Data Protection and Privacy Notice
Celleron Therapeutics Limited, (“Celleron Therapeutics“, “we“, “us“, “our“) is committed to protecting the privacy and security of your personal information, also referred to here as “Personal Data”. We have procedures for obtaining consent, maintaining security, controlling data use, retention periods, and giving accountability. These procedures are compliant with the EU’s General Data Protection Regulation (“GDPR”). This data protection and privacy notice explains why and how we process your personal data, your rights, and how to contact us if you need to.
Celleron Therapeutics collects personal data in connection with our activities in the development of new cancer medicines (collectively ”Services“); and additionally from users of our corporate website www.cellerontherapeutics.com (the “Website”). We only collect and process information required for the specific purpose that you have given consent to.
Celleron Therapeutics has the legal responsibility of Data Controller in relation to your personal data.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Information we collect about you
Under the GDPR, personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
We will ask for your consent to process your personal data if:
- You or the organisation you work for are a customer or a supplier of ours.
- You or the organisation you work for or use our Services.
- You work for a customer or a supplier of ours, or for someone who uses our Services.
- We identify you or engage with you as a professional expert, key stakeholder or opinion leader in the field to which our Services relate.
- You are a participant in any research conducted by us.
- You are someone (or you work for someone) to whom we want to advertise or market our goods or services.
- You send us a CV, or other details of your employment history in connection with an advertised job vacancy or a general enquiry regarding job opportunities with us.
Information we collect from you or from a third party
We may process your personal data that we have either obtained from you, or obtained from somewhere else. Personal data which is not collected directly from you may be collected:
- From your employer in connection with your job and how it relates to us.
- If you use the Website.
- From published or external public sources including research, journals and peer reviews relevant to professional expertise and the medical field to which our Services relate.
- From third parties we work closely with (including, for example, business partners, sub-contractors in technical, hosting and delivery services, medical market research, analytics specialists and industry and search information providers).
Personal data relating to you that we process may include:
- Your name.
- Who you work for, and your job function or department.
- Your address, phone number, email address or other contact details (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the organisation that you work for).
- Where you are a professional medical expert, details of your specialism, qualification details, an indicator of the extent of your engagement with areas to which our Services relate and details of your contacts and/ or meetings with our representatives.
- Information about you that you give us by communicating with us by phone, by e-mail, in person, via our Website, via social media or otherwise such as at an event or conference. It includes information you give us or that we obtain when you enquire about a product, request support or contact us to report a problem, or do any of these things on behalf of the person that you work for.
- Information relating to transactions with us involving you or the organisation you work for (for example, details of goods or services that we have supplied to, or obtained from, you or the person you work for).
- Other information relating to you which it is necessary for us to process in order to enter into or perform a contract with you or the organisation you work for (for example, right to work information where this is necessary to enable us to carry out appropriate checks in relation to entering into employment contracts with you.
- Information about events to which you or your colleagues are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements).
- Information relating to you that you give us or we otherwise obtain when you visit us (for example, if you sign in, or you give us the registration details of your vehicle.
Special Category Personal Data
Celleron Therapeutics will not collect any special category personal information. Special category personal information means information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, and genetic data and biometric data.
Information that we ask for your consent to process when you use our Website:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, web beacons.
- Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team.
- Country of location data – we collect information through a look-up of your country of location by reference to your IP address against public sources to provide product and service information relevant to your region. This information is collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the Sites.
Cookies and other technologies
Similar to other websites, we use standard technology called “cookies” to collect information about how our Website is used. Cookies and similar technologies are a feature of web browser software that allows web servers to recognize the device used to access a web site and online services and can be used to manage a range of features and content.
Cookies are small pieces of data that are stored by a user’s web browser on the user’s hard drive. Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our Website and the web sites visited just before and just after viewing our content.
Certain cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the Website and will last for longer.
We may also use “Web beacons” that monitor your use of our websites. Web beacons (or Web bugs) are one-pixel transparent images (although they can be visible images as well) located on a Web page or in an e-mail or other type of message, and are hosted on a server enabling the verification of a user’s viewing or receipt of a Web page or message. Web beacons can be used to track the IP (Internet Protocol) address of the computer or device that downloaded the page on which the Web beacon appears, the URL (Uniform Resource Locator) of the page on which the Web beacon appears, the time the page containing the Web beacon was viewed, the type of browser used to access the Web page containing the Web beacon and the identification number of any cookie on the computer or device previously placed by the server hosting the web beacon. When we correspond with you via HTML capable e-mail, Web beacons let us know whether you received and opened our e-mail. On their own, cookies or Web beacons do not contain or reveal any personally identifiable information. However, if you choose to furnish the website with personally identifiable information, this information can be linked to the data stored using cookies/Web beacons.
We use the following categories of cookies:
Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. For more information about privacy at Google or to opt-out of Google Analytics see: http://tools.google.com/dlpage/gaoptout.
In addition, we have activated the IP masking feature when using Google Analytics which means that Google anonymises the last octet of the IP address it receives from user’s devices. For more information see: https://support.google.com/analytics/answer/2763052.
Functional Cookies: These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Social Media Cookies: These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
When you visit our Website, you have the option to accept or adjust what cookies you allow us to place on your browser through our Privacy Preference Centre. You can modify these settings at any time by visiting Cookie settings.
If you don’t want to allow cookies at all, please refer to your browser settings. Most web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting https://cookiepedia.co.uk which includes additional useful information on cookies and how to block cookies using different types of browser. Please note however, that by blocking or deleting cookies used on the Website you may not be able to take full advantage of the Website if you do so.
If you want to disable cookies on our Website, you can change your browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers see: https://cookiepedia.co.uk/how-to-manage-cookies.
