Public Privacy Statement

 

e-therapeutics plc (the “company”) is committed to protecting the privacy and security of your personal information.

e therapeutics plc is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This Privacy Statement covers personal information we collect:

  • via our website (https://www.etherapeutics.co.uk/) (the “website”)
  • in relation to our business development activities
  • as a result of your communications or transactions with the company

A separate privacy statement regarding our collection of personal information in relation to employees, workers and contractors is distributed internally and detailed in the Staff Handbook.

The company cannot control the contents of other sites for which there are links on our website. We have no responsibility for any part of their content. We accept no responsibility for the data collection methods employed by such other sites.

We will comply with data protection law. This says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

Information collected via our website – subscription services

You can sign up to our subscription service by providing your e-mail address. Your e-mail address will be used to provide you with company news and other financial information. It will not be used for any other purpose.

You can voluntarily provide your name, company, country, or profession. This information will only be used in aggregate for analysis and will contain no information to identify you personally.

By signing up to our subscription services you are providing consent for us to contact you for this purpose, as clearly stated during the opt-in sign-up process.

 

Information collected via our website - cookies

In common with many other organisations we employ the use of cookies. This procedure creates files of information about your visit to our site. For our full cookie policy, including a link of how to change your cookie preferences, please see here.

 

Information collected in relation to business development activities

We hold contact details (such as name, email address and telephone number) and professional details (such as job title and company) where there is a legitimate interest to our business and where the processing of this data is not overridden by your data protection interests or fundamental rights and freedoms. We collect such personal information, where appropriate and in accordance with laws and requirements, from sources including: (i) directly from the data subject; (ii) by analysing online and offline media; (iii) from attendee lists at relevant events; and (iv) from other limited sources.

We will use these contact details to contact subjects that we believe will be interested in a potential collaboration in line with our corporate strategy and for no other purposes.

 

Information collected during transactions with the company

Information may be collected from you or our advisors if you are involved in any communication or transaction with the company. This information will only be collected where there is a legitimate interest or legal obligation.

 

Information collected during recorded meetings

We may, from time to time, record meetings for the purposes of security, monitoring and training. These recordings may contain contact details (such as name, email address, telephone number), audio recordings and video recordings of you, as well as transcripts of your spoken words during the meeting. These recordings will only occur with your consent.

 

Information collected in relation to employee benefits

We offer multiple benefits packages to our employees, which subject to change, may include extending such benefit to an employees' spouse and children. Such information generally consists of Names, Dates of Birth, Gender, and Address. Regarding any health insurance products offered, this may also extend to details of previous and/or pre-existing medical conditions. Data collected in relation to employee benefits is only used for the enrolment and administration of those benefits and will only be shared to the third-party provider of those benefits.

How we share your data

We may share your information with any competent law enforcement body, regulatory or government agency, court or other third party where we believe disclosure is necessary as a matter of applicable law or regulation; to exercise, establish, or defend our legal rights; or to protect your vital interests or those of any other person.

We may disclose your personal information to any member of our group.

We may also share your information with third party service providers, where necessary for processing your data in accordance with the lawful purpose for which we collected it or where we have another legitimate interest for doing so. This includes external consultants and professional advisors, a list of which can be found here.

We will not sell, distribute, or lease your information to third and we will not use your personal information to send you promotional information about third parties. Please be assured that we do not sell your information to third parties or use the information for purposes that are incompatible with those set forth in this Privacy Statement.

We may, with your express content, share video and audio content from meeting recordings, interviews, and other sources publicly on the Internet.

 

Legal basis for processing personal information (if you are a resident in the EEA)

The lawful basis for collecting your personal information will depend on the personal information concerned and the specific context in which we collect it. Unless otherwise stated, we will normally collect personal information from you where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.

In some limited cases, it may be necessary for us to process personal information and, where appropriate and in accordance with local laws and requirements, sensitive information, in connection with exercising or defending legal claims.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

Your data protection rights

If you wish to access, correct, update or request deletion of your personal interest, you can do so at any time.

If you are a resident of the EEA, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.

If we have collected your personal information with your consent, then you can withdraw your consent at any time.

We have appointed a data protection officer (“DPO”) who has responsibility to oversee compliance with this Privacy Statement. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at the contact details below. You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK supervisory authority for data protection issues.

 

How Long Do We Keep Your Personal Information?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will retain information we collect from you where we have an ongoing legitimate business need to do so.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

 

How we keep your data secure

We do all that we can to secure your privacy including the use of encryption for the transmission of information. The very nature of transmissions over the internet is such that there can be no absolute guarantee of security. Information can be accessed and used in ways which the company cannot foresee or protect you from with 100% security. Information that you submit is, to that extent, at your own risk.

