Policies
Privacy Notice
Last updated: May 2024
Scope
This Privacy Notice (“Privacy Notice”) sets out how Nxera Pharma Co., Ltd. and any firm, company, corporation or other organisation which is a subsidiary for the time being of Nxera Pharma Co., Ltd. (“Nxera”) processes your personal data in connection with its business including the provision of the Nxera website located at www.nxera.life (the “Site”), and provision of services (together “Services”). Nxera places great importance on the protection of your personal data and is committed to complying with all applicable data protection laws and regulations (including, but not limited to, the EU General Data Protection Regulation 2016 and the EU GDPR as it is incorporated into UK law by section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018) (UK GDPR)).
1. Who does this privacy notice apply to?
This Privacy Notice specifically applies to the processing of personal data of clients, suppliers, shareholders, job applicants, trial participants and other third parties that we interact with during the day to day provision of our Services. If you are engaged by Nxera as staff, please see our Workplace Privacy Notice which sets out further information about how we may process your personal data in connection with your employment and/or engagement.
This Privacy Notice applies to the processing of personal data carried out by any Nxera Group Company (as defined below).
2. Purpose of this privacy notice
This Privacy Notice explains our approach to any personal data that we might collect from you or which we have obtained about you from a third party, and the purposes for which we process your personal data. This Privacy Notice also sets out your rights in respect of our processing of your personal data.
When we talk about “personal data”, we mean any information which relates to an identified or identifiable living individual. Individuals might be identified by reference to a name, an identification number, location data, an online identifier (such as an IP address) or to other factors that are specific to them, such as their physical appearance.
This Privacy Notice informs you of the nature of the personal data about you that is processed by us and how you can request that we delete it, update it, transfer it and/or provide you with access to it.
This Privacy Notice is intended to assist you in making informed decisions when using the Site and our Services. Please take a moment to read and understand it. It should be read in conjunction with our Terms of Use and our Cookie Policy.
This Privacy Notice only applies to the use of your personal data obtained by us, whether from you directly or from a third party. It does not apply to personal data collected by third parties during your communications with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control, or you purchase goods or services from those third parties).
3. About us
Our Services are made available by various companies in the Nxera group of companies (each a “Nxera Group Company” and together the “Nxera Group Companies”).
Where this Privacy Notice refers to “Nxera” “we”, “us, “our”, this means any one or more of the Nxera Group Companies that provide the Service to you. For more information about the Nxera Group Companies, including their respective roles and responsibilities please visit our Site.
For the purpose of EU and/or UK data protection legislation, where each Nxera Group Company’s processing is caught by the requirements of EU and/or UK data protection legislation, each Nxera Group Company will be considered a controller of your personal data, except that:
- Nxera Pharma Ireland Limited is also considered a processor of your personal data acting on behalf of the other Nxera Group Companies; and
- Nxera Pharma Co., Ltd and Nxera Pharma UK Limited will be considered controllers in respect of any personal data processed relating to recruitment and investor/shareholder relations. To the extent you have any questions or requests in connection with this processing, Nxera Pharma UK Limited shall be considered your primary point of contact and responsible for managing such questions or requests.
4. How to contact us
If you have any questions about this Privacy Notice or want to exercise your rights set out in this Privacy Notice, you can contact us by:
- using the “Contact Us” form on our Site, found under the Contact page.
- for exercising your rights: sending an email to GDPR@nxera.life.
- for general queries: sending an email to GDPR@nxera.life.
- writing to the registered office address of the relevant Nxera Group Company.
