transferred to a country outside the UK and the European Economic Area (“EEA”) (such as Japan) where it will be stored and processed by us and relevant third parties for the purposes set out in this Privacy Notice (see section 12).
Some countries do not have the same data protection laws as the UK and the EEA. In particular, non-EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data to countries outside of the UK or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data.
We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws. For more information click here.
Adequacy decisions: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and the UK Government. For further details, see the European Commission and ICO websites
Model clauses: Where we use certain service providers, we may use specific clauses approved by the European Commission and UK Government which give personal data the same protection it has in Europe and the UK. For further details, see the European Commission and ICO websites.
Please contact us using the contact details set out in the “How to Contact Us” section above if you would like further information on the specific mechanisms used by us when transferring your personal data to countries outside the UK or the EEA.
14. How long we keep your personal data
We will not retain your personal data any longer than necessary to fulfil the purposes the data was collected for or to fulfil our legal obligations, in line with our Document Retention Policy. The retention periods may differ depending on which group entity is data controller, in line with local requirements.
If any personal data is only useful for a short period (e.g. for a specific event or marketing campaign or in relation to recruitment), we will not retain it for longer than the period for which it is used by us and as required by law or to defend legal claims. If we receive your application through our “Career Page” and the application is unsuccessful, we will hold your data on file for up to 12 months after the end of the relevant recruitment process. At the end of that period, or on your request, your data will be deleted or destroyed. If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future.
If you wish to receive further specific information on the applicable retention periods, please reach out to us at GDPR@SoseiHeptares.com.
15. Confidentiality and security of your personal data
We are committed to keeping the personal data you provide to us secure and we will take reasonable precautions to protect your personal data from loss, misuse or alteration. For more information click here.
All our employees and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above) who have access to and are associated with the processing of personal data are obliged to respect the confidentiality of the personal data of all users of our Site and our Services.
Whilst we will take reasonable precautions to ensure the security of your personal data, we cannot guarantee the security of information transmitted over the Internet.
We do not specifically target our Site or our Services at children. However, due to the nature of our organisation and the Services we provide, we may from time to time collect and process personal data relating to individuals under the age of 18. Where we do so, we will comply with all applicable laws and regulations relating to the processing of personal data of minors. However, if you are under the age of 16, you must ask a parent or guardian for permission before using our Site and our products and services. If you are a parent or guardian, please supervise your child’s use of our Site and our Services.
17. How to access your information and your other rights
You have the following rights in relation to the personal data we hold about you. If you would like to exercise any of these rights, please contact us using the confidential email GDPR@soseiheptares.com. Please note that some of these rights are subject to certain exemptions and limitations.
You can find a list of contact details for all EU supervisory authorities at the European Commission website. The UK supervisory authority is the Information Commissioner's Office (ICO). As we are incorporated in the UK, our regulatory authority is the ICO
In Ireland the relevant regulatory authority is the Data Protection Commission and in Japan the relevant regulatory authority is the Personal Information Protection Commission.
18. Changes to this privacy notice
We may make changes to this Privacy Notice from time to time. For more information click here.
We will bring any significant changes to your attention by updating this information and making it available on our website. In addition, we will examine whether in individual cases there is an obligation to provide other notification in the event of any changes to this information and in this case, we will comply with the existing notification obligation. However, we encourage you to review this Privacy Notice periodically to be informed of how we use your personal data.