You can find more information about the individual cookies we use and the purposes for which we use them by visiting Cookie settings.
How we use your information
We will use this information to:
- Take steps in order to enter into any contract or carry out our obligations arising from any contract entered into between you or the organisation you work for and us including:
- supplying goods and services to you or the organisation you work for or receiving them from you or the organisation you work for, as the case may be;
- administering your/your organisation’s account with us;
- verifying and carrying out financial transactions in relation to payments you make in your own capacity or on behalf of your organisation
- notifying you about changes to our Services.
- Provide you with information and updates about our products or services or our company where requested or we feel may interest you or the organisation you work for, if you have given your consent to receiving promotional material from us at the point we collected your information, where required by law or otherwise in our legitimate interests provided these interests do not override your right to object to such communications.
- Ensure in our legitimate interests that:
- content from our Website is presented in the most effective manner for you and for your device;
- we provide you or the organisation you work for with the information, products and services you request from us;
- we assess any application for employment you submit to us;
- we may identify and understand using analysis and profiling techniques, your level of influence as a prescribing specialist and expert in a medical field to which our Services relate in order to engage and build relationships with you, to help in building mutual understanding, research, knowledge and improvements in treatments.
Information we collect about you from your use of our Website
We will use this information in our legitimate interests, where we have considered these are not overridden by your rights:
- To administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To keep our Website safe and secure.
- For measuring or understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
- To improve our Website to ensure that content is presented in the most effective manner for you and for your device.
- To allow you to participate in interactive features of our service, when you choose to do so.
Information we receive from other sources
We will combine this information with information you give to us and information we collect about you in our legitimate interests (where we have considered that these are not overridden by your rights). We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Our promotional updates and communications
Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with promotional update communications or updates on our company by email, telephone or when meeting one of our representatives about our product.
You can object to further such communications at any time by selecting the “unsubscribe” link at the end of our marketing and promotional update communications to you, or by sending us an email to firstname.lastname@example.org.
You can also request that we send promotional materials to a non-personal email address instead of one which identifies you as an individual.
Who we give your information to
We may share your personal data with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy.
- Appropriate third parties including service providers contractually engaged as outsourced Data Processors. In all such cases Celleron Therapeutics will make sure that (i) it diligently chooses a service provider that operates GDPR–compliant procedures, (ii) the service provider will only handle your personal data in accordance with the Celleron Therapeutics’ instructions, (iii) the service provider adopts adequate technical and organizational measures to protect your personal data, and (iv) the service provider does not retain your personal data upon completion of its scope of work:
- our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for and subject to contractual and other safeguards;
- our auditors, legal advisors and other professional advisors or clinical research organisations;
- Payment processing providers who provide secure payment processing services.
- In relation to information obtained via our Website:
- analytics and search engine providers that assist us in the improvement and optimisation of our site and subject to the cookie section of this policy.
Other disclosures we may make
We will disclose your personal information to third parties:
- If Celleron Therapeutics or substantially all of its assets are acquired by a third party, in which case personal data held by it about its clients and contacts will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of supply terms and other agreements with you or the organisation you work for; or to protect the rights, property, or safety of Celleron Therapeutics, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
Where do we store your information?
The data that we process in relation to you may be transferred to, and stored at, a destination outside the European Union (“EU”) that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EU who work for us or for one of our service providers.
We may transfer your personal information outside the EU:
- In order to store it.
- In order to process it.
- In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.
- Where we are legally required to do so.
- In the case that your personal data is shared for processing with subsidiaries, business partners, service providers, or other third parties acting on Celleron Therapeutics’ behalf which are located outside of the EU, we will mandate that the Data Processor will ensure that this is conducted in compliance with GDPR and applicable UK data protection laws.
How we protect your information
Celleron Therapeutics as Data Controller, and any Data Processor acting on our behalf, maintain technical and organisational measures designed to protect your personal data against loss; or accidental, unlawful, or unauthorised alteration, access, disclosure, or use. All information you provide to us is stored on secure servers.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data during transmission to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Our Website may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of other such sites.
How long we keep your information
Celleron Therapeutics will process your personal data in a manner compatible with the GDPR. We will not keep it for longer than is necessary.
We retain personal data for as long as you have a relationship with us either commercially as a contact at our customer in order that we can meet our contractual obligations to you or your organisation, or where you are a specialist stakeholder in the field with whom we engage in our legitimate interests and for six years after that period in order to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
If your personal data is held as part of the management record of a clinical trial (eg as a cancer research Investigator), then it may be necessary to retain this for up to 25 years, in compliance with applicable regulations and statutory legislation.
You have the following rights as a data subject:
At your request, we can confirm what information we hold about you and how it is processed (Subject Access Request). You will be asked to provide a copy of your passport to confirm identity. If Celleron Therapeutics does hold personal data about you, you can request the following:
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- Contact details of the Data Protection Officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of Celleron Therapeutics or a third party, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the Information Commissioner’s Office (Supervisory Authority).
- That your provided personal data be moved to a specified third party
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated processing, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
To make a Subject Access Request, please contact:
The Data Protection Officer
Celleron Therapeutics Ltd
Magdalen Centre, Robert Robinson Avenue
Oxford Science Park
Oxford OX4 4GA
Tel: 01865 784330
How Your Dispute or Complaint May Be Resolved
Any questions, concerns or complaints regarding the use of your personal data should be directed to our Data Protection Officer, using the contact information presented above.
If you have a complaint about the collection or use of your personal data, or dispute handling, and would like to seek an independent recourse mechanism, you may contact the Information Commissioner’s Office (ICO) at: Tel 0303 123 1113 www.ico.org.uk
Changes to this policy