5. What personal data we collect
In the course of providing you with the Services and making our Site available to you, we may collect the following types of personal data about you:
- Contact Data, such as:
- name;
- postal code
- address;
- email address;
- telephone number; and
- the name of your organisation;
- Health Data (to the extent you participate in a Nxera sponsored trial), such as:
- pre-existing medical conditions;
- medical information collected during a clinical trial; and
- other relevant health data including data about lifestyle and genetics/response to medication;
- Payment Data, such as:
- bank and account details; and
- information relating to a particular transaction;
- Profile Data, such as:
- user interests and preferences;
- user contact preferences;
- whether you have participated in any trials; and
- information about any of our events that you have attended
- Behavioural Data, such as:
- data relating to your browsing activity, through the use of cookies, pixel tags and other similar technologies; and
- when your current or previous sessions started
- Technical Data, such as:
- IP address;
- browser type and operating system;
- geolocation, to ensure we’re showing you the correct notices and information; and
- any other unique numbers assigned to a device.
- Job Applicant Data, such as
- first name and last name;
- date of birth;
- gender;
- country;
- nationality;
- academic qualifications;
- employment history;
- remuneration package;
- entitlement to work information; and
- disability information.
- Clinical Trial Investigator and/or Clinical Trial Personnel Data, such as
- first name and last name;
- date of birth;
- gender;
- country;
- clinical qualifications;
- employment history;
- financial compensation and other financial details;
- entitlement to work information;
- disability information; and
- correspondence with Nxera.
6. How we collect and receive personal data
We collect and receive personal data using different methods:
- Personal data you provide to us
You may give us your personal data directly. This will be the case when, for example, you contact us with enquiries, complete forms on our Site, subscribe to receive our marketing communications or provide feedback to us.
- Personal data we generate about you
We may generate Health Data and/or Profile Data as a result of the provision of our Services and/or our interactions with you.
- Personal data we collect using cookies and other similar technologies
When you access and use our Site, we will collect certain Behavioural Data or Technical Data. We collect this personal data by using cookies and other similar technologies (see the ‘Insight, analysis and retargeting through Cookies’ section below).
- Personal data received from third parties
From time to time, we will receive personal data about you from third parties. Such third parties may include analytics providers, external Clinical Research Organisations, sponsors of clinical trials, in respect of which we have (or have assumed) responsibility either as trial sponsor or co-sponsor or otherwise have (or have undertaken) clinical, regulatory, development or marketing obligations for the relevant trial drugs, independent consultants, data brokers, payment providers and third parties that provide technical services to us so that we can operate our Site and provide our Services.
- Publicly available personal data
From time to time we may collect personal data about you (Contact Data) from publicly available sources (including open source data sets), media reports or that you or a third party may otherwise make publicly available (for example through speeches at events or publishing articles or other news stories).
7. Whom we collect personal data about
We collect and process personal data from the following people:
- Clinical Trial Participants
If you are involved in a clinical trial or participate in one of our research projects, we may process personal data about you in connection with your participation. You may be provided with a separate privacy notice in relation to this data processing activity.
- Site visitors
If you browse our Site, contact us with an enquiry through our Site, submit a complaint through our Site or use any Services available on our Site, we will collect and process your personal data in connection with your interaction with us and our Site.
- Visitors to our offices or operations facilities
If you attend our offices or operations facilities, we may process personal data that you volunteer in connection with your visit and any enquiries you make. For example, you may volunteer personal data when signing in as a guest. CCTV footage may also be collected for security purposes.
- Event attendees
If you attend one of our events, we will process personal data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other documents relating to the event.
- Personnel that work for our clients, partners and suppliers (including subcontractors and personnel who work for us as freelancers or contractors)
If you (or your organisation) are:
- in receipt of services from us;
- supply products or services to us; or
- otherwise partner with us;
we may collect and process your personal data in connection with our provision of those services to you, our receipt of those products and services from you and/or our partnership. This may include personal data included in any email or telephone communications or recorded on any document relating to an order for the products or services, such as your Contact Data.
- Job applicants.
If you apply for a job with us, whether through the ‘Careers’ page on our Site or otherwise, we will collect and process your personal data in connection with your application.
- Shareholders.
If you are a shareholder of a Nxera Group Company, we will process your personal data in relation to your investment and for our reporting obligations.
8. How we use your personal data
We use your personal data for the following purposes:
- Provision of our Services.
We may collect and maintain personal data that you submit to us or we otherwise obtain and/or generate for the purpose of supplying our Services.
