Privacy Policy

ASTEX PHARMACEUTICALS PRIVACY POLICY

This is the Privacy Policy for Astex Pharmaceuticals, Inc., based in Pleasanton, California, USA, and Astex Therapeutics Limited, based in Cambridge, U.K. Both companies are committed to protecting and respecting your privacy.

When we refer to “Astex“, “we“, “our” or “us” in this Privacy Policy, we are referring to [the Astex entity (as set out above) that is responsible for processing your personal data].

This policy (together with our Website Terms of Use and any other documents referred to in them) sets out the basis on which we handle any personal data that we collect about you, or that you or others provide to us.

This Privacy Policy applies in particular to personal data we collect when you use this website (https://astx.com/), purchase or negotiate to purchase products or services from us or otherwise interact with us in the normal course of our business.

TOPICS COVERED:

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

  1. ABOUT US AND HOW THIS POLICY APPLIES TO OUR COMPANIES

1.1 This section of our Privacy Policy sets out how Astex complies with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and related European Union and European Economic Area data protection laws (“Data Protection Laws”).

For the purpose of Data Protection Laws, the Astex company that will be the “data controller” of your personal data will be the Astex company with which you have a business relationship and which is processing your personal data.

1.2 You should be aware that this website and other dealings you have with us may be subject to different privacy laws depending on the Astex company involved, and where you are located.

  1. WHAT INFORMATION WE COLLECT AND HOW WE WILL USE IT

2.1     The information we collect depends on the context of your interactions with us, with our website and how you use our products and services. It also depends on the choices you make, for example the functions you use and your privacy settings. You may choose not to provide certain information but if you do, and that information is necessary to provide a particular feature or service, then you may not be able to use that feature.

2.2     The table below summarises what information we collect about you, explains how we intend to use it and what our legal basis is for using it.

Personal data collected Source of personal data Reason for processing Lawful basis for processing
Name, contact details, job title, areas of interest and other biographic details Collected from you through our website or correspondence with Astex personnel. To offer or provide products and services to you and/or your business and/or to discuss future collaboration or other opportunities with Astex. To pursue our legitimate business interests and, subject to any necessary consent, to market our products and services to you.
Name, contact details, job title, areas of interest and other biographic details including details of patents and your contribution to our work or the work of others in relevant fields Collected from you, identified from public registers, documented in internal or collaboration work. To undertake our own R&D activities, to maintain awareness of the activities of others in the fields in which we operate and/or to discuss future collaboration or other opportunities with Astex. To pursue our legitimate business interests, in particular our R&D activities, and/or where necessary in connection with actual or potential future legal claims.
Device and usage data including IP addresses and device identifiers

Device event information including crash logs, hardware settings, browser type and browser language

Automatically collected and stored in our server logs when you interact with our website. To improve the user experience of our website, including to offer you tailored content, and to protect the security of our website. To pursue our legitimate interests, in particular to understand how our website is used, to improve the user experience of our website, and to maintain the security of our website; and/or (where required) subject to your consent.
Cookies and similar technologies When you visit our website, automated collection tools such as “cookies” gather information about your visit and your computer. Cookies are small text files that are stored on your hard drive through the local browser cache. To customise content on our websites, facilitate access to our websites, and recognise a computer or device that has visited the website before.

We also combine information about visitors to our website to produce anonymous, aggregated statistical information that helps us understand the frequency of visits to our site, the pages visited, and the features clicked.

To pursue our legitimate business interests and/or subject to any necessary consent.
Name, contact details, vehicle registration details, entry and exit times, CCTV images, special needs/requests data Collected from you when visiting our premises and/or from our own systems and processes. To assist us with keeping our site secure and complying with our health and safety obligations and to assist with any accommodations or requests made of us. To pursue our legitimate interests in relation to site security and to prevent crime and/or where necessary to comply with legal obligations.
Name, contact details, job title, areas of expertise, products and services offered, payment information, credit/other references, correspondence and associated records. Collected from you or received from relevant third parties. In order for us to enter into contracts for you or us to supply goods and/or services, and if you would like to work with us. To pursue our legitimate business interests, (as applicable) where necessary to comply with our legal obligations and/or where necessary to perform our contractual obligations and/or to take steps in advance of entry into a contract.
Personal data associated with contracts Present on the contract documents themselves and/or associated documents. Any purpose necessary in connection with performance of the contract and, as necessary, holding the contract and associated documents in archive. As applicable: where necessary in relation to our performance of our contractual obligations; where necessary for the establishment, exercise and defence of legal claims; and/or in connection with our legitimate business activities.
Personal data associated with patents, lab books, other R&D data and documents and any associated correspondence Collected from the individual, provided by third parties and/or generated by Astex. In connection with our R&D, commercial and intellectual property strategies and possible/actual legal claims. To pursue our legitimate business interests and/or where necessary in connection with the establishment, exercise and defence of legal claims.