However, we have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We have put in place procedures to deal with any suspected Personal Data Breach and will notify Data Subjects or any applicable regulator where we are legally required to do so. If you know or suspect that a Personal Data Breach has occurred, do not attempt to investigate the matter yourself. Immediately contact the DPO.  You should preserve all evidence relating to the potential Personal Data Breach.

 

Contact us

If you have any questions regarding this Privacy Statement, please email dataprotection@etherapeutics.co.uk

Alternatively you can write to us at:

DPO

e-therapeutics plc
Floor 4, 4 Kingdom Street
Paddington Central
London
W2 6BD

 

Our Data Protection Officer (“DPO”) is Timothy Bretherton.

Note that this Privacy Statement may be updated from time to time.

Recruitment Privacy Statement

This statement, which applies to all successful, unsucessful, and prospective candidates at any part of our recruitment process, defines how e-therapeutics holds, processes, shares and retains personal information about these individuals.

This statement does not form part of any contract or offer of employment and may be updated at any time.

Your Data

We may collect and process the following information about you:

  • Full Name
  • Home address
  • Telephone numbers
  • Personal email address/es
  • Equal opportunities monitoring data (Gender, Marital Status, Ethinicity, Sexual Orientation, Religion, Disabilities)
  • Employment history
  • Education history
  • Job title
  • Details of your previous and current contracts of employment
  • Salary expectations
  • Communications data
  • Identity documents
  • Pictures, Videos, and Audio recordings

This list is not exhaustive and may change from time to time. Any additional data types you provide to use throughout the recruitment process will be processed in line with this privacy statement.

Data Processing

We process this data for the following activities / reasons:

  • Candidates:
    • Diversity / Equal opportunities monitoring
    • Recruiment management and interviewing
    • Right to work checks
  • Organisational Operations:
    • Reasonable adjustments for interviews
    • Systems security

Data Collection

We collect your personal information from various sources including:

  • Directly from you via:
    • Our recruitment processes and pages on our website
  • From third parties such as:
    • Your previous employer/s
    • Any other referees you provide
    • Our recruitment agents
    • Our security and monitoring systems

Legal Bases for Processing

We use the following legal bases for the processing of your data:

Legal basis Purpose of processing Personal data types
Consent Recruitment Management and Interviewing Pictures, Videos and Audio recordings
Legal Obligation

Reasonable adjustments for interviews

Right to Work checks

System Security

Communications data

Equal Opportunities Monitoring data

Full Name

Home Address

Identity documents

Personal email addresses

Legitimate Interest  

Details of your contract

Education history

Employment history

Full name

Home address

Job title

Personal email addresses

Salary expectations

Telephone numbers

 

In cases where we rely on Legitimate Interest to process your data, we conduct regular balancing assessments, as outlined in our Data Protection Policy, to ensure that our pursuit of legitimate interests to do override your fundamental rights.

Examples of how we process your data

This is a non-exhaustive list of ways that we may process your data under the above legal bases and processing activities:

  • To add you to our HR Information Management System, to aid our recruitment process
  • To shortlist you for interview
  • To verify your employment and education history
  • To send job offers and prepare employment contracts
  • To make reasonable adjustments to the interview process for individuals with disabilities

Change of Processing Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We my process your personal information without knowledge or consent where this is required or permitted by law.

Your Rights

Under the GDPR, you have the following rights to your data:

  • The right to be informed
  • The right of access
  • The right of rectification
  • The right of erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

To exercise any of these rights, please contact privacy@etherapeutics.co.uk with the details of your request. If you fail to provide certain information when requested, we may not be able to proceed in the candidate selection process, or we may be prevented from complying with our legal obligations.

Sharing your data

We will share your personal information with third parties where:

  • It is required by law
  • It is necessary to administer the working relationship with you, or
  • We have a legitimate interest in doing so.

For the purposes of this document, "third parties" are service providers, contractors, agents, and Government departments / executive bodies. The following activities are carried out by third-parties:

  • IT Services, including support, storage and information management
  • Reference checks
  • Candidate recruitment
  • Remuneration benchmarking
  • Advisory services, such as financial and legal advisors
  • Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) providers.

This is not an exhaustive list and will change depending on the needs of the organisation. Prior to engaging with third parties, we carry out extensive due diligence to ensure that your personal data is processed securely and only for the reason it has been shared.

Securing your data

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, and form malicious activity from internal and external sources. In addition, we limit access to your personal data to those employees and third parties who have a legitimate business need to know.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Retaining your data

We will only retain personal information for as along as necessary to fulfil the purposes we collected it, including for the purposes of satisfying our legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data we consider the amount, nature and sensitivity of the personal data, the potential risks of harm, and the purposes of processing.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. For all unsuccessful candidates we will retain and securely destroy your personal information after 1 year to comply with anti-discrimination laws.

If it is not possible to delete or anonymise your data (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing (except storage) until deletion is possible.

Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.