For example, if you are participating in a trial or research project, the personal data we process may include Contact Data, your Payment Data, Profile Data and Health Data. Additional information about how we and our third party partners process your personal data in connection with a particular trial may be provided to you prior to your participation in that trial by way of a trial specific privacy notice.
If you work for a client or partner or subcontractor, the personal data we process may include your Contact Data and Payment Data (where applicable). We process this information so that we can fulfil the supply of Services, maintain our user databases and keep a record of how our Services are being used.
If you attend one of our offices or operations facilities, we will process personal data about you which you volunteer in connection with your visit and any enquiries you may have. This will usually include your Contact Data, and any other personal data you volunteer.
Some Services we offer are also subject to separate terms and conditions which will also apply.
Our legal basis for processing
It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you, or it is in our legitimate interest or the legitimate interest of the organisation with whom you work to use personal data in such a way to ensure that we provide our services in an effective, safe and efficient way.
Where we process information about your health, we will do so with your explicit consent or, where relevant, process your health data for the purpose of scientific research.
For further information about any other lawful bases we may rely on in respect of the personal data we process in connection with a particular trial, please see the relevant trial specific privacy notice.
- Use of our Site
We collect and maintain personal data that you submit to us during your use of our Site in the following ways.
- Contact us
Our Site features a “Contact” page which invites you to submit general enquiries about our Site and our Services by email.
When you make an enquiry, we will collect and process your Contact Data and certain Profile Data, as well as any other personal data that is relevant to your enquiry. We use this information to manage and respond to your enquiry.
Our legal basis for processing
It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry and provide a good standard of service to you.
- Your contributions to our Site
If you write an article or blog for us or contribute in any other way to publications we send to our members and/or publish on our Site or in print, we may use your personal data (such as your Contact Details) to credit you for your contribution. If you provide photographs or other images in support of your article or blog, we may publish one or more of those images alongside your article or blog.
If you submit any other content to us, including via our Site, such as photographs, quotes or testimonials, we may process any personal data comprised within that content for the purposes of promoting our Site and Services.
Our legal basis for processing
Where we use your content in connection with Services that we provide via our Site, it is in our legitimate interest to use any personal data that you provide to us to ensure that we provide the relevant Service in an effective way.
- Insight, analysis and retargeting through cookies
We and our third party partners use cookies, web beacons, pixel tags and other similar technologies (which we generically refer to as “Cookies”) to collect data from the device(s) that you use to access our Site. The data that is collected includes Behavioural Data and Technical Data, and certain Profile Data.
Please see our Cookie Policy for further information, including details of the third party partners that are used.
We and our third party partners use this data, in combination with your Contact Data, to analyse how you use, and the effectiveness of, our Site and Services, including:
- to count users who have visited our Site and collect other types of information, including insights about our visitors’ browsing habits, which helps us to improve our Site and Services;
- to measure the effectiveness of our content;
- to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting and what kind of features and functionalities our visitors like to see; and
- to help us with the selection of future service lines, website design and to remember your preferences.
Our legal basis for processing
Where your data is collected through the use of non-essential cookies, we rely on consent to collect your data. Please see our Cookie Policy for further details.
However, we may rely on other legal basis when we use your personal data that has been collected via the use of Cookies for the purposes described in this section.
Where we use this personal data to analyse how you use our Site and Services, it is in our legitimate interest to use your personal data in such a way to improve our Site and our Services.
- General enquiries.
When you make an enquiry whether by post, telephone, email or using the ‘Contact’ page on our Site or otherwise, we will collect and process your Contact Data as well as any other personal data that is relevant to your enquiry. We use this information to manage and respond to your enquiry.
We may record (including voice recordings of telephone conversations) and use the information referred to above to train our personnel so that they can effectively deal with enquiries.
Our legal basis for processing
It is in our legitimate interest to use your personal data in the ways described above to ensure that we are able to help you with your enquiry and provide a good standard of service to you.