Some of the reasons for processing set out in the table above will overlap and there may be more than one legal basis for our use of your personal data.

2.3     When you visit any website, including ours, your browser automatically sends certain information that does not personally identify you. This includes information such as browser type, language preference, operating system, internet service provider (ISP), IP address, device identification number, geo-location data, and online browsing data (like date and time of access to our website, referring website address, pages viewed, features used, links clicked, and other actions you take in connection with the website, sometimes referred to as “clickstream data”).

2.4     We use the following website cookies for the following purposes:

Cookie Name Type Duration Purpose
ID cookie PHPSESSID Session until browser session ends Establishes a user session
Google _ga Persistent 2 years Tracks user-interactions on website
_gat Persistent 1 minute
_gat_gtag Persistent 2 years
_gid Persistent 24 hours
Cookie preference cookie_notice_accepted Persistent 88 years Remembers a user’s choice about cookies

(a)     For website functionality – these cookies facilitate technical aspects or special features on our site. They also help us manage your consent to setting cookies. Upon your first access to our website, a banner will appear, asking you to give us your consent to the setting of cookies. If your consent is given, we will place a cookie on your computer and the banner will not appear again as long as your cookie is active. After expiration of the cookie’s lifespan, or if you actively delete the cookie, the banner will reappear upon your next visit to our website and again ask for your consent.

(b)     For website performance – These cookies collect information about how you use our websites. Information collected includes, for example, the Internet browsers and number of visits, average duration of visit, and pages viewed. These cookies do not collect information that personally identifies you and only collect aggregated and anonymous information. We use Google Analytics. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

2.5     The help portion of the toolbar on most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to delete existing cookies. Note that if you choose to disable cookies, it is possible that some of our websites’ features may not function properly. Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. We do not currently respond to those signals.

2.6     We collect personal information with respect to our recruitment activities. The information we collect depends on how you interact with us. We will use the personal information that you provide or that we collect in this context only for recruiting purposes.

  1. CHANGE OF PURPOSE

3.1     We will only use your personal data for the purposes for which we collected it, unless we may use it for another reason which is compatible with the original purpose.

  1. SHARING YOUR INFORMATION

4.1     We may share your personal data with selected third-party service providers and other companies within our group that support us in the performance of the activities set out in the table above. We may also share your personal data where it is necessary in order to provide you with services or where we have another legitimate interest in doing so that is not overridden by your interests and fundamental rights. For example, to protect our customers or to operate and to maintain the security of our computer systems.

4.2     Alternatively, we may share your personal data with third parties where required by applicable law, including sharing your personal data with a regulator. We also reserve the right to cooperate with law enforcement authorities and provide information if the release of the personal data is proportionate and necessary in the public interest of the prevention and detection of crime under the particular circumstances.

4.3     We may transfer your personal data outside the European Economic Area (EEA) including to our group companies in Japan, in the USA and other jurisdictions in connection with our operations and as necessary for the performance of any contract that we may have with you. Astex employees may also access personal data from outside the EEA using our IT systems. If we do so, we will ensure that your personal data receives an adequate level of protection and is treated in a way that is consistent with EU and UK laws on data protection.

4.4     We may also share your personal data with other third parties, for example with service providers (such as payment services providers, credit reference agencies, IT solution providers and any of our suppliers and sub-contractors who process data on our behalf in order to assist us with our business activities) or in the context of the possible sale or restructuring of the business.

4.5     We require all our third-party service providers and all other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. When the Data Protection Laws apply and these third parties process data on our behalf, we only permit them to process your personal data for specified purposes in accordance with our instructions. We will also enter into written contracts with such third parties imposing such appropriate security standards on them.

