Last Updated: June 2023
We want you to understand what personal information Beacon Therapeutics Limited and its group of companies (“Beacon”, “we”, “us”, “our”) may collect about you, and how we use that personal information in connection with our activities, communications, products, services, applications and websites. This Privacy Notice applies to all personal information collected and otherwise processed by Beacon.
We are committed to safeguarding your personal information (or personal data) in line with all applicable laws, including the UK Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR). Beacon is a ‘controller’ of your personal data for the purposes of data protection laws. This means that Beacon is responsible for deciding how we hold and use personal information about you, as described in the notice below.
This Privacy Notice explains:
- The ways we collect personal information
- The different types of personal information we collect
- How we use your personal information
- The lawful bases on which we use your personal information
- How long we retain your personal information
- With whom we may share your personal information and where we may transfer it internationally
- The steps we take to protect your personal information
- Your data subject rights regarding your personal information
- What to do if you do not wish for us to hold your personal information
This privacy notice is subject to review and change, so please refer to it periodically.
If you have any questions, please get in through the Contact page.
The ways we collect personal information
We collect personal information in a variety of ways. These include, but are not limited to:
- When you interact with this website, complete online forms, contact corporate mailboxes, use Beacon’s publicly available social media sites or otherwise interact directly with Beacon
- If you participate in clinical trials
- From contract research organisations and clinical trial investigators
- Through government agencies or publicly available records
- From industry and patient groups and associations
- From public sources
The different types of personal information we collect
We collect the following types of personal information:
- Contact details such as your name, email address, mailing address and phone number
- Personal and demographic information, such your age, gender, ethnicity and marital status
- Information collected in connection with clinical trial management or associated research
- Financial information to complete a transaction such as payment for services
- Information that may be publicly available from sources such as public databases, social media platforms, and other third parties, which we may combine with personal information we already hold
For healthcare professionals, external experts, influencers or advisors, applicants, researchers, academics, industry specialists and consultants, we also may collect:
- Details of your qualifications, skills, experience, and employment history, including start and end dates, with previous employers (including details related to previous engagements with Beacon where relevant)
- Information about your nationality and entitlement to work
- Information related to reference checks, background vetting and any criminal record (where permitted by applicable law)
- Equal opportunities monitoring information (e.g., including information about your ethnic origin)
- Professional and educational qualifications, accreditations, work experience, affiliations, publications and curriculum vitae (CVs)
- Due diligence information about your practice that is publicly available
Beacon may collect this information in a variety of ways. For example, information might be collected through application forms or CVs; obtained from your passport or other identity documents such as your driving licence; from correspondence with you; and through interviews, meetings or other assessments.
How we use your personal information
We may use your personal information to:
- Provide you with information and services, including in connection with publications, articles, collaborations, press releases and industry events
- Contact and interact with you, including to provide important notices and updates, such as changes to our terms and policies, security alerts and administrative messages
- Correspond with you about trials, your participation in them or related research
- Conduct recruitment processes
- Inform you of job opportunities, offers or rejections
- Manage general enquiries
- Ensure we can meet legal, regulatory and government body requirements and guidance, including complying with demands and requests made by regulators, government bodies, courts and law enforcement authorities
- Protect against, investigate, and take action against cybersecurity issues, fraud, suspicious events, or other illegal or harmful activities
- Conduct and improve our operations, including compiling statistics for analysis of our sites, business, products and services
- Manage grants, donations and corporate sponsorships
- Identify you as a key opinion leader or expert, influencer or advisor for scientific or medical engagement
- For diversity, equity and inclusion initiatives, including equal opportunities monitoring
- Consider you as a potential investor in Beacon
We will use personal information only for the original purposes for which it was collected, and we will take appropriate steps to keep that personal information accurate, complete and up to date.
The lawful bases on which we use your personal information
We operate under a variety of privacy laws, rules and regulations, most notably the UK GDPR which requires us to demonstrate a lawful basis when processing your personal information.