- Hosting and managing events
From time to time, we may organise and host events for purposes such as obtaining investment for a particular project and/or shareholder meetings. We may process your Contact Data to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you.
If you attend one of our events, we may use your Contact Data to record your attendance at the event and for related record-keeping purposes and, if relevant, we may collect and process any dietary requirements you may have. You may also feature in photographs taken at our events and such photographs may appear in publications that we make available.
Our legal basis for processing
It is necessary for us to use your personal data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, and/or it is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that the event is operated in an effective way.
We may specifically ask your permission to use your photographs, quotes, testimonials, or other content that you make available or publish at the event. Where this is the case, our processing of such personal data will be based on consent.
- Surveys and feedback
From time to time, we may invite you to provide feedback about us, our Site or our Services in the form of online, postal or email surveys. We will collect and process your Contact Data, certain Profile Data, and any other personal data you choose to volunteer in your survey response or other feedback.
We use this information to help us to monitor and improve our Site, our Services and to assist with the selection of future service lines, and to train our personnel.
You can also voluntarily provide feedback by contacting our Investor Relations team. Please see the ‘General enquiries’ section above or details set out in the ‘How to Contact Us’ section above for more information.
Our legal basis for processing
It is in our legitimate interest to use the personal data provided by you so that we can improve our Services and provide them in an effective way.
- Marketing activities
We carry out the following marketing activities using your personal data:
- Postal marketing.
We use your Contact Data to send you (or the organisation you represent) marketing communications by post. Our postal marketing communications will include press releases and information about our Services, as well as general information about our organisation, our Site, and the events and promotions we offer from time to time.
Our legal basis for processing: It is in our legitimate interest to use your personal data for postal marketing purposes.
- Email marketing.
We use your Contact Details to send you (or the organisation you represent) marketing communications by email. Our email marketing communications will include press releases and information about our Services, as well as general information about our organisation, our Site, and the events we offer.
Our legal basis for processing: We will rely on our legitimate interests to send you email marketing communications. However, where required by law we will obtain your consent to receive such communications, including via Email Alerts on our Site. Where we obtain your consent, you have the right to opt-out of our use of your personal data to provide email marketing to you.
- Investor/shareholder relations
We may process your personal data in relation to managing our investor/shareholder relationships, including collecting your personal data via our Site and using your personal data to send you investor related or shareholder communications about our products, performance and events. Our “Contact Us by Email” links and Email Alerts “Subscribe/Unsubscribe” links are provided and hosted by our service provider Piped Bits Co, Ltd. (registered address: Orix Akasaka 2-Chome Building, 2-9-11 Akasaka, Minato-ku, Tokyo, Japan). For more information on how they process your data, please see their privacy policy on their website.
Our legal basis for processing
We will rely on our legitimate interest to use the personal data collected via our Site so that we can send you investor related or shareholder communications. However, where required by law we will obtain your consent to receive such communications, including via Email Alerts on our Site. Where we obtain your consent, you have the right to opt-out of our use of your personal data to provide such communications to you.
- Staff Recruitment
We use your personal data for recruitment purposes, in particular, to assess your suitability for any of our positions that you apply for, whether such application has been received by us online via our ‘Careers’ page on our Site, by email or by hard copy and whether submitted directly by you or by a third party recruitment agency on your behalf. Our online recruitment portal on our ‘Careers’ page is provided and hosted by our service provider Cezanne HR Limited (registered address: 46 Loman Street, London SE1 0EH), with whom we have entered into appropriate data processing agreements.
We also use your Contact Data to communicate with you about the recruitment process, to keep records about our recruitment process and to comply with our legal and regulatory obligations in relation to recruitment.
We will process any personal data about you that you volunteer, including during any interview or other forms of assessment, including online tests, when you apply for a position with us. These processes may be described in more detail in separate privacy notices.
We may also process your personal data obtained from any third parties we work with in relation to our recruitment activities, including without limitation, recruitment agencies, background check providers, credit reference agencies and your referees.