  1. STORING YOUR INFORMATION

5.1     Some of our third-party service providers may host or otherwise process personal data on Astex’s behalf outside the EEA. In addition to the controls in relation to sharing your information (please see above), we will ensure that any such data sharing is either: (i) to a country for which the European Commission has issued an adequacy decision confirming that the country offers an appropriate level of personal data protection; or (ii) is otherwise subject to appropriate controls such as the Standard Contractual Clauses adopted by the EU Commission.

5.2     We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting obligations, and in accordance with our internal records retention and management policies.

  1. NOTICE TO CALIFORNIA RESIDENTS

6.1     If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit the CCPA/CPRA Privacy Notice.

  1. CHILDREN’S INFORMATION

7.1     We do not knowingly collect information from children under the age of 16. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us (see contact details below in paragraph 13).

7.2     If we learn that an under-13 user has volunteered personally identifiable information on the site, we will delete such information from our active databases.

  1. KEEPING YOUR INFORMATION SECURE

8.1     All information that you provide to us is stored on secure servers.

8.2     The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the information transmitted to our site and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access or inadvertent disclosure.

  1. YOUR RIGHTS

9.1     As a data subject, you have the legal right (subject to certain conditions) to:

(a)     Request access to your personal data (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

(b)     Request correction or erasure of your personal data (unless we have the legal right to retain it). This right also applies where you have exercised your right to object to processing (see below).

(c)     Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which entitles you to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

(d)     Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

(e)     Request the transfer of your personal data to you or another party.

(f)     Withdraw your consent to processing, more details of which are given in paragraph 9.6 below.

9.2     You should be aware that if you ask us to stop processing your personal data in a certain way or to erase your personal data, and processing that data is necessary in order for us to provide services to you, then we may be unable to provide those services. Similarly, your preferences and choices in relation to our website may mean that some or all of the website functionality becomes unavailable to you. This does not affect your right to object to direct marketing, which can be exercised at any time without restriction.

9.3     If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us (see contact details in paragraph 13). If you are an EU citizen and would like to exercise any of these rights with respect to your personal data controlled by Astex Pharmaceuticals, Inc., please submit your request via Astex Pharmaceuticals, Inc.’s Privacy Web Form

9.4     You will not normally have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

9.5     We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

9.6     In the limited circumstances where our collection, processing and transfer of your personal data is based upon consent, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us (see contact details in paragraph 13), and once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

  1. MARKETING

10.1     We would like to send you information by email about us and other companies in our group which may be of interest to you (including, for example press releases).

10.2     You have the right at any time to stop us from contacting you for marketing purposes or giving your information to other members of our group. If you no longer wish to be contacted for marketing purposes, you can unsubscribe by using the “unsubscribe” link at the bottom of our marketing messages.

  1. OTHER WEBSITES

11.1     Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

  1. CHANGES TO THIS PRIVACY POLICY

12.1     We keep our Privacy Policy under regular review and will post any updates on this webpage. This Privacy Policy was last updated on April 11, 2022.

  1. HOW TO CONTACT US AND COMPLAINTS

13.1     Our contact details are:

Astex Pharmaceuticals, Inc.
4420 Rosewood Drive, Suite 200
Pleasanton
CA 94588
USA
Email – dataprivacyUS@astx.com
Astex Therapeutics Limited
436 Cambridge Science Park
Milton Road
Cambridge CB4 0QA
United Kingdom
Email – dataprivacyUK@astx.com

13.2     If you have any questions about this Privacy Policy or how we handle your personal data, please contact us. If for any reason you are not happy with the way that we have handled your personal data, please contact us detailing your concerns, any actions you wish us take and allowing us a reasonable period in which to investigate and to respond to you.

13.3     You have the right to make a make a complaint to your data protection regulator. In the U.K, this is the Information Commissioner’s Office see: https://ico.org.uk/global/contact-us/.

13.4     If you are an EU citizen and feel that Astex Pharmaceuticals, Inc. is not abiding by the terms of this Privacy Policy, please contact Astex Pharmaceuticals, Inc. at the contact information provided above.

[Updated: 11 April 2022]