We process your personal information on the following lawful bases:
- Consent: where you have provided your consent for us to process your personal information for one or more specific purposes
- Contract: we may need to process your personal information in connection with a contract to which you are a party (for example, to offer or provide to you, or to obtain from you, products or services), or because you have asked us to take specific steps before entering into a contract with you
- Legal obligation: where the processing of your personal information is necessary for us to comply with a legal and/or regulatory obligation
- Legitimate interest: where we have a legitimate business interest in processing your personal information and, on evaluation, your interests and fundamental rights do not override those interests
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
Special categories of particularly sensitive personal information, including information about your health, racial or ethnic origin, sexual orientation or sex life, trade union membership or criminal history and genetic or biometric data, require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in limited circumstances and generally only with your explicit consent.
How long we retain your personal information
Beacon retains your personal information for only as long as required for the purpose for which it was collected, unless there is a lawful reason to extend the retention period, for example due to a legal requirement or legal action. Once a retention period has lapsed, Beacon takes appropriate steps to permanently dispose of such personal information.
With whom we may share your personal information and where we may transfer it internationally
We may share your personal information with:
- Other legal entities in the Beacon group
- The following trusted third parties:
- Our vendors, suppliers, agents and business partners, including technology service providers, clinical research organisations, consultants, healthcare professionals, and testing laboratories who work with us on clinical trials
- Our professional advisors, including auditors, outside legal counsel, and financial advisors
- Previous employers and background checking organisations
- Regulators, government bodies, law enforcement authorities, and ethics committees
- Other third parties in connection with operating any part of our business, or in connection with any mergers, acquisitions, dispositions, financings, reorganisations, or similar corporate activities
Your personal information may be transferred by Beacon and its trusted third parties to, and otherwise processed in, countries outside of your home country. To the extent the data privacy laws in the countries to which your personal information is transferred may not be equivalent to, or as protective as, the laws in your home country, we will take appropriate steps, in accordance with applicable data protection and privacy laws, to maintain an adequate level of protection and security for your personal information when it is transferred outside of your home country.
The steps we take to protect your personal information
We adopt a variety of security measures and technologies to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction in line with applicable data protection and privacy laws. We expect our third parties to adhere to the same requirements of data protection as stipulated in our contract terms with them.
Websites that Beacon does not own or control
We may provide links to websites or mobile applications that are not owned or controlled by Beacon. This privacy notice does not apply to those websites. If you choose to use those websites, please check the legal and privacy statements posted on each website or mobile application you access to understand their privacy practices.
Your data subject rights regarding your personal information
Data privacy laws such as the UK GDPR and UK Data Protection Act 2018 provide data subjects with a number of rights over their personal information. Under these law and regulations, you may be entitled to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing;
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) in certain circumstances. You also have the right to object where we are processing your personal information for direct marketing purposes;
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
- Request the transfer of your personal information to another party; and
- Withdraw your consent to the processing or your personal information (in circumstances where Beacon has previously obtained your consent). Please note, this will not affect the lawfulness of any processing of your personal data based on consent prior to your consent being withdrawn.
If you would like to exercise your rights, please let us know by getting in touch with us through the Contact page.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What to do if you do not wish for us to hold your personal information
Where you are given the option to share your personal information with us, you can always choose not to do so.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. This could mean that we may not be able to perform the actions necessary to achieve the purposes as set out in this notice or that you may be unable to make use of Beacon’s products or services.
Cookies and other technologies
This website uses technology called “cookies” which allow this website to recognise and respond to you as an individual.
Requests for information
If you have any questions specifically about this privacy notice or wish to make a data subject request, please email firstname.lastname@example.org and we will assist you.
Alternatively, you may reach out to us through Beacon’s Contact page.
Beacon welcomes all concerns, enquiries and requests about how we process personal information and aims to expedite each completely. If unsatisfied with responses, you have the right to submit a complaint to the UK supervisory authority (Information Commissioner’s Office, ICO).