The personal data we process may include your Contact Data, Job Applicant Data, any other personal data which appears in your curriculum vitae or application, and any personal data that you volunteer during an interview or your interactions with us, or any personal data which is contained in any reference about you that we receive. Such information may also include special categories of personal data (such as information about your health, any medical conditions, disabilities which we need to make reasonable adjustments for during the recruitment process and your health and sickness records) and information relating to criminal convictions and offences if that information is relevant to the role you are applying for.
We also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit.
You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.
Our legal basis for processing
Where we use your personal data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions.
We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.
- Receipt of services from suppliers
If we have engaged you or the organisation you represent to provide us with products or services (for example, if you or the organisation you represent provide us with services such as IT support or financial advice), we will collect and process your personal data in order to manage our relationship with you or the organisation you represent, to receive products and services from you or the organisation you represent and, where relevant, to provide our Services to others.
The personal data we collect from you may include your Contact Data and certain Payment Data, and any other personal data you volunteer which is relevant to our relationship with you or the organisation you represent.
Our legal basis for processing
It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we have an effective working relationship with you or the organisation you represent and are able to receive the services that you or your organisation provides, and provide our Services to others, in an effective way.
- Security
We have security measures in place at our offices and operations facilities, including CCTV and building access controls. There are signs in place showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).
We may require visitors to our premises to sign in on arrival and where that is the case we will keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to look into an incident).
Our legal basis for processing
It is in our legitimate interests to process your personal data so that we can keep our offices and operations facilities secure and provide a safe environment for our personnel and visitors to our offices and operations facilities.
- Business administration and legal compliance
We use your personal data for the following business administration and legal compliance purposes:
- to comply with our legal obligations;
- to enforce our legal rights;
- to ensure compliance with our terms and policies, for example, to prevent or detect fraud or other crimes;
- to protect the rights of third parties; and
- in connection with a business transition such as a merger, reorganisation, acquisition by another company, or sale of all or a portion of our assets.
Our legal basis for processing
Where we use your personal data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we have a legal obligation to use your personal data to comply with any legal obligations imposed upon us such as a court order.
We will not process any special (or sensitive) categories of personal data or personal data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.
- Clinical Trial Investigators and/or Clinical Trial Personnel
We may process your personal data in connection with you providing your services to us in connection with clinical trials for which we are (or we have assumed responsibility as) the sponsor or co-sponsor, or for which we undertake (or have undertaken) clinical, regulatory, development or marketing obligations for the relevant trial drugs.
Our legal basis for processing
We may process your personal data based on our legitimate interest of ensuring safety and providing assurances in relation to clinical trials and clinical trial drugs. For all other purposes described in this section, processing is necessary to comply with any legal obligation imposed upon us.
- Any other purposes for which we wish to use your personal data that are not listed above, or any other changes we propose to make to the existing purposes, will be notified to you using the contact details we hold for you.
9. If you fail to provide your personal data
Where we are required by law to collect your personal data, or we need to collect your personal data under the terms of a contract we have with you, and you fail to provide that personal data when we request it, we may not be able to perform the contract we have or are trying to enter into with you. This may apply where you do not provide the personal data we need in order to provide the Services you have requested from us or to process an application for employment with us. In this case, we may have to cancel your application or the provision of the relevant Services to you, in which case we will notify you.
10. How we obtain your consent
Where our use of your personal data requires consent, you can provide such consent:
- at the time we collect your personal data following the instructions provided; or
- by informing us using the contact details set out in the “How to Contact Us” section above.
Where we obtain your consent, you have the right to opt-out of our use of your personal data at any time using the contact details set out in the “How to Contact Us” section above or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email. If you withdraw your consent, our use of your personal data before you withdraw is still lawful.
11. Third party links and services
Our Site may contain links to third party websites and services. When you use a link to go from our Site to another website (even if you don’t leave our Site) or you request a service from a third party, this Privacy Notice shall not apply to the processing of your personal data carried out by the relevant third party provider. Your browsing and interactions on any other websites, or your dealings with any other third party service provider, is subject to that website’s or third party service provider’s own rules and policies. We do not monitor, control, or endorse the privacy practices of any third parties.
