Europe Limited Privacy Notice | Verdesian Life Sciences

Verdesian Life Sciences Europe Limited Privacy Notice

We take your privacy very seriously. Please read this privacy notice carefully as it contains important

information on who we are and what personal data (information) we hold about you, how we collect it and how we may use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or make a complaint.

Who we are

Verdesian Life Sciences Europe Limited (“VLS”, “we”, “us”, “our”) is a ‘data controller’ for the purposes of your personal data. This means that we determine the purpose and means of the processing of your personal data. You will find our contact details at the end of this notice (see below: ‘How to contact us’).

Personal data we collect and use

Personal data is any information relating to an identified or identifiable individual.

We will collect the following personal data from you:

  • Your name;
  • Your job title;
  • Your contact details – telephone number(s), email address and work address; and
  • The name of your business.
  • to comply with our legal and regulatory obligations;
  • for the performance of our contract with you or to take steps at your request before entering into a contract;
  • for our legitimate interests or those of a third party; or
  • where you have given consent.

How your personal data is collected

We collect most personal data from you when we speak with you on the telephone or via email.

How and why we use your personal data

Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use your personal data for and our lawful basis for doing so, depending on our relationship with you.

What we use your personal data for:

  • For individuals representing organizations with whom we have contracts. For corresponding with those individuals and for taking steps under the contract with their organization
  • To prevent and detect fraud against you or us
  • Other processing necessary to comply with our legal obligations that apply to our business, e.g. under health and safety regulations, or as otherwise permitted or required by law
  • Ensuring our business policies are adhered to e.g. policies covering security and internet use
  • Operational reasons, such as improving efficiency, training and quality control
  • Ensuring the confidentiality of commercially sensitive information
  • Statistical analysis to help us manage our business. e.g. in relation to our financial performance, customer base, work type or other efficiency measures
  • Preventing unauthorized access and modifications to systems
  • Updating and maintaining records
  • Statutory returns
  • Ensuring safe working practices (including protecting our rights, property or the safety of our staff or others), staff administration and assessments
  • For the audits of our accounts

Our lawful basis for processing data:

  • Necessary for our legitimate interests or those of a third party e.g. to take steps under the contract with the organization
  • Necessary for our legitimate interests or those of a third party i.e. to minimize fraud that could be damaging for us and for you
  • Necessary to comply with our legal and regulatory obligations
  • Necessary for our legitimate interests or those of a third party i.e. to make sure we are following our own internal procedures, so we can deliver the best service we are able to
  • Necessary for our legitimate interests or those of a third party i.e. to be as efficient as we can so we can deliver the best service we are able to at the best price
  • Necessary to comply with our legal and regulatory obligations. Necessary for our legitimate interests or those of a third party i.e. to protect commercially valuable information
  • Necessary for our legitimate interests or those of a third party i.e. to be as efficient as we can so we can deliver the best service we are able to at the best pric
  • Necessary to comply with our legal and regulatory obligations. Necessary for our legitimate interests or those of a third party i.e. to prevent and detect criminal activity that could be damaging for us and for you
  • Necessary for our legitimate interests or those of a third party e.g. to make sure we can keep in touch with our contacts
  • Necessary to comply with our legal and regulatory obligations
  • Necessary to comply with our legal and regulatory obligations. Necessary for our legitimate interests or those of a third party e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service that we are able to
  • Necessary to comply with our legal and regulatory obligations

Who we share your personal data with

Depending on the circumstances, we may share your personal data with:

  • our Group company Verdesian LLC (based in the US);
  • third parties we use to help run our business (e.g. business consultants, logistics companies);
  • our insurers and professional advisers;
  • external auditors e.g. in relation to the audit of our accounts;
  • our bank(s).
  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly;
  • to keep records required by law to comply with our legal obligations.
  • with our Group company based in the US;
  • with your and our service providers located outside the EEA; or
  • if you are based outside the EEA.
  • your data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • the transfer is necessary for the performance of a contract between you and us;
  • the transfer is necessary to establish, exercise or defend legal claims;
  • there are adequate safeguards in place between us and the organization receiving it (e.g. by the use of European Commission approved contractual terms); or
  • you have provided explicit consent to the proposed transfer after being informed of any potential risks.

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal obligations.

We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymized, but this may not always be possible.

How long your personal data will be kept

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including:

We will not retain your data for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of personal data.

Transferring your personal data out of the EEA

It is sometimes necessary for us to share your personal data outside the European Economic Area (EEA) (which comprises the countries in the European Union and Iceland, Liechtenstein and Norway) e.g.

These transfers are subject to special rules under European and UK data protection law

Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to your data by ensuring one of the following (or one of the other grounds set out in data protection law) applies:

  • your data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • the transfer is necessary for the performance of a contract between you and us;
  • the transfer is necessary to establish, exercise or defend legal claims;
  • there are adequate safeguards in place between us and the organization receiving it (e.g. by the use of European Commission approved contractual terms); or
  • you have provided explicit consent to the proposed transfer after being informed of any potential risks.

Please contact us – see below: ‘How to contact us’ if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Your rights

You have the following rights, which you can exercise free of charge:

  • Access – The right to be provided with a copy of your personal data
  • Rectification – The right to require us to correct any mistakes in your personal data
  • To be forgotten -In certain situations, the right to require us to delete your personal data
  • Restriction of processing – In certain situations, the right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data
  • Data portability – In certain situations, the right to ask us to transfer any personal data you provided to us to another organization
  • To object – The right to object at any time to your personal data being processed for direct marketing and in certain other situations to our continued processing of your personal data e.g. where processing is carried out for the purpose of our legitimate interests

We do not use personal data for automated decision making.

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) onindividuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please email, write or telephone us —see below: ‘How to contact us’ and let us have enough information to identify you e.g. your full name and address as well as what right you want to exercise and the personal data to which your request relates.

Keeping your personal data secure

We have put in place reasonable and appropriate security measures to endeavor to prevent personal information from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your personal data. If you want to complain about how we have used your personal data, please email or write to us

– see below: ‘How to contact us’. However, if we are not able to resolve your complaint to your satisfaction, you can complain to the UK’s supervisory authority, the Information Commissioner’s Office (ICO). Further information about how to make a complaint to the ICO can be found on the ICO website www.ico.org.uk.

The EU General Data Protection Regulation also gives you right to lodge a complaint with the supervisory authority in the European Union state where you work, normally live or where any alleged infringement of data protection laws occurred.

Changes to this privacy notice

We may change this privacy notice from time to time. If any changes are likely to have an adverse impact on your rights under data protection law, we will use reasonable endeavors to notify you of the changes in advance in writing or by post.

How to contact us

Please contact us by email, post or telephone if you have any questions about this privacy notice or the information we hold about you.

Our contact details are shown below:

Our contact details

7 Rotherbrook Court Bedford Road Petersfield Hampshire

GU32 3QG +44(0) 1730 720 300

admin@vlsci.com

Do you need extra help?

If you would like this notice in another format (for example large print) please contact us (see ‘How to contact us’ above).

May 2018