We encourage you to become familiar with the privacy practices of every website you visit or third party service provider that you use in connection with your interaction with us and to contact them if you have any questions about their respective privacy notices and practices.
This Privacy Notice applies solely to personal data processed by us through your use of our Site, your receipt of our Services and/or in connection with our business operations. It does not apply to the processing of your personal data by these third party websites and third party service providers.
12. Sharing personal data
We will only share personal data with others when we are legally permitted to do so. When we share personal data with others, we put contractual arrangements and security mechanisms in place to protect the personal data shared, including to ensure where applicable that the third parties do not use the personal data for their own purposes, and to comply with our data protection, confidentiality and security standards and obligations.
When processing your personal data, we may need to share it with third parties and other Nxera Group Companies) as follows:
- Group Companies for recruitment purposes: Your information that you provide to us through the “Careers” page on our Site may be shared internally with other Nxera Group Companies for the purposes of the recruitment exercise. This includes members of the relevant Nxera Group Company HR team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles. Whenever we share your personal data with third parties or with other Nxera Group Companies, we disclose only the personal information that is necessary for the respective purposes.
- Third party organisations that provide applications/functionality, data processing or IT services: We share personal data with third parties who support us in providing our Services and help provide, run and manage our internal IT systems. Such third parties may include, for example, providers of information technology, providers of cloud-based software, identity management, website hosting, management and services, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them. We also share your personal data with third party service providers to assist us with insight analytics. These providers are described in our Cookie Policy.
- Payment providers and banks: We share personal data with third parties who assist us with the processing of payments and refunds.
- Event partners and suppliers: When we run events, we will share your personal data with third party services providers that are assisting us with the operation and administration of that event. If we are running an event in partnership with other organisations, we will share your personal data with such organisations for use in relation to the event.
- Third party email marketing and Customer Relationship Management specialists: We share personal data with specialist suppliers who assist us in managing our marketing database and sending out our email marketing communications and membership-related communications.
- Suppliers of postal and courier services: We share personal data with suppliers who assist us in sending out our postal marketing communications and other communications.
- Partners: We share personal data with our partners, including contract research organisations or laboratories, in the provision of our Services.
- Recruitment agencies and related organisations: We share personal data with external recruiters, third party providers that undertake background checks on our behalf and other entities within our group of companies.
- Auditors, lawyers, accountants and other professional advisers: We share personal data with professional services firms who advise and assist us in relation to the lawful and effective management of our organisation and in relation to any disputes we may become involved in.
- Law enforcement or other government and regulatory agencies and bodies: We share personal data with law enforcement or other government and regulatory agencies, courts or other third parties as required by, and in accordance with, applicable law or regulation.
- Sharing with other third parties: Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
This list is non-exhaustive and there may be circumstances where we need to share personal data with other third parties in order to operate our Site, offices and operations facilities and to provide our Services.
13. Transfers of your personal data
When you submit personal data to us, whether through your interactions with our Site, office, branch offices and operations facilities you acknowledge that your personal data may be transferred to a country outside the UK and the European Economic Area (“EEA”) (such as Japan, South Korea and Switzerland) where it will be stored and processed by us and relevant third parties for the purposes set out in this Privacy Notice (see section 12 above).
Some countries do not have the same data protection laws as the UK and the EEA. In particular, non-EEA countries may not provide the same degree of protection for your personal data, may not give you the same rights in relation to your personal data and may not have a data protection supervisory authority to help you if you have any concerns about the processing of your personal data. However, when transferring your personal data to countries outside of the UK or the EEA, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data.
We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.
When transferring your personal data to countries outside the UK or the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented:
- Adequacy decisions: We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and the UK Government. For further details, see the European Commission and ICO websites.
- Model clauses: Where we use certain service providers, we may use specific clauses approved by the European Commission and UK Government which give personal data the same protection it has in Europe and the UK. For further details, see the European Commission and ICO websites.
Please contact us using the contact details set out in the “How to Contact Us” section above if you would like further information on the specific mechanisms used by us when transferring your personal data to countries outside the UK or the EEA.
14. How long we keep your personal data
We will not retain your personal data any longer than necessary to fulfil the purposes the data was collected for or to fulfil our legal obligations, in line with our Document Retention Policy. The retention periods may differ depending on which Nxera Group Company is data controller, in line with local requirements.
If any personal data is only useful for a short period (e.g. for a specific event or marketing campaign or in relation to recruitment), we will not retain it for longer than the period for which it is used by us and as required by law or to defend legal claims. If we receive your application through our “Careers” page on our Site and the application is unsuccessful, we will hold your data on file for up to 12 months after the end of the relevant recruitment process. At the end of that period, or on your request, your data will be deleted or destroyed. If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment. The periods for which your data will be held will be provided to you in a new privacy notice.
If you have opted out of receiving marketing communications from us, we will need to retain certain personal data on a suppression list indefinitely so that we know not to send you further marketing communications in the future.
If you wish to receive further specific information on the applicable retention periods, please reach out to us at GDPR@nxera.life.
15. Confidentiality and security of your personal data
We are committed to keeping the personal data you provide to us secure and we will take reasonable precautions to protect your personal data from loss, misuse or alteration.
We have implemented information security policies, rules and technical measures to protect the personal data that we have under our control from:
- unauthorised access;
- improper use or disclosure;
- unauthorised modification or destruction; and
- unlawful destruction or accidental loss.
All our employees and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above) who have access to and are associated with the processing of personal data are obliged to respect the confidentiality of the personal data of all users of our Site and our Services.
Whilst we will take reasonable precautions to ensure the security of your personal data, we cannot guarantee the security of information transmitted over the Internet.
16. Personal data of children
We do not specifically target our Site or our Services at children. However, due to the nature of our organisation and the Services we provide, we may from time to time collect and process personal data relating to individuals under the age of 18. Where we do so, we will comply with all applicable laws and regulations relating to the processing of personal data of minors. However, if you are under the age of 16, you must ask a parent or guardian for permission before using our Site and our products and Services. If you are a parent or guardian, please supervise your child’s use of our Site and our Services.
17. How to access your information and your other rights
You have the following rights in relation to the personal data we hold about you. If you would like to exercise any of these rights, please contact us at GDPR@nxera.life. Please note that some of these rights are subject to certain exemptions and limitations.
- Your right of access.
If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies.
- Your right to rectification.
If the personal data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your personal data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your personal data with so that you can contact them directly.
- Your right to erasure.
You can ask us to delete or remove your personal data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
- Your right to restrict processing.
You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data to stop us processing it further. If we’ve shared your personal data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your personal data with so that you can contact them directly.
- Your right to data portability.
You have the right, in certain circumstances, to obtain personal data you have provided to us (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer it to a third party of your choice.
- Your right to object.
You can ask us to stop processing your personal data, and we will do so, if we are:
- relying on our own or someone else’s legitimate interest to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
- processing your personal data for the purposes of direct marketing.
- Your rights in relation to automated decision-making and profiling.
You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.
- Your right to withdraw consent.
If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. You can exercise your right of withdrawal by contacting us using our contact details in the “How to Contact Us” section above or by using any other opt-out mechanism we may provide, such as an unsubscribe link in an email.
- Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please contact us using the contact details provided in the “How to Contact Us” section above. You can also report any issues or concerns to a national supervisory authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at the European Commission website.
18. Changes to this privacy notice
To ensure that you are always aware of how we use your personal data, we will update this Privacy Notice to reflect any changes or proposed changes to our use of your personal data. We may also make changes to comply with changes in applicable law or regulatory requirements.
We will bring any significant changes to your attention by updating this information and making it available on our Site. In addition, we will examine whether in individual cases there is an obligation to provide other notification in the event of any changes to this information and in this case, we will comply with the existing notification obligation. However, we encourage you to review this Privacy Notice periodically to be informed of how we